Unable to delete pod from ArgoCD UI using the action

Checklist:

* [x] I've searched in the docs and FAQ for my answer: https://bit.ly/argocd-faq.
* [x] I've included steps to reproduce the bug.
* [x] I've pasted the output of `argocd version`.

**Describe the bug**

When using the RBAC configuration to allow some permissions to default `role:readonly`.
Delete the Pods permissions are not working as expected.
Following rule is used as per the documentation shared [here](https://argo-cd.readthedocs.io/en/latest/operator-manual/rbac/#the-action-action) 

Rule:
`p, role:readonly, applications, action/core/Pod/delete, prod/*, allow`

The issue is Pod object in kubernetes has empty <api-group> which I believe is not parsed correctly and ArgoCD always returns permission denied error when someone assuming this role tries to perform delete action on Pods, however it works for Deployment/DaemonSet & even Rollout objects.

`p, role:readonly, applications, action/apps/Deployment/delete, prod/*, allow`
`p, role:readonly, applications, action/apps/argoproj.io/delete, prod/*, allow`

**To Reproduce**

Assign above rule and try to delete the Pod from ArgoCD UI.

**Expected behavior**

Should be able to delete the Pod from ArgoCD UI.

**Screenshots**

![image (1)](https://user-images.githubusercontent.com/39234612/224058421-99d629e0-a2dd-4b85-a04b-3eb30da3f793.png)


**Version**

```
argocd: v2.6.4+7be094f.dirty
  BuildDate: 2023-03-07T23:52:53Z
  GitCommit: 7be094f38d06859b594b98eb75c7c70d39b80b1e
  GitTreeState: dirty
  GoVersion: go1.20.2
  Compiler: gc
  Platform: darwin/amd64
argocd-server: v2.3.4+ac8b7df
```

**Logs**

When trying to delete pod using above RBAC. Some of the sensitive information is masked.
```
time="2023-03-09T08:05:31Z" level=info msg="received unary call /application.ApplicationService/DeleteResource" grpc.method=DeleteResource grpc.request.claims="{\"at_hash\":\"zAWE8ZmAq_JZNwlfdt8peA\",\"aud\":\"argo-cd\",\"c_hash\":\"79qppdZ92TNOOX9OlPxJOA\",\"email\":\"mafzal@talabat.com\",\"email_verified\":true,\"exp\":1678435498,\"groups\":[\"xxxxxx\",\"xxxxxxx\",\"xxxxxx\",\"xxxxxxx\",\"xxxxx\",\"xxxxxx\",\"xxxxx\",\"xxxxxxxx\"],\"iat\":1678349098,\"iss\":\"https://argo.xxxxx.com/api/dex\",\"name\":\"XXX XXX\",\"preferred_username\":\"xxxxx\",\"sub\":\"Cgg0ODc1NzQ3NxIGZ2l0aHVi\"}" grpc.request.content="name:\"xxxxxx\" namespace:\"xxxxx\" resourceName:\"paymentops-5df6496f69-c2js5\" version:\"v1\" group:\"\" kind:\"Pod\" force:false orphan:false " grpc.service=application.ApplicationService grpc.start_time="2023-03-09T08:05:31Z" span.kind=server system=grpc
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Unable to delete pod from ArgoCD UI using the action #12777

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development