[2.7.3] Application "get" reports permission denied on non-existing applications

[msobkowiak-olx]

Describe the bug

Having upgraded to ArgoCD 2.7 we noticed different way of handling non-existing applications for argocd "get" command for applications.

To Reproduce

• Prepare valid URL for ArgoCD instance
• Prepare scoped token for a project, allow everything in said project
• Perform argocd app get on non-existing application

argocd app get test
FATA[0001] rpc error: code = PermissionDenied desc = permission denied

Expected behavior

argocd app get test
FATA[0000] rpc error: code = NotFound desc = error getting application: applications.argoproj.io "test" not found

Wanted to ask - is this change intentional (my guess would be that for security reasons to avoid any guessing strategies it will always fallback to a 403) ? Is there any way that on scoped projects we can get a "404" on 2.7 ? We do perform application get to detect if the application exists already and we skip application creation in that case but I suppose we can change our approach here. Perhaps adding --project to the argocd app command in general ?

[crenshaw-dev]

@msobkowiak-olx this is expected behavior.

The usability regression is tracked here: #13000

Perhaps adding --project to the argocd app command in general ?

I have a PR open which would add API support for the project field. If you're up for adding CLI support, that would be awesome. #13394

[crenshaw-dev]

Closed since it's technically a duplicate, but we can keep talking about the PR(s) here if you want. :-)

[ebuildy]

I found this issue randomly, using a non updated argocd CLI:

• argocd cli 2.6.2
• argocd server 2.16.10

This make not possible to create application, complain about "Denied". I guess the CLI do a "get" before "Create":

[msobkowiak-olx]

Just update to ArgoCLI 2.7 - it works then. No need to change the logic in the pipelines (at least that was the case for us).