Skip to content

fix(server): OIDC config via secrets fails (#18269) #26214

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
agaudreault merged 2 commits into from
Feb 3, 2026
Merged

fix(server): OIDC config via secrets fails (#18269) #26214

agaudreault merged 2 commits into from
Feb 3, 2026
+1 −1

Conversation

@BZValoche
Copy link
Contributor

@BZValoche BZValoche commented Feb 2, 2026

Closes #18269

Improper ordering of function calls in (*SettingsManager).GetSettings, which causes warnings related to OIDC secrets not being found.
The call to updateSettingsFromConfigMap was done before the SettingsManager secrets were set.

Checklist:

  • Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
  • The title of the PR states what changed and the related issues number (used for the release note).
  • The title of the PR conforms to the Title of the PR
  • I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
  • I have signed off all my commits as required by DCO
  • My build is green (troubleshooting builds).
  • I have added a brief description of why this PR is necessary and/or what this PR solves.

@BZValoche BZValoche requested a review from a team as a code owner February 2, 2026 16:04
@bunnyshell
Copy link

bunnyshell bot commented Feb 2, 2026
edited
Loading

❌ Preview Environment deleted from Bunnyshell

Available commands (reply to this comment):

  • 🚀 /bns:deploy to deploy the environment

@BZValoche BZValoche changed the title fix(server) OIDC config via secrets fails (#18269) fix(server): OIDC config via secrets fails (#18269) Feb 2, 2026
agaudreault
agaudreault requested changes Feb 3, 2026
View reviewed changes
Copy link
Member

@agaudreault agaudreault left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add a unit test to validate that this fixes the issue? :)

By looking at the code, it looks like it does!

@BZValoche
Copy link
Contributor Author

BZValoche commented Feb 3, 2026

Can you add a unit test to validate that this fixes the issue? :)

By looking at the code, it looks like it does!

Will do, I have to write a unit test which fails the older version, first ;)

@BZValoche
Copy link
Contributor Author

BZValoche commented Feb 3, 2026
edited
Loading

Can you add a unit test to validate that this fixes the issue? :)
By looking at the code, it looks like it does!

Will do, I have to write a unit test which fails the older version, first ;)

After looking into it, I don't think it is possible to write a test for it, because it would imply rewriting the GetSettings function, and show that the secretRefs are not expanded if the secrets list is empty.
Which makes totally sense.

updateSettingsFromConfigMap calls a function which expects the secrets to be set, but the function which actually sets them is tupdateSettingsFromSecret.

Don't know how to test that.

GetSettings() returns an eventually consistent *ArcoCDSettings, this PR just removes the warnings.
The root cause is calling OIDCConfig which is not a simple getter, but also mutates the ArcoCDSettings object by calling ReplaceMapSecrets.

I don't know how to test, because in the end, the data structure has the expected data, so there is nothing "wrong", except for that warning message which disturbs people like me while trying to debug ArgoCD integration with an OIDC provider ;)

The warning is still needed if the referenced secret does not exist, though.

@agaudreault
Copy link
Member

agaudreault commented Feb 3, 2026

Yep, that is a fair comment! Thanks for looking into it nonetheless :) Feel free to open a refactor PR if you feel like it, but that is totally up to you!

@agaudreault agaudreault merged commit 28b90a7 into argoproj:master Feb 3, 2026
26 checks passed
@ChristianCiach ChristianCiach mentioned this pull request Feb 5, 2026
Open
@nitishfy
Copy link
Member

nitishfy commented Feb 11, 2026

From the issue, it looks like this issue exists in 3.2.6 too. I think we'll be required to cherry-pick this.

@nitishfy nitishfy added the cherry-pick/3.2 Candidate for cherry picking into the 3.2 release branch label Feb 11, 2026
argo-cd-cherry-pick-bot bot pushed a commit that referenced this pull request Feb 11, 2026
@BZValoche @github-actions
fix(server): OIDC config via secrets fails (#18269) (#26214)
78ceedf 
Signed-off-by: Valéry Fouques <[email protected]>
@argo-cd-cherry-pick-bot argo-cd-cherry-pick-bot bot mentioned this pull request Feb 11, 2026
Open
@argo-cd-cherry-pick-bot
Copy link

argo-cd-cherry-pick-bot bot commented Feb 11, 2026

🍒 Cherry-pick PR created for 3.2: #26389

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@agaudreault agaudreault agaudreault approved these changes

Assignees

No one assigned

Labels

cherry-pick/3.2 Candidate for cherry picking into the 3.2 release branch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

OIDC config via secret fails intermittently

3 participants

@BZValoche @agaudreault @nitishfy