API Permissions needed for /api/v1/workflows/{namespace}/submit #11680
-
I worked through this doc: https://argoproj.github.io/argo-workflows/access-token/ and got an access token. I'm able to: curl -X GET https://{endpoint}/api/v1/workflow-templates/{namespace}/{template} -H "Authorization: Bearer $ARGO_TOKEN" just fine. However, if I run: curl -X POST \
--url https://workflows-dev-main.shippodev.com/api/v1/workflows/argo-workflows/submit \
--header 'Authorization: Bearer $ARGO_TOKEN' \
--data '{ "resourceKind": "WorkflowTemplate", "namespace": "{namespace}", "resourceName": "{template}", "submitOptions": { "parameters": [ "{param1}={param1_value}", "{param2}={param2_value}" ], "submitOptions": { "labels": "workflows.argoproj.io/workflow-template={template}", "name": "{arbitrary name}" } } }' I get the following error:
for the life of me I cannot figure out what permissions I might need to do this. I can't seem to find any discussion or docs anywhere on the matter. What might I be doing wrong? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 20 replies
-
NOTE: I have tried the following permissions on the role that the service account i'm using is using: {
api_groups = ["argoproj.io"]
resources = ["*"]
verbs = ["list", "get", "watch"]
},
{
api_groups = ["argoproj.io"]
resources = ["workflows", "workflowtaskresults"]
verbs = ["create", "patch"]
} I even tried it with resources |
Beta Was this translation helpful? Give feedback.
-
So people don't have to read through the chain, because I know more people are going to run across this, and save yourself days worth of debugging. Here is how to get this to work.
export ARGO_TOKEN=$(kg secret <secret_name> -o=jsonpath='{.data.token}' -n <namespace> | base64 --decode)
curl -X 'POST' \
'https://{endpoint}/api/v1/workflows/{namespace}/submit' \
-H 'accept: application/json' \
-H "Authorization: Bearer ${ARGO_TOKEN}" \
-H 'Content-Type: application/json' \
-d '{
"resourceKind": "WorkflowTemplate",
"namespace": "{namespace}",
"resourceName": "{workflow_template_name}",
"submitOptions": {
"dryrun": true,
"entryPoint": "{template_name}",
"parameters": [
...
],
"labels": "workflows.argoproj.io/workflow-template={workflow_template_name}",
"name": "{Whatever_you_want_Here}"
}
}'
Some caveats. If the workflow has already been run with the provided
To fix it, just change the
|
Beta Was this translation helpful? Give feedback.
So people don't have to read through the chain, because I know more people are going to run across this, and save yourself days worth of debugging. Here is how to get this to work.