feat: appset scm generators and PR generators should be able to access only secrets related to appset

[pasha-codefresh]

Apps-in-any-namespace allows non-admin Argo CD users to manage their own Application manifests via GitOps or kubectl by restricting which AppProjects may be used from a given Applications namespace.

AppSets-in-any-namespace expands that functionality to ApplicationSets. But instead of only restricting AppProjects, it also requires that the admin specify which SCM providers the non-admin users may reference from their ApplicationSets. Setting the --allowed-scm-providers flag on the ApplicationSet controller allows the Argo CD administrator to limit which domains the ApplicationSet controller may connect to using user-specific SCM credentials.

Since non-admin users may set the tokenRef field of an SCM or Pull Request generator, they may cause any Secret stored in the argocd namespace to be sent to the specified SCM provider. The SCM provider allowlist ensures that the destination is trustworthy.

Argo CD's failure to enforce that allow list on Pull Request generators targeting the Bitbucket or Azure DevOps SCMs may allow a user to leak credentials from the argocd namespace. The user would have to control some external domain and be able to read the headers of incoming requests.

Credit and big thanks to @crenshaw-dev for implementing it.

[bunnyshell]

❌ Preview Environment deleted from Bunnyshell

Available commands (reply to this comment):

• 🚀 /bns:deploy to deploy the environment

[codecov]

Codecov Report

Attention: Patch coverage is 50.00000% with 13 lines in your changes missing coverage. Please review.

Project coverage is 56.01%. Comparing base (195de1a) to head (315c5da).
Report is 368 commits behind head on master.

Files with missing lines	Patch %	Lines
applicationset/generators/pull_request.go	12.50%	7 Missing ⚠️
applicationset/generators/scm_provider.go	33.33%	6 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##           master   #20309   +/-   ##
=======================================
  Coverage   56.01%   56.01%           
=======================================
  Files         322      322           
  Lines       44742    44747    +5     
=======================================
+ Hits        25061    25064    +3     
  Misses      17077    17077           
- Partials     2604     2606    +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[ishitasequeira]

LGTM!! Just a minor nit..

[ishitasequeira]

Can we also add the param in argo-cd/docs/operator-manual
/argocd-cmd-params-cm.yaml ?

[pasha-codefresh]

Can we also add the param in argo-cd/docs/operator-manual /argocd-cmd-params-cm.yaml ?

Added @ishitasequeira , let me know if you have other comments :)

[ishitasequeira]

Thanks @pasha-codefresh!! LGTM!!