Can an AppProject role grant access to another ArgoCD project?

22 Views Asked by apa64 At 18 March 2024 at 09:03

I'm running ArgoCD v2.9. Is it possible to grant access to another project resources in an AppProject role?

Example:

apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
  name: myproject
spec:
  roles:
    - name: read
      groups:
        - READ
      policies:
        - p, proj:myproject:read, applications, get, myproject/*, allow
        - p, proj:myproject:read, applications, get, default/*, allow
    - name: mod
      groups:
        - MOD
      policies:
        - p, proj:myproject:mod, applications, *, myproject/*, allow
        - p, proj:myproject:mod, applications, *, default/*, allow

In my testing the users in READ and MOD groups were able to see only the Applications under myproject. The default project Applications were not visible.

Original Q&A

There are 1 best solutions below

apa64 On 19 March 2024 at 06:56 BEST ANSWER

Answering to myself with the solution after a night's sleep:

You can't grant access from one AppProject to another. The correct way is to grant the access to eg. AppProject default in the AppProject default. So if I want the group READ to see both myproject and default, I grant access in both AppProjects.

Can an AppProject role grant access to another ArgoCD project?

There are 1 best solutions below

Related Questions in ARGOCD

Trending Questions

Popular # Hahtags

Popular Questions