search

argoproj / argo-cd

Declarative Continuous Deployment for Kubernetes
https://argo-cd.readthedocs.io
Apache License 2.0
17.93k stars 5.46k forks source link

Allow access to argocd-notifications-secret in notification service webhook configuration #20538

Open dmarquez-splunk opened 2 weeks ago

dmarquez-splunk commented 2 weeks ago

Summary

Secrets should be able to be used in webhook notification service for requests that require an access token to be a part of the HTTP header field.

Motivation

Gitlab API requires the PRIVATE-TOKEN header field to be present with a valid access token in order to authenticate to its API. If we wish to use this then we would need to hardcode an access token inside of the configmap which is not ideal. We should be able to use the argocd-notifications-secret similar to the way it is able to be used in the template as demonstrated in the docs

When I try to leverage it in the service config like this:

    "service.webhook.gitlab": |||
      url: <gitlab_url>
      headers:
        - name: PRIVATE-TOKEN
          value: {{.secrets.gitlab-token}}

I see the following error:

time="2024-10-25T18:39:57Z" level=error msg="error getting api from namespace: argocd error: error converting YAML to JSON: yaml: invalid map key: map[interface {}]interface {}{\".secrets.gitlab-token\":\"\"}"

Proposal

Make this such that we can use the argocd-notifications-secret fields in the webhook configuration similar to the templates configuration.

andrii-korotkov-verkada commented 5 days ago

Why do you have ||| in the config?