Skip to content

Commit

Permalink
fix(api): return 404 when the app is not found if a project is specif…
Browse files Browse the repository at this point in the history 
…ied (argoproj#13393) (argoproj#13394)

* fix(api): return 404 when the app is not found if a project is specified (argoproj#13393)

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

simplify, respond 404 on project specified but doesn't match, always fetch app

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

handle project updates

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* handle new endpoint, fix bad merge

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

* docs

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>

---------

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
  • Loading branch information
@crenshaw-dev
crenshaw-dev authored and xiaowu.zhu committed Aug 9, 2023
1 parent be0a85c commit 47895e6
Show file tree
Hide file tree
Showing 6 changed files with 1,491 additions and 228 deletions.
117 changes: 117 additions & 0 deletions assets/swagger.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -401,6 +401,11 @@
"type": "boolean",
"name": "validate",
"in": "query"
},
{
"type": "string",
"name": "project",
"in": "query"
}
],
"responses": {
Expand Down Expand Up @@ -462,6 +467,11 @@
"type": "string",
"name": "appNamespace",
"in": "query"
},
{
"type": "string",
"name": "project",
"in": "query"
}
],
"responses": {
Expand Down Expand Up @@ -523,6 +533,11 @@
"type": "string",
"name": "appNamespace",
"in": "query"
},
{
"type": "string",
"name": "project",
"in": "query"
}
],
"responses": {
Expand Down Expand Up @@ -649,6 +664,11 @@
"type": "string",
"name": "appNamespace",
"in": "query"
},
{
"type": "string",
"name": "project",
"in": "query"
}
],
"responses": {
Expand Down Expand Up @@ -737,6 +757,11 @@
"type": "string",
"name": "appNamespace",
"in": "query"
},
{
"type": "string",
"name": "project",
"in": "query"
}
],
"responses": {
Expand Down Expand Up @@ -773,6 +798,11 @@
"type": "string",
"name": "namespace",
"in": "query"
},
{
"type": "string",
"name": "project",
"in": "query"
}
],
"responses": {
Expand Down Expand Up @@ -885,6 +915,11 @@
"type": "string",
"name": "appNamespace",
"in": "query"
},
{
"type": "string",
"name": "project",
"in": "query"
}
],
"responses": {
Expand Down Expand Up @@ -935,6 +970,11 @@
"type": "string",
"name": "appNamespace",
"in": "query"
},
{
"type": "string",
"name": "project",
"in": "query"
}
],
"responses": {
Expand Down Expand Up @@ -971,6 +1011,11 @@
"type": "string",
"name": "appNamespace",
"in": "query"
},
{
"type": "string",
"name": "project",
"in": "query"
}
],
"responses": {
Expand Down Expand Up @@ -1084,6 +1129,11 @@
"type": "string",
"name": "appNamespace",
"in": "query"
},
{
"type": "string",
"name": "project",
"in": "query"
}
],
"responses": {
Expand Down Expand Up @@ -1154,6 +1204,11 @@
"type": "string",
"name": "appNamespace",
"in": "query"
},
{
"type": "string",
"name": "project",
"in": "query"
}
],
"responses": {
Expand Down Expand Up @@ -1226,6 +1281,11 @@
"type": "string",
"name": "appNamespace",
"in": "query"
},
{
"type": "string",
"name": "project",
"in": "query"
}
],
"responses": {
Expand Down Expand Up @@ -1295,6 +1355,11 @@
"type": "string",
"name": "appNamespace",
"in": "query"
},
{
"type": "string",
"name": "project",
"in": "query"
}
],
"responses": {
Expand Down Expand Up @@ -1356,6 +1421,11 @@
"type": "string",
"name": "appNamespace",
"in": "query"
},
{
"type": "string",
"name": "project",
"in": "query"
}
],
"responses": {
Expand Down Expand Up @@ -1423,6 +1493,11 @@
"type": "string",
"name": "appNamespace",
"in": "query"
},
{
"type": "string",
"name": "project",
"in": "query"
}
],
"responses": {
Expand Down Expand Up @@ -1484,6 +1559,11 @@
"type": "string",
"name": "appNamespace",
"in": "query"
},
{
"type": "string",
"name": "project",
"in": "query"
}
],
"responses": {
Expand Down Expand Up @@ -1529,6 +1609,11 @@
"description": "the application's namespace.",
"name": "appNamespace",
"in": "query"
},
{
"type": "string",
"name": "project",
"in": "query"
}
],
"responses": {
Expand Down Expand Up @@ -1574,6 +1659,11 @@
"description": "the application's namespace.",
"name": "appNamespace",
"in": "query"
},
{
"type": "string",
"name": "project",
"in": "query"
}
],
"responses": {
Expand Down Expand Up @@ -1662,6 +1752,11 @@
"type": "string",
"name": "appNamespace",
"in": "query"
},
{
"type": "string",
"name": "project",
"in": "query"
}
],
"responses": {
Expand Down Expand Up @@ -1737,6 +1832,11 @@
"type": "string",
"name": "appNamespace",
"in": "query"
},
{
"type": "string",
"name": "project",
"in": "query"
}
],
"responses": {
Expand Down Expand Up @@ -3833,6 +3933,11 @@
"type": "string",
"name": "appNamespace",
"in": "query"
},
{
"type": "string",
"name": "project",
"in": "query"
}
],
"responses": {
Expand Down Expand Up @@ -3998,6 +4103,9 @@
},
"name": {
"type": "string"
},
"project": {
"type": "string"
}
}
},
Expand Down Expand Up @@ -4027,6 +4135,9 @@
},
"patchType": {
"type": "string"
},
"project": {
"type": "string"
}
}
},
Expand Down Expand Up @@ -4057,6 +4168,9 @@
"name": {
"type": "string"
},
"project": {
"type": "string"
},
"prune": {
"type": "boolean"
}
Expand Down Expand Up @@ -4087,6 +4201,9 @@
"name": {
"type": "string"
},
"project": {
"type": "string"
},
"prune": {
"type": "boolean"
},
Expand Down
17 changes: 15 additions & 2 deletions docs/developer-guide/api-docs.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# API Docs

You can find the Swagger docs by setting the path to `/swagger-ui` in your Argo CD UI's. E.g. [http://localhost:8080/swagger-ui](http://localhost:8080/swagger-ui).
You can find the Swagger docs by setting the path to `/swagger-ui` in your Argo CD UI. E.g. [http://localhost:8080/swagger-ui](http://localhost:8080/swagger-ui).

## Authorization

Expand All @@ -17,4 +17,17 @@ Then pass using the HTTP `Authorization` header, prefixing with `Bearer `:
$ curl $ARGOCD_SERVER/api/v1/applications -H "Authorization: Bearer $ARGOCD_TOKEN"
{"metadata":{"selfLink":"/apis/argoproj.io/v1alpha1/namespaces/argocd/applications","resourceVersion":"37755"},"items":...}
```


## Services

### Applications API

#### How to Avoid 403 Errors for Missing Applications

All endpoints of the Applications API accept an optional `project` query string parameter. If the parameter is
specified, and the specified Application does not exist, or if the Application does exist but is not in the given
project, the API will return a `404` error.

If the `project` query string parameter is specified, and the Application does not exist, the API will return a `403`
error. This is to prevent leaking information about the existence of Applications to users who do not have access to
them.
Loading

0 comments on commit 47895e6

Please sign in to comment.