RBAC issues with AzureAD OIDC #19552
Unanswered
jblaaa-codes
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I have argo setup and I am able to authenticate to AzureAD to argocd. I have the configmap set to by default give read-only access to anyone without a role. I have created a few roles that I have tested as working with local argoCD users. When I try to provide the role to my AzureAD user, I get a permission denied error for any action that is above 'read'. I can see in the argocd-server logs that it's identifying my user info from azureAD and says permission denied. One caveat that I am wondering is, I do not have a P1 license so I can't add groups to the entitled users in the app registration. I have added the user. Here's the error
I eventually want to do this via project but in the rbac-cm this how I have it configured
I'm not sure if there's anything else to provide, the action I'm trying to do to test is either create an App in the 'batman' project or even click the sync button, provide the options and click sync and it won't work. Any suggestions?
Beta Was this translation helpful? Give feedback.
All reactions