argoproj / argo-cd

Declarative Continuous Deployment for Kubernetes

https://argo-cd.readthedocs.io

Apache License 2.0

17.8k stars 5.43k forks source link

Option to disable swagger-ui endpoint #19780

Open svghadi opened 1 month ago

svghadi commented 1 month ago

Summary

Provide a option to disable the authenticated /swagger-ui endpoint which serves the api documentation.

Motivation

Api docs are served on <argocd-url>/swagger-ui endpoint without authentication. Even though these docs are the same across different Argo CD instances and don't pose a security risk when exposed, some of the users are interested is disabling it.

Proposal

Make the endpoint configurable via a argocd-cm configmap key (eg: disableSwaggerUI: true) or a cli argument to argocd-server (eg: --disable-swagger-ui)

crenshaw-dev commented 1 month ago

Any reason not to just disable it at the ingress?

svghadi commented 1 month ago

Not specifically, I didn’t consider that approach. I was looking for a simpler solution.

crenshaw-dev commented 1 month ago

Fair. I'm in favor of fewer options in Argo CD if possible, but if we need it we need it. 🙂

svghadi commented 1 month ago

Copying comment(https://github.com/argoproj/argo-cd/discussions/16791#discussioncomment-10541742) from related discussion for code reference

pasha-codefresh Unfortunately no, but should be pretty easy to support it

https://github.com/argoproj/argo-cd/blob/a0a5a186d970063919e7b4d6e942e60cf43f6de7/server/server.go#L1076