Open akloss-cibo opened 2 years ago
+1, very useful feature. Any update?
FYI, I have worked around this by enabling automatic synchronization on everything in environments that are sensitive.
Any movement here. This is kind of unfortunate that I have to use auto sync to meet compliance requirements because sync permission actually allows me to change the branch.
Summary
When manually sync'ing an Application, ArgoCD permits the user to specify an arbitrary branch to use for the sources. This makes controlling the resources difficult. It would be lovely to be able to restrict the branches that can be synced to a specific list.
Motivation
Preventing a single individual from being able to create arbitrary resources in a cluster is desirable from a security and audit perspective.
Proposal
As discussed in Slack having an extra setting in the
sync
section of the Application would suit my needs but there's some preference to configure this into the AppProject instead, which seems fine.