Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to Add Gitlab repository with Project/Group/deployment token #17396

Open
3 tasks done
amarjitmult opened this issue Mar 4, 2024 · 1 comment
Open
3 tasks done

Unable to Add Gitlab repository with Project/Group/deployment token #17396

amarjitmult opened this issue Mar 4, 2024 · 1 comment
Labels
bug Something isn't working component:auth component:git Interaction with GitHub, Gitlab etc component:security

Comments

@amarjitmult
Copy link

Checklist:

  • I've searched in the docs and FAQ for my answer: https://bit.ly/argocd-faq.
  • I've included steps to reproduce the bug.
  • I've pasted the output of argocd version.

Describe the bug

ArgoCD fails to add a GitLab-hosted repository using standard authentication methods (Deployment token, project token, group token, or SSH). Only a personal token from a user with GitLab system-wide Administrator role seems to work. Using such a token in ArgoCD's repository setup poses a security risk. GitLab version is GitLab Enterprise Edition v16.8.1-ee, and ArgoCD version is v2.10.1+a79e0ea, installed using the HELM chart. The error "rpc error: code = Unknown desc = error testing repository connectivity: repository not found" is received when attempting to add the repository.

To Reproduce

  1. On the GitLab project, obtain the repository URL for HTTPS – the same URL used for cloning the repository.
  2. Create an Access Token in the GitLab project by going to 'Settings' > 'Access Tokens'. Set the token name and assign appropriate privileges, ensuring "read_api" and "read_repository" scopes are selected.
  3. In ArgoCD's UI, go to 'Settings' > 'Repositories' to connect the repository. Use HTTPS, input the project and repository URL as obtained before. Use the token name as the username and the generated token as the password.
  4. Attempting to add the repository in ArgoCD fails, producing an error. Retrieve the error details from the argocd-server pod logs.

Expected behavior

The expected behavior for ArgoCD when adding a GitLab-hosted repository is to successfully connect using various authentication methods, such as Deployment tokens, project tokens, group tokens, or SSH keys, without requiring elevated permissions like a GitLab system-wide administrator role. The process should be secure, not exposing the system to unnecessary risks, and should allow for the use of least-privilege tokens that have just enough permissions to read the repository and API.

Screenshots

None

Version

argocd version
argocd: v2.10.1+a79e0ea
  BuildDate: 2024-02-14T17:37:43Z
  GitCommit: a79e0eaca415461dc36615470cecc25d6d38cefb
  GitTreeState: clean
  GoVersion: go1.21.3
  Compiler: gc
  Platform: linux/amd64

Logs

FATA[0000] rpc error: code = Unknown desc = error testing repository connectivity: repository not found
@amarjitmult amarjitmult added the bug Something isn't working label Mar 4, 2024
@srekkas
Copy link

srekkas commented Mar 15, 2024

Mine started working after changing role to maintainer.

@reggie-k reggie-k added component:auth component:git Interaction with GitHub, Gitlab etc component:security labels Sep 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working component:auth component:git Interaction with GitHub, Gitlab etc component:security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@amarjitmult @reggie-k @srekkas