Prevent unintended usage of "replace"

[mattenklicker]

Summary

Make it possible to prevent the unintended usage of "replace" in UI sync options.

Motivation

To update resources by "kubectl replace" is dangerous under certain conditions. It already has a warning sign, but some might want to disable the usage completely. See https://github.com/argoproj/argo-cd/issues/9767 also. It is very present in UI sync options and unfortunately it is likely impossible to block "replace" through kubernetes RBAC or other measures like OPA.

Proposal

• Create config flag to make the "replace" box grey out or disappear in UI sync options
• Alternatively: Make it a RBAC control.

[fhopfensperger]

I am also looking for something like this. It would be nice to be able to customize the sync options per application.

[pranchals]

Implementing RBAC for Sync Options would be good addition and will enforce stricter access controls and define precise permissions with regards synchronisation actions within an Argo CD Application.

Is there any update on this being implemented ?

[conman2305]

I'll +1 this - I want to give users the ability to sync their apps, but doing so currently also means they can totally wipe it out. It'd be nice to implement fine-grained controls for the sync permission like there is for update and delete: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/#fine-grained-permissions-for-updatedelete-action

[jeremyrajan]

Is there a way around it? Can I give sync permissions but don't allow replace?

[todaywasawesome]

@jeremyrajan not today

[andrii-korotkov-verkada]

I'm planning to work on this an implement an option in the config which allows to hide the button. UI would query that data from the backend and not render a button at all if configured so.

[andrii-korotkov-verkada]

Extra UI friction may not be as helpful, since people may ignore it anyways as they can ignore the warning icon near the checkbox.

[andrii-korotkov-verkada]

@todaywasawesome, which configmap is best for putting the option in? Is it argocd-cm or some other?

[andrii-korotkov-verkada]

Seems like RBAC already has a support for rules about resource deletion https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/#fine-grained-permissions-for-updatedelete-action. Somebody brought this up during the contributors meeting, that checking for resource deletion permission can be done. Given possibility to customize like above, I think it will solve the problem.