From f150938a784e0d01cf7ff76b3b1c4b23d2df8ca5 Mon Sep 17 00:00:00 2001
From: Deniz Erdogan <deniz.erdogan@wikimedia.de>
Date: Fri, 23 Aug 2024 17:32:02 +0200
Subject: [PATCH] configure and enable anonymous role

---
 .../production/argo-cd-base.values.yaml.gotmpl    | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/k8s/helmfile/env/production/argo-cd-base.values.yaml.gotmpl b/k8s/helmfile/env/production/argo-cd-base.values.yaml.gotmpl
index ed0c42318..8525d9baa 100644
--- a/k8s/helmfile/env/production/argo-cd-base.values.yaml.gotmpl
+++ b/k8s/helmfile/env/production/argo-cd-base.values.yaml.gotmpl
@@ -8,6 +8,7 @@ dex:
 
 configs:
   cm:
+    users.anonymous.enabled: true
     admin.enabled: false
 
     ui.bannerpermanent: true
@@ -23,6 +24,20 @@ configs:
         }
     }
 
+  rbac:
+    "policy.default": "role:unauthenticated"
+    "policy.csv": |
+        g, anonymous, role:unauthenticated
+        p, role:unauthenticated, applications, get, */*, allow
+        p, role:unauthenticated, clusters, get, */*, allow
+        p, role:unauthenticated, projects, get, *, allow
+        p, role:unauthenticated, repositories, get, *, allow
+        p, role:unauthenticated, repositories, list, *, allow
+        p, role:unauthenticated, repositories, validate, *, allow
+        p, role:unauthenticated, accounts, get, *, allow
+        p, role:unauthenticated, certificates, get, *, allow
+        p, role:unauthenticated, gpgkeys, get, *, allow
+
 controller:
   resources:
    limits: