How can create a user in ArgoCD with apiKey access only?

Question

I have a shell script in a container, that needs to access the ArgoCD API. The script asks the API for a token, and then uses this token to restart a deployment.

JSON=$(jq -c -n --arg username "$USER_NAME" --arg password "$PASSWORD" '$ARGS.named')
TOKEN=$(curl -k $ARGOCD_SERVER/api/v1/session -d "$JSON" | jq -r ".token")

PARAMETERS="namespace=$NAMESPACE&resourceName=$RESOURCE_NAME&kind=Deployment&group=apps&version=v1"
curl -k -H "Authorization: Bearer $TOKEN" \
        -d "\"restart\"" \
        "$ARGOCD_SERVER/api/v1/applications/argocd/resource/actions?$PARAMETERS"

This only seems to work when I have the login option enabled in my argo-cd-cm.yaml enabled.

...
data:
  admin.enabled: "false"
  accounts.<service-user>: apiKey, login
  accounts.<service-user>.enabled: "true"
...

As I am using OIDC for regular users, I would not like this login option to be disabled.

Is there a way to specify an apiKey for a given user in the one of the configmaps?

Answer 1

Yep. This was our configuration (helm values) since 2 years.. Just to confirm

However, make sure to authorize him as well using rbacConfig as below:

server:
  config:
    accounts.cibotuser: apiKey, login
    accounts.cibotuser.enabled: "true"

  rbacConfig:
    policy.csv: |
      p, cibotuser, applications, get, */*,allow
      p, cibotuser, applications, sync, */*,allow