Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Git Target Revisions not loading with RBAC repositories permission 'get' #21816

Open
some-random-git-user opened this issue Feb 7, 2025 · 0 comments
Open

Git Target Revisions not loading with RBAC repositories permission 'get' #21816

some-random-git-user opened this issue Feb 7, 2025 · 0 comments
Labels
bug Something isn't working

Comments

@some-random-git-user
Copy link

Describe the bug
User with the rbac permission 'get' on repositories can not load target revisions in the argocd app.

To Reproduce
Create a project and assign the rbac permission 'get' on the ressource 'repositories' to a user.

apiVersion: v1
kind: Secret
metadata:
  name: private-repo-creds
  namespace: argocd
  labels:
    argocd.argoproj.io/secret-type: repo-creds
stringData:
  type: git
  url: https://<myrepo-prefix>.git
  password: my-password
  username: my-username
---
apiVersion: v1
kind: Secret
metadata:
  name: repo-test
  namespace: argocd
  labels:
    argocd.argoproj.io/secret-type: repository
  annotations:
    managed-by: argocd.argoproj.io
stringData:
  project: project-test
  type: git
  url: https://<myrepo>.git
---
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
  name: project-test
  namespace: argocd
spec:
  sourceRepos:
  - 'https://<myrepo>.git'
  destinations:
  - name: in-cluster
    namespace: <my-namespace>
    server: https://kubernetes.default.svc
  roles:
  - name: rw
    description: Read/Write
    policies:
...
...
...
    - p, proj:project-test:rw, repositories, get, project-test/*, allow
    groups:
    - <my-group>

The scoping of the repositories works - the user only sees the repositories, which are scoped to his projects.

Expected behavior
User should see traget revisions in his ArgoCD Apps.

Screenshots
The target revisions don't load when the user has the rbac permission 'get' on the ressource 'repositories'
Image

An admin can load the target revisions.
Image

Version
v2.14.2

Logs

argocd-server-54f4ccbf4f-d5hvc time="2025-02-06T11:08:21Z" level=warning msg="finished unary call with code PermissionDenied" error="rpc error: code = PermissionDenied desc = permission denied: repositories, get, https://<myrepo>.git, sub: cf1eb8b6-db0e-47a3-afa5-7d1265b28e43, iat: 2025-02-06T10:57:10Z" grpc.code=PermissionDenied grpc.method=ListRefs grpc.service=repository.RepositoryService grpc.start_time="2025-02-06T11:08:21Z" grpc.time_ms=1.629 span.kind=server system=grpc

In v2.11.12 users with this role could load target revisions.
@some-random-git-user some-random-git-user added the bug Something isn't working label Feb 7, 2025
@some-random-git-user some-random-git-user changed the title Git Target Revisions not loading with RBAC repositories role Git Target Revisions not loading with RBAC repositories permission 'get' Feb 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@some-random-git-user