Skip to main content

Account Service

Account Service API updates Argo CD account settings.

Service Definition

Package: account Service: AccountService The AccountService manages user accounts, authentication tokens, and permission checks in Argo CD.

RPC Methods

ListAccounts

Returns the list of accounts. Request: ListAccountRequest (Empty request) Response: AccountsList
items
Account[]
List of accounts
Account Fields:
  • name (string): Account name
  • enabled (bool): Whether the account is enabled
  • capabilities (string[]): Account capabilities
  • tokens (Token[]): List of tokens associated with the account
REST Endpoint: GET /api/v1/account

GetAccount

Returns an account by name. Request: GetAccountRequest
name
string
required
The account name
Response: Account
name
string
Account name
enabled
bool
Whether the account is enabled
capabilities
string[]
Account capabilities (e.g., “login”, “apiKey”)
tokens
Token[]
List of tokens associated with the account
Token Fields:
  • id (string): Token ID
  • issuedAt (int64): Token issue timestamp
  • expiresAt (int64): Token expiration timestamp
REST Endpoint: GET /api/v1/account/{name}

UpdatePassword

Updates an account’s password to a new value. Request: UpdatePasswordRequest
name
string
required
The account name
currentPassword
string
required
The current password
newPassword
string
required
The new password
Response: UpdatePasswordResponse REST Endpoint: PUT /api/v1/account/password

CreateToken

Creates an authentication token for an account. Request: CreateTokenRequest
name
string
required
The account name
id
string
Token identifier (optional, auto-generated if not provided)
expiresIn
int64
Token expiration duration in seconds (0 means no expiration)
Response: CreateTokenResponse
token
string
The generated JWT token
REST Endpoint: POST /api/v1/account/{name}/token

DeleteToken

Deletes an authentication token. Request: DeleteTokenRequest
name
string
required
The account name
id
string
required
The token ID to delete
Response: EmptyResponse REST Endpoint: DELETE /api/v1/account/{name}/token/{id}

CanI

Checks if the current account has permission to perform an action. Request: CanIRequest
resource
string
required
The resource type (e.g., “applications”, “clusters”, “repositories”)
action
string
required
The action to check (e.g., “get”, “create”, “update”, “delete”, “sync”, “override”)
subresource
string
The subresource (e.g., specific project name or application name)
Response: CanIResponse
value
string
Either “yes” or “no” indicating if the action is allowed
REST Endpoint: GET /api/v1/account/can-i/{resource}/{action}/{subresource}

gRPC Example

import (
    "context"
    "fmt"
    "google.golang.org/grpc"
    accountpkg "github.com/argoproj/argo-cd/v3/pkg/apiclient/account"
)

// Create a gRPC connection
conn, err := grpc.Dial("argocd-server:443", grpc.WithInsecure())
if err != nil {
    log.Fatal(err)
}
defer conn.Close()

// Create account service client
client := accountpkg.NewAccountServiceClient(conn)

// List all accounts
accounts, err := client.ListAccounts(context.Background(), &accountpkg.ListAccountRequest{})
if err != nil {
    log.Fatal(err)
}

for _, account := range accounts.Items {
    fmt.Printf("Account: %s, Enabled: %v\n", account.Name, account.Enabled)
}

// Get specific account
account, err := client.GetAccount(context.Background(), &accountpkg.GetAccountRequest{
    Name: "admin",
})
if err != nil {
    log.Fatal(err)
}

fmt.Printf("Account %s has %d tokens\n", account.Name, len(account.Tokens))

// Create a token
tokenResp, err := client.CreateToken(context.Background(), &accountpkg.CreateTokenRequest{
    Name:      "admin",
    Id:        "my-token",
    ExpiresIn: 86400, // 24 hours
})
if err != nil {
    log.Fatal(err)
}

fmt.Printf("Created token: %s\n", tokenResp.Token)

// Check permissions
canI, err := client.CanI(context.Background(), &accountpkg.CanIRequest{
    Resource:    "applications",
    Action:      "create",
    Subresource: "default/my-app",
})
if err != nil {
    log.Fatal(err)
}

if canI.Value == "yes" {
    fmt.Println("User can create applications")
} else {
    fmt.Println("User cannot create applications")
}

// Update password
_, err = client.UpdatePassword(context.Background(), &accountpkg.UpdatePasswordRequest{
    Name:            "admin",
    CurrentPassword: "old-password",
    NewPassword:     "new-password",
})
if err != nil {
    log.Fatal(err)
}

// Delete token
_, err = client.DeleteToken(context.Background(), &accountpkg.DeleteTokenRequest{
    Name: "admin",
    Id:   "my-token",
})
if err != nil {
    log.Fatal(err)
}