Org definition using incorrect case can silently fail to pull github groups.

[fivovic]

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I am not looking for support or already pursued the available support channels without success.

Version

v2.30.0-dirty

Storage Type

Kubernetes

Installation Type

Custom Helm chart

Expected Behavior

A warning would be logged if the defined org within the github connector does not match the case used in the login name (as returned by the github api).

Actual Behavior

Defining A1Example in the config when the org name is a1example will allow successful authentication but with an empty group list, and subsequently fail to apply any group specific access policies.

Steps To Reproduce

No response

Additional Information

This was discovered using dex bundled within the following helm chart:
https://artifacthub.io/packages/helm/argo/argo-cd/3.29.5#dex

Configuration

argo-cd:
  server:
    configEnabled: true
    config:
      url: https://argo.a1example.com
      dex.config: |-
        connectors:
        - type: github
          id: github
          name: GitHub
          config:
            clientID: $GITHUB_CLIENT_ID
            clientSecret: $GITHUB_CLIENT_SECRET
            orgs:
            - name: A1Example

Logs

Correct case:
`time="2022-04-26T15:02:55Z" level=info msg="login successful: connector \"github\", username=\"Fil Ivovic\", preferred_username=\"fivovic\", email=\"[email protected]\", groups=[\"a1example:admins\"]"`

Incorrect case:
`time="2022-04-26T15:02:55Z" level=info msg="login successful: connector \"github\", username=\"Fil Ivovic\", preferred_username=\"fivovic\", email=\"[email protected]\", groups=[]"`

[sagikazarmark]

Seems more like a bug to me. Org name comparison should be case-insensitive. Not sure about teams.

[mmclane]

I am running into this issue too.

Its worth noting that the team names ARE case-sensitive.

[nabokihms]

Dex exports:

• A slugified name of each team, so they are always lowercase names.
• Org name from the login field, a case-sensitive field.

However, even if the field is case-sensitive, it is still case-insensitive on the backend side.

I think to close this issue, two actions are required:

1. Make case-insensitive org check for the GitHub connector
2. Add the information about how many groups were filtered

How to implement the first one is straightforward. For the second one, before working on it, I would like to wait for the #2020 first.

[lazedo]

org: 123free also fails to get the groups and needs to be set as org: '123free' which might be not obvious to everybody, maybe adding a note about that.

[mknapcok]

I encountered this issue too:

With dex.config:

connectors:
       - type: github
         id: github
         name: GitHub
         config:
           clientID: xxxxx
           clientSecret: $argocd-custom-secret:dex.github.clientSecret
         orgs:
         - name: org-name <tried also Org-name>
         loadAllGroups: true

I'm successfully logging in but with field groups not populated.
msg="login successful: connector \"github\", username=\"Michal Knapcok\", preferred_username=\"mknapcok\", email=\"xxx\", groups=[]

[qj0r9j0vc2]

I also encountered this issue.......

dex.config: |
  connectors:
      - type: github
        id: github
        name: GitHub
        config:
          loadAllGroups: true
          clientID: <app-client-key>
          clientSecret: <app-client-secret-key>
          orgs:
            - name: <my-org>
            

It just responses success message with empty groups.....

I hope this problem should be solved soon.

[Suro4ek]

same error