Skip to content

Unintended side effects when syncing a multi source app with revisions #22857

New issue
New issue
Open
Open
Unintended side effects when syncing a multi source app with revisions#22857
Labels
bugSomething isn't workingcomponent:rbacIssue related to User management, Policy and API accesscomponent:serverIssue related to the Server componentsecuritySecurity related issues
@schraax

Description

@schraax
schraax
opened on May 3, 2025

Checklist:

  • I've searched in the docs and FAQ for my answer: https://bit.ly/argocd-faq.
  • I've included steps to reproduce the bug.
  • I've pasted the output of argocd version.

Describe the bug

When performing a syncing a multi-source app with Revisions defined (via Rest API), the App Target Revisions get overwritten.

To Reproduce

see

argo-cd/server/application/application.go

Line 2041 in 5cd1ef9

sources[pos-1].TargetRevision = syncReq.Revisions[i]

This writes to the slice stolen from app spec, and makes the following check to prevent such syncs when autosync is enabled a no-op.

Expected behavior

A sync should not change the Application spec.
Syncing arbitrary revisions should be prevented when autosync is enabled

Screenshots

Version

any version up to now

Logs

Paste any relevant application logs here.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingcomponent:rbacIssue related to User management, Policy and API accesscomponent:serverIssue related to the Server componentsecuritySecurity related issues

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions