agaudreault
commented
2 weeks ago @Slevy35 Just to clarify, does argocd app sync -l app=my-app --output json works?
Open Slevy35 opened 3 weeks ago
agaudreault
commented
2 weeks ago @Slevy35 Just to clarify, does argocd app sync -l app=my-app --output json works?
thecooldrop
commented
2 weeks ago In order to be able to reproduce this, could you provide the permissions which are assigned to the user with which you are trying to perform the action?
Edit: I would like to work on this issue.
thecooldrop
commented
2 weeks ago Issue can be reproduced on master. Following script can be used to reproduce the state:
kind create cluster && \
kubectl create namespace argocd && \
kubectl apply -f manifests/install.yaml -n argocd && \
kubectl config set-context --current --namespace=argocd;
sleep 60;
kubectl port-forward svc/argocd-server -n argocd 8080:80 > /dev/null 2>&1 &
pid=$!
trap '{
# echo killing $pid
kill $pid
}' EXIT
sleep 10;
ADMIN_PASSWORD=$(kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo)
argocd login localhost:8080 --username admin --password $ADMIN_PASSWORD --insecure
argocd app create --app-namespace argocd \
--dest-namespace argocd \
--dest-server https://kubernetes.default.svc \
--label app=my-app \
--name exampleapp \
--repo https://github.com/argoproj/argocd-example-apps \
--path apps \
--insecure
argocd app sync -l app=my-app --output treeThe last command in script seems to execute the sync, and the created root application ends up being synced, but permission denied still gets displayed. Given that command is executed as admin, and admin should have all permissions (I assume), then this is definitely a bug.
Following output gets generated during execution of the script:
Deleting cluster "kind" ...
Deleted nodes: ["kind-control-plane"]
Creating cluster "kind" ...
â Ensuring node image (kindest/node:v1.29.2) đŧ
â Preparing nodes đĻ
â Writing configuration đ
â Starting control-plane đšī¸
â Installing CNI đ
â Installing StorageClass đž
Set kubectl context to "kind-kind"
You can now use your cluster with:
kubectl cluster-info --context kind-kind
Have a nice day! đ
namespace/argocd created
customresourcedefinition.apiextensions.k8s.io/applications.argoproj.io created
customresourcedefinition.apiextensions.k8s.io/applicationsets.argoproj.io created
customresourcedefinition.apiextensions.k8s.io/appprojects.argoproj.io created
serviceaccount/argocd-application-controller created
serviceaccount/argocd-applicationset-controller created
serviceaccount/argocd-dex-server created
serviceaccount/argocd-notifications-controller created
serviceaccount/argocd-redis created
serviceaccount/argocd-repo-server created
serviceaccount/argocd-server created
role.rbac.authorization.k8s.io/argocd-application-controller created
role.rbac.authorization.k8s.io/argocd-applicationset-controller created
role.rbac.authorization.k8s.io/argocd-dex-server created
role.rbac.authorization.k8s.io/argocd-notifications-controller created
role.rbac.authorization.k8s.io/argocd-redis created
role.rbac.authorization.k8s.io/argocd-server created
clusterrole.rbac.authorization.k8s.io/argocd-application-controller created
clusterrole.rbac.authorization.k8s.io/argocd-applicationset-controller created
clusterrole.rbac.authorization.k8s.io/argocd-server created
rolebinding.rbac.authorization.k8s.io/argocd-application-controller created
rolebinding.rbac.authorization.k8s.io/argocd-applicationset-controller created
rolebinding.rbac.authorization.k8s.io/argocd-dex-server created
rolebinding.rbac.authorization.k8s.io/argocd-notifications-controller created
rolebinding.rbac.authorization.k8s.io/argocd-redis created
rolebinding.rbac.authorization.k8s.io/argocd-server created
clusterrolebinding.rbac.authorization.k8s.io/argocd-application-controller created
clusterrolebinding.rbac.authorization.k8s.io/argocd-applicationset-controller created
clusterrolebinding.rbac.authorization.k8s.io/argocd-server created
configmap/argocd-cm created
configmap/argocd-cmd-params-cm created
configmap/argocd-gpg-keys-cm created
configmap/argocd-notifications-cm created
configmap/argocd-rbac-cm created
configmap/argocd-ssh-known-hosts-cm created
configmap/argocd-tls-certs-cm created
secret/argocd-notifications-secret created
secret/argocd-secret created
service/argocd-applicationset-controller created
service/argocd-dex-server created
service/argocd-metrics created
service/argocd-notifications-controller-metrics created
service/argocd-redis created
service/argocd-repo-server created
service/argocd-server created
service/argocd-server-metrics created
deployment.apps/argocd-applicationset-controller created
deployment.apps/argocd-dex-server created
deployment.apps/argocd-notifications-controller created
deployment.apps/argocd-redis created
deployment.apps/argocd-repo-server created
deployment.apps/argocd-server created
statefulset.apps/argocd-application-controller created
networkpolicy.networking.k8s.io/argocd-application-controller-network-policy created
networkpolicy.networking.k8s.io/argocd-applicationset-controller-network-policy created
networkpolicy.networking.k8s.io/argocd-dex-server-network-policy created
networkpolicy.networking.k8s.io/argocd-notifications-controller-network-policy created
networkpolicy.networking.k8s.io/argocd-redis-network-policy created
networkpolicy.networking.k8s.io/argocd-repo-server-network-policy created
networkpolicy.networking.k8s.io/argocd-server-network-policy created
Context "kind-kind" modified.
'admin:login' logged in successfully
Context 'localhost:8080' updated
application 'exampleapp' created
TIMESTAMP GROUP KIND NAMESPACE NAME STATUS HEALTH HOOK MESSAGE
2024-06-24T21:14:04+02:00 argoproj.io Application argocd helm-guestbook OutOfSync Missing
2024-06-24T21:14:04+02:00 argoproj.io Application argocd helm-hooks OutOfSync Missing
2024-06-24T21:14:04+02:00 argoproj.io Application argocd kustomize-guestbook OutOfSync Missing
2024-06-24T21:14:04+02:00 argoproj.io Application argocd sync-waves OutOfSync Missing
2024-06-24T21:14:04+02:00 Namespace helm-guestbook OutOfSync Missing
2024-06-24T21:14:04+02:00 Namespace helm-hooks OutOfSync Missing
2024-06-24T21:14:04+02:00 Namespace kustomize-guestbook OutOfSync Missing
2024-06-24T21:14:04+02:00 Namespace sync-waves OutOfSync Missing
2024-06-24T21:14:04+02:00 Namespace helm-guestbook Synced Missing
2024-06-24T21:14:04+02:00 Namespace helm-hooks Synced Missing
2024-06-24T21:14:04+02:00 Namespace kustomize-guestbook Synced Missing
2024-06-24T21:14:04+02:00 Namespace sync-waves Synced Missing
2024-06-24T21:14:06+02:00 Namespace argocd helm-guestbook Running Synced namespace/helm-guestbook created
2024-06-24T21:14:06+02:00 Namespace argocd sync-waves Running Synced namespace/sync-waves created
2024-06-24T21:14:06+02:00 Namespace argocd kustomize-guestbook Running Synced namespace/kustomize-guestbook created
2024-06-24T21:14:06+02:00 Namespace argocd helm-hooks Running Synced namespace/helm-hooks created
2024-06-24T21:14:06+02:00 Namespace argocd sync-waves Succeeded Synced namespace/sync-waves created
2024-06-24T21:14:06+02:00 Namespace argocd kustomize-guestbook Succeeded Synced namespace/kustomize-guestbook created
2024-06-24T21:14:06+02:00 Namespace argocd helm-hooks Succeeded Synced namespace/helm-hooks created
2024-06-24T21:14:06+02:00 argoproj.io Application argocd helm-hooks OutOfSync Missing application.argoproj.io/helm-hooks created
2024-06-24T21:14:06+02:00 argoproj.io Application argocd helm-guestbook OutOfSync Missing application.argoproj.io/helm-guestbook created
2024-06-24T21:14:06+02:00 Namespace argocd helm-guestbook Succeeded Synced namespace/helm-guestbook created
2024-06-24T21:14:06+02:00 argoproj.io Application argocd sync-waves OutOfSync Missing application.argoproj.io/sync-waves created
2024-06-24T21:14:06+02:00 argoproj.io Application argocd kustomize-guestbook OutOfSync Missing application.argoproj.io/kustomize-guestbook created
2024-06-24T21:14:06+02:00 argoproj.io Application argocd helm-hooks Synced Missing application.argoproj.io/helm-hooks created
2024-06-24T21:14:06+02:00 argoproj.io Application argocd sync-waves Synced Missing application.argoproj.io/sync-waves created
2024-06-24T21:14:06+02:00 argoproj.io Application argocd helm-guestbook Synced Missing application.argoproj.io/helm-guestbook created
2024-06-24T21:14:06+02:00 argoproj.io Application argocd kustomize-guestbook Synced Missing application.argoproj.io/kustomize-guestbook created
Name: argocd/exampleapp
Project: default
Server: https://kubernetes.default.svc
Namespace: argocd
URL: https://localhost:8080/applications/argocd/exampleapp
Repo: https://github.com/argoproj/argocd-example-apps
Target:
Path: apps
SyncWindow: Sync Allowed
Sync Policy: <none>
Sync Status: Synced to (d7927a2)
Health Status: Healthy
Operation: Sync
Sync Revision: d7927a27b4533926b7d86b5f249cd9ebe7625e90
Phase: Succeeded
Start: 2024-06-24 21:14:04 +0200 CEST
Finished: 2024-06-24 21:14:06 +0200 CEST
Duration: 2s
Message: successfully synced (all tasks run)
FATA[0003] rpc error: code = PermissionDenied desc = permission denied In UI the end state is:
Running argocd app sync exampleapp --output tree works without issue.
Further running argocd app sync -l app=my-app --output json (and any other non-tree output format) runs without issue, so this seems to be specific to handling of tree output format
thecooldrop
commented
4 days ago I am still on this, but work and lack of knowledge are getting in the way. I am chipping away at it though đ
thecooldrop
commented
2 days ago Bug location found and fixed, I just need to implement the tests now.
Checklist:
argocd version.Describe the bug
when specifying the output flag with the value
treei get permission denied errorTo Reproduce
Expected behavior
Screenshots
Version
Logs