Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

htpasswd function in helm doesn't work as expected #571

Open
fkaksa opened this issue Oct 26, 2023 · 2 comments
Open

htpasswd function in helm doesn't work as expected #571

fkaksa opened this issue Oct 26, 2023 · 2 comments

Comments

@fkaksa
Copy link

fkaksa commented Oct 26, 2023

I'm encountering an issue with the ArgoCD Vault plugin while using Helm with additional arguments settings. The problem arises when I try to utilize the htpasswd function within Helm, and it results in an error message stating "invalid username: user.", which content in the end will be part of the k8s manifest file.

Here is my values.yaml file configuration:

oauth:
   username: <path:bla/oauth#username>
   password: <path:bla/oauth#password>

In this configuration, placeholders for secrets are correctly replaced. However, when I use the htpasswd function in Helm, I receive the "invalid username: user" error.

To provide additional context, I'm using AWS Vault as a backend, and my username is set to "user," and my password is set to "pass."

Additionally, here is the Secret YAML file which contains htpasswd command:

apiVersion: v1
kind: Secret
metadata:
  name: htpasswd
data:
  auth: {{ htpasswd (.Values.oauth).username (.Values.oauth).password | b64enc | quote }}

To further clarify, here is the plugin configuration:

plugin config:
  avp-helm.yaml: |
    ---
    apiVersion: argoproj.io/v1alpha1
    kind: ConfigManagementPlugin
    metadata:
      name: argocd-vault-plugin-helm
    spec:
      allowConcurrency: true
      generate:
        command:
          - sh
          - "-c"
          - |
            helm template --include-crds -n $ARGOCD_APP_NAMESPACE ${ARGOCD_ENV_HELM_ARGS} . |
            argocd-vault-plugin generate -

Expected behavior

Secret should looks like:

....
data:
  auth: dXNlcjokMmEkMTAkSTJLUHNMRTZMUE1XUlNOZUFwN0NPdUZMRmxHYUk2aHlESnR4a3JYcGgzcTgwanVDTzF6OG0=

Actual behavior

...
data:
  auth: aW52YWxpZCB1c2VybmFtZTogdXNlcg==
@werne2j
Copy link
Member

werne2j commented Oct 27, 2023

Helm runs before the value gets injected so .value.oath.username is going to be the path, not a value. That’s why it errors out.

@jarmd
Copy link

jarmd commented Apr 30, 2024

It would be great if the vault-plugin runs before helm.
Then it would be possible to run a range function in the secret and generate alot of htpasswd users in 1 go.
Now this has to be generated beforehand and added to a secret which takes out the smart scalability and automation of the user creation.

@Yocker95k Yocker95k mentioned this issue May 6, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@werne2j @fkaksa @jarmd