User cannot sync application

[giany]

Describe the bug

After updating to latest helm chart version (5.27.3) user cannot sync applications.

If I revert to 5.27.1 this works fine.

Related helm chart

argo-cd

Helm chart version

5.27.3

To Reproduce

In argocd-rbac-cm I have:

apiVersion: v1
data:
  policy.csv: p, user, applications, sync, */*, allow
  policy.default: ""
  scopes: '[groups]'
kind: ConfigMap

In argocd-cm I have:

apiVersion: v1
data:
  accounts.user: apiKey
  accounts.user.enabled: "true"
  admin.enabled: "true"
  application.instanceLabelKey: argocd.argoproj.io/instance
  exec.enabled: "false"
  server.rbac.log.enforce.enable: "false"
  timeout.hard.reconciliation: 0s
  timeout.reconciliation: 180s
kind: ConfigMap

Then I generate a token using:

argocd account generate-token --account user

And the involved token I use with this Github action: https://github.com/marketplace/actions/argocd-application-sync-action

Github action returns this:

Run omegion/argocd-actions@v1
Run ref_name=main
Unable to find image 'ghcr.io/omegion/argocd-actions:v1' locally
v1: Pulling from omegion/argocd-actions
8663204ce13b: Pulling fs layer
45c2c68bc0f[7]: Pulling fs layer
8663[20]4ce13b: Download complete
8663204ce13b: Pull complete
45c2c68bc0f7: Verifying Checksum
45c2c68bc0f7: Download complete
45c2c68bc0f7: Pull complete
Digest: sha[25]6:d1655a36cd13bcbc696e663c15753e4edefe1c45af0f18[26]9ebba639999908be
Status: Downloaded newer image for ghcr.io/omegion/argocd-actions:v1
Error: rpc error: code = PermissionDenied desc = permission denied

While if I look at the argocd server logs I get this.

time="2023-03-26T09:56:41Z" level=info msg="received unary call /application.ApplicationService/Sync" grpc.method=Sync grpc.request.content="name:\"admin-panel\" revision:\"\" dryRun:false prune:true " grpc.service=application.ApplicationService grpc.start_time="2023-03-26T09:56:41Z" span.kind=server system=grpc
time="2023-03-26T09:56:41Z" level=warning msg="user tried to get application which they do not have access to: rpc error: code = PermissionDenied desc = permission denied: applications, get, admin-panel/admin-panel, sub: user, iat: 2023-02-28T12:24:31Z" application=admin-panel namespace=argocd project=admin-panel security=2
time="2023-03-26T09:56:41Z" level=warning msg="finished unary call with code PermissionDenied" error="rpc error: code = PermissionDenied desc = permission denied" grpc.code=PermissionDenied grpc.method=Sync grpc.service=application.ApplicationService grpc.start_time="2023-03-26T09:56:41Z" grpc.time_ms=18.551 span.kind=server system=grpc
time="2023-03-26T09:58:21Z" level=info msg="Alloc=25008 TotalAlloc=12748774 Sys=65873 NumGC=1391 Goroutines=95"

Expected behavior

That user should be able to sync application.

Screenshots

No response

Additional context

No response

[headyj]

Exact same issue here using terraform provider:

argocd_application.composer: Creating...
╷
│ Error: application test could not be created
│ 
│   with argocd_application.composer,
│   on application.tf line 1, in resource "argocd_application" "composer":
│    1: resource "argocd_application" "composer" {
│ 
│ rpc error: code = PermissionDenied desc = permission denied

Reverting to 5.27.1 is solving the issue

[yu-croco]

Thank you for reporting.

The situation is reported on upstream's issue, argoproj/argo-cd#13000 .
argo-helm manages Helm Chart, not Argo CD itself, so let's follow it.👀

[yu-croco]

the upstream's issue is not resolved, so this issue stays as open.