fix: argocd-dex now merges existing dex.config.oauth2 block instead o…

…f overwriting (#7583) * fix: argocd-dex now merges existing dex.config.oauth2 block with autogenerated block Signed-off-by: Joshua Helton <jdoghelton@gmail.com> Signed-off-by: jphelton <jdoghelton@gmail.com> * simplified statement based on PR feedback Signed-off-by: Joshua Helton <jdoghelton@gmail.com>
argoproj · Nov 1, 2021 · e5c34f4 · e5c34f4
1 parent 49b7152
commit e5c34f4
Show file tree

Hide file tree

Showing 2 changed files with 108 additions and 2 deletions.
diff --git a/util/dex/config.go b/util/dex/config.go
@@ -35,8 +35,15 @@ func GenerateDexConfigYAML(settings *settings.ArgoCDSettings) ([]byte, error) {
 	dexCfg["telemetry"] = map[string]interface{}{
 		"http": "0.0.0.0:5558",
 	}
-	dexCfg["oauth2"] = map[string]interface{}{
-		"skipApprovalScreen": true,
+
+	if oauth2Cfg, found := dexCfg["oauth2"].(map[string]interface{}); found {
+		if _, found := oauth2Cfg["skipApprovalScreen"].(bool); !found {
+			oauth2Cfg["skipApprovalScreen"] = true
+		}
+	} else {
+		dexCfg["oauth2"] = map[string]interface{}{
+			"skipApprovalScreen": true,
+		}
 	}
 
 	argoCDStaticClient := map[string]interface{}{

diff --git a/util/dex/dex_test.go b/util/dex/dex_test.go
@@ -85,6 +85,59 @@ connectors:
     orgs:
     - name: your-github-org
 `
+
+var goodDexConfigWithOauthOverrides = `
+oauth2:
+  passwordConnector: ldap
+connectors:
+- type: ldap
+  name: OpenLDAP
+  id: ldap
+  config:
+    host: localhost:389
+    insecureNoSSL: true
+    bindDN: cn=admin,dc=example,dc=org
+    bindPW: admin
+    usernamePrompt: Email Address
+    userSearch:
+      baseDN: ou=People,dc=example,dc=org
+      filter: "(objectClass=person)"
+      username: mail
+      idAttr: DN
+      emailAttr: mail
+      nameAttr: cn
+    groupSearch:
+      baseDN: ou=Groups,dc=example,dc=org
+      filter: "(objectClass=groupOfNames)"
+      nameAttr: cn
+`
+var goodDexConfigWithEnabledApprovalScreen = `
+oauth2:
+  passwordConnector: ldap
+  skipApprovalScreen: false
+connectors:
+- type: ldap
+  name: OpenLDAP
+  id: ldap
+  config:
+    host: localhost:389
+    insecureNoSSL: true
+    bindDN: cn=admin,dc=example,dc=org
+    bindPW: admin
+    usernamePrompt: Email Address
+    userSearch:
+      baseDN: ou=People,dc=example,dc=org
+      filter: "(objectClass=person)"
+      username: mail
+      idAttr: DN
+      emailAttr: mail
+      nameAttr: cn
+    groupSearch:
+      baseDN: ou=Groups,dc=example,dc=org
+      filter: "(objectClass=groupOfNames)"
+      nameAttr: cn
+`
+
 var goodSecrets = map[string]string{
 	"dex.github.clientSecret": "foobar",
 	"dex.acme.clientSecret":   "barfoo",
@@ -267,6 +320,52 @@ func Test_GenerateDexConfig(t *testing.T) {
 		customClient := clients[2].(map[string]interface{})
 		assert.Equal(t, "barfoo", customClient["secret"])
 	})
+	t.Run("Override dex oauth2 configuration", func(t *testing.T) {
+		s := settings.ArgoCDSettings{
+			URL:       "http://localhost",
+			DexConfig: goodDexConfigWithOauthOverrides,
+		}
+		config, err := GenerateDexConfigYAML(&s)
+		assert.NoError(t, err)
+		assert.NotNil(t, config)
+		var dexCfg map[string]interface{}
+		err = yaml.Unmarshal(config, &dexCfg)
+		if err != nil {
+			panic(err.Error())
+		}
+		oauth2Config, ok := dexCfg["oauth2"].(map[string]interface{})
+		assert.True(t, ok)
+		pwConn, ok := oauth2Config["passwordConnector"].(string)
+		assert.True(t, ok)
+		assert.Equal(t, "ldap", pwConn)
+
+		skipApprScr, ok := oauth2Config["skipApprovalScreen"].(bool)
+		assert.True(t, ok)
+		assert.True(t, skipApprScr)
+	})
+	t.Run("Override dex oauth2 with enabled ApprovalScreen", func(t *testing.T) {
+		s := settings.ArgoCDSettings{
+			URL:       "http://localhost",
+			DexConfig: goodDexConfigWithEnabledApprovalScreen,
+		}
+		config, err := GenerateDexConfigYAML(&s)
+		assert.NoError(t, err)
+		assert.NotNil(t, config)
+		var dexCfg map[string]interface{}
+		err = yaml.Unmarshal(config, &dexCfg)
+		if err != nil {
+			panic(err.Error())
+		}
+		oauth2Config, ok := dexCfg["oauth2"].(map[string]interface{})
+		assert.True(t, ok)
+		pwConn, ok := oauth2Config["passwordConnector"].(string)
+		assert.True(t, ok)
+		assert.Equal(t, "ldap", pwConn)
+
+		skipApprScr, ok := oauth2Config["skipApprovalScreen"].(bool)
+		assert.True(t, ok)
+		assert.False(t, skipApprScr)
+	})
 }
 
 func Test_DexReverseProxy(t *testing.T) {