fix: parse project with applicationset resource (argoproj#23252)

blakepettersson · enneitex · commit a05a2c9eb1cc · 2025-08-24T12:13:57.000+02:00
Signed-off-by: Blake Pettersson &lt;blake.pettersson@gmail.com&gt;
Signed-off-by: enneitex &lt;etienne.divet@gmail.com&gt;
diff --git a/server/rbacpolicy/rbacpolicy.go b/server/rbacpolicy/rbacpolicy.go
@@ -132,7 +132,7 @@ func (p *RBACPolicyEnforcer) getProjectFromRequest(rvals ...any) *v1alpha1.AppPr
 	if res, ok := rvals[1].(string); ok {
 		if obj, ok := rvals[3].(string); ok {
 			switch res {
-			case rbac.ResourceApplications, rbac.ResourceRepositories, rbac.ResourceClusters, rbac.ResourceLogs, rbac.ResourceExec:
+			case rbac.ResourceApplicationSets, rbac.ResourceApplications, rbac.ResourceRepositories, rbac.ResourceClusters, rbac.ResourceLogs, rbac.ResourceExec:
 				if objSplit := strings.Split(obj, "/"); len(objSplit) >= 2 {
 					return getProjectByName(objSplit[0])
 				}
diff --git a/server/rbacpolicy/rbacpolicy_test.go b/server/rbacpolicy/rbacpolicy_test.go
@@ -6,6 +6,7 @@ import (
 
 	"github.com/golang-jwt/jwt/v5"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes/fake"
 
@@ -187,11 +188,46 @@ func TestGetScopes_CustomScopes(t *testing.T) {
 }
 
 func Test_getProjectFromRequest(t *testing.T) {
-	fp := newFakeProj()
-	projLister := test.NewFakeProjLister(fp)
+	tests := []struct {
+		name     string
+		resource string
+		action   string
+		arg      string
+	}{
+		{
+			name:     "valid project/repo string",
+			resource: "repositories",
+			action:   "create",
+			arg:      newFakeProj().Name + "/https://github.com/argoproj/argocd-example-apps",
+		},
+		{
+			name:     "applicationsets with project/repo string",
+			resource: "applicationsets",
+			action:   "create",
+			arg:      newFakeProj().Name + "/https://github.com/argoproj/argocd-example-apps",
+		},
+		{
+			name:     "applicationsets with project/repo string",
+			resource: "applicationsets",
+			action:   "*",
+			arg:      newFakeProj().Name + "/https://github.com/argoproj/argocd-example-apps",
+		},
+		{
+			name:     "applicationsets with project/repo string",
+			resource: "applicationsets",
+			action:   "get",
+			arg:      newFakeProj().Name + "/https://github.com/argoproj/argocd-example-apps",
+		},
+	}
 
-	rbacEnforcer := NewRBACPolicyEnforcer(nil, projLister)
-	project := rbacEnforcer.getProjectFromRequest("", "repositories", "create", fp.Name+"/https://github.com/argoproj/argocd-example-apps")
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			fp := newFakeProj()
+			projLister := test.NewFakeProjLister(fp)
+			rbacEnforcer := NewRBACPolicyEnforcer(nil, projLister)
 
-	assert.Equal(t, project.Name, fp.Name)
+			project := rbacEnforcer.getProjectFromRequest("", tt.resource, tt.action, tt.arg)
+			require.Equal(t, fp.Name, project.Name)
+		})
+	}
 }

Original file line number	Diff line number	Diff line change
`@@ -132,7 +132,7 @@ func (p RBACPolicyEnforcer) getProjectFromRequest(rvals ...any) v1alpha1.AppPr`
`132`	`132`	`if res, ok := rvals[1].(string); ok {`
`133`	`133`	`if obj, ok := rvals[3].(string); ok {`
`134`	`134`	`switch res {`
`135`		`- case rbac.ResourceApplications, rbac.ResourceRepositories, rbac.ResourceClusters, rbac.ResourceLogs, rbac.ResourceExec:`
	`135`	`+ case rbac.ResourceApplicationSets, rbac.ResourceApplications, rbac.ResourceRepositories, rbac.ResourceClusters, rbac.ResourceLogs, rbac.ResourceExec:`
`136`	`136`	`if objSplit := strings.Split(obj, "/"); len(objSplit) >= 2 {`
`137`	`137`	`return getProjectByName(objSplit[0])`
`138`	`138`	`}`