{"id":30272,"date":"2022-06-14T20:19:25","date_gmt":"2022-06-14T20:19:25","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=30272"},"modified":"2022-12-23T05:52:46","modified_gmt":"2022-12-23T05:52:46","slug":"working-with-local-users-accounts-in-argocd","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/working-with-local-users-accounts-in-argocd\/","title":{"rendered":"Working with Local users\/accounts in ArgoCD"},"content":{"rendered":"\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"925\" height=\"379\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/06\/image-28.png\" alt=\"\" class=\"wp-image-30274\" srcset=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/06\/image-28.png 925w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/06\/image-28-300x123.png 300w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/06\/image-28-768x315.png 768w\" sizes=\"auto, (max-width: 925px) 100vw, 925px\" \/><\/figure>\n\n\n\n<p>Once installed Argo CD has one built-in admin user that has full access to the system. It is recommended to use <strong>admin <\/strong>user only for initial configuration and then switch to local users or configure SSO integration.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Local users\/accounts<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>The maximum length of a local account&#8217;s username is 32.<\/li><li>Each user might have two capabilities:<br>apiKey &#8211; allows generating authentication tokens for API access<br>login &#8211; allows to login using UI<\/li><li>New users should be defined in\u00a0<code>argocd-cm<\/code>\u00a0ConfigMap:<\/li><li>As soon as additional users are created it is recommended to disable\u00a0<code>admin<\/code>\u00a0user:<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"393\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/06\/image-29-1024x393.png\" alt=\"\" class=\"wp-image-30276\" srcset=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/06\/image-29-1024x393.png 1024w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/06\/image-29-300x115.png 300w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/06\/image-29-768x295.png 768w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2022\/06\/image-29.png 1090w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">The local users\/accounts feature serves two main use-cases:<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Auth tokens for Argo CD management automation. It is possible to configure an API account with limited permissions and generate an authentication token. Such token can be used to automatically create applications, projects etc.<\/li><li>Additional users for a very small team where use of SSO integration might be considered an overkill. The local users don&#8217;t provide advanced features such as groups, login history etc. So if you need such features it is strongly recommended to use SSO.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Create new user<\/h2>\n\n\n\n<p><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<pre class=\"wp-block-code\"><span><code class=\"hljs\">apiVersion: v1\r\nkind: ConfigMap\r\nmetadata:\r\n  name: argocd-cm\r\n  namespace: argocd\r\n  labels:\r\n    app.kubernetes.io\/name: argocd-cm\r\n    app.kubernetes.io\/part-of: argocd\r\ndata:\r\n  # add an additional local user with apiKey and login capabilities\r\n  #   apiKey - allows generating API keys\r\n  #   login - allows to login using UI\r\n  accounts.alice: apiKey, login\r\n  # disables user. User is enabled by default\r\n  accounts.alice.enabled: \"false\"<\/code><\/span><\/pre>\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Disable admin user<\/h2>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-1\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\">apiVersion: v1\r\n<span class=\"hljs-attr\">kind<\/span>: ConfigMap\r\n<span class=\"hljs-attr\">metadata<\/span>:\r\n  name: argocd-cm\r\n  <span class=\"hljs-attr\">namespace<\/span>: argocd\r\n  <span class=\"hljs-attr\">labels<\/span>:\r\n    app.kubernetes.io\/name: argocd-cm\r\n    app.kubernetes.io\/part-<span class=\"hljs-keyword\">of<\/span>: argocd\r\n<span class=\"hljs-attr\">data<\/span>:\r\n  admin.enabled: <span class=\"hljs-string\">\"false\"<\/span><\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-1\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">ArgoCD Account CLI<\/h2>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-2\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\">Available Commands:\r\n  can-i           Can I\r\n  <span class=\"hljs-keyword\">delete<\/span>-token    Deletes account token\r\n  generate-token  Generate account token\r\n  <span class=\"hljs-keyword\">get<\/span>             Get account details\r\n  <span class=\"hljs-keyword\">get<\/span>-user-info   Get user info\r\n  list            List accounts\r\n  update-password Update an account's password\r\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-2\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">The Argo CD CLI provides set of commands to set user password and generate tokens.<\/h2>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-3\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\">Get full users <span class=\"hljs-keyword\">list<\/span>\r\n\r\n$ argocd account <span class=\"hljs-keyword\">list<\/span>\r\n\nGet specific user details\r\n\r\n$ argocd account get --account &lt;username&gt;\r\n\nSet user password\r\n\r\n<span class=\"hljs-comment\"># if you are managing users as the admin user, &lt;current-user-password&gt; should be the current admin password.<\/span>\r\n$ argocd account update-password \\\r\n  --account &lt;name&gt; \\\r\n  --current-password &lt;current-user-password&gt; \\\r\n  --<span class=\"hljs-keyword\">new<\/span>-password &lt;<span class=\"hljs-keyword\">new<\/span>-user-password&gt;\r\n\nGenerate auth token\r\n\r\n<span class=\"hljs-comment\"># if flag --account is omitted then Argo CD generates token for current user<\/span>\r\n$ argocd account generate-token --account &lt;username&gt;\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-3\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>","protected":false},"excerpt":{"rendered":"<p>Once installed Argo CD has one built-in admin user that has full access to the system. It is recommended to use admin user only for initial configuration and then switch to local users or configure SSO integration. Local users\/accounts The maximum length of a local account&#8217;s username is 32. Each user might have two capabilities:apiKey&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"_kad_post_classname":"","_joinchat":[],"footnotes":""},"categories":[2],"tags":[],"class_list":["post-30272","post","type-post","status-publish","format-standard","hentry","category-uncategorised"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/30272","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=30272"}],"version-history":[{"count":2,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/30272\/revisions"}],"predecessor-version":[{"id":30277,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/30272\/revisions\/30277"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=30272"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=30272"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=30272"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}