I have a shell script in a container, that needs to access the ArgoCD API. The script asks the API for a token, and then uses this token to restart a deployment.
JSON=$(jq -c -n --arg username "$USER_NAME" --arg password "$PASSWORD" '$ARGS.named')
TOKEN=$(curl -k $ARGOCD_SERVER/api/v1/session -d "$JSON" | jq -r ".token")
PARAMETERS="namespace=$NAMESPACE&resourceName=$RESOURCE_NAME&kind=Deployment&group=apps&version=v1"
curl -k -H "Authorization: Bearer $TOKEN" \
-d "\"restart\"" \
"$ARGOCD_SERVER/api/v1/applications/argocd/resource/actions?$PARAMETERS"
This only seems to work when I have the login
option enabled in my argo-cd-cm.yaml
enabled.
...
data:
admin.enabled: "false"
accounts.<service-user>: apiKey, login
accounts.<service-user>.enabled: "true"
...
As I am using OIDC for regular users, I would not like this login option to be disabled.
Is there a way to specify an apiKey
for a given user in the one of the configmaps?
Yep. This was our configuration (helm values) since 2 years.. Just to confirm
However, make sure to authorize him as well using rbacConfig as below:
server:
config:
accounts.cibotuser: apiKey, login
accounts.cibotuser.enabled: "true"
rbacConfig:
policy.csv: |
p, cibotuser, applications, get, */*,allow
p, cibotuser, applications, sync, */*,allow
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.