I'm trying to access the Argo workflow archive via the REST API. The documentation states that I need to create a role and a token, so I that's what I did. A role with minimal permissions can be created like so:
kubectl create role jenkins --verb=list,update --resource=workflows.argoproj.ioAnd in fact this works, I can now access the argo server with a command like curl http://localhost:2746/api/v1/workflows/argo -H "Authorization: $ARGO_TOKEN".
However it seems that more permissions are needed to access endpoints such as /api/v1/archived-workflows, because all I get there is this:
{
"code": 7,
"message": "permission denied"
}
Presumably I need to specify other verbs and/or resources in the kubectl create role command, but I don't know which ones, and I can't find the relevant documentation. Any hints?
Looks like the role/serviceaccount/rolebinding created according to the docs only grant permissions to list Workflows in the argo namespace (whether archived or not).
The namespace can be specified for the Archive like so:
curl http://localhost:2746/api/v1/archived-workflows?listOptions.fieldSelector=metadata.namespace=argo -H "Authorization: $ARGO_TOKEN"