As the metric extension request to the backend service needs to be proxied by Argo CD a few headers are mandatory to be sent in order to make sure the user is authenticated and authorized.
Authentication (authn)
For authentication the browser is required to send the existing content of the argocd.token cookie in the Cookie header:
Example: Cookie: "argocd.token=eyJhbGciOiJIUzI1Ni..."
The entire Argo CD cookie list can also be sent. The API server will filter out the argocd.token automatically in this case.
Authorization (authz)
For authorization the browser is required to send 2 additional headers:
1. To validate the logged in user has access to the application:
Argocd-Application-Name: The header value must follow the format: "<namespace>:<app-name>"
leoluz
commented
11 months ago
As the metric extension request to the backend service needs to be proxied by Argo CD a few headers are mandatory to be sent in order to make sure the user is authenticated and authorized.
Authentication (authn)
For authentication the browser is required to send the existing content of the
argocd.tokencookie in theCookieheader: Example: Cookie: "argocd.token=eyJhbGciOiJIUzI1Ni..."The entire Argo CD cookie list can also be sent. The API server will filter out the
argocd.tokenautomatically in this case.Authorization (authz)
For authorization the browser is required to send 2 additional headers:
1. To validate the logged in user has access to the application:
Argocd-Application-Name: The header value must follow the format:"<namespace>:<app-name>"Example:
Argocd-Application-Name: "namespace:app-name"2. To validate the logged in user has access to the project:
Argocd-Project-Name: The header value must be the name of the project the application is associated with.Example:
Argocd-Project-Name: "default"