feat: Introduce RBAC based approach to pod logs #7211

[reggie-k]

The required changes in the cli were performed, the UI changes will come in a separate PR.
The enforcement is disabled by default, to mitigate the breaking change.
The switch will reside in the main argocd-cm.
Not sure whether I should document the switch explicitly myself or will it be documented in the release blog?

Note on DCO:

If the DCO action in the integration test fails, one or more of your commits are not signed off. Please click on the Details link next to the DCO action for instructions on how to resolve this.

Checklist:

• [V] Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
• [V] The title of the PR states what changed and the related issues number (used for the release note).
• I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
• [V] I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
• [V] Does this PR require documentation updates?
• I've updated documentation as required by this PR.
• Optional. My organization is added to USERS.md.
• I have signed off all my commits as required by DCO
• [V] I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
• [V] My build is green (troubleshooting builds).

[codecov]

Codecov Report

Merging #8353 (4e4330d) into master (ebc89ce) will increase coverage by 0.02%.
The diff coverage is 50.00%.

@@            Coverage Diff             @@
##           master    #8353      +/-   ##
==========================================
+ Coverage   42.57%   42.60%   +0.02%     
==========================================
  Files         177      177              
  Lines       22988    23007      +19     
==========================================
+ Hits         9787     9801      +14     
- Misses      11804    11805       +1     
- Partials     1397     1401       +4     

Impacted Files	Coverage Δ
cmd/argocd/commands/admin/settings_rbac.go	23.24% <ø> (ø)
server/application/application.go	32.06% <0.00%> (-0.21%)	⬇️
server/account/account.go	69.62% <66.66%> (+3.73%)	⬆️
util/settings/settings.go	48.10% <71.42%> (+0.18%)	⬆️
server/rbacpolicy/rbacpolicy.go	82.35% <100.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ebc89ce...4e4330d. Read the comment docs.

[pasha-codefresh]

i think it is redundant changes

[pasha-codefresh]

not ignore error here

[pasha-codefresh]

maybe better use strconv.ParseBool(

[pasha-codefresh]

i dont think you need it anymore after migrate to settings manager

[reggie-k]

Fixed according to the remarks.
Signed off the commits.
Perhaps additional discussion needed on util/settings/settings.go

[crenshaw-dev]

Could you also do a quick update in rbac.md? Seems like a good place to document this.

[crenshaw-dev]

Is serverRBACLogEnforceEnable the name of the env var or some internal variable?

[reggie-k]

Internal var based on a value of an env var. Will clarify the comment, thanks.

[reggie-k]

Fixed the comment in application.go and account.go section to explain better what the switch does + renamed the var to comply to its name in settings manager.
Added docs in the rbac.md as per the "log" rbac resource, but not sure at what section should I document the switch itself?

[crenshaw-dev]

LGTM!

[reggie-k]

Great!
As for the UI changes needed (both backend and UI changes will have to appear in a release), should they come after this PR is merged or can they be based on my branch as it is now? They will be performed by my colleague.

[pasha-codefresh]

Well done @reggie-k

[yonimoses]

Great! As for the UI changes needed (both backend and UI changes will have to appear in a release), should they come after this PR is merged or can they be based on my branch as it is now? They will be performed by my colleague.

Awesome!

[crenshaw-dev]

Oh! You asked a question that I failed to answer. settingsServerRBACLogEnforceEnableKey should be documented in docs/operator-manual/argocd-cm.yaml.

Nitpick: could you replace the hard-coded instances of the config key in tests with the variable?

[crenshaw-dev]

As for the UI changes needed (both backend and UI changes will have to appear in a release), should they come after this PR is merged or can they be based on my branch as it is now?

If the backend changes shouldn't be allowed to go out without frontend changes, I'd recommend making them all part of one PR.

[reggie-k]

Oh! You asked a question that I failed to answer. settingsServerRBACLogEnforceEnableKey should be documented in docs/operator-manual/argocd-cm.yaml.

Done, now wondering whether part of that belongs in the release blog :) What do you think?

Nitpick: could you replace the hard-coded instances of the config key in tests with the variable?

Am a total go newbie, but the const key names in settings.go are private and used within the package, as far as I understand, do you want me to make this particular one a global const so that it can be referenced outside?

[reggie-k]

As for the UI changes needed (both backend and UI changes will have to appear in a release), should they come after this PR is merged or can they be based on my branch as it is now?

If the backend changes shouldn't be allowed to go out without frontend changes, I'd recommend making them all part of one PR.

I see the reason behind this. How can this be achieved, given my colleague will work on the UI changes, and will need the backend to have my changes? Can you guide me through the process from Github perspective? Where does he fork from, where does he create PRs to, etc?

[crenshaw-dev]

Done, now wondering whether part of that belongs in the release blog :) What do you think?

I think it probably does. @alexmt do we keep a running list anywhere of things that need to be in the release blog?

Am a total go newbie, but the const key names in settings.go are private and used within the package, as far as I understand, do you want me to make this particular one a global const so that it can be referenced outside?

I'm relatively new to go as well, so I missed that problem. 😆 I think hard-coding is fine in this case. Searching text is easy.

Can you guide me through the process from Github perspective? Where does he fork from, where does he create PRs to, etc?

I think he could 1) fork argo-cd, 2) add your fork as a remote, 3) checkout your branch, 4) create a new branch based on yours, 5) make changes and then open a PR against your branch. Once the UI changes are merged into your branch, this PR will be ready for final review/merge.

[alexmt]

Thank you for review @pasha-codefresh and @crenshaw-dev . Doing one final round and merging

[alexmt]

LGTM.

I think we should resolve https://github.com/argoproj/argo-cd/pull/8353/files#r798567363 but I propose to merge PR for the sake of time and create follow up PR to do it.

[crenshaw-dev]

LGTM!

[pasha-codefresh]

Great job @reggie-k !

[alexmt]

Thank you @reggie-k !