argoproj · shuangkun · Nov 12, 2024 · Nov 14, 2024 · Nov 14, 2024 · Nov 14, 2024
diff --git a/api/jsonschema/schema.json b/api/jsonschema/schema.json
diff --git a/api/openapi-spec/swagger.json b/api/openapi-spec/swagger.json
diff --git a/docs/executor_swagger.md b/docs/executor_swagger.md
@@ -4083,6 +4083,7 @@ intent and helps make sure that UIDs and names do not get conflated.
 | jsonPath | string| `string` |  | | JSONPath of a resource to retrieve an output parameter value from in resource templates |  |
 | parameter | string| `string` |  | | Parameter reference to a step or dag task in which to retrieve an output parameter value from</br>(e.g. '{{steps.mystep.outputs.myparam}}') |  |
 | path | string| `string` |  | | Path in the container to retrieve an output parameter value from in container templates |  |
+| secretKeyRef | [SecretKeySelector](#secret-key-selector)| `SecretKeySelector` |  | |  |  |
 | supplied | [SuppliedValueFrom](#supplied-value-from)| `SuppliedValueFrom` |  | |  |  |
 
 

diff --git a/docs/fields.md b/docs/fields.md
diff --git a/examples/arguments-parameters-from-secret.yaml b/examples/arguments-parameters-from-secret.yaml
@@ -0,0 +1,29 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Workflow
+metadata:
+  generateName: arguments-parameters-from-secret-
+  labels:
+    workflows.argoproj.io/test: "true"
+  annotations:
+    workflows.argoproj.io/description: |
+      This example demonstrates loading parameter values from a Secret.
+      Note that the "simple-parameters" Secret (defined in `examples/secrets/simple-parameters-secret.yaml`) needs to be created first before submitting this workflow.
+    workflows.argoproj.io/verify.py: |
+      assert status["phase"] == "Succeeded"
+spec:
+  entrypoint: print-message-from-secret
+
+  templates:
+    - name: print-message-from-secret
+      inputs:
+        parameters:
+          # Parameters can also be passed via secret reference.
+          - name: message
+            valueFrom:
+              secretKeyRef:
+                name: simple-parameters
+                key: msg
+      container:
+        image: busybox
+        command: ["echo"]
+        args: ["{{inputs.parameters.message}}"]
diff --git a/examples/global-parameters-from-secret-referenced-as-local-variable.yaml b/examples/global-parameters-from-secret-referenced-as-local-variable.yaml
@@ -0,0 +1,28 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Workflow
+metadata:
+  generateName: global-parameter-from-secret-referenced-as-local-variable-
+  labels:
+    workflows.argoproj.io/test: "true"
+  annotations:
+    workflows.argoproj.io/description: |
+      This example demonstrates how a global parameter from a Secret can be referenced as a template local variable.
+      Note that the "simple-parameters" Secret (defined in `examples/secrets/simple-parameters-secret.yaml`) needs to be created first before submitting this workflow.
+spec:
+  entrypoint: print-message
+  arguments:
+    parameters:
+      - name: message
+        valueFrom:
+          secretKeyRef:
+            name: simple-parameters
+            key: msg
+  templates:
+    - name: print-message
+      inputs:
+        parameters:
+          - name: message
+      container:
+        image: busybox
+        command: ["echo"]
+        args: ["{{inputs.parameters.message}}"]
diff --git a/examples/global-parameters-from-secret.yaml b/examples/global-parameters-from-secret.yaml
@@ -0,0 +1,27 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Workflow
+metadata:
+  generateName: global-parameter-values-from-secret-
+  labels:
+    workflows.argoproj.io/test: "true"
+  annotations:
+    workflows.argoproj.io/description: |
+      This example demonstrates loading global parameter values from a Secret.
+      Note that the "simple-parameters" Secret (defined in `examples/secrets/simple-parameters-secret.yaml`) needs to be created first before submitting this workflow.
+spec:
+  entrypoint: print-message
+  # Parameters can also be passed via secret reference.
+  arguments:
+    parameters:
+      - name: message
+        valueFrom:
+          secretKeyRef:
+            name: simple-parameters
+            key: msg
+
+  templates:
+    - name: print-message
+      container:
+        image: busybox
+        command: ["echo"]
+        args: ["{{workflow.parameters.message}}"]
diff --git a/examples/secrets/simple-parameters-secret.yaml b/examples/secrets/simple-parameters-secret.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: simple-parameters
+  labels:
+    # Note that this label is required for the informer to detect this Secret.
+    workflows.argoproj.io/secret-type: Parameter
+data:
+  msg: "aGVsbG8gd29ybGQK"
+
diff --git a/examples/validation_test.go b/examples/validation_test.go
@@ -7,7 +7,7 @@ import (
 )
 
 func TestValidateExamples(t *testing.T) {
-	failures, err := ValidateArgoYamlRecursively(".", []string{"testvolume.yaml", "simple-parameters-configmap.yaml", "memoize-simple.yaml"})
+	failures, err := ValidateArgoYamlRecursively(".", []string{"testvolume.yaml", "simple-parameters-configmap.yaml", "memoize-simple.yaml", "simple-parameters-secret.yaml"})
 	if err != nil {
 		t.Errorf("There was an error: %s", err)
 	}

diff --git a/hack/test-examples.sh b/hack/test-examples.sh
@@ -3,6 +3,8 @@ set -eu -o pipefail
 
 # Load the configmaps that contains the parameter values used for certain examples.
 kubectl apply -f examples/configmaps/simple-parameters-configmap.yaml
+# Load the secrets that contains the parameter values used for certain examples.
+kubectl apply -f examples/secrets/simple-parameters-secret.yaml
 
 echo "Checking for banned images..."
 grep -lR 'workflows.argoproj.io/test' examples/*  | while read f ; do

diff --git a/manifests/base/crds/full/argoproj.io_clusterworkflowtemplates.yaml b/manifests/base/crds/full/argoproj.io_clusterworkflowtemplates.yaml