search

argoproj / argo-cd

Declarative Continuous Deployment for Kubernetes
https://argo-cd.readthedocs.io
Apache License 2.0
17.19k stars 5.23k forks source link

`argocd app diff` fails when Redis is password protected #19035

Open buckner opened 1 month ago

buckner commented 1 month ago

Checklist:

Describe the bug

Similar to the problem resolved by #18951, argocd app diff also will not authenticate when Redis is password protected.

To Reproduce

Run argocd app diff command on any of the patched versions described in this CVE: https://github.com/argoproj/argo-cd/security/advisories/GHSA-9766-5277-j5hr.

It will throw this error:

ERRO[0006] finished unary call with code Unknown         error="error getting cached app managed resources: NOAUTH Authentication required." grpc.code=Unknown grpc.method=ManagedResources grpc.service=application.ApplicationService grpc.start_time="2024-07-12T10:07:34-05:00" grpc.time_ms=545.331 span.kind=server system=grpc
FATA[0006] rpc error: code = Unknown desc = error getting cached app managed resources: NOAUTH Authentication required.

Expected behavior

I expect diff to behave normally. It was working for me before I upgraded to a version that mitigated the aforementioned CVE.

Version

argocd: v2.11.4+e1284e1
  BuildDate: 2024-07-02T23:16:22Z
  GitCommit: e1284e19e03c9abab2ea55314b14b1e0381c4045
  GitTreeState: clean
  GoVersion: go1.22.4
  Compiler: gc
  Platform: darwin/arm64
argocd-server: v2.11.4+e1284e1
  BuildDate: 2024-07-02T23:16:22Z
  GitCommit: e1284e19e03c9abab2ea55314b14b1e0381c4045
  GitTreeState: clean
  GoVersion: go1.22.4
  Compiler: gc
  Platform: darwin/arm64
  Kustomize Version: could not get kustomize version: exec: "kustomize": executable file not found in $PATH
  Helm Version: v3.13.3+gc8b9489
  Kubectl Version: v0.26.11
  Jsonnet Version: v0.20.0

Logs

$ argocd app diff <application name>
ERRO[0006] finished unary call with code Unknown         error="error getting cached app managed resources: NOAUTH Authentication required." grpc.code=Unknown grpc.method=ManagedResources grpc.service=application.ApplicationService grpc.start_time="2024-07-12T10:07:34-05:00" grpc.time_ms=545.331 span.kind=server system=grpc
FATA[0006] rpc error: code = Unknown desc = error getting cached app managed resources: NOAUTH Authentication required.
pcallewaert commented 1 month ago

After updating to v2.11.5 we are still seeing this issue:

argocd: v2.11.5+c4b283c
  BuildDate: 2024-07-15T18:15:32Z
  GitCommit: c4b283ce0c092aeda00c78ae7b3b2d3b28e7feec
  GitTreeState: clean
  GoVersion: go1.21.12
  Compiler: gc
  Platform: linux/amd64
argocd-server: v2.11.5+c4b283c
  BuildDate: 2024-07-15T18:15:32Z
  GitCommit: c4b283ce0c092aeda00c78ae7b3b2d3b28e7feec
  GitTreeState: clean
  GoVersion: go1.21.12
  Compiler: gc
  Platform: linux/amd64
  Kustomize Version: could not get kustomize version: exec: "kustomize": executable file not found in $PATH
  Helm Version: v3.13.3+gc8b9489
  Kubectl Version: v0.26.11
  Jsonnet Version: v0.20.0
$ argocd app diff myapp
ERRO[0000] finished unary call with code Unknown         error="error getting cached app managed resources: NOAUTH Authentication required." grpc.code=Unknown grpc.method=ManagedResources grpc.service=application.ApplicationService grpc.start_time="2024-07-16T13:52:35Z" grpc.time_ms=70.704 span.kind=server system=grpc
FATA[0000] rpc error: code = Unknown desc = error getting cached app managed resources: NOAUTH Authentication required.

We are authenticating with argocd login --core. Is this something else or did I miss a configuration I have to set?

jonwinton commented 1 month ago

It doesn't look like v2.11.5 included the PR that closed this issue: https://github.com/argoproj/argo-cd/pull/19039

@crenshaw-dev would it be possible to get a new patch release?

chrisduong commented 3 weeks ago

+1

chrisduong commented 3 weeks ago

It also breaks argocd app manifests