feat: Allow users to disable default project creation (#15518)

[henkka]

Summary

Allow users to disable the automatic creation of the default project in argocd-server. Closes #15518

Motivation

To enhance Argo CD security, this feature offers an alternative to #11058, inspired by @12345ieee's comment here. This would let us disable default project creation during runtime and either create a hardened version declaratively before argocd-server starts or omit the default project entirely.

Checklist:

• Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
• The title of the PR states what changed and the related issues number (used for the release note).
• The title of the PR conforms to the Toolchain Guide
• I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
• I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
• Does this PR require documentation updates?
• I've updated documentation as required by this PR.
• Optional. My organization is added to USERS.md.
• I have signed off all my commits as required by DCO
• I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
• My build is green (troubleshooting builds).
• My new feature complies with the feature status guidelines.
• I have added a brief description of why this PR is necessary and/or what this PR solves.

[henkka]

I decided to disable the default project creation in headless use-case, as I felt it would be side-effect there. What do you think?

[blakepettersson]

I don't think that should happen. If running Argo CD in headless mode, the expectation would be that there should not be any breaking changes (which this would be).

IMO I think the way to go is to add a command line option here (defaulting to false).

On the other side, it totally makes sense for any command invoking headless to have this set to true (since as you say, running e.g argocd repo add should not on its own create a default AppProject if it has been disabled in argocd-server.

Do you have any thoughts on this @crenshaw-dev?

[blakepettersson]

Hmm. The more I'm looking at this, I'm starting to wonder if it wouldn't be better if the initDefaultProject function was instead moved to the application controller, to better accommodate the headless use case.

[henkka]

IMO I think the way to go is to add a command line option here (defaulting to false).

Thanks for the suggestion! I've implemented your idea in this commit

Regarding moving initDefaultProject to the application controller, I'm open to it if it better suits headless use cases. 😊

[codecov]

Codecov Report

Patch coverage: 37.50% and project coverage change: -0.01% ⚠️

Comparison is base (df714ac) 50.00% compared to head (f5af4ad) 50.00%.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #15530      +/-   ##
==========================================
- Coverage   50.00%   50.00%   -0.01%     
==========================================
  Files         266      266              
  Lines       45631    45638       +7     
==========================================
+ Hits        22818    22821       +3     
- Misses      20581    20585       +4     
  Partials     2232     2232              

Files Changed	Coverage Δ
cmd/argocd/commands/admin/dashboard.go	0.00% <0.00%> (ø)
server/server.go	56.23% <100.00%> (+0.13%)	⬆️

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[blakepettersson]

Could you also add an env mapping to the application-controller argocd-server configmap?

[henkka]

Thanks! I've tried to mimic from #11307 to include all the locations that this should be updated to. c8f53cb

[blakepettersson]

See my comment above, apart from that it LGTM at least 😄

[jannfis]

Hm. I'm not sure that disabling the default project is the way to go. There are a couple of places within Argo CD that assume the default project to exist.

I may have missed the conversation, but why don't we lock down the default project so it's only able to do... nothing? :)

[henkka]

There are a couple of places within Argo CD that assume the default project to exist.

Ah, I've missed that! Our use-case for this feature would be to handle the default project CR outside of the argocd-server runtime, so we can restrict it the way we like it (and we don't need to do any convoluted and hack'ish "ensure our custom CR is created before argocd-server starts up" (or even omit it completely, which might not be possible if your statement is correct).

This PR provides an "escape hatch" for us, letting us disable a feature in argocd-server that doesn't meet our requirements. We can then implement it externally as we see fit. Importantly, this won't alter the default behavior for other users.

but why don't we lock down the default project so it's only able to do... nothing? :)

While locking down the default project could work for us, it seems like a non-starter given the discussion in #11058. We can't afford to wait for Argo CD 3.0 for our internal platform needs, so instead, we proposed #15518

[jannfis]

Thanks @henkka, I've put some of my thoughts around this into the discussion at #11058 (comment)

[henkka]

Thanks @henkka, I've put some of my thoughts around this into the discussion at #11058 (comment)

Thanks @jannfis for driving this forward. 😊 Closing this PR and associated issue as we monitor the progress on #11058.