Describe the bug

The Terraform argocd provider does not allow to create argocd_application_set outside of the default argo namespace.

Error:

User "system:serviceaccount:argo:argocd-server" cannot create resource "applicationsets" in API group "argoproj.io" in the namespace "argo-application-sets"

Related helm chart

argo-cd

Helm chart version

8.2.7

To Reproduce

Terraform code snipped

resource argocd_application_set grafana {
  metadata {
    name      = "monitoring"
    namespace = "argo-application-sets" # Namespace does NOT match the argo deployed namespace
  }

  spec {
    generator {
      clusters {}
    }

    template {
      metadata {
        name      = "monitoring-{{name}}"
        namespace = "argo-{{name}}"
      }
...
}

Result of the terraform call

  │ Error: failed to create application set monitoring
  │ 
  │   with argocd_application_set.grafana,
  │   on main.tf line 6, in resource "argocd_application_set" "grafana":
  │    6: resource argocd_application_set grafana {
  │ 
  │ rpc error: code = PermissionDenied desc = error creating ApplicationSet:
  │ applicationsets.argoproj.io is forbidden: User
  │ "system:serviceaccount:argo:argocd-server" cannot create resource
  │ "applicationsets" in API group "argoproj.io" in the namespace
  │ "argo-application-sets"

Expected behavior

Deployment of the ApplicationSet should be capable to deploy to any namespace if enabled via the HelmChart.

Screenshots

No response

Additional context

• The ArgoCD Server only has permission to manage applicationsets within the argo namespace due to the role.
• ArgoCD does NOT have the permission for other namespaces due to it's missing write / update / delete permission by the clusterrole.