Aman
Reputation: 263
Argo workflow PermissionDenied error with sso for GetInfo and GetUserInfo methods
I am new to Argo and trying to deploy Argo Workflow and Events. I have configured sso with Azure AD but for some reason it's giving me 403 error after sso login. I can see the below errors in my argo server pod logs
{"error":"no service account rule matches","level":"error","msg":"failed to perform RBAC authorization","time":"2023-03-19T07:07:57.684Z"}
{"error":"rpc error: code = PermissionDenied desc = not allowed","grpc.code":"PermissionDenied","grpc.method":"GetInfo","grpc.service":"info.InfoService","grpc.start_time":"2023-03-19T07:07:57Z","grpc.time_ms":3.009,"level":"warning","msg":"finished unary call with code PermissionDenied","span.kind":"server","system":"grpc","time":"2023-03-19T07:07:57.684Z"}
{"duration":5035421,"level":"info","method":"GET","msg":"","path":"/api/v1/info","size":34,"status":403,"time":"2023-03-19T07:07:57.684Z"}
{"error":"no service account rule matches","level":"error","msg":"failed to perform RBAC authorization","time":"2023-03-19T07:07:57.684Z"}
{"error":"rpc error: code = PermissionDenied desc = not allowed","grpc.code":"PermissionDenied","grpc.method":"GetUserInfo","grpc.service":"info.InfoService","grpc.start_time":"2023-03-19T07:07:57Z","grpc.time_ms":3.797,"level":"warning","msg":"finished unary call with code PermissionDenied","span.kind":"server","system":"grpc","time":"2023-03-19T07:07:57.684Z"}
{"duration":5566292,"level":"info","method":"GET","msg":"","path":"/api/v1/userinfo","size":34,"status":403,"time":"2023-03-19T07:07:57.685Z"}
Below is my argo server sso configuration
sso:
clientId:
name: argo-sso-secrets
key: client-id
clientSecret:
name: argo-sso-secrets
key: client-secret
issuer: MY_ISSUER_URL
redirectUrl: https://argo-workflows.com/oauth2/callback
rbac:
enabled: true
extraArgs:
- --auth-mode=sso
Argo Workflow Version: v3.4.5 Argo workflo helm chart version: 0.22.14
Can someone please point me to what I'm missing here ?
Thank you
Upvotes: 0
Views: 1703
Answers (1)
Ronin L
Reputation: 11
if you enable rbac: enabled: true You have to create aervice account for relation dex or cognito groups with sv account and rbac
I think if you disable rbac it should to be work.
Upvotes: 1
Related Questions
- How to skip login page with Argo Workflows SSO
- ArgoCD When connecting to Private Repo (internal GitHub Private Repo via HTTPS), we are getting "repository not found"
- How to connect to MinIO bucket with argo workflow?
- Argo - submit workflow from python with input parameter file
- ArgoCD Your connection is not private
- How to pass list of arguments from argo workflow and use it in argo workflowtemplate