Bump version to v0.7.2, add release notes, update manifests

API discovery becomes best effort when partial resource list is returned (resolves #524 ) (#525 )
2026-04-09 18:28:48 +02:00 · 2018-08-21 00:16:15 -07:00 · 2018-08-21 00:10:43 -07:00
82 changed files with 1349 additions and 5388 deletions
--- a/.argo-ci/ci.yaml
+++ b/.argo-ci/ci.yaml
@@ -29,13 +29,7 @@ spec:
          - name: cmd
            value: "{{item}}"
        withItems:
-        - dep ensure && make cli lint
-      - name: test-coverage
-        template: ci-builder
-        arguments:
-          parameters:
-          - name: cmd
-            value: "dep ensure && go get github.com/mattn/goveralls && make test-coverage"
+        - dep ensure && make cli lint test
      - name: test-e2e
        template: ci-builder
        arguments:
@@ -56,22 +50,12 @@ spec:
    container:
      image: argoproj/argo-cd-ci-builder:latest
      command: [sh, -c]
-      args: ["mkfifo pipe; tee /tmp/logs.txt < pipe & {{inputs.parameters.cmd}} > pipe"]
+      args: ["{{inputs.parameters.cmd}}"]
      workingDir: /go/src/github.com/argoproj/argo-cd
-      env:
-        - name: COVERALLS_TOKEN
-          valueFrom:
-            secretKeyRef:
-              name: coverall-token
-              key: coverall-token
      resources:
        requests:
          memory: 1024Mi
          cpu: 200m
-    outputs:
-      artifacts:
-      - name: logs
-        path: /tmp/logs.txt

  - name: ci-dind
    inputs:
@@ -86,7 +70,7 @@ spec:
    container:
      image: argoproj/argo-cd-ci-builder:latest
      command: [sh, -c]
-      args: ["mkfifo pipe; tee /tmp/logs.txt < pipe & until docker ps; do sleep 3; done && {{inputs.parameters.cmd}} > pipe"]
+      args: ["until docker ps; do sleep 3; done && {{inputs.parameters.cmd}}"]
      workingDir: /go/src/github.com/argoproj/argo-cd
      env:
      - name: DOCKER_HOST
@@ -101,7 +85,4 @@ spec:
      securityContext:
        privileged: true
      mirrorVolumeMounts: true
-    outputs:
-      artifacts:
-      - name: logs
-        path: /tmp/logs.txt
+
--- a/.gitignore
+++ b/.gitignore
@@ -7,4 +7,3 @@ dist/
 # delve debug binaries
 cmd/**/debug
 debug.test
-coverage.out
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,50 +1,5 @@
 # Changelog

-## v0.8.2 (2018-09-12)
- Downgrade ksonnet from v0.12.0 to v0.11.0 due to quote unescape regression
- Fix CLI panic when performing an initial `argocd sync/wait`
-
-## v0.8.1 (2018-09-10)
-+ [UI] Support selection of helm values files in App creation wizard (issue #499)
-+ [UI] Support specifying source revision in App creation wizard allow (issue #503)
-+ [UI] Improve resource diff rendering (issue #457)
-+ [UI] Indicate number of ready containers in pod (issue #539)
-+ [UI] Indicate when app is overriding parameters (issue #503)
-+ [UI] Provide a YAML view of resources (issue #396)
- Fix issue where changes were not pulled when tracking a branch (issue #567)
- Fix controller hot loop when app source contains bad manifests (issue #568)
- [UI] Fix issue where projects filter does not work when application got changed
-
-## v0.8.0 (2018-09-04)
-
-### Notes about upgrading from v0.7
-* The RBAC model has been improved to support explicit denies. What this means is that any previous
-RBAC policy rules, need to be rewritten to include one extra column with the effect:
-`allow` or `deny`. For example, if a rule was written like this:
-    ```
-    p, my-org:my-team, applications, get, */*
-    ```
-    It should be rewritten to look like this:
-    ```
-    p, my-org:my-team, applications, get, */*, allow
-    ```
-
-### Changes since v0.7:
-+ Support kustomize as an application source (issue #510)
-+ Introduce project tokens for automation access (issue #498)
-+ Add ability to delete a single application resource to support immutable updates (issue #262)
-+ Update RBAC model to support explicit denies (issue #497)
-+ Ability to view Kubernetes events related to application projects for auditing
-+ Add PVC healthcheck to controller (issue #501)
-+ Run all containers as an unprivileged user (issue #528)
-* Upgrade ksonnet to v0.12.0
-* Add readiness probes to API server (issue #522)
-* Use gRPC error codes instead of fmt.Errorf (#532)
- API discovery becomes best effort when partial resource list is returned (issue #524)
- Fix `argocd app wait` printing incorrect Sync output (issue #542)
- Fix issue where argocd could not sync to a tag (#541)
- Fix issue where static assets were browser cached between upgrades (issue #489)
-
 ## v0.7.2 (2018-08-21)
 - API discovery becomes best effort when partial resource list is returned (issue #524)

--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -6,7 +6,6 @@ Make sure you have following tools installed
 * [protobuf](https://developers.google.com/protocol-buffers/)
 * [ksonnet](https://github.com/ksonnet/ksonnet#install)
 * [helm](https://github.com/helm/helm/releases)
-* [kustomize](https://github.com/kubernetes-sigs/kustomize/releases)
 * [go-swagger](https://github.com/go-swagger/go-swagger/blob/master/docs/install.md)
 * [jq](https://stedolan.github.io/jq/)
 * [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/).
--- a/128
+++ b/128
@@ -1,128 +0,0 @@
-####################################################################################################
-# Builder image
-# Initial stage which pulls prepares build dependencies and CLI tooling we need for our final image
-# Also used as the image in CI jobs so needs all dependencies
-####################################################################################################
-FROM golang:1.10.3 as builder
-
-RUN apt-get update && apt-get install -y \
-    git \
-    make \
-    wget \
-    gcc \
-    zip && \
-    apt-get clean && \
-    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
-
-WORKDIR /tmp
-
-# Install docker
-ENV DOCKER_VERSION=18.06.0
-RUN curl -O https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}-ce.tgz && \
-  tar -xzf docker-${DOCKER_VERSION}-ce.tgz && \
-  mv docker/docker /usr/local/bin/docker && \
-  rm -rf ./docker
-
-# Install dep
-ENV DEP_VERSION=0.5.0
-RUN wget https://github.com/golang/dep/releases/download/v${DEP_VERSION}/dep-linux-amd64 -O /usr/local/bin/dep && \
-    chmod +x /usr/local/bin/dep
-
-# Install gometalinter
-RUN curl -sLo- https://github.com/alecthomas/gometalinter/releases/download/v2.0.5/gometalinter-2.0.5-linux-amd64.tar.gz | \
-    tar -xzC "$GOPATH/bin" --exclude COPYING --exclude README.md --strip-components 1 -f- && \
-    ln -s $GOPATH/bin/gometalinter $GOPATH/bin/gometalinter.v2
-
-# Install packr
-ENV PACKR_VERSION=1.13.2
-RUN wget https://github.com/gobuffalo/packr/releases/download/v${PACKR_VERSION}/packr_${PACKR_VERSION}_linux_amd64.tar.gz && \
-    tar -vxf packr*.tar.gz -C /tmp/ && \
-    mv /tmp/packr /usr/local/bin/packr
-
-# Install kubectl
-RUN curl -L -o /usr/local/bin/kubectl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl && \
-    chmod +x /usr/local/bin/kubectl
-
-# Install ksonnet
-# NOTE: we frequently switch between tip of master ksonnet vs. official builds. Comment/uncomment
-# the corresponding section to switch between the two options:
-# Option 1: build ksonnet ourselves
-#RUN go get -v -u github.com/ksonnet/ksonnet && mv ${GOPATH}/bin/ksonnet /usr/local/bin/ks
-# Option 2: use official tagged ksonnet release
-ENV KSONNET_VERSION=0.11.0
-RUN wget https://github.com/ksonnet/ksonnet/releases/download/v${KSONNET_VERSION}/ks_${KSONNET_VERSION}_linux_amd64.tar.gz && \
-    tar -C /tmp/ -xf ks_${KSONNET_VERSION}_linux_amd64.tar.gz && \
-    mv /tmp/ks_${KSONNET_VERSION}_linux_amd64/ks /usr/local/bin/ks
-
-# Install helm
-ENV HELM_VERSION=2.9.1
-RUN wget https://storage.googleapis.com/kubernetes-helm/helm-v${HELM_VERSION}-linux-amd64.tar.gz && \
-    tar -C /tmp/ -xf helm-v${HELM_VERSION}-linux-amd64.tar.gz && \
-    mv /tmp/linux-amd64/helm /usr/local/bin/helm
-
-# Install kustomize
-ENV KUSTOMIZE_VERSION=1.0.7
-RUN curl -L -o /usr/local/bin/kustomize https://github.com/kubernetes-sigs/kustomize/releases/download/v${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_linux_amd64 && \
-    chmod +x /usr/local/bin/kustomize
-
-
-####################################################################################################
-# ArgoCD Build stage which performs the actual build of ArgoCD binaries
-####################################################################################################
-FROM golang:1.10.3 as argocd-build
-
-COPY --from=builder /usr/local/bin/dep /usr/local/bin/dep
-COPY --from=builder /usr/local/bin/packr /usr/local/bin/packr
-
-# A dummy directory is created under $GOPATH/src/dummy so we are able to use dep
-# to install all the packages of our dep lock file
-COPY Gopkg.toml ${GOPATH}/src/dummy/Gopkg.toml
-COPY Gopkg.lock ${GOPATH}/src/dummy/Gopkg.lock
-
-RUN cd ${GOPATH}/src/dummy && \
-    dep ensure -vendor-only && \
-    mv vendor/* ${GOPATH}/src/ && \
-    rmdir vendor
-
-# Perform the build
-WORKDIR /go/src/github.com/argoproj/argo-cd
-COPY . .
-ARG MAKE_TARGET="cli server controller repo-server argocd-util"
-RUN make ${MAKE_TARGET}
-
-
-####################################################################################################
-# Final image
-####################################################################################################
-FROM debian:9.5-slim
-
-RUN groupadd -g 999 argocd && \
-    useradd -r -u 999 -g argocd argocd && \
-    mkdir -p /home/argocd && \
-    chown argocd:argocd /home/argocd && \
-    apt-get update && \
-    apt-get install -y git && \
-    apt-get clean && \
-    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
-
-COPY --from=builder /usr/local/bin/ks /usr/local/bin/ks
-COPY --from=builder /usr/local/bin/helm /usr/local/bin/helm
-COPY --from=builder /usr/local/bin/kubectl /usr/local/bin/kubectl
-COPY --from=builder /usr/local/bin/kustomize /usr/local/bin/kustomize
-
-# workaround ksonnet issue https://github.com/ksonnet/ksonnet/issues/298
-ENV USER=argocd
-
-COPY --from=argocd-build /go/src/github.com/argoproj/argo-cd/dist/* /usr/local/bin/
-
-# Symlink argocd binaries under root for backwards compatibility that expect it under /
-RUN ln -s /usr/local/bin/argocd /argocd && \
-    ln -s /usr/local/bin/argocd-server /argocd-server && \
-    ln -s /usr/local/bin/argocd-util /argocd-util && \
-    ln -s /usr/local/bin/argocd-application-controller /argocd-application-controller && \
-    ln -s /usr/local/bin/argocd-repo-server /argocd-repo-server
-
-USER argocd
-WORKDIR /home/argocd
-ARG BINARY
-CMD ${BINARY}
--- a/88
+++ b/88
@@ -0,0 +1,88 @@
+FROM debian:9.4 as builder
+
+RUN apt-get update && apt-get install -y \
+    git \
+    make \
+    wget \
+    gcc \
+    zip && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+# Install go
+ENV GO_VERSION 1.10.3
+ENV GO_ARCH amd64
+ENV GOPATH /root/go
+ENV PATH ${GOPATH}/bin:/usr/local/go/bin:${PATH}
+RUN wget https://storage.googleapis.com/golang/go${GO_VERSION}.linux-${GO_ARCH}.tar.gz && \
+    tar -C /usr/local/ -xf /go${GO_VERSION}.linux-${GO_ARCH}.tar.gz && \
+    rm /go${GO_VERSION}.linux-${GO_ARCH}.tar.gz
+
+# Install protoc, dep, packr
+ENV PROTOBUF_VERSION 3.5.1
+RUN cd /usr/local && \
+    wget https://github.com/google/protobuf/releases/download/v${PROTOBUF_VERSION}/protoc-${PROTOBUF_VERSION}-linux-x86_64.zip && \
+    unzip protoc-*.zip && \
+    wget https://github.com/golang/dep/releases/download/v0.4.1/dep-linux-amd64 -O /usr/local/bin/dep && \
+    chmod +x /usr/local/bin/dep && \
+    wget https://github.com/gobuffalo/packr/releases/download/v1.11.0/packr_1.11.0_linux_amd64.tar.gz && \
+    tar -vxf packr*.tar.gz -C /tmp/ && \
+    mv /tmp/packr /usr/local/bin/packr 
+
+# A dummy directory is created under $GOPATH/src/dummy so we are able to use dep
+# to install all the packages of our dep lock file
+COPY Gopkg.toml ${GOPATH}/src/dummy/Gopkg.toml
+COPY Gopkg.lock ${GOPATH}/src/dummy/Gopkg.lock
+
+RUN cd ${GOPATH}/src/dummy && \
+    dep ensure -vendor-only && \
+    mv vendor/* ${GOPATH}/src/ && \
+    rmdir vendor
+
+# Perform the build
+WORKDIR /root/go/src/github.com/argoproj/argo-cd
+COPY . .
+ARG MAKE_TARGET="cli server controller repo-server argocd-util"
+RUN make ${MAKE_TARGET}
+
+
+##############################################################
+# This stage will pull in or build any CLI tooling we need for our final image
+
+FROM golang:1.10 as cli-tooling
+
+# NOTE: we frequently switch between tip of master ksonnet vs. official builds. Comment/uncomment
+# the corresponding section to switch between the two options:
+
+# Option 1: build ksonnet ourselves
+#RUN go get -v -u github.com/ksonnet/ksonnet && mv ${GOPATH}/bin/ksonnet /ks
+
+# Option 2: use official tagged ksonnet release
+env KSONNET_VERSION=0.11.0
+RUN wget https://github.com/ksonnet/ksonnet/releases/download/v${KSONNET_VERSION}/ks_${KSONNET_VERSION}_linux_amd64.tar.gz && \
+    tar -C /tmp/ -xf ks_${KSONNET_VERSION}_linux_amd64.tar.gz && \
+    mv /tmp/ks_${KSONNET_VERSION}_linux_amd64/ks /ks
+
+RUN curl -o /kubectl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl && \
+    chmod +x /kubectl
+
+env HELM_VERSION=2.9.1
+RUN wget https://storage.googleapis.com/kubernetes-helm/helm-v${HELM_VERSION}-linux-amd64.tar.gz && \
+    tar -C /tmp/ -xf helm-v${HELM_VERSION}-linux-amd64.tar.gz && \
+    mv /tmp/linux-amd64/helm /helm
+
+##############################################################
+FROM debian:9.3
+RUN apt-get update && apt-get install -y git && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+COPY --from=cli-tooling /ks /usr/local/bin/ks
+COPY --from=cli-tooling /helm /usr/local/bin/helm
+COPY --from=cli-tooling /kubectl /usr/local/bin/kubectl
+# workaround ksonnet issue https://github.com/ksonnet/ksonnet/issues/298
+ENV USER=root
+
+COPY --from=builder /root/go/src/github.com/argoproj/argo-cd/dist/* /
+ARG BINARY
+CMD /${BINARY}
--- a/28
+++ b/28
@@ -0,0 +1,28 @@
+FROM golang:1.10.3
+
+WORKDIR /tmp
+
+RUN curl -O https://get.docker.com/builds/Linux/x86_64/docker-1.13.1.tgz && \
+  tar -xzf docker-1.13.1.tgz && \
+  mv docker/docker /usr/local/bin/docker && \
+  rm -rf ./docker && \
+  go get -u github.com/golang/dep/cmd/dep && \
+  go get -u gopkg.in/alecthomas/gometalinter.v2 && \
+  gometalinter.v2 --install
+
+# Install kubectl
+RUN curl -o /kubectl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl && \
+    chmod +x /kubectl && mv /kubectl /usr/local/bin/kubectl
+
+# Install ksonnet
+env KSONNET_VERSION=0.11.0
+RUN wget https://github.com/ksonnet/ksonnet/releases/download/v${KSONNET_VERSION}/ks_${KSONNET_VERSION}_linux_amd64.tar.gz && \
+    tar -C /tmp/ -xf ks_${KSONNET_VERSION}_linux_amd64.tar.gz && \
+    mv /tmp/ks_${KSONNET_VERSION}_linux_amd64/ks /usr/local/bin/ks && \
+    rm -rf /tmp/ks_${KSONNET_VERSION}
+
+# Install helm
+env HELM_VERSION=2.9.1
+RUN wget https://storage.googleapis.com/kubernetes-helm/helm-v${HELM_VERSION}-linux-amd64.tar.gz && \
+    tar -C /tmp/ -xf helm-v${HELM_VERSION}-linux-amd64.tar.gz && \
+    mv /tmp/linux-amd64/helm /usr/local/bin/helm
--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -53,17 +53,6 @@
  revision = "ac241c95c13f08e868cd6f5ee32c9ce273e239ff"
  version = "v2.1.1"

-[[projects]]
-  branch = "master"
-  digest = "1:f624a361a427f4c9853f1d4d0bd47dff8323cef0054708d8df56cefe03ce4ac5"
-  name = "github.com/argoproj/pkg"
-  packages = [
-    "exec",
-    "time",
-  ]
-  pruneopts = ""
-  revision = "fc8a50f323ce16f93a34632f7abf780977386fe8"
-
 [[projects]]
  digest = "1:d8a2bb36a048d1571bcc1aee208b61f39dc16c6c53823feffd37449dde162507"
  name = "github.com/asaskevich/govalidator"
@@ -138,14 +127,6 @@
  revision = "06ea1031745cb8b3dab3f6a236daf2b0aa468b7e"
  version = "v3.2.0"

-[[projects]]
-  branch = "master"
-  digest = "1:f1a75a8e00244e5ea77ff274baa9559eb877437b240ee7b278f3fc560d9f08bf"
-  name = "github.com/dustin/go-humanize"
-  packages = ["."]
-  pruneopts = ""
-  revision = "9f541cc9db5d55bce703bd99987c9d5cb8eea45e"
-
 [[projects]]
  digest = "1:971e9ba63a417c5f1f83ab358677bc59e96ff04285f26c6646ff089fb60b15e8"
  name = "github.com/emicklei/go-restful"
@@ -497,7 +478,7 @@
  version = "v0.11.0"

 [[projects]]
-  digest = "1:a345c560e5609bd71b1f54993f3b087ca45eb0e6226886c642ce519de81896cb"
+  digest = "1:a165d7829bc54ec7952629870058b748512edb2fcbe244aba797d8de31bb4f03"
  name = "github.com/ksonnet/ksonnet-lib"
  packages = [
    "ksonnet-gen/astext",
@@ -509,8 +490,8 @@
    "ksonnet-gen/printer",
  ]
  pruneopts = ""
-  revision = "83f20ee933bcd13fcf4ad1b49a40c92135c5569c"
-  version = "v0.1.10"
+  revision = "dfcaa3d01d0c4948cb596403c35e966c774f2678"
+  version = "v0.1.8"

 [[projects]]
  branch = "master"
@@ -630,6 +611,7 @@
  packages = ["."]
  pruneopts = ""
  revision = "e57e3eeb33f795204c1ca35f56c44f83227c6e66"
+  version = "v1.0.0"

 [[projects]]
  digest = "1:306417ea2f31ea733df356a2b895de63776b6a5107085b33458e5cd6eb1d584d"
@@ -780,8 +762,6 @@
  digest = "1:77e1d6ed91936b206979806b0aacbf817ec54b840803d8f8cd7a1de5bfbf92a4"
  name = "golang.org/x/tools"
  packages = [
-    "cmd/cover",
-    "cover",
    "go/ast/astutil",
    "imports",
  ]
@@ -1234,14 +1214,11 @@
  analyzer-version = 1
  input-imports = [
    "github.com/argoproj/argo/pkg/apis/workflow/v1alpha1",
-    "github.com/argoproj/pkg/exec",
-    "github.com/argoproj/pkg/time",
    "github.com/casbin/casbin",
    "github.com/casbin/casbin/model",
    "github.com/coreos/dex/api",
    "github.com/coreos/go-oidc",
    "github.com/dgrijalva/jwt-go",
-    "github.com/dustin/go-humanize",
    "github.com/ghodss/yaml",
    "github.com/go-openapi/loads",
    "github.com/go-openapi/runtime/middleware",
@@ -1286,7 +1263,6 @@
    "golang.org/x/net/context",
    "golang.org/x/oauth2",
    "golang.org/x/sync/errgroup",
-    "golang.org/x/tools/cmd/cover",
    "google.golang.org/genproto/googleapis/api/annotations",
    "google.golang.org/grpc",
    "google.golang.org/grpc/codes",
--- a/Gopkg.toml
+++ b/Gopkg.toml
@@ -6,9 +6,6 @@ required = [
  "github.com/grpc-ecosystem/grpc-gateway/protoc-gen-grpc-gateway",
  "github.com/grpc-ecosystem/grpc-gateway/protoc-gen-swagger",
  "github.com/golang/protobuf/protoc-gen-go",
-  "golang.org/x/tools/cmd/cover",
-  "github.com/argoproj/pkg/time",
-  "github.com/dustin/go-humanize",
 ]

 [[constraint]]
@@ -56,7 +53,3 @@ required = [
 [[override]]
  name = "github.com/sirupsen/logrus"
  revision = "ea8897e79973357ba785ac2533559a6297e83c44"
-
-[[constraint]]
-  branch = "master"
-  name = "github.com/argoproj/pkg"
--- a/23
+++ b/23
@@ -62,16 +62,16 @@ cli: clean-debug

 .PHONY: cli-linux
 cli-linux: clean-debug
-	docker build --iidfile /tmp/argocd-linux-id --target argocd-build --build-arg MAKE_TARGET="cli IMAGE_TAG=$(IMAGE_TAG) IMAGE_NAMESPACE=$(IMAGE_NAMESPACE) CLI_NAME=argocd-linux-amd64" .
+	docker build --iidfile /tmp/argocd-linux-id --target builder --build-arg MAKE_TARGET="cli IMAGE_TAG=$(IMAGE_TAG) IMAGE_NAMESPACE=$(IMAGE_NAMESPACE) CLI_NAME=argocd-linux-amd64" -f Dockerfile-argocd .
 	docker create --name tmp-argocd-linux `cat /tmp/argocd-linux-id`
-	docker cp tmp-argocd-linux:/go/src/github.com/argoproj/argo-cd/dist/argocd-linux-amd64 dist/
+	docker cp tmp-argocd-linux:/root/go/src/github.com/argoproj/argo-cd/dist/argocd-linux-amd64 dist/
 	docker rm tmp-argocd-linux

 .PHONY: cli-darwin
 cli-darwin: clean-debug
-	docker build --iidfile /tmp/argocd-darwin-id --target argocd-build --build-arg MAKE_TARGET="cli GOOS=darwin IMAGE_TAG=$(IMAGE_TAG) IMAGE_NAMESPACE=$(IMAGE_NAMESPACE) CLI_NAME=argocd-darwin-amd64" .
+	docker build --iidfile /tmp/argocd-darwin-id --target builder --build-arg MAKE_TARGET="cli GOOS=darwin IMAGE_TAG=$(IMAGE_TAG) IMAGE_NAMESPACE=$(IMAGE_NAMESPACE) CLI_NAME=argocd-darwin-amd64" -f Dockerfile-argocd .
 	docker create --name tmp-argocd-darwin `cat /tmp/argocd-darwin-id`
-	docker cp tmp-argocd-darwin:/go/src/github.com/argoproj/argo-cd/dist/argocd-darwin-amd64 dist/
+	docker cp tmp-argocd-darwin:/root/go/src/github.com/argoproj/argo-cd/dist/argocd-darwin-amd64 dist/
 	docker rm tmp-argocd-darwin

 .PHONY: argocd-util
@@ -89,7 +89,7 @@ server: clean-debug
 	
 .PHONY: server-image
 server-image:
-	docker build --build-arg BINARY=argocd-server -t $(IMAGE_PREFIX)argocd-server:$(IMAGE_TAG) .
+	docker build --build-arg BINARY=argocd-server -t $(IMAGE_PREFIX)argocd-server:$(IMAGE_TAG) -f Dockerfile-argocd .
 	@if [ "$(DOCKER_PUSH)" = "true" ] ; then docker push $(IMAGE_PREFIX)argocd-server:$(IMAGE_TAG) ; fi

 .PHONY: repo-server
@@ -98,7 +98,7 @@ repo-server:

 .PHONY: repo-server-image
 repo-server-image:
-	docker build --build-arg BINARY=argocd-repo-server -t $(IMAGE_PREFIX)argocd-repo-server:$(IMAGE_TAG) .
+	docker build --build-arg BINARY=argocd-repo-server -t $(IMAGE_PREFIX)argocd-repo-server:$(IMAGE_TAG) -f Dockerfile-argocd .
 	@if [ "$(DOCKER_PUSH)" = "true" ] ; then docker push $(IMAGE_PREFIX)argocd-repo-server:$(IMAGE_TAG) ; fi

 .PHONY: controller
@@ -107,17 +107,17 @@ controller:

 .PHONY: controller-image
 controller-image:
-	docker build --build-arg BINARY=argocd-application-controller -t $(IMAGE_PREFIX)argocd-application-controller:$(IMAGE_TAG)  .
+	docker build --build-arg BINARY=argocd-application-controller -t $(IMAGE_PREFIX)argocd-application-controller:$(IMAGE_TAG) -f Dockerfile-argocd .
 	@if [ "$(DOCKER_PUSH)" = "true" ] ; then docker push $(IMAGE_PREFIX)argocd-application-controller:$(IMAGE_TAG) ; fi

 .PHONY: cli-image
 cli-image:
-	docker build --build-arg BINARY=argocd -t $(IMAGE_PREFIX)argocd-cli:$(IMAGE_TAG) .
+	docker build --build-arg BINARY=argocd -t $(IMAGE_PREFIX)argocd-cli:$(IMAGE_TAG) -f Dockerfile-argocd .
 	@if [ "$(DOCKER_PUSH)" = "true" ] ; then docker push $(IMAGE_PREFIX)argocd-cli:$(IMAGE_TAG) ; fi

 .PHONY: builder-image
 builder-image:
-	docker build  -t $(IMAGE_PREFIX)argo-cd-ci-builder:$(IMAGE_TAG) --target builder .
+	docker build  -t $(IMAGE_PREFIX)argo-cd-ci-builder:$(IMAGE_TAG) -f Dockerfile-ci-builder .

 .PHONY: lint
 lint:
@@ -127,11 +127,6 @@ lint:
 test:
 	go test -v `go list ./... | grep -v "github.com/argoproj/argo-cd/test/e2e"`

-.PHONY: test-coverage
-test-coverage:
-	go test -v -covermode=count -coverprofile=coverage.out `go list ./... | grep -v "github.com/argoproj/argo-cd/test/e2e"`
-	@if [ "$(COVERALLS_TOKEN)" != "" ] ; then goveralls -ignore `find . -name '*.pb*.go' | grep -v vendor/ | sed 's!^./!!' | paste -d, -s -` -coverprofile=coverage.out -service=argo-ci -repotoken "$(COVERALLS_TOKEN)"; else echo 'No COVERALLS_TOKEN env var specified. Skipping submission to Coveralls.io'; fi
-
 .PHONY: test-e2e
 test-e2e:
 	go test -v -failfast -timeout 20m ./test/e2e
--- a/2
+++ b/2
@@ -1,4 +1,4 @@
 controller: go run ./cmd/argocd-application-controller/main.go
-api-server: go run ./cmd/argocd-server/main.go --insecure
+api-server: go run ./cmd/argocd-server/main.go --insecure --disable-auth
 repo-server: go run ./cmd/argocd-repo-server/main.go --loglevel debug
 dex: sh -c "go run ./cmd/argocd-util/main.go gendexcfg -o `pwd`/dist/dex.yaml && docker run --rm -p 5556:5556 -p 5557:5557 -v `pwd`/dist/dex.yaml:/dex.yaml quay.io/coreos/dex:v2.10.0 serve /dex.yaml"
--- a/README.md
+++ b/README.md
@@ -1,4 +1,3 @@
-[![Coverage Status](https://coveralls.io/repos/github/argoproj/argo-cd/badge.svg?branch=master)](https://coveralls.io/github/argoproj/argo-cd?branch=master)

 # Argo CD - Declarative Continuous Delivery for Kubernetes

--- a/2
+++ b/2
@@ -1 +1 @@
-0.8.2
+0.7.2
--- a/cmd/argocd/commands/app.go
+++ b/cmd/argocd/commands/app.go
@@ -7,7 +7,6 @@ import (
 	"io"
 	"net/url"
 	"os"
-	"reflect"
 	"strconv"
 	"strings"
 	"text/tabwriter"
@@ -846,22 +845,23 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co

 // ResourceState tracks the state of a resource when waiting on an application status.
 type resourceState struct {
-	Kind    string
-	Name    string
-	Status  string
-	Health  string
-	Hook    string
-	Message string
+	Kind      string
+	Name      string
+	PrevState string
+	Fields    map[string]string
+	Updated   bool
 }

-func newResourceState(kind, name, status, health, hook, message string) *resourceState {
+func newResourceState(kind, name, status, healthStatus, resType, message string) *resourceState {
 	return &resourceState{
-		Kind:    kind,
-		Name:    name,
-		Status:  status,
-		Health:  health,
-		Hook:    hook,
-		Message: message,
+		Kind: kind,
+		Name: name,
+		Fields: map[string]string{
+			"status":       status,
+			"healthStatus": healthStatus,
+			"type":         resType,
+			"message":      message,
+		},
 	}
 }

@@ -870,106 +870,47 @@ func (rs *resourceState) Key() string {
 	return fmt.Sprintf("%s/%s", rs.Kind, rs.Name)
 }

-func (rs *resourceState) String() string {
-	return fmt.Sprintf("%s\t%s\t%s\t%s\t%s\t%s", rs.Kind, rs.Name, rs.Status, rs.Health, rs.Hook, rs.Message)
+// Merge merges the new state into the previous state, returning whether the
+// new state contains any additional keys or different values from the old state.
+func (rs *resourceState) Merge() bool {
+	if out := rs.String(); out != rs.PrevState {
+		rs.PrevState = out
+		return true
+	}
+	return false
 }

-// Merge merges the new state with any different contents from another resourceState.
+func (rs *resourceState) String() string {
+	return fmt.Sprintf("%s\t%s\t%s\t%s\t%s\t%s", rs.Kind, rs.Name, rs.Fields["status"], rs.Fields["healthStatus"], rs.Fields["type"], rs.Fields["message"])
+}
+
+// Update a resourceState with any different contents from another resourceState.
 // Blank fields in the receiver state will be updated to non-blank.
 // Non-blank fields in the receiver state will never be updated to blank.
-// Returns whether or not any keys were updated.
-func (rs *resourceState) Merge(newState *resourceState) bool {
-	updated := false
-	for _, field := range []string{"Status", "Health", "Hook", "Message"} {
-		v := reflect.ValueOf(rs).Elem().FieldByName(field)
-		currVal := v.String()
-		newVal := reflect.ValueOf(newState).Elem().FieldByName(field).String()
-		if newVal != "" && currVal != newVal {
-			v.SetString(newVal)
-			updated = true
+func (rs *resourceState) Update(newState *resourceState) {
+	for k, v := range newState.Fields {
+		if v != "" {
+			rs.Fields[k] = v
 		}
 	}
-	return updated
 }

-func calculateResourceStates(app *argoappv1.Application) map[string]*resourceState {
-	resStates := make(map[string]*resourceState)
-	for _, res := range app.Status.ComparisonResult.Resources {
-		obj, err := argoappv1.UnmarshalToUnstructured(res.TargetState)
-		errors.CheckError(err)
-		if obj == nil {
-			obj, err = argoappv1.UnmarshalToUnstructured(res.LiveState)
-			errors.CheckError(err)
-		}
-		newState := newResourceState(obj.GetKind(), obj.GetName(), string(res.Status), res.Health.Status, "", "")
-		key := newState.Key()
-		if prev, ok := resStates[key]; ok {
-			prev.Merge(newState)
-		} else {
-			resStates[key] = newState
-		}
-	}
-
-	var opResult *argoappv1.SyncOperationResult
-	if app.Status.OperationState != nil {
-		if app.Status.OperationState.SyncResult != nil {
-			opResult = app.Status.OperationState.SyncResult
-		} else if app.Status.OperationState.RollbackResult != nil {
-			opResult = app.Status.OperationState.SyncResult
-		}
-	}
-	if opResult == nil {
-		return resStates
-	}
-
-	for _, hook := range opResult.Hooks {
-		newState := newResourceState(hook.Kind, hook.Name, string(hook.Status), "", string(hook.Type), hook.Message)
-		key := newState.Key()
-		if prev, ok := resStates[key]; ok {
-			prev.Merge(newState)
-		} else {
-			resStates[key] = newState
-		}
-	}
-
-	for _, res := range opResult.Resources {
-		newState := newResourceState(res.Kind, res.Name, "", "", "", res.Message)
-		key := newState.Key()
-		if prev, ok := resStates[key]; ok {
-			prev.Merge(newState)
-		} else {
-			resStates[key] = newState
-		}
-	}
-	return resStates
-}
-
-func waitOnApplicationStatus(appClient application.ApplicationServiceClient, appName string, timeout uint, watchSync, watchHealth, watchOperation bool) (*argoappv1.Application, error) {
+func waitOnApplicationStatus(appClient application.ApplicationServiceClient, appName string, timeout uint, watchSync, watchHealth, watchOperations bool) (*argoappv1.Application, error) {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()

-	// refresh controls whether or not we refresh the app before printing the final status.
-	// We only want to do this when an operation is in progress, since operations are the only
-	// time when the sync status lags behind when an operation completes
-	refresh := false
+	printFinalStatus := func() {
+		// get refreshed app before printing to show accurate sync/health status
+		app, err := appClient.Get(ctx, &application.ApplicationQuery{Name: &appName, Refresh: true})
+		errors.CheckError(err)

-	printFinalStatus := func(app *argoappv1.Application) {
-		var err error
-		if refresh {
-			app, err = appClient.Get(context.Background(), &application.ApplicationQuery{Name: &appName, Refresh: true})
-			errors.CheckError(err)
-		}
-
-		fmt.Println()
-		fmt.Printf(printOpFmtStr, "Application:", app.Name)
-		if watchOperation {
-			printOperationResult(app.Status.OperationState)
-		}
+		fmt.Printf(printOpFmtStr, "Application:", appName)
+		printOperationResult(app.Status.OperationState)

 		if len(app.Status.ComparisonResult.Resources) > 0 {
 			fmt.Println()
-			w := tabwriter.NewWriter(os.Stdout, 5, 0, 2, ' ', 0)
-			printAppResources(w, app, watchOperation)
+			w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0)
+			printAppResources(w, app, true)
 			_ = w.Flush()
 		}
 	}
@@ -977,47 +918,89 @@ func waitOnApplicationStatus(appClient application.ApplicationServiceClient, app
 	if timeout != 0 {
 		time.AfterFunc(time.Duration(timeout)*time.Second, func() {
 			cancel()
+			printFinalStatus()
 		})
 	}

-	w := tabwriter.NewWriter(os.Stdout, 5, 0, 2, ' ', 0)
+	// print the initial components to format the tabwriter columns
+	w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0)
 	fmt.Fprintln(w, "KIND\tNAME\tSTATUS\tHEALTH\tHOOK\tOPERATIONMSG")
+	_ = w.Flush()

 	prevStates := make(map[string]*resourceState)
-	appEventCh := watchApp(ctx, appClient, appName)
-	var app *argoappv1.Application
-
-	for appEvent := range appEventCh {
-		app = &appEvent.Application
-		if app.Operation != nil {
-			refresh = true
+	conditionallyPrintOutput := func(w io.Writer, newState *resourceState) {
+		stateKey := newState.Key()
+		if prevState, found := prevStates[stateKey]; found {
+			prevState.Update(newState)
+		} else {
+			prevStates[stateKey] = newState
 		}
+	}
+
+	printCompResults := func(compResult *argoappv1.ComparisonResult) {
+		if compResult != nil {
+			for _, res := range compResult.Resources {
+				obj, err := argoappv1.UnmarshalToUnstructured(res.TargetState)
+				errors.CheckError(err)
+				if obj == nil {
+					obj, err = argoappv1.UnmarshalToUnstructured(res.LiveState)
+					errors.CheckError(err)
+				}
+
+				newState := newResourceState(obj.GetKind(), obj.GetName(), string(res.Status), res.Health.Status, "", "")
+				conditionallyPrintOutput(w, newState)
+			}
+		}
+	}
+
+	printOpResults := func(opResult *argoappv1.SyncOperationResult) {
+		if opResult != nil {
+			if opResult.Hooks != nil {
+				for _, hook := range opResult.Hooks {
+					newState := newResourceState(hook.Kind, hook.Name, string(hook.Status), "", string(hook.Type), hook.Message)
+					conditionallyPrintOutput(w, newState)
+				}
+			}
+
+			if opResult.Resources != nil {
+				for _, res := range opResult.Resources {
+					newState := newResourceState(res.Kind, res.Name, string(res.Status), "", "", res.Message)
+					conditionallyPrintOutput(w, newState)
+				}
+			}
+		}
+	}
+
+	appEventCh := watchApp(ctx, appClient, appName)
+	for appEvent := range appEventCh {
+		app := appEvent.Application
+
+		printCompResults(&app.Status.ComparisonResult)
+
+		if opState := app.Status.OperationState; opState != nil {
+			printOpResults(opState.SyncResult)
+			printOpResults(opState.RollbackResult)
+		}
+
+		for _, v := range prevStates {
+			if v.Merge() {
+				fmt.Fprintln(w, v)
+			}
+		}
+
+		_ = w.Flush()
+
 		// consider skipped checks successful
 		synced := !watchSync || app.Status.ComparisonResult.Status == argoappv1.ComparisonStatusSynced
 		healthy := !watchHealth || app.Status.Health.Status == argoappv1.HealthStatusHealthy
-		operational := !watchOperation || appEvent.Application.Operation == nil
+		operational := !watchOperations || appEvent.Application.Operation == nil
 		if len(app.Status.GetErrorConditions()) == 0 && synced && healthy && operational {
-			printFinalStatus(app)
-			return app, nil
+			log.Printf("App %q matches desired state", appName)
+			printFinalStatus()
+			return &app, nil
 		}
-
-		newStates := calculateResourceStates(app)
-		for _, newState := range newStates {
-			var doPrint bool
-			stateKey := newState.Key()
-			if prevState, found := prevStates[stateKey]; found {
-				doPrint = prevState.Merge(newState)
-			} else {
-				prevStates[stateKey] = newState
-				doPrint = true
-			}
-			if doPrint {
-				fmt.Fprintln(w, prevStates[stateKey])
-			}
-		}
-		_ = w.Flush()
 	}
-	printFinalStatus(app)
+
 	return nil, fmt.Errorf("Timed out (%ds) waiting for app %q match desired state", timeout, appName)
 }

--- a/cmd/argocd/commands/cluster.go
+++ b/cmd/argocd/commands/cluster.go
@@ -18,7 +18,6 @@ import (
 	"github.com/ghodss/yaml"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
-	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
 )
@@ -71,10 +70,7 @@ func NewClusterAddCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clie
 			errors.CheckError(err)

 			// Install RBAC resources for managing the cluster
-			clientset, err := kubernetes.NewForConfig(conf)
-			errors.CheckError(err)
-			managerBearerToken, err := common.InstallClusterManagerRBAC(clientset)
-			errors.CheckError(err)
+			managerBearerToken := common.InstallClusterManagerRBAC(conf)

 			conn, clusterIf := argocdclient.NewClientOrDie(clientOpts).NewClusterClientOrDie()
 			defer util.Close(conn)
@@ -206,14 +202,9 @@ func NewClusterRemoveCommand(clientOpts *argocdclient.ClientOptions) *cobra.Comm
 			}
 			conn, clusterIf := argocdclient.NewClientOrDie(clientOpts).NewClusterClientOrDie()
 			defer util.Close(conn)
-
-			// clientset, err := kubernetes.NewForConfig(conf)
-			// errors.CheckError(err)
-
 			for _, clusterName := range args {
 				// TODO(jessesuen): find the right context and remove manager RBAC artifacts
-				// err := common.UninstallClusterManagerRBAC(clientset)
-				// errors.CheckError(err)
+				// common.UninstallClusterManagerRBAC(conf)
 				_, err := clusterIf.Delete(context.Background(), &cluster.ClusterQuery{Server: clusterName})
 				errors.CheckError(err)
 			}
--- a/cmd/argocd/commands/project.go
+++ b/cmd/argocd/commands/project.go
@@ -1,20 +1,17 @@
 package commands

 import (
-	"context"
-	"fmt"
 	"os"
-	"strconv"
-	"strings"
-	"text/tabwriter"
-	"time"

-	timeutil "github.com/argoproj/pkg/time"
-	"github.com/dustin/go-humanize"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
-	"github.com/spf13/pflag"
-	"k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	"strings"
+
+	"context"
+
+	"fmt"
+	"text/tabwriter"

 	"github.com/argoproj/argo-cd/errors"
 	argocdclient "github.com/argoproj/argo-cd/pkg/apiclient"
@@ -22,11 +19,8 @@ import (
 	"github.com/argoproj/argo-cd/server/project"
 	"github.com/argoproj/argo-cd/util"
 	"github.com/argoproj/argo-cd/util/git"
-	projectutil "github.com/argoproj/argo-cd/util/project"
-)
-
-const (
-	policyTemplate = "p, proj:%s:%s, applications, %s, %s/%s, %s"
+	"github.com/spf13/pflag"
+	"k8s.io/apimachinery/pkg/apis/meta/v1"
 )

 type projectOpts struct {
@@ -35,12 +29,6 @@ type projectOpts struct {
 	sources      []string
 }

-type policyOpts struct {
-	action     string
-	permission string
-	object     string
-}
-
 func (opts *projectOpts) GetDestinations() []v1alpha1.ApplicationDestination {
 	destinations := make([]v1alpha1.ApplicationDestination, 0)
 	for _, destStr := range opts.destinations {
@@ -67,7 +55,6 @@ func NewProjectCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 			os.Exit(1)
 		},
 	}
-	command.AddCommand(NewProjectRoleCommand(clientOpts))
 	command.AddCommand(NewProjectCreateCommand(clientOpts))
 	command.AddCommand(NewProjectDeleteCommand(clientOpts))
 	command.AddCommand(NewProjectListCommand(clientOpts))
@@ -80,341 +67,10 @@ func NewProjectCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 }

 func addProjFlags(command *cobra.Command, opts *projectOpts) {
-	command.Flags().StringVarP(&opts.description, "description", "", "", "Project description")
+	command.Flags().StringVarP(&opts.description, "description", "", "desc", "Project description")
 	command.Flags().StringArrayVarP(&opts.destinations, "dest", "d", []string{},
-		"Permitted destination server and namespace (e.g. https://192.168.99.100:8443,default)")
-	command.Flags().StringArrayVarP(&opts.sources, "src", "s", []string{}, "Permitted git source repository URL")
-}
-
-func addPolicyFlags(command *cobra.Command, opts *policyOpts) {
-	command.Flags().StringVarP(&opts.action, "action", "a", "", "Action to grant/deny permission on (e.g. get, create, list, update, delete)")
-	command.Flags().StringVarP(&opts.permission, "permission", "p", "allow", "Whether to allow or deny access to object with the action.  This can only be 'allow' or 'deny'")
-	command.Flags().StringVarP(&opts.object, "object", "o", "", "Object within the project to grant/deny access.  Use '*' for a wildcard. Will want access to '<project>/<object>'")
-}
-
-// NewProjectRoleCommand returns a new instance of the `argocd proj role` command
-func NewProjectRoleCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
-	roleCommand := &cobra.Command{
-		Use:   "role",
-		Short: "Manage a project's roles",
-		Run: func(c *cobra.Command, args []string) {
-			c.HelpFunc()(c, args)
-			os.Exit(1)
-		},
-	}
-	roleCommand.AddCommand(NewProjectRoleListCommand(clientOpts))
-	roleCommand.AddCommand(NewProjectRoleGetCommand(clientOpts))
-	roleCommand.AddCommand(NewProjectRoleCreateCommand(clientOpts))
-	roleCommand.AddCommand(NewProjectRoleDeleteCommand(clientOpts))
-	roleCommand.AddCommand(NewProjectRoleCreateTokenCommand(clientOpts))
-	roleCommand.AddCommand(NewProjectRoleDeleteTokenCommand(clientOpts))
-	roleCommand.AddCommand(NewProjectRoleAddPolicyCommand(clientOpts))
-	roleCommand.AddCommand(NewProjectRoleRemovePolicyCommand(clientOpts))
-	return roleCommand
-}
-
-// NewProjectRoleAddPolicyCommand returns a new instance of an `argocd proj role add-policy` command
-func NewProjectRoleAddPolicyCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
-	var (
-		opts policyOpts
-	)
-	var command = &cobra.Command{
-		Use:   "add-policy PROJECT ROLE-NAME",
-		Short: "Add a policy to a project role",
-		Run: func(c *cobra.Command, args []string) {
-			if len(args) != 2 {
-				c.HelpFunc()(c, args)
-				os.Exit(1)
-			}
-			if len(opts.action) <= 0 {
-				log.Fatal("Action needs to longer than 0 characters")
-			}
-			if len(opts.object) <= 0 {
-				log.Fatal("Objects needs to longer than 0 characters")
-
-			}
-
-			projName := args[0]
-			roleName := args[1]
-			conn, projIf := argocdclient.NewClientOrDie(clientOpts).NewProjectClientOrDie()
-			defer util.Close(conn)
-
-			proj, err := projIf.Get(context.Background(), &project.ProjectQuery{Name: projName})
-			errors.CheckError(err)
-
-			roleIndex, err := projectutil.GetRoleIndexByName(proj, roleName)
-			if err != nil {
-				log.Fatal(err)
-			}
-			role := proj.Spec.Roles[roleIndex]
-
-			policy := fmt.Sprintf(policyTemplate, proj.Name, role.Name, opts.action, proj.Name, opts.object, opts.permission)
-			proj.Spec.Roles[roleIndex].Policies = append(role.Policies, policy)
-
-			_, err = projIf.Update(context.Background(), &project.ProjectUpdateRequest{Project: proj})
-			errors.CheckError(err)
-		},
-	}
-	addPolicyFlags(command, &opts)
-	return command
-}
-
-// NewProjectRoleRemovePolicyCommand returns a new instance of an `argocd proj role remove-policy` command
-func NewProjectRoleRemovePolicyCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
-	var (
-		opts policyOpts
-	)
-	var command = &cobra.Command{
-		Use:   "remove-policy PROJECT ROLE-NAME",
-		Short: "Remove a policy from a role within a project",
-		Run: func(c *cobra.Command, args []string) {
-			if len(args) != 2 {
-				c.HelpFunc()(c, args)
-				os.Exit(1)
-			}
-			if opts.permission != "allow" && opts.permission != "deny" {
-				log.Fatal("Permission flag can only have the values 'allow' or 'deny'")
-			}
-
-			if len(opts.action) <= 0 {
-				log.Fatal("Action needs to longer than 0 characters")
-			}
-			if len(opts.object) <= 0 {
-				log.Fatal("Objects needs to longer than 0 characters")
-
-			}
-
-			projName := args[0]
-			roleName := args[1]
-			conn, projIf := argocdclient.NewClientOrDie(clientOpts).NewProjectClientOrDie()
-			defer util.Close(conn)
-
-			proj, err := projIf.Get(context.Background(), &project.ProjectQuery{Name: projName})
-			errors.CheckError(err)
-
-			roleIndex, err := projectutil.GetRoleIndexByName(proj, roleName)
-			if err != nil {
-				log.Fatal(err)
-			}
-			role := proj.Spec.Roles[roleIndex]
-
-			policyToRemove := fmt.Sprintf(policyTemplate, proj.Name, role.Name, opts.action, proj.Name, opts.object, opts.permission)
-			duplicateIndex := -1
-			for i, policy := range role.Policies {
-				if policy == policyToRemove {
-					duplicateIndex = i
-					break
-				}
-			}
-			if duplicateIndex < 0 {
-				return
-			}
-			role.Policies[duplicateIndex] = role.Policies[len(role.Policies)-1]
-			proj.Spec.Roles[roleIndex].Policies = role.Policies[:len(role.Policies)-1]
-			_, err = projIf.Update(context.Background(), &project.ProjectUpdateRequest{Project: proj})
-			errors.CheckError(err)
-		},
-	}
-	addPolicyFlags(command, &opts)
-	return command
-}
-
-// NewProjectRoleCreateCommand returns a new instance of an `argocd proj role create` command
-func NewProjectRoleCreateCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
-	var (
-		description string
-	)
-	var command = &cobra.Command{
-		Use:   "create PROJECT ROLE-NAME",
-		Short: "Create a project role",
-		Run: func(c *cobra.Command, args []string) {
-			if len(args) != 2 {
-				c.HelpFunc()(c, args)
-				os.Exit(1)
-			}
-			projName := args[0]
-			roleName := args[1]
-			conn, projIf := argocdclient.NewClientOrDie(clientOpts).NewProjectClientOrDie()
-			defer util.Close(conn)
-
-			proj, err := projIf.Get(context.Background(), &project.ProjectQuery{Name: projName})
-			errors.CheckError(err)
-
-			_, err = projectutil.GetRoleIndexByName(proj, roleName)
-			if err == nil {
-				return
-			}
-			proj.Spec.Roles = append(proj.Spec.Roles, v1alpha1.ProjectRole{Name: roleName, Description: description})
-
-			_, err = projIf.Update(context.Background(), &project.ProjectUpdateRequest{Project: proj})
-			errors.CheckError(err)
-		},
-	}
-	command.Flags().StringVarP(&description, "description", "", "", "Project description")
-	return command
-}
-
-// NewProjectRoleDeleteCommand returns a new instance of an `argocd proj role delete` command
-func NewProjectRoleDeleteCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
-	var command = &cobra.Command{
-		Use:   "delete PROJECT ROLE-NAME",
-		Short: "Delete a project role",
-		Run: func(c *cobra.Command, args []string) {
-			if len(args) != 2 {
-				c.HelpFunc()(c, args)
-				os.Exit(1)
-			}
-			projName := args[0]
-			roleName := args[1]
-			conn, projIf := argocdclient.NewClientOrDie(clientOpts).NewProjectClientOrDie()
-			defer util.Close(conn)
-
-			proj, err := projIf.Get(context.Background(), &project.ProjectQuery{Name: projName})
-			errors.CheckError(err)
-
-			index, err := projectutil.GetRoleIndexByName(proj, roleName)
-			if err != nil {
-				return
-			}
-			proj.Spec.Roles[index] = proj.Spec.Roles[len(proj.Spec.Roles)-1]
-			proj.Spec.Roles = proj.Spec.Roles[:len(proj.Spec.Roles)-1]
-
-			_, err = projIf.Update(context.Background(), &project.ProjectUpdateRequest{Project: proj})
-			errors.CheckError(err)
-		},
-	}
-	return command
-}
-
-// NewProjectRoleCreateTokenCommand returns a new instance of an `argocd proj role create-token` command
-func NewProjectRoleCreateTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
-	var (
-		expiresIn string
-	)
-	var command = &cobra.Command{
-		Use:   "create-token PROJECT ROLE-NAME",
-		Short: "Create a project token",
-		Run: func(c *cobra.Command, args []string) {
-			if len(args) != 2 {
-				c.HelpFunc()(c, args)
-				os.Exit(1)
-			}
-			projName := args[0]
-			roleName := args[1]
-			conn, projIf := argocdclient.NewClientOrDie(clientOpts).NewProjectClientOrDie()
-			defer util.Close(conn)
-			duration, err := timeutil.ParseDuration(expiresIn)
-			errors.CheckError(err)
-			token, err := projIf.CreateToken(context.Background(), &project.ProjectTokenCreateRequest{Project: projName, Role: roleName, ExpiresIn: int64(duration.Seconds())})
-			errors.CheckError(err)
-			fmt.Println(token.Token)
-		},
-	}
-	command.Flags().StringVarP(&expiresIn, "expires-in", "e", "0s", "Duration before the token will expire. (Default: No expiration)")
-
-	return command
-}
-
-// NewProjectRoleDeleteTokenCommand returns a new instance of an `argocd proj role delete-token` command
-func NewProjectRoleDeleteTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
-	var command = &cobra.Command{
-		Use:   "delete-token PROJECT ROLE-NAME ISSUED-AT",
-		Short: "Delete a project token",
-		Run: func(c *cobra.Command, args []string) {
-			if len(args) != 3 {
-				c.HelpFunc()(c, args)
-				os.Exit(1)
-			}
-			projName := args[0]
-			roleName := args[1]
-			issuedAt, err := strconv.ParseInt(args[2], 10, 64)
-			if err != nil {
-				log.Fatal(err)
-			}
-
-			conn, projIf := argocdclient.NewClientOrDie(clientOpts).NewProjectClientOrDie()
-			defer util.Close(conn)
-
-			_, err = projIf.DeleteToken(context.Background(), &project.ProjectTokenDeleteRequest{Project: projName, Role: roleName, Iat: issuedAt})
-			errors.CheckError(err)
-		},
-	}
-	return command
-}
-
-// NewProjectRoleListCommand returns a new instance of an `argocd proj roles list` command
-func NewProjectRoleListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
-	var command = &cobra.Command{
-		Use:   "list PROJECT",
-		Short: "List all the roles in a project",
-		Run: func(c *cobra.Command, args []string) {
-			if len(args) != 1 {
-				c.HelpFunc()(c, args)
-				os.Exit(1)
-			}
-			projName := args[0]
-			conn, projIf := argocdclient.NewClientOrDie(clientOpts).NewProjectClientOrDie()
-			defer util.Close(conn)
-
-			project, err := projIf.Get(context.Background(), &project.ProjectQuery{Name: projName})
-			errors.CheckError(err)
-			w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0)
-			fmt.Fprintf(w, "ROLE-NAME\tDESCRIPTION\n")
-			for _, role := range project.Spec.Roles {
-				fmt.Fprintf(w, "%s\t%s\n", role.Name, role.Description)
-			}
-			_ = w.Flush()
-		},
-	}
-	return command
-}
-
-// NewProjectRoleGetCommand returns a new instance of an `argocd proj roles get` command
-func NewProjectRoleGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
-	var command = &cobra.Command{
-		Use:   "get PROJECT ROLE-NAME",
-		Short: "Get the details of a specific role",
-		Run: func(c *cobra.Command, args []string) {
-			if len(args) != 2 {
-				c.HelpFunc()(c, args)
-				os.Exit(1)
-			}
-			projName := args[0]
-			roleName := args[1]
-			conn, projIf := argocdclient.NewClientOrDie(clientOpts).NewProjectClientOrDie()
-			defer util.Close(conn)
-
-			project, err := projIf.Get(context.Background(), &project.ProjectQuery{Name: projName})
-			errors.CheckError(err)
-
-			index, err := projectutil.GetRoleIndexByName(project, roleName)
-			errors.CheckError(err)
-			role := project.Spec.Roles[index]
-
-			printRoleFmtStr := "%-15s%s\n"
-			fmt.Printf(printRoleFmtStr, "Role Name:", roleName)
-			fmt.Printf(printRoleFmtStr, "Description:", role.Description)
-			fmt.Printf("Policies:\n")
-			fmt.Printf("%s\n", project.ProjectPoliciesString())
-			fmt.Printf("JWT Tokens:\n")
-			w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0)
-			fmt.Fprintf(w, "ID\tISSUED-AT\tEXPIRES-AT\n")
-			for _, token := range role.JWTTokens {
-				expiresAt := "<none>"
-				if token.ExpiresAt > 0 {
-					expiresAt = humanizeTimestamp(token.ExpiresAt)
-				}
-				fmt.Fprintf(w, "%d\t%s\t%s\n", token.IssuedAt, humanizeTimestamp(token.IssuedAt), expiresAt)
-			}
-			_ = w.Flush()
-		},
-	}
-	return command
-}
-
-func humanizeTimestamp(epoch int64) string {
-	ts := time.Unix(epoch, 0)
-	return fmt.Sprintf("%s (%s)", ts.Format(time.RFC3339), humanize.Time(ts))
+		"Allowed deployment destination. Includes comma separated server url and namespace (e.g. https://192.168.99.100:8443,default")
+	command.Flags().StringArrayVarP(&opts.sources, "src", "s", []string{}, "Allowed deployment source repository URL.")
 }

 // NewProjectCreateCommand returns a new instance of an `argocd proj create` command
@@ -586,13 +242,8 @@ func NewProjectAddSourceCommand(clientOpts *argocdclient.ClientOptions) *cobra.C
 			errors.CheckError(err)

 			for _, item := range proj.Spec.SourceRepos {
-				if item == "*" && item == url {
-					log.Info("Wildcard source repository is already defined in project")
-					return
-				}
 				if item == git.NormalizeGitURL(url) {
-					log.Info("Specified source repository is already defined in project")
-					return
+					log.Fatal("Specified source repository is already defined in project")
 				}
 			}
 			proj.Spec.SourceRepos = append(proj.Spec.SourceRepos, url)
@@ -623,17 +274,13 @@ func NewProjectRemoveSourceCommand(clientOpts *argocdclient.ClientOptions) *cobr

 			index := -1
 			for i, item := range proj.Spec.SourceRepos {
-				if item == "*" && item == url {
-					index = i
-					break
-				}
 				if item == git.NormalizeGitURL(url) {
 					index = i
 					break
 				}
 			}
 			if index == -1 {
-				log.Info("Specified source repository does not exist in project")
+				log.Fatal("Specified source repository does not exist in project")
 			} else {
 				proj.Spec.SourceRepos = append(proj.Spec.SourceRepos[:index], proj.Spec.SourceRepos[index+1:]...)
 				_, err = projIf.Update(context.Background(), &project.ProjectUpdateRequest{Project: proj})
--- a/common/installer.go
+++ b/common/installer.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"time"

+	"github.com/argoproj/argo-cd/errors"
 	log "github.com/sirupsen/logrus"
 	apiv1 "k8s.io/api/core/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
@@ -11,6 +12,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
 )

 // CreateServiceAccount creates a service account
@@ -18,7 +20,7 @@ func CreateServiceAccount(
 	clientset kubernetes.Interface,
 	serviceAccountName string,
 	namespace string,
-) error {
+) {
 	serviceAccount := apiv1.ServiceAccount{
 		TypeMeta: metav1.TypeMeta{
 			APIVersion: "v1",
@@ -32,13 +34,12 @@ func CreateServiceAccount(
 	_, err := clientset.CoreV1().ServiceAccounts(namespace).Create(&serviceAccount)
 	if err != nil {
 		if !apierr.IsAlreadyExists(err) {
-			return fmt.Errorf("Failed to create service account %q: %v", serviceAccountName, err)
+			log.Fatalf("Failed to create service account '%s': %v\n", serviceAccountName, err)
 		}
-		log.Infof("ServiceAccount %q already exists", serviceAccountName)
-		return nil
+		fmt.Printf("ServiceAccount '%s' already exists\n", serviceAccountName)
+		return
 	}
-	log.Infof("ServiceAccount %q created", serviceAccountName)
-	return nil
+	fmt.Printf("ServiceAccount '%s' created\n", serviceAccountName)
 }

 // CreateClusterRole creates a cluster role
@@ -46,7 +47,7 @@ func CreateClusterRole(
 	clientset kubernetes.Interface,
 	clusterRoleName string,
 	rules []rbacv1.PolicyRule,
-) error {
+) {
 	clusterRole := rbacv1.ClusterRole{
 		TypeMeta: metav1.TypeMeta{
 			APIVersion: "rbac.authorization.k8s.io/v1",
@@ -61,17 +62,16 @@ func CreateClusterRole(
 	_, err := crclient.Create(&clusterRole)
 	if err != nil {
 		if !apierr.IsAlreadyExists(err) {
-			return fmt.Errorf("Failed to create ClusterRole %q: %v", clusterRoleName, err)
+			log.Fatalf("Failed to create ClusterRole '%s': %v\n", clusterRoleName, err)
 		}
 		_, err = crclient.Update(&clusterRole)
 		if err != nil {
-			return fmt.Errorf("Failed to update ClusterRole %q: %v", clusterRoleName, err)
+			log.Fatalf("Failed to update ClusterRole '%s': %v\n", clusterRoleName, err)
 		}
-		log.Infof("ClusterRole %q updated", clusterRoleName)
+		fmt.Printf("ClusterRole '%s' updated\n", clusterRoleName)
 	} else {
-		log.Infof("ClusterRole %q created", clusterRoleName)
+		fmt.Printf("ClusterRole '%s' created\n", clusterRoleName)
 	}
-	return nil
 }

 // CreateClusterRoleBinding create a ClusterRoleBinding
@@ -81,7 +81,7 @@ func CreateClusterRoleBinding(
 	serviceAccountName,
 	clusterRoleName string,
 	namespace string,
-) error {
+) {
 	roleBinding := rbacv1.ClusterRoleBinding{
 		TypeMeta: metav1.TypeMeta{
 			APIVersion: "rbac.authorization.k8s.io/v1",
@@ -106,34 +106,22 @@ func CreateClusterRoleBinding(
 	_, err := clientset.RbacV1().ClusterRoleBindings().Create(&roleBinding)
 	if err != nil {
 		if !apierr.IsAlreadyExists(err) {
-			return fmt.Errorf("Failed to create ClusterRoleBinding %s: %v", clusterBindingRoleName, err)
+			log.Fatalf("Failed to create ClusterRoleBinding %s: %v\n", clusterBindingRoleName, err)
 		}
-		log.Infof("ClusterRoleBinding %q already exists", clusterBindingRoleName)
-		return nil
+		fmt.Printf("ClusterRoleBinding '%s' already exists\n", clusterBindingRoleName)
+		return
 	}
-	log.Infof("ClusterRoleBinding %q created, bound %q to %q", clusterBindingRoleName, serviceAccountName, clusterRoleName)
-	return nil
+	fmt.Printf("ClusterRoleBinding '%s' created, bound '%s' to '%s'\n", clusterBindingRoleName, serviceAccountName, clusterRoleName)
 }

 // InstallClusterManagerRBAC installs RBAC resources for a cluster manager to operate a cluster. Returns a token
-func InstallClusterManagerRBAC(clientset kubernetes.Interface) (string, error) {
+func InstallClusterManagerRBAC(conf *rest.Config) string {
 	const ns = "kube-system"
-	var err error
-
-	err = CreateServiceAccount(clientset, ArgoCDManagerServiceAccount, ns)
-	if err != nil {
-		return "", err
-	}
-
-	err = CreateClusterRole(clientset, ArgoCDManagerClusterRole, ArgoCDManagerPolicyRules)
-	if err != nil {
-		return "", err
-	}
-
-	err = CreateClusterRoleBinding(clientset, ArgoCDManagerClusterRoleBinding, ArgoCDManagerServiceAccount, ArgoCDManagerClusterRole, ns)
-	if err != nil {
-		return "", err
-	}
+	clientset, err := kubernetes.NewForConfig(conf)
+	errors.CheckError(err)
+	CreateServiceAccount(clientset, ArgoCDManagerServiceAccount, ns)
+	CreateClusterRole(clientset, ArgoCDManagerClusterRole, ArgoCDManagerPolicyRules)
+	CreateClusterRoleBinding(clientset, ArgoCDManagerClusterRoleBinding, ArgoCDManagerServiceAccount, ArgoCDManagerClusterRole, ns)

 	var serviceAccount *apiv1.ServiceAccount
 	var secretName string
@@ -149,51 +137,52 @@ func InstallClusterManagerRBAC(clientset kubernetes.Interface) (string, error) {
 		return true, nil
 	})
 	if err != nil {
-		return "", fmt.Errorf("Failed to wait for service account secret: %v", err)
+		log.Fatalf("Failed to wait for service account secret: %v", err)
 	}
 	secret, err := clientset.CoreV1().Secrets(ns).Get(secretName, metav1.GetOptions{})
 	if err != nil {
-		return "", fmt.Errorf("Failed to retrieve secret %q: %v", secretName, err)
+		log.Fatalf("Failed to retrieve secret '%s': %v", secretName, err)
 	}
 	token, ok := secret.Data["token"]
 	if !ok {
-		return "", fmt.Errorf("Secret %q for service account %q did not have a token", secretName, serviceAccount)
+		log.Fatalf("Secret '%s' for service account '%s' did not have a token", secretName, serviceAccount)
 	}
-	return string(token), nil
+	return string(token)
 }

 // UninstallClusterManagerRBAC removes RBAC resources for a cluster manager to operate a cluster
-func UninstallClusterManagerRBAC(clientset kubernetes.Interface) error {
-	return UninstallRBAC(clientset, "kube-system", ArgoCDManagerClusterRoleBinding, ArgoCDManagerClusterRole, ArgoCDManagerServiceAccount)
+func UninstallClusterManagerRBAC(conf *rest.Config) {
+	clientset, err := kubernetes.NewForConfig(conf)
+	errors.CheckError(err)
+	UninstallRBAC(clientset, "kube-system", ArgoCDManagerClusterRoleBinding, ArgoCDManagerClusterRole, ArgoCDManagerServiceAccount)
 }

 // UninstallRBAC uninstalls RBAC related resources  for a binding, role, and service account
-func UninstallRBAC(clientset kubernetes.Interface, namespace, bindingName, roleName, serviceAccount string) error {
+func UninstallRBAC(clientset kubernetes.Interface, namespace, bindingName, roleName, serviceAccount string) {
 	if err := clientset.RbacV1().ClusterRoleBindings().Delete(bindingName, &metav1.DeleteOptions{}); err != nil {
 		if !apierr.IsNotFound(err) {
-			return fmt.Errorf("Failed to delete ClusterRoleBinding: %v", err)
+			log.Fatalf("Failed to delete ClusterRoleBinding: %v\n", err)
 		}
-		log.Infof("ClusterRoleBinding %q not found", bindingName)
+		fmt.Printf("ClusterRoleBinding '%s' not found\n", bindingName)
 	} else {
-		log.Infof("ClusterRoleBinding %q deleted", bindingName)
+		fmt.Printf("ClusterRoleBinding '%s' deleted\n", bindingName)
 	}

 	if err := clientset.RbacV1().ClusterRoles().Delete(roleName, &metav1.DeleteOptions{}); err != nil {
 		if !apierr.IsNotFound(err) {
-			return fmt.Errorf("Failed to delete ClusterRole: %v", err)
+			log.Fatalf("Failed to delete ClusterRole: %v\n", err)
 		}
-		log.Infof("ClusterRole %q not found", roleName)
+		fmt.Printf("ClusterRole '%s' not found\n", roleName)
 	} else {
-		log.Infof("ClusterRole %q deleted", roleName)
+		fmt.Printf("ClusterRole '%s' deleted\n", roleName)
 	}

 	if err := clientset.CoreV1().ServiceAccounts(namespace).Delete(serviceAccount, &metav1.DeleteOptions{}); err != nil {
 		if !apierr.IsNotFound(err) {
-			return fmt.Errorf("Failed to delete ServiceAccount: %v", err)
+			log.Fatalf("Failed to delete ServiceAccount: %v\n", err)
 		}
-		log.Infof("ServiceAccount %q in namespace %q not found", serviceAccount, namespace)
+		fmt.Printf("ServiceAccount '%s' in namespace '%s' not found\n", serviceAccount, namespace)
 	} else {
-		log.Infof("ServiceAccount %q deleted", serviceAccount)
+		fmt.Printf("ServiceAccount '%s' deleted\n", serviceAccount)
 	}
-	return nil
 }
--- a/controller/appcontroller.go
+++ b/controller/appcontroller.go
@@ -487,14 +487,13 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo
 // Returns true if application never been compared, has changed or comparison result has expired.
 func (ctrl *ApplicationController) needRefreshAppStatus(app *appv1.Application, statusRefreshTimeout time.Duration) bool {
 	var reason string
-	expired := app.Status.ComparisonResult.ComparedAt.Add(statusRefreshTimeout).Before(time.Now().UTC())
 	if ctrl.isRefreshForced(app.Name) {
 		reason = "force refresh"
-	} else if app.Status.ComparisonResult.Status == appv1.ComparisonStatusUnknown && expired {
+	} else if app.Status.ComparisonResult.Status == appv1.ComparisonStatusUnknown {
 		reason = "comparison status unknown"
 	} else if !app.Spec.Source.Equals(app.Status.ComparisonResult.ComparedTo) {
 		reason = "spec.source differs"
-	} else if expired {
+	} else if app.Status.ComparisonResult.ComparedAt.Add(statusRefreshTimeout).Before(time.Now().UTC()) {
 		reason = fmt.Sprintf("comparison expired. comparedAt: %v, expiry: %v", app.Status.ComparisonResult.ComparedAt, statusRefreshTimeout)
 	}
 	if reason != "" {
--- a/docs/architecture.md
+++ b/docs/architecture.md
@@ -50,29 +50,3 @@ spec:
    server: https://kubernetes.default.svc
    namespace: default
 ```
-
-### AppProject CRD (Custom Resource Definition)
-The AppProject CRD is the Kubernetes resource object representing a grouping of applications. It is defined by three key pieces of information:
-* `sourceRepos` reference to the reposities that applications within the project can pull manifests from.
-* `destinations` reference to clusters and namespaces that applications within the project can deploy into.
-* `roles` list of entities with defintions of their access to resources within the project.
-
-An example spec is as follows:
-
-```
-spec:
-  description: Description of the project
-  destinations:
-  - namespace: default
-    server: https://kubernetes.default.svc
-  roles:
-  - description: Description of the role
-    jwtTokens:
-    - iat: 1535390316
-    name: role-name
-    policies:
-    - p, proj:proj-name:role-name, applications, get, proj-name/*, allow
-    - p, proj:proj-name:role-name, applications, sync, proj-name/*, deny
-  sourceRepos:
-  - https://github.com/argoproj/argocd-example-apps.git
-```
--- a/docs/getting_started.md
+++ b/docs/getting_started.md
@@ -9,7 +9,7 @@ An example guestbook application is provided to demonstrate how ArgoCD works.
 ## 1. Install ArgoCD
 ```
 kubectl create namespace argocd
-kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v0.7.2/manifests/install.yaml
+kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v0.7.1/manifests/install.yaml
 ```
 This will create a new namespace, `argocd`, where ArgoCD services and application resources will live.

@@ -31,7 +31,7 @@ brew install argoproj/tap/argocd
 On Linux:

 ```
-curl -sSL -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/download/v0.7.2/argocd-linux-amd64
+curl -sSL -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/download/v0.7.1/argocd-linux-amd64
 chmod +x /usr/local/bin/argocd
 ```

--- a/docs/rbac.md
+++ b/docs/rbac.md
@@ -2,17 +2,13 @@

 ## Overview

-The RBAC feature enables restriction of access to ArgoCD resources. ArgoCD does not have its own
-user management system and has only one built-in user `admin`. The `admin` user is a superuser and
-it has unrestricted access to the system. RBAC requires [SSO configuration](./sso.md). Once SSO is
-configured, additional RBAC roles can be defined, and SSO groups can man be mapped to roles.
+The feature RBAC allows restricting access to ArgoCD resources. ArgoCD does not have own user management system and has only one built-in user `admin`. The `admin` user is a
+superuser and it has full access. RBAC requires configuring [SSO](./sso.md) integration. Once [SSO](./sso.md) is connected you can define RBAC roles and map roles to groups.

 ## Configure RBAC

-RBAC configuration allows defining roles and groups. ArgoCD has two pre-defined roles:
-* `role:readonly` - read-only access to all resources
-* `role:admin` - unrestricted access to all resources
-These role definitions can be seen in [builtin-policy.csv](../util/rbac/builtin-policy.csv)
+RBAC configuration allows defining roles and groups. ArgoCD has two pre-defined roles: role `role:readonly` which provides read-only access to all resources and role `role:admin`
+which provides full access. Role definitions are available in [builtin-policy.csv](../util/rbac/builtin-policy.csv) file.

 Additional roles and groups can be configured in `argocd-rbac-cm` ConfigMap. The example below custom role `org-admin`. The role is assigned to any user which belongs to
 `your-github-org:your-team` group. All other users get `role:readonly` and cannot modify ArgoCD settings.
@@ -24,16 +20,16 @@ apiVersion: v1
 data:
  policy.default: role:readonly
  policy.csv: |
-    p, role:org-admin, applications, *, */*, allow
-    p, role:org-admin, applications/*, *, */*, allow
+    p, role:org-admin, applications, *, */*
+    p, role:org-admin, applications/*, *, */*

-    p, role:org-admin, clusters, get, *, allow
-    p, role:org-admin, repositories, get, *, allow
-    p, role:org-admin, repositories/apps, get, *, allow
+    p, role:org-admin, clusters, get, *
+    p, role:org-admin, repositories, get, *
+    p, role:org-admin, repositories/apps, get, *

-    p, role:org-admin, repositories, create, *, allow
-    p, role:org-admin, repositories, update, *, allow
-    p, role:org-admin, repositories, delete, *, allow
+    p, role:org-admin, repositories, create, *
+    p, role:org-admin, repositories, update, *
+    p, role:org-admin, repositories, delete, *

    g, your-github-org:your-team, role:org-admin
 kind: ConfigMap
@@ -83,19 +79,19 @@ apiVersion: v1
 data:
  policy.default: ""
  policy.csv: |
-    p, role:team1-admin, applications, *, default/*, allow
-    p, role:team1-admin, applications/*, *, default/*, allow
+    p, role:team1-admin, applications, *, default/*
+    p, role:team1-admin, applications/*, *, default/*

-    p, role:team1-admin, applications, *, myproject/*, allow
-    p, role:team1-admin, applications/*, *, myproject/*, allow
+    p, role:team1-admin, applications, *, myproject/*
+    p, role:team1-admin, applications/*, *, myproject/*

-    p, role:org-admin, clusters, get, *, allow
-    p, role:org-admin, repositories, get, *, allow
-    p, role:org-admin, repositories/apps, get, *, allow
+    p, role:org-admin, clusters, get, *
+    p, role:org-admin, repositories, get, *
+    p, role:org-admin, repositories/apps, get, *

-    p, role:org-admin, repositories, create, *, allow
-    p, role:org-admin, repositories, update, *, allow
-    p, role:org-admin, repositories, delete, *, allow
+    p, role:org-admin, repositories, create, *
+    p, role:org-admin, repositories, update, *
+    p, role:org-admin, repositories, delete, *

    g, role:team1-admin, org-admin
    g, role:team2-admin, org-admin
@@ -105,58 +101,3 @@ kind: ConfigMap
 metadata:
  name: argocd-rbac-cm
 ```
-## Project Roles
-Projects include a feature called roles that allow users to define access to project's applications.  A project can have multiple roles, and those roles can have different access granted to them.  These permissions are called policies, and they are stored within the role as a list of casbin strings.  A role's policy can only grant access to that role and are limited to applications within the role's project.  However, the policies have an option for granting wildcard access to any application within a project.
-
-In order to create roles in a project and add policies to a role, a user will need permission to update a project.  The following commands can be used to manage a role.
-```
-argoproj proj role list
-argoproj proj role get
-argoproj proj role create
-argoproj proj role delete
-argoproj proj role add-policy
-argoproj proj role remove-policy
-```
-
-Project roles can not be used unless a user creates a entity that is associated with that project role.  ArgoCD supports creating JWT tokens with a role associated with it.  Since the JWT token is associated with a role's policies, any changes to the role's policies will immediately take effect for that JWT token.
-
-A user will need permission to update a project in order to create a JWT token for a role, and they can use the following commands to manage the JWT tokens. 
-
-```
-argoproj proj role create-token
-argoproj proj role delete-token
-```
-Since the JWT tokens aren't stored in ArgoCD, they can only be retrieved when they are created.  A user can leverage them in the cli by either passing them in using the `--auth-token` flag or setting the ARGOCD_AUTH_TOKEN environment variable. The JWT tokens can be used until they expire or are revoked.  The JWT tokens can created with or without an expiration, but the default on the cli is creates them without an expirations date.  Even if a token has not expired, it can not be used if the token has been revoke.
-
-Below is an example of leveraging a JWT token to access the guestbook application.  It makes the assumption that the user already has a project named myproject and an application called guestbook-default.
-```
-PROJ=myproject
-APP=guestbook-default
-ROLE=get-role
-argocd proj role create $PROJ $ROLE
-argocd proj role create-token $PROJ $ROLE -e 10m
-JWT=<value from command above>
-argocd proj role list $PROJ
-argocd proj role get $PROJ $ROLE
-
-#This command will fail because the JWT Token associated with the project role does not have a policy to allow access to the application
-argocd app get $APP --auth-token $JWT
-# Adding a policy to grant access to the application for the new role
-argocd proj role add-policy $PROJ $ROLE --action get --permission allow --object $APP
-argocd app get $PROJ-$ROLE --auth-token $JWT
-
-# Removing the policy we added and adding one with a wildcard.  
-argocd proj role remove-policy $PROJ $TOKEN -a get -o $PROJ-$TOKEN
-argocd proj role remove-policy $PROJ $TOKEN -a get -o '*'
-# The wildcard allows us to access the application due to the wildcard.
-argocd app get $PROJ-$TOKEN --auth-token $JWT
-argocd proj role get $PROJ
-
-
-argocd proj role get $PROJ $ROLE
-# Revoking the JWT token
-argocd proj role delete-token $PROJ $ROLE <id field from the last command>
-# This will fail since the JWT Token was deleted for the project role.
-argocd app get $APP --auth-token $JWT
-```
-
--- a/docs/sso.md
+++ b/docs/sso.md
@@ -35,7 +35,7 @@ kubectl edit configmap argocd-cm
  [GitHub connector](https://github.com/coreos/dex/blob/master/Documentation/connectors/github.md)
  documentation for explanation of the fields. A minimal config should populate the clientID,
  clientSecret generated in Step 1.
-* You will very likely want to restrict logins to one or more GitHub organization. In the
+* You will very likely want to restrict logins to one ore more GitHub organization. In the
  `connectors.config.orgs` list, add one or more GitHub organizations. Any member of the org will
  then be able to login to ArgoCD to perform management tasks.

--- a/hack/generate-proto.sh
+++ b/hack/generate-proto.sh
@@ -117,6 +117,6 @@ clean_swagger() {
    /usr/bin/find "${SWAGGER_ROOT}" -name '*.swagger.json' -delete
 }

-collect_swagger server 21
+collect_swagger server 15
 clean_swagger server
 clean_swagger reposerver
--- a/hack/migrate/migrate0.3.0to0.4.0.go
+++ b/hack/migrate/migrate0.3.0to0.4.0.go
@@ -0,0 +1,168 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"hash/fnv"
+	"log"
+	"os"
+	"strings"
+
+	argocdclient "github.com/argoproj/argo-cd/pkg/apiclient"
+	"github.com/argoproj/argo-cd/server/repository"
+	"github.com/argoproj/argo-cd/util"
+	"github.com/argoproj/argo-cd/util/git"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/tools/clientcmd"
+)
+
+// origRepoURLToSecretName hashes repo URL to the secret name using a formula.
+// Part of the original repo name is incorporated for debugging purposes
+func origRepoURLToSecretName(repo string) string {
+	repo = git.NormalizeGitURL(repo)
+	h := fnv.New32a()
+	_, _ = h.Write([]byte(repo))
+	parts := strings.Split(strings.TrimSuffix(repo, ".git"), "/")
+	return fmt.Sprintf("repo-%s-%v", strings.ToLower(parts[len(parts)-1]), h.Sum32())
+}
+
+// repoURLToSecretName hashes repo URL to the secret name using a formula.
+// Part of the original repo name is incorporated for debugging purposes
+func repoURLToSecretName(repo string) string {
+	repo = strings.ToLower(git.NormalizeGitURL(repo))
+	h := fnv.New32a()
+	_, _ = h.Write([]byte(repo))
+	parts := strings.Split(strings.TrimSuffix(repo, ".git"), "/")
+	return fmt.Sprintf("repo-%s-%v", parts[len(parts)-1], h.Sum32())
+}
+
+// RenameSecret renames a Kubernetes secret in a given namespace.
+func renameSecret(namespace, oldName, newName string) {
+	loadingRules := clientcmd.NewDefaultClientConfigLoadingRules()
+	loadingRules.DefaultClientConfig = &clientcmd.DefaultClientConfig
+	overrides := clientcmd.ConfigOverrides{}
+	clientConfig := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loadingRules, &overrides)
+
+	log.Printf("Renaming secret %q to %q in namespace %q\n", oldName, newName, namespace)
+
+	config, err := clientConfig.ClientConfig()
+	if err != nil {
+		log.Println("Could not retrieve client config: ", err)
+		return
+	}
+
+	kubeclientset := kubernetes.NewForConfigOrDie(config)
+	repoSecret, err := kubeclientset.CoreV1().Secrets(namespace).Get(oldName, metav1.GetOptions{})
+	if err != nil {
+		log.Println("Could not retrieve old secret: ", err)
+		return
+	}
+
+	repoSecret.ObjectMeta.Name = newName
+	repoSecret.ObjectMeta.ResourceVersion = ""
+
+	repoSecret, err = kubeclientset.CoreV1().Secrets(namespace).Create(repoSecret)
+	if err != nil {
+		log.Println("Could not create new secret: ", err)
+		return
+	}
+
+	err = kubeclientset.CoreV1().Secrets(namespace).Delete(oldName, &metav1.DeleteOptions{})
+	if err != nil {
+		log.Println("Could not remove old secret: ", err)
+	}
+}
+
+// RenameRepositorySecrets ensures that repository secrets use the new naming format.
+func renameRepositorySecrets(clientOpts argocdclient.ClientOptions, namespace string) {
+	conn, repoIf := argocdclient.NewClientOrDie(&clientOpts).NewRepoClientOrDie()
+	defer util.Close(conn)
+	repos, err := repoIf.List(context.Background(), &repository.RepoQuery{})
+	if err != nil {
+		log.Println("An error occurred, so skipping secret renaming: ", err)
+		return
+	}
+
+	log.Println("Renaming repository secrets...")
+	for _, repo := range repos.Items {
+		oldSecretName := origRepoURLToSecretName(repo.Repo)
+		newSecretName := repoURLToSecretName(repo.Repo)
+		if oldSecretName != newSecretName {
+			log.Printf("Repo %q had its secret name change, so updating\n", repo.Repo)
+			renameSecret(namespace, oldSecretName, newSecretName)
+		}
+	}
+}
+
+/*
+// PopulateAppDestinations ensures that apps have a Server and Namespace set explicitly.
+func populateAppDestinations(clientOpts argocdclient.ClientOptions) {
+	conn, appIf := argocdclient.NewClientOrDie(&clientOpts).NewApplicationClientOrDie()
+	defer util.Close(conn)
+	apps, err := appIf.List(context.Background(), &application.ApplicationQuery{})
+	if err != nil {
+		log.Println("An error occurred, so skipping destination population: ", err)
+		return
+	}
+
+	log.Println("Populating app Destination fields")
+	for _, app := range apps.Items {
+		changed := false
+
+		log.Printf("Ensuring destination field is populated on app %q\n", app.ObjectMeta.Name)
+		if app.Spec.Destination.Server == "" {
+			if app.Status.ComparisonResult.Status == appv1.ComparisonStatusUnknown || app.Status.ComparisonResult.Status == appv1.ComparisonStatusError {
+				log.Printf("App %q was missing Destination.Server, but could not fill it in: %s", app.ObjectMeta.Name, app.Status.ComparisonResult.Status)
+			} else {
+				log.Printf("App %q was missing Destination.Server, so setting to %q\n", app.ObjectMeta.Name, app.Status.ComparisonResult.Server)
+				app.Spec.Destination.Server = app.Status.ComparisonResult.Server
+				changed = true
+			}
+		}
+		if app.Spec.Destination.Namespace == "" {
+			if app.Status.ComparisonResult.Status == appv1.ComparisonStatusUnknown || app.Status.ComparisonResult.Status == appv1.ComparisonStatusError {
+				log.Printf("App %q was missing Destination.Namespace, but could not fill it in: %s", app.ObjectMeta.Name, app.Status.ComparisonResult.Status)
+			} else {
+				log.Printf("App %q was missing Destination.Namespace, so setting to %q\n", app.ObjectMeta.Name, app.Status.ComparisonResult.Namespace)
+				app.Spec.Destination.Namespace = app.Status.ComparisonResult.Namespace
+				changed = true
+			}
+		}
+
+		if changed {
+			_, err = appIf.UpdateSpec(context.Background(), &application.ApplicationSpecRequest{
+				AppName: app.Name,
+				Spec:    &app.Spec,
+			})
+			if err != nil {
+				log.Println("An error occurred (but continuing anyway): ", err)
+			}
+		}
+	}
+}
+*/
+
+func main() {
+	if len(os.Args) < 3 {
+		log.Fatalf("USAGE: %s SERVER NAMESPACE\n", os.Args[0])
+	}
+	server, namespace := os.Args[1], os.Args[2]
+	log.Printf("Using argocd server %q and namespace %q\n", server, namespace)
+
+	isLocalhost := false
+	switch {
+	case strings.HasPrefix(server, "localhost:"):
+		isLocalhost = true
+	case strings.HasPrefix(server, "127.0.0.1:"):
+		isLocalhost = true
+	}
+
+	clientOpts := argocdclient.ClientOptions{
+		ServerAddr: server,
+		Insecure:   true,
+		PlainText:  isLocalhost,
+	}
+	renameRepositorySecrets(clientOpts, namespace)
+	//populateAppDestinations(clientOpts)
+}
--- a/manifests/components/02a_argocd-cm.yaml
+++ b/manifests/components/02a_argocd-cm.yaml
@@ -3,23 +3,12 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  name: argocd-cm
-#data:
-  # ArgoCD's externally facing URL
-  # url: https://argo-cd-demo.argoproj.io
+data:
+  # See https://github.com/argoproj/argo-cd/blob/master/docs/sso.md#2-configure-argocd-for-sso 
+  # for more details about how to setup data config needed for sso

-  # A dex connector configuration.
-  # Visit https://github.com/argoproj/argo-cd/blob/master/docs/sso.md#2-configure-argocd-for-sso 
-  # for instructions on configuring SSO.
-  # dex.config: |
-  #   connectors:
-  #     # GitHub example
-  #     - type: github
-  #       id: github
-  #       name: GitHub
-  #       config:
-  #         clientID: aabbccddeeff00112233
-  #         clientSecret: $dex.github.clientSecret
-  #         orgs:
-  #         - name: your-github-org
-  #           teams:
-  #           - red-team
+  # URL is the external URL of ArgoCD
+  #url: 
+
+  # A dex connector configuration
+  #dex.config:
--- a/manifests/components/02b_argocd-secret.yaml
+++ b/manifests/components/02b_argocd-secret.yaml
@@ -1,26 +1,24 @@
 ---
-# NOTE: some values in this secret will be populated by the initial startup of the API server
+# NOTE: the values in this secret will be populated by the initial startup of the API
 apiVersion: v1
 kind: Secret
 metadata:
  name: argocd-secret
 type: Opaque
-#data:
+  # bcrypt hash of the admin password
+  #admin.password: 
+
+  # random server signature key for session validation
+  #server.secretkey:
+
  # TLS certificate and private key for API server
-  # server.crt: 
-  # server.key:
+  #server.crt: 
+  #server.key:

  # The following keys hold the shared secret for authenticating GitHub/GitLab/BitBucket webhook
  # events. To enable webhooks, configure one or more of the following keys with the shared git
  # provider webhook secret. The payload URL configured in the git provider should use the 
  # /api/webhook endpoint of your ArgoCD instance (e.g. https://argocd.example.com/api/webhook)
-  # github.webhook.secret: 
-  # gitlab.webhook.secret:
-  # bitbucket.webhook.uuid: 
-
-  # bcrypt hash of the admin password (autogenerated on initial startup).
-  # To reset a forgotten password, delete this key and restart the argocd-server
-  # admin.password: 
-
-  # random server signature key for session validation (autogenerated on initial startup)
-  # server.secretkey:
+  #github.webhook.secret: 
+  #gitlab.webhook.secret:
+  #bitbucket.webhook.uuid: 
--- a/manifests/components/02c_argocd-rbac-cm.yaml
+++ b/manifests/components/02c_argocd-rbac-cm.yaml
@@ -3,14 +3,24 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  name: argocd-rbac-cm
-#data:
-  # An RBAC policy .csv file containing additional policy and role definitions.
-  # See https://github.com/argoproj/argo-cd/blob/master/docs/rbac.md on how to write RBAC policies.
-  # policy.csv: |
-  #   # Give all members of "my-org:team-alpha" the ability to sync apps in "my-project"
-  #   p, my-org:team-alpha, applications, sync, my-project/*, allow
-  #   # Make all members of "my-org:team-beta" admins
-  #   g, my-org:team-beta, role:admin
+data:
+  # policy.csv holds the CSV file policy file which contains additional policy and role definitions.
+  # ArgoCD defines two built-in roles:
+  # * role:readonly - readonly access to all objects
+  # * role:admin - admin access to all objects
+  # The built-in policy can be seen under util/rbac/builtin-policy.csv
+  #policy.csv: ""

-  # The default role ArgoCD will fall back to, when authorizing API requests
-  # policy.default: role:readonly
+  # There are two policy formats:
+  # 1. Applications (which belong to a project):
+  # p, <user/group>, <resource>, <action>, <project>/<object>
+  # 2. All other resources:
+  # p, <user/group>, <resource>, <action>, <object>
+
+  # For example, the following rule gives all members of 'my-org:team1' the ability to sync
+  # applications in the project named: my-project
+  # p, my-org:team1, applications, sync, my-project/*
+
+  # policy.default holds the default policy which will ArgoCD will fall back to, when authorizing
+  # a user for API requests
+  policy.default: role:readonly
--- a/manifests/components/03d_application-controller-deployment.yaml
+++ b/manifests/components/03d_application-controller-deployment.yaml
@@ -14,6 +14,6 @@ spec:
    spec:
      containers:
      - command: [/argocd-application-controller, --repo-server, 'argocd-repo-server:8081']
-        image: argoproj/argocd-application-controller:v0.8.2
+        image: argoproj/argocd-application-controller:v0.7.2
        name: application-controller
      serviceAccountName: application-controller
--- a/manifests/components/04d_argocd-server-deployment.yaml
+++ b/manifests/components/04d_argocd-server-deployment.yaml
@@ -15,30 +15,24 @@ spec:
      serviceAccountName: argocd-server
      initContainers:
      - name: copyutil
-        image: argoproj/argocd-server:v0.8.2
+        image: argoproj/argocd-server:v0.7.2
        command: [cp, /argocd-util, /shared]
        volumeMounts:
        - mountPath: /shared
          name: static-files
      - name: ui
-        image: argoproj/argocd-ui:v0.8.2
+        image: argoproj/argocd-ui:v0.7.2
        command: [cp, -r, /app, /shared]
        volumeMounts:
        - mountPath: /shared
          name: static-files
      containers:
      - name: argocd-server
-        image: argoproj/argocd-server:v0.8.2
+        image: argoproj/argocd-server:v0.7.2
        command: [/argocd-server, --staticassets, /shared/app, --repo-server, 'argocd-repo-server:8081']
        volumeMounts:
        - mountPath: /shared
          name: static-files
-        readinessProbe:
-          httpGet:
-            path: /healthz
-            port: 8080
-          initialDelaySeconds: 3
-          periodSeconds: 30
      - name: dex
        image: quay.io/coreos/dex:v2.10.0
        command: [/shared/argocd-util, rundex]
--- a/manifests/components/05a_argocd-repo-server-deployment.yaml
+++ b/manifests/components/05a_argocd-repo-server-deployment.yaml
@@ -14,7 +14,7 @@ spec:
    spec:
      containers:
      - name: argocd-repo-server
-        image: argoproj/argocd-repo-server:v0.8.2
+        image: argoproj/argocd-repo-server:v0.7.2
        command: [/argocd-repo-server]
        ports:
          - containerPort: 8081
--- a/manifests/install.yaml
+++ b/manifests/install.yaml
@@ -33,68 +33,65 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  name: argocd-cm
-#data:
-  # ArgoCD's externally facing URL
-  # url: https://argo-cd-demo.argoproj.io
+data:
+  # See https://github.com/argoproj/argo-cd/blob/master/docs/sso.md#2-configure-argocd-for-sso 
+  # for more details about how to setup data config needed for sso

-  # A dex connector configuration.
-  # Visit https://github.com/argoproj/argo-cd/blob/master/docs/sso.md#2-configure-argocd-for-sso 
-  # for instructions on configuring SSO.
-  # dex.config: |
-  #   connectors:
-  #     # GitHub example
-  #     - type: github
-  #       id: github
-  #       name: GitHub
-  #       config:
-  #         clientID: aabbccddeeff00112233
-  #         clientSecret: $dex.github.clientSecret
-  #         orgs:
-  #         - name: your-github-org
-  #           teams:
-  #           - red-team
+  # URL is the external URL of ArgoCD
+  #url: 
+
+  # A dex connector configuration
+  #dex.config:
 ---
-# NOTE: some values in this secret will be populated by the initial startup of the API server
+# NOTE: the values in this secret will be populated by the initial startup of the API
 apiVersion: v1
 kind: Secret
 metadata:
  name: argocd-secret
 type: Opaque
-#data:
+  # bcrypt hash of the admin password
+  #admin.password: 
+
+  # random server signature key for session validation
+  #server.secretkey:
+
  # TLS certificate and private key for API server
-  # server.crt: 
-  # server.key:
+  #server.crt: 
+  #server.key:

  # The following keys hold the shared secret for authenticating GitHub/GitLab/BitBucket webhook
  # events. To enable webhooks, configure one or more of the following keys with the shared git
  # provider webhook secret. The payload URL configured in the git provider should use the 
  # /api/webhook endpoint of your ArgoCD instance (e.g. https://argocd.example.com/api/webhook)
-  # github.webhook.secret: 
-  # gitlab.webhook.secret:
-  # bitbucket.webhook.uuid: 
-
-  # bcrypt hash of the admin password (autogenerated on initial startup).
-  # To reset a forgotten password, delete this key and restart the argocd-server
-  # admin.password: 
-
-  # random server signature key for session validation (autogenerated on initial startup)
-  # server.secretkey:
+  #github.webhook.secret: 
+  #gitlab.webhook.secret:
+  #bitbucket.webhook.uuid: 
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: argocd-rbac-cm
-#data:
-  # An RBAC policy .csv file containing additional policy and role definitions.
-  # See https://github.com/argoproj/argo-cd/blob/master/docs/rbac.md on how to write RBAC policies.
-  # policy.csv: |
-  #   # Give all members of "my-org:team-alpha" the ability to sync apps in "my-project"
-  #   p, my-org:team-alpha, applications, sync, my-project/*, allow
-  #   # Make all members of "my-org:team-beta" admins
-  #   g, my-org:team-beta, role:admin
+data:
+  # policy.csv holds the CSV file policy file which contains additional policy and role definitions.
+  # ArgoCD defines two built-in roles:
+  # * role:readonly - readonly access to all objects
+  # * role:admin - admin access to all objects
+  # The built-in policy can be seen under util/rbac/builtin-policy.csv
+  #policy.csv: ""

-  # The default role ArgoCD will fall back to, when authorizing API requests
-  # policy.default: role:readonly
+  # There are two policy formats:
+  # 1. Applications (which belong to a project):
+  # p, <user/group>, <resource>, <action>, <project>/<object>
+  # 2. All other resources:
+  # p, <user/group>, <resource>, <action>, <object>
+
+  # For example, the following rule gives all members of 'my-org:team1' the ability to sync
+  # applications in the project named: my-project
+  # p, my-org:team1, applications, sync, my-project/*
+
+  # policy.default holds the default policy which will ArgoCD will fall back to, when authorizing
+  # a user for API requests
+  policy.default: role:readonly
 ---
 apiVersion: v1
 kind: ServiceAccount
@@ -165,7 +162,7 @@ spec:
    spec:
      containers:
      - command: [/argocd-application-controller, --repo-server, 'argocd-repo-server:8081']
-        image: argoproj/argocd-application-controller:v0.8.2
+        image: argoproj/argocd-application-controller:v0.7.2
        name: application-controller
      serviceAccountName: application-controller
 ---
@@ -241,30 +238,24 @@ spec:
      serviceAccountName: argocd-server
      initContainers:
      - name: copyutil
-        image: argoproj/argocd-server:v0.8.2
+        image: argoproj/argocd-server:v0.7.2
        command: [cp, /argocd-util, /shared]
        volumeMounts:
        - mountPath: /shared
          name: static-files
      - name: ui
-        image: argoproj/argocd-ui:v0.8.2
+        image: argoproj/argocd-ui:v0.7.2
        command: [cp, -r, /app, /shared]
        volumeMounts:
        - mountPath: /shared
          name: static-files
      containers:
      - name: argocd-server
-        image: argoproj/argocd-server:v0.8.2
+        image: argoproj/argocd-server:v0.7.2
        command: [/argocd-server, --staticassets, /shared/app, --repo-server, 'argocd-repo-server:8081']
        volumeMounts:
        - mountPath: /shared
          name: static-files
-        readinessProbe:
-          httpGet:
-            path: /healthz
-            port: 8080
-          initialDelaySeconds: 3
-          periodSeconds: 30
      - name: dex
        image: quay.io/coreos/dex:v2.10.0
        command: [/shared/argocd-util, rundex]
@@ -307,7 +298,7 @@ spec:
    spec:
      containers:
      - name: argocd-repo-server
-        image: argoproj/argocd-repo-server:v0.8.2
+        image: argoproj/argocd-repo-server:v0.7.2
        command: [/argocd-repo-server]
        ports:
          - containerPort: 8081
--- a/pkg/apis/application/v1alpha1/generated.pb.go
+++ b/pkg/apis/application/v1alpha1/generated.pb.go
@@ -28,10 +28,8 @@
 		DeploymentInfo
 		HealthStatus
 		HookStatus
-		JWTToken
 		Operation
 		OperationState
-		ProjectRole
 		Repository
 		RepositoryList
 		ResourceDetails
@@ -151,69 +149,61 @@ func (m *HookStatus) Reset()                    { *m = HookStatus{} }
 func (*HookStatus) ProtoMessage()               {}
 func (*HookStatus) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{19} }

-func (m *JWTToken) Reset()                    { *m = JWTToken{} }
-func (*JWTToken) ProtoMessage()               {}
-func (*JWTToken) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{20} }
-
 func (m *Operation) Reset()                    { *m = Operation{} }
 func (*Operation) ProtoMessage()               {}
-func (*Operation) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{21} }
+func (*Operation) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{20} }

 func (m *OperationState) Reset()                    { *m = OperationState{} }
 func (*OperationState) ProtoMessage()               {}
-func (*OperationState) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{22} }
-
-func (m *ProjectRole) Reset()                    { *m = ProjectRole{} }
-func (*ProjectRole) ProtoMessage()               {}
-func (*ProjectRole) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{23} }
+func (*OperationState) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{21} }

 func (m *Repository) Reset()                    { *m = Repository{} }
 func (*Repository) ProtoMessage()               {}
-func (*Repository) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{24} }
+func (*Repository) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{22} }

 func (m *RepositoryList) Reset()                    { *m = RepositoryList{} }
 func (*RepositoryList) ProtoMessage()               {}
-func (*RepositoryList) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{25} }
+func (*RepositoryList) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{23} }

 func (m *ResourceDetails) Reset()                    { *m = ResourceDetails{} }
 func (*ResourceDetails) ProtoMessage()               {}
-func (*ResourceDetails) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{26} }
+func (*ResourceDetails) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{24} }

 func (m *ResourceNode) Reset()                    { *m = ResourceNode{} }
 func (*ResourceNode) ProtoMessage()               {}
-func (*ResourceNode) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{27} }
+func (*ResourceNode) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{25} }

 func (m *ResourceState) Reset()                    { *m = ResourceState{} }
 func (*ResourceState) ProtoMessage()               {}
-func (*ResourceState) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{28} }
+func (*ResourceState) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{26} }

 func (m *RollbackOperation) Reset()                    { *m = RollbackOperation{} }
 func (*RollbackOperation) ProtoMessage()               {}
-func (*RollbackOperation) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{29} }
+func (*RollbackOperation) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{27} }

 func (m *SyncOperation) Reset()                    { *m = SyncOperation{} }
 func (*SyncOperation) ProtoMessage()               {}
-func (*SyncOperation) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{30} }
+func (*SyncOperation) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{28} }

 func (m *SyncOperationResult) Reset()                    { *m = SyncOperationResult{} }
 func (*SyncOperationResult) ProtoMessage()               {}
-func (*SyncOperationResult) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{31} }
+func (*SyncOperationResult) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{29} }

 func (m *SyncStrategy) Reset()                    { *m = SyncStrategy{} }
 func (*SyncStrategy) ProtoMessage()               {}
-func (*SyncStrategy) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{32} }
+func (*SyncStrategy) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{30} }

 func (m *SyncStrategyApply) Reset()                    { *m = SyncStrategyApply{} }
 func (*SyncStrategyApply) ProtoMessage()               {}
-func (*SyncStrategyApply) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{33} }
+func (*SyncStrategyApply) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{31} }

 func (m *SyncStrategyHook) Reset()                    { *m = SyncStrategyHook{} }
 func (*SyncStrategyHook) ProtoMessage()               {}
-func (*SyncStrategyHook) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{34} }
+func (*SyncStrategyHook) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{32} }

 func (m *TLSClientConfig) Reset()                    { *m = TLSClientConfig{} }
 func (*TLSClientConfig) ProtoMessage()               {}
-func (*TLSClientConfig) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{35} }
+func (*TLSClientConfig) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{33} }

 func init() {
 	proto.RegisterType((*AppProject)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.AppProject")
@@ -236,10 +226,8 @@ func init() {
 	proto.RegisterType((*DeploymentInfo)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.DeploymentInfo")
 	proto.RegisterType((*HealthStatus)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.HealthStatus")
 	proto.RegisterType((*HookStatus)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.HookStatus")
-	proto.RegisterType((*JWTToken)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.JWTToken")
 	proto.RegisterType((*Operation)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.Operation")
 	proto.RegisterType((*OperationState)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.OperationState")
-	proto.RegisterType((*ProjectRole)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.ProjectRole")
 	proto.RegisterType((*Repository)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.Repository")
 	proto.RegisterType((*RepositoryList)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.RepositoryList")
 	proto.RegisterType((*ResourceDetails)(nil), "github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.ResourceDetails")
@@ -371,18 +359,6 @@ func (m *AppProjectSpec) MarshalTo(dAtA []byte) (int, error) {
 	i++
 	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Description)))
 	i += copy(dAtA[i:], m.Description)
-	if len(m.Roles) > 0 {
-		for _, msg := range m.Roles {
-			dAtA[i] = 0x22
-			i++
-			i = encodeVarintGenerated(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
-		}
-	}
 	return i, nil
 }

@@ -1096,30 +1072,6 @@ func (m *HookStatus) MarshalTo(dAtA []byte) (int, error) {
 	return i, nil
 }

-func (m *JWTToken) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
-}
-
-func (m *JWTToken) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	dAtA[i] = 0x8
-	i++
-	i = encodeVarintGenerated(dAtA, i, uint64(m.IssuedAt))
-	dAtA[i] = 0x10
-	i++
-	i = encodeVarintGenerated(dAtA, i, uint64(m.ExpiresAt))
-	return i, nil
-}
-
 func (m *Operation) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
@@ -1230,59 +1182,6 @@ func (m *OperationState) MarshalTo(dAtA []byte) (int, error) {
 	return i, nil
 }

-func (m *ProjectRole) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
-}
-
-func (m *ProjectRole) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	dAtA[i] = 0xa
-	i++
-	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name)))
-	i += copy(dAtA[i:], m.Name)
-	dAtA[i] = 0x12
-	i++
-	i = encodeVarintGenerated(dAtA, i, uint64(len(m.Description)))
-	i += copy(dAtA[i:], m.Description)
-	if len(m.Policies) > 0 {
-		for _, s := range m.Policies {
-			dAtA[i] = 0x1a
-			i++
-			l = len(s)
-			for l >= 1<<7 {
-				dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
-				l >>= 7
-				i++
-			}
-			dAtA[i] = uint8(l)
-			i++
-			i += copy(dAtA[i:], s)
-		}
-	}
-	if len(m.JWTTokens) > 0 {
-		for _, msg := range m.JWTTokens {
-			dAtA[i] = 0x22
-			i++
-			i = encodeVarintGenerated(dAtA, i, uint64(msg.Size()))
-			n, err := msg.MarshalTo(dAtA[i:])
-			if err != nil {
-				return 0, err
-			}
-			i += n
-		}
-	}
-	return i, nil
-}
-
 func (m *Repository) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
@@ -1804,12 +1703,6 @@ func (m *AppProjectSpec) Size() (n int) {
 	}
 	l = len(m.Description)
 	n += 1 + l + sovGenerated(uint64(l))
-	if len(m.Roles) > 0 {
-		for _, e := range m.Roles {
-			l = e.Size()
-			n += 1 + l + sovGenerated(uint64(l))
-		}
-	}
 	return n
 }

@@ -2080,14 +1973,6 @@ func (m *HookStatus) Size() (n int) {
 	return n
 }

-func (m *JWTToken) Size() (n int) {
-	var l int
-	_ = l
-	n += 1 + sovGenerated(uint64(m.IssuedAt))
-	n += 1 + sovGenerated(uint64(m.ExpiresAt))
-	return n
-}
-
 func (m *Operation) Size() (n int) {
 	var l int
 	_ = l
@@ -2128,28 +2013,6 @@ func (m *OperationState) Size() (n int) {
 	return n
 }

-func (m *ProjectRole) Size() (n int) {
-	var l int
-	_ = l
-	l = len(m.Name)
-	n += 1 + l + sovGenerated(uint64(l))
-	l = len(m.Description)
-	n += 1 + l + sovGenerated(uint64(l))
-	if len(m.Policies) > 0 {
-		for _, s := range m.Policies {
-			l = len(s)
-			n += 1 + l + sovGenerated(uint64(l))
-		}
-	}
-	if len(m.JWTTokens) > 0 {
-		for _, e := range m.JWTTokens {
-			l = e.Size()
-			n += 1 + l + sovGenerated(uint64(l))
-		}
-	}
-	return n
-}
-
 func (m *Repository) Size() (n int) {
 	var l int
 	_ = l
@@ -2366,7 +2229,6 @@ func (this *AppProjectSpec) String() string {
 		`SourceRepos:` + fmt.Sprintf("%v", this.SourceRepos) + `,`,
 		`Destinations:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Destinations), "ApplicationDestination", "ApplicationDestination", 1), `&`, ``, 1) + `,`,
 		`Description:` + fmt.Sprintf("%v", this.Description) + `,`,
-		`Roles:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Roles), "ProjectRole", "ProjectRole", 1), `&`, ``, 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -2584,17 +2446,6 @@ func (this *HookStatus) String() string {
 	}, "")
 	return s
 }
-func (this *JWTToken) String() string {
-	if this == nil {
-		return "nil"
-	}
-	s := strings.Join([]string{`&JWTToken{`,
-		`IssuedAt:` + fmt.Sprintf("%v", this.IssuedAt) + `,`,
-		`ExpiresAt:` + fmt.Sprintf("%v", this.ExpiresAt) + `,`,
-		`}`,
-	}, "")
-	return s
-}
 func (this *Operation) String() string {
 	if this == nil {
 		return "nil"
@@ -2622,19 +2473,6 @@ func (this *OperationState) String() string {
 	}, "")
 	return s
 }
-func (this *ProjectRole) String() string {
-	if this == nil {
-		return "nil"
-	}
-	s := strings.Join([]string{`&ProjectRole{`,
-		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
-		`Description:` + fmt.Sprintf("%v", this.Description) + `,`,
-		`Policies:` + fmt.Sprintf("%v", this.Policies) + `,`,
-		`JWTTokens:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.JWTTokens), "JWTToken", "JWTToken", 1), `&`, ``, 1) + `,`,
-		`}`,
-	}, "")
-	return s
-}
 func (this *Repository) String() string {
 	if this == nil {
 		return "nil"
@@ -3128,37 +2966,6 @@ func (m *AppProjectSpec) Unmarshal(dAtA []byte) error {
 			}
 			m.Description = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
-		case 4:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Roles", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGenerated
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Roles = append(m.Roles, ProjectRole{})
-			if err := m.Roles[len(m.Roles)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
@@ -5806,94 +5613,6 @@ func (m *HookStatus) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *JWTToken) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowGenerated
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: JWTToken: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: JWTToken: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field IssuedAt", wireType)
-			}
-			m.IssuedAt = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGenerated
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.IssuedAt |= (int64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		case 2:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ExpiresAt", wireType)
-			}
-			m.ExpiresAt = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGenerated
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.ExpiresAt |= (int64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		default:
-			iNdEx = preIndex
-			skippy, err := skipGenerated(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if skippy < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
 func (m *Operation) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
@@ -6277,174 +5996,6 @@ func (m *OperationState) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ProjectRole) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowGenerated
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: ProjectRole: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ProjectRole: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGenerated
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Name = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 2:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Description", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGenerated
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Description = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 3:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Policies", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGenerated
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Policies = append(m.Policies, string(dAtA[iNdEx:postIndex]))
-			iNdEx = postIndex
-		case 4:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field JWTTokens", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowGenerated
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.JWTTokens = append(m.JWTTokens, JWTToken{})
-			if err := m.JWTTokens[len(m.JWTTokens)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
-		default:
-			iNdEx = preIndex
-			skippy, err := skipGenerated(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if skippy < 0 {
-				return ErrInvalidLengthGenerated
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
 func (m *Repository) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
@@ -8225,167 +7776,158 @@ func init() {
 }

 var fileDescriptorGenerated = []byte{
-	// 2577 bytes of a gzipped FileDescriptorProto
+	// 2446 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xd4, 0x59, 0x4b, 0x8c, 0x1c, 0x47,
-	0xf9, 0x77, 0xcf, 0x6b, 0x67, 0xbe, 0xd9, 0x87, 0x5d, 0x79, 0xfc, 0xf7, 0xef, 0x48, 0xbb, 0xab,
-	0x36, 0x0f, 0x83, 0x92, 0x19, 0xbc, 0x10, 0x30, 0x0f, 0x21, 0x79, 0x66, 0xed, 0x78, 0xbd, 0x7e,
-	0x2c, 0x35, 0x9b, 0x44, 0x0a, 0x51, 0xa0, 0xdd, 0x53, 0x3b, 0xd3, 0x9e, 0x99, 0xee, 0x4e, 0x57,
-	0xcd, 0xd8, 0x23, 0x11, 0x14, 0x84, 0x40, 0x3c, 0x25, 0x10, 0x42, 0x5c, 0x39, 0x70, 0x42, 0x48,
-	0x48, 0x88, 0x13, 0x12, 0x07, 0x38, 0x20, 0x1f, 0x73, 0x00, 0x11, 0x05, 0xb4, 0xc2, 0x9b, 0x4b,
-	0x24, 0x0e, 0x9c, 0xb8, 0xe4, 0x84, 0xea, 0xd1, 0x5d, 0xd5, 0x3d, 0xbb, 0xec, 0xae, 0x67, 0x6c,
-	0xe0, 0xd6, 0xfd, 0x7d, 0x5f, 0x7f, 0xbf, 0xaf, 0xbf, 0xfa, 0xea, 0x7b, 0x54, 0xc1, 0x66, 0xc7,
-	0x63, 0xdd, 0xe1, 0xed, 0x9a, 0x1b, 0x0c, 0xea, 0x4e, 0xd4, 0x09, 0xc2, 0x28, 0xb8, 0x23, 0x1e,
-	0x9e, 0x73, 0xdb, 0xf5, 0xb0, 0xd7, 0xa9, 0x3b, 0xa1, 0x47, 0xeb, 0x4e, 0x18, 0xf6, 0x3d, 0xd7,
-	0x61, 0x5e, 0xe0, 0xd7, 0x47, 0x17, 0x9c, 0x7e, 0xd8, 0x75, 0x2e, 0xd4, 0x3b, 0xc4, 0x27, 0x91,
-	0xc3, 0x48, 0xbb, 0x16, 0x46, 0x01, 0x0b, 0xd0, 0xa7, 0xb5, 0xaa, 0x5a, 0xac, 0x4a, 0x3c, 0x7c,
-	0xc9, 0x6d, 0xd7, 0xc2, 0x5e, 0xa7, 0xc6, 0x55, 0xd5, 0x0c, 0x55, 0xb5, 0x58, 0xd5, 0xd9, 0xe7,
-	0x0c, 0x2b, 0x3a, 0x41, 0x27, 0xa8, 0x0b, 0x8d, 0xb7, 0x87, 0xbb, 0xe2, 0x4d, 0xbc, 0x88, 0x27,
-	0x89, 0x74, 0xf6, 0x13, 0xbd, 0x8b, 0xb4, 0xe6, 0x05, 0xdc, 0xb6, 0x81, 0xe3, 0x76, 0x3d, 0x9f,
-	0x44, 0x63, 0x6d, 0xec, 0x80, 0x30, 0xa7, 0x3e, 0x9a, 0xb0, 0xef, 0x6c, 0xfd, 0xb0, 0xaf, 0xa2,
-	0xa1, 0xcf, 0xbc, 0x01, 0x99, 0xf8, 0xe0, 0x93, 0x47, 0x7d, 0x40, 0xdd, 0x2e, 0x19, 0x38, 0x13,
-	0xdf, 0x7d, 0xfc, 0xb0, 0xef, 0x86, 0xcc, 0xeb, 0xd7, 0x3d, 0x9f, 0x51, 0x16, 0x65, 0x3f, 0xb2,
-	0xff, 0x62, 0x01, 0x5c, 0x0a, 0xc3, 0xed, 0x28, 0xb8, 0x43, 0x5c, 0x86, 0xbe, 0x0c, 0x65, 0xfe,
-	0x1f, 0x6d, 0x87, 0x39, 0xcb, 0xd6, 0x9a, 0x75, 0xbe, 0xba, 0xfe, 0xb1, 0x9a, 0x54, 0x5b, 0x33,
-	0xd5, 0x6a, 0xbf, 0x72, 0xe9, 0xda, 0xe8, 0x42, 0xed, 0xd6, 0x6d, 0xfe, 0xfd, 0x0d, 0xc2, 0x9c,
-	0x06, 0xba, 0xbf, 0xb7, 0x7a, 0x6a, 0x7f, 0x6f, 0x15, 0x34, 0x0d, 0x27, 0x5a, 0x51, 0x0f, 0x0a,
-	0x34, 0x24, 0xee, 0x72, 0x4e, 0x68, 0xdf, 0xac, 0x3d, 0xf4, 0xea, 0xd5, 0xb4, 0xd9, 0xad, 0x90,
-	0xb8, 0x8d, 0x79, 0x05, 0x5b, 0xe0, 0x6f, 0x58, 0x80, 0xd8, 0xef, 0x58, 0xb0, 0xa8, 0xc5, 0xae,
-	0x7b, 0x94, 0xa1, 0x57, 0x27, 0xfe, 0xb0, 0x76, 0xbc, 0x3f, 0xe4, 0x5f, 0x8b, 0xff, 0x3b, 0xad,
-	0x80, 0xca, 0x31, 0xc5, 0xf8, 0xbb, 0x3b, 0x50, 0xf4, 0x18, 0x19, 0xd0, 0xe5, 0xdc, 0x5a, 0xfe,
-	0x7c, 0x75, 0xfd, 0xf2, 0x4c, 0x7e, 0xaf, 0xb1, 0xa0, 0x10, 0x8b, 0x9b, 0x5c, 0x37, 0x96, 0x10,
-	0xf6, 0x3f, 0x73, 0xe6, 0xcf, 0xf1, 0xbf, 0x46, 0x17, 0xa0, 0x4a, 0x83, 0x61, 0xe4, 0x12, 0x4c,
-	0xc2, 0x80, 0x2e, 0x5b, 0x6b, 0xf9, 0xf3, 0x95, 0xc6, 0xd2, 0xfe, 0xde, 0x6a, 0xb5, 0xa5, 0xc9,
-	0xd8, 0x94, 0x41, 0xdf, 0xb5, 0x60, 0xbe, 0x4d, 0x28, 0xf3, 0x7c, 0x81, 0x1f, 0x5b, 0xfe, 0x85,
-	0xe9, 0x2c, 0x8f, 0x89, 0x1b, 0x5a, 0x73, 0xe3, 0x49, 0xf5, 0x17, 0xf3, 0x06, 0x91, 0xe2, 0x14,
-	0x38, 0x7a, 0x1e, 0xaa, 0x6d, 0x42, 0xdd, 0xc8, 0x0b, 0xf9, 0xfb, 0x72, 0x7e, 0xcd, 0x3a, 0x5f,
-	0x69, 0x3c, 0xa1, 0x3e, 0xac, 0x6e, 0x68, 0x16, 0x36, 0xe5, 0x50, 0x0f, 0x8a, 0x51, 0xd0, 0x27,
-	0x74, 0xb9, 0x20, 0x8c, 0xbf, 0x32, 0x85, 0xf1, 0xca, 0x9d, 0x38, 0xe8, 0x13, 0xed, 0x77, 0xfe,
-	0x46, 0xb1, 0xc4, 0xb0, 0xff, 0x90, 0x87, 0xaa, 0xf1, 0x8b, 0x8f, 0x61, 0xcf, 0xf4, 0x53, 0x7b,
-	0xe6, 0xda, 0x6c, 0x96, 0xe6, 0xb0, 0x4d, 0x83, 0x18, 0x94, 0x28, 0x73, 0xd8, 0x90, 0x0a, 0xf7,
-	0x57, 0xd7, 0xaf, 0xcf, 0x08, 0x4f, 0xe8, 0x6c, 0x2c, 0x2a, 0xc4, 0x92, 0x7c, 0xc7, 0x0a, 0x0b,
-	0xbd, 0x0e, 0x95, 0x20, 0xe4, 0xa9, 0x89, 0xaf, 0x7b, 0x41, 0x00, 0x6f, 0x4c, 0x01, 0x7c, 0x2b,
-	0xd6, 0xd5, 0x58, 0xd8, 0xdf, 0x5b, 0xad, 0x24, 0xaf, 0x58, 0xa3, 0xd8, 0x2e, 0x3c, 0x69, 0xd8,
-	0xd7, 0x0c, 0xfc, 0xb6, 0x27, 0x16, 0x74, 0x0d, 0x0a, 0x6c, 0x1c, 0x12, 0xb1, 0x98, 0x15, 0xed,
-	0xa2, 0x9d, 0x71, 0x48, 0xb0, 0xe0, 0xa0, 0x8f, 0xc0, 0xdc, 0x80, 0x50, 0xea, 0x74, 0x88, 0x58,
-	0x93, 0x4a, 0x63, 0x49, 0x09, 0xcd, 0xdd, 0x90, 0x64, 0x1c, 0xf3, 0xed, 0xd7, 0xe1, 0xe9, 0x83,
-	0xf7, 0x03, 0xfa, 0x10, 0x94, 0x28, 0x89, 0x46, 0x24, 0x52, 0x40, 0xda, 0x33, 0x82, 0x8a, 0x15,
-	0x17, 0xd5, 0xa1, 0xe2, 0x3b, 0x03, 0x42, 0x43, 0xc7, 0x8d, 0xe1, 0xce, 0x28, 0xd1, 0xca, 0xcd,
-	0x98, 0x81, 0xb5, 0x8c, 0xfd, 0x57, 0x0b, 0x96, 0x0c, 0xcc, 0xc7, 0x90, 0xf6, 0x7a, 0xe9, 0xb4,
-	0x77, 0x65, 0x36, 0x11, 0x73, 0x48, 0xde, 0xfb, 0x5d, 0x1e, 0xce, 0x98, 0x71, 0x25, 0x92, 0x19,
-	0x5f, 0x92, 0x88, 0x84, 0xc1, 0x8b, 0xf8, 0xba, 0x72, 0x67, 0xb2, 0x24, 0x58, 0x92, 0x71, 0xcc,
-	0xe7, 0xeb, 0x1b, 0x3a, 0xac, 0xab, 0x7c, 0x99, 0xac, 0xef, 0xb6, 0xc3, 0xba, 0x58, 0x70, 0x78,
-	0x1a, 0x22, 0xfe, 0xc8, 0x8b, 0x02, 0x7f, 0x40, 0x7c, 0x96, 0x4d, 0x43, 0x97, 0x35, 0x0b, 0x9b,
-	0x72, 0xe8, 0xf3, 0xb0, 0xc8, 0x9c, 0xa8, 0x43, 0x18, 0x26, 0x23, 0x8f, 0xc6, 0x81, 0x5c, 0x69,
-	0x3c, 0xad, 0xbe, 0x5c, 0xdc, 0x49, 0x71, 0x71, 0x46, 0x1a, 0xfd, 0xda, 0x82, 0x67, 0xdc, 0x60,
-	0x10, 0x06, 0x3e, 0xf1, 0xd9, 0xb6, 0x13, 0x39, 0x03, 0xc2, 0x48, 0x74, 0x6b, 0x44, 0xa2, 0xc8,
-	0x6b, 0x13, 0xba, 0x5c, 0x14, 0xde, 0xbd, 0x31, 0x85, 0x77, 0x9b, 0x13, 0xda, 0x1b, 0xe7, 0x94,
-	0x71, 0xcf, 0x34, 0x0f, 0x47, 0xc6, 0xff, 0xce, 0x2c, 0x5e, 0x75, 0x46, 0x4e, 0x7f, 0x48, 0xe8,
-	0x15, 0x8f, 0xe7, 0xe0, 0x92, 0xae, 0x3a, 0x2f, 0x69, 0x32, 0x36, 0x65, 0xec, 0xdf, 0xe6, 0x52,
-	0x21, 0xda, 0x8a, 0xf3, 0x8e, 0x58, 0x4b, 0x15, 0xa0, 0xb3, 0xca, 0x3b, 0x42, 0xa7, 0xb1, 0xbb,
-	0x64, 0xf1, 0x53, 0x58, 0xe8, 0x5b, 0x96, 0x28, 0x39, 0xf1, 0xae, 0x54, 0x39, 0xf6, 0x11, 0x94,
-	0x3f, 0xb3, 0x8a, 0xc5, 0x44, 0x6c, 0x42, 0xf3, 0x10, 0x0e, 0x65, 0xf5, 0x51, 0x11, 0x97, 0x84,
-	0x70, 0x5c, 0x94, 0x62, 0xbe, 0xfd, 0xd3, 0x52, 0x7a, 0x0f, 0xc8, 0x1c, 0xfa, 0x43, 0x0b, 0x4e,
-	0xf3, 0x85, 0x72, 0x22, 0x8f, 0x06, 0x3e, 0x26, 0x74, 0xd8, 0x67, 0xca, 0x99, 0x5b, 0x53, 0x06,
-	0x8d, 0xa9, 0xb2, 0xb1, 0xac, 0xec, 0x3a, 0x9d, 0xe5, 0xe0, 0x09, 0x78, 0xc4, 0x60, 0xae, 0xeb,
-	0x51, 0x16, 0x44, 0x63, 0x95, 0x1c, 0xa6, 0x69, 0xf9, 0x36, 0x48, 0xd8, 0x0f, 0xc6, 0x7c, 0xaf,
-	0x6d, 0xfa, 0xbb, 0x81, 0xf6, 0xcf, 0x55, 0x89, 0x80, 0x63, 0x28, 0xf4, 0x35, 0x0b, 0x20, 0x8c,
-	0x23, 0x95, 0x17, 0xb2, 0x47, 0xb0, 0x71, 0x92, 0x9a, 0x9d, 0x90, 0x28, 0x36, 0x40, 0x51, 0x00,
-	0xa5, 0x2e, 0x71, 0xfa, 0xac, 0xab, 0xca, 0xd9, 0x0b, 0x53, 0xc0, 0x5f, 0x15, 0x8a, 0xb2, 0x25,
-	0x54, 0x52, 0xb1, 0x82, 0x41, 0xdf, 0xb0, 0x60, 0x31, 0xa9, 0x6e, 0x5c, 0x96, 0x2c, 0x17, 0xa7,
-	0xee, 0xb2, 0x6f, 0xa5, 0x14, 0x36, 0x10, 0x4f, 0x63, 0x69, 0x1a, 0xce, 0x80, 0xa2, 0xaf, 0x5b,
-	0x00, 0x6e, 0x5c, 0x4d, 0x65, 0x3e, 0xa8, 0xae, 0xdf, 0x9a, 0xcd, 0x8e, 0x4a, 0xaa, 0xb4, 0x76,
-	0x7f, 0x42, 0xa2, 0xd8, 0x80, 0xb5, 0xdf, 0xb5, 0xe0, 0x29, 0xe3, 0xc3, 0x97, 0x1d, 0xe6, 0x76,
-	0x2f, 0x8f, 0x78, 0x9a, 0xde, 0x4a, 0xd5, 0xf7, 0x4f, 0x99, 0xf5, 0xfd, 0xfd, 0xbd, 0xd5, 0x0f,
-	0x1f, 0x36, 0x46, 0xdd, 0xe5, 0x1a, 0x6a, 0x42, 0x85, 0xd1, 0x0a, 0xbc, 0x01, 0x55, 0xc3, 0x66,
-	0x95, 0x3e, 0x66, 0x55, 0x00, 0x93, 0x9c, 0x61, 0x10, 0xb1, 0x89, 0x67, 0xff, 0x29, 0x07, 0x73,
-	0xcd, 0xfe, 0x90, 0x32, 0x12, 0x1d, 0xbb, 0xa1, 0x58, 0x83, 0x02, 0x6f, 0x16, 0xb2, 0xf5, 0x8f,
-	0xf7, 0x12, 0x58, 0x70, 0x50, 0x08, 0x25, 0x37, 0xf0, 0x77, 0xbd, 0x8e, 0x6a, 0x01, 0xaf, 0x4e,
-	0xb3, 0x73, 0xa4, 0x75, 0x4d, 0xa1, 0x4f, 0xdb, 0x24, 0xdf, 0xb1, 0xc2, 0x41, 0xdf, 0xb7, 0x60,
-	0xc9, 0x0d, 0x7c, 0x9f, 0xb8, 0x3a, 0x78, 0x0b, 0x53, 0xb7, 0xbb, 0xcd, 0xb4, 0xc6, 0xc6, 0xff,
-	0x29, 0xf4, 0xa5, 0x0c, 0x03, 0x67, 0xb1, 0xed, 0x5f, 0xe5, 0x60, 0x21, 0x65, 0x39, 0x7a, 0x16,
-	0xca, 0x43, 0x4a, 0x22, 0xe1, 0x39, 0xe9, 0xdf, 0xa4, 0x23, 0x7a, 0x51, 0xd1, 0x71, 0x22, 0xc1,
-	0xa5, 0x43, 0x87, 0xd2, 0xbb, 0x41, 0xd4, 0x56, 0x7e, 0x4e, 0xa4, 0xb7, 0x15, 0x1d, 0x27, 0x12,
-	0xbc, 0xdf, 0xb8, 0x4d, 0x9c, 0x88, 0x44, 0x3b, 0x41, 0x8f, 0x4c, 0x8c, 0x3d, 0x0d, 0xcd, 0xc2,
-	0xa6, 0x9c, 0x70, 0x1a, 0xeb, 0xd3, 0x66, 0xdf, 0x23, 0x3e, 0x93, 0x66, 0xce, 0xc0, 0x69, 0x3b,
-	0xd7, 0x5b, 0xa6, 0x46, 0xed, 0xb4, 0x0c, 0x03, 0x67, 0xb1, 0xed, 0x3f, 0x5a, 0x50, 0x55, 0x4e,
-	0x7b, 0x0c, 0x4d, 0x67, 0x27, 0xdd, 0x74, 0x36, 0xa6, 0x8f, 0xd1, 0x43, 0x1a, 0xce, 0x5f, 0xe4,
-	0x61, 0xa2, 0xd2, 0xa1, 0xd7, 0x78, 0x8e, 0xe3, 0x34, 0xd2, 0xbe, 0x14, 0x17, 0xd9, 0x8f, 0x1e,
-	0xef, 0xef, 0x76, 0xbc, 0x01, 0x31, 0xd3, 0x57, 0xac, 0x05, 0x1b, 0x1a, 0xd1, 0x9b, 0x96, 0x06,
-	0xd8, 0x09, 0x54, 0x5e, 0x99, 0x6d, 0x4b, 0x34, 0x61, 0xc2, 0x4e, 0x80, 0x0d, 0x4c, 0xf4, 0x99,
-	0x64, 0x10, 0x2c, 0x8a, 0x80, 0xb4, 0xd3, 0xa3, 0xdb, 0xfb, 0xa9, 0x06, 0x20, 0x33, 0xce, 0x8d,
-	0xa1, 0x12, 0x11, 0xd9, 0x62, 0xc5, 0x15, 0x60, 0x9a, 0x24, 0x82, 0x95, 0x2e, 0xb9, 0x8d, 0x93,
-	0xf1, 0x27, 0x26, 0x53, 0xac, 0xd1, 0xec, 0xef, 0x59, 0x80, 0x26, 0xcb, 0x35, 0x1f, 0xa3, 0x92,
-	0x26, 0x56, 0x6d, 0xe0, 0x44, 0x4f, 0x22, 0x8e, 0xb5, 0xcc, 0x31, 0xd2, 0xe4, 0x39, 0x28, 0x8a,
-	0xa6, 0x56, 0x6d, 0xd8, 0x24, 0x7a, 0x44, 0xdb, 0x8b, 0x25, 0xcf, 0xfe, 0xbd, 0x05, 0xd9, 0x74,
-	0x23, 0x32, 0xb5, 0xf4, 0x6c, 0x36, 0x53, 0xa7, 0xbd, 0x78, 0xfc, 0x39, 0x13, 0xbd, 0x0a, 0x55,
-	0x87, 0x31, 0x32, 0x08, 0x99, 0x08, 0xc8, 0xfc, 0x89, 0x03, 0x72, 0x91, 0x47, 0xc2, 0x8d, 0xa0,
-	0xed, 0xed, 0x7a, 0x22, 0x18, 0x4d, 0x75, 0xf6, 0x7b, 0x79, 0x58, 0x4c, 0x37, 0x5f, 0x68, 0x08,
-	0x25, 0xd1, 0xec, 0xc8, 0x63, 0xa6, 0x99, 0x77, 0x57, 0x89, 0x4b, 0x04, 0x89, 0x62, 0x05, 0xc6,
-	0x13, 0x6b, 0x14, 0x4f, 0x57, 0x99, 0xc4, 0x9a, 0xcc, 0x55, 0x89, 0xc4, 0x91, 0x13, 0x55, 0xfe,
-	0xbf, 0x73, 0xa2, 0x7a, 0x0d, 0xa0, 0x2d, 0xbc, 0x2d, 0xd6, 0xb2, 0xf0, 0xf0, 0xc9, 0x65, 0x23,
-	0xd1, 0x82, 0x0d, 0x8d, 0xe8, 0x2c, 0xe4, 0xbc, 0xb6, 0xd8, 0xd5, 0xf9, 0x06, 0x28, 0xd9, 0xdc,
-	0xe6, 0x06, 0xce, 0x79, 0x6d, 0x9b, 0xc2, 0xbc, 0xd9, 0x6d, 0x1e, 0x3b, 0x56, 0x3f, 0x0b, 0x0b,
-	0xf2, 0x69, 0x83, 0x30, 0xc7, 0xeb, 0x53, 0xb5, 0x3a, 0x4f, 0x29, 0xf1, 0x85, 0x96, 0xc9, 0xc4,
-	0x69, 0x59, 0xfb, 0x27, 0x39, 0x80, 0xab, 0x41, 0xd0, 0x53, 0x98, 0xf1, 0xd6, 0xb3, 0x0e, 0xdd,
-	0x7a, 0x6b, 0x50, 0xe8, 0x79, 0x7e, 0x3b, 0xbb, 0x39, 0xb7, 0x3c, 0xbf, 0x8d, 0x05, 0x07, 0xad,
-	0x03, 0x38, 0xa1, 0xf7, 0x12, 0x89, 0xa8, 0x3e, 0x49, 0x4c, 0xfc, 0x72, 0x69, 0x7b, 0x53, 0x71,
-	0xb0, 0x21, 0x85, 0x9e, 0x55, 0x9d, 0xa1, 0x1c, 0xdb, 0x97, 0x33, 0x9d, 0x61, 0x99, 0x5b, 0x68,
-	0xb4, 0x7e, 0x17, 0x33, 0xf9, 0x71, 0x6d, 0x22, 0x3f, 0xea, 0x4e, 0x79, 0xbb, 0xeb, 0x50, 0x72,
-	0xd0, 0xbe, 0x2e, 0x1d, 0x71, 0x7e, 0xd4, 0x82, 0xf2, 0xb5, 0x97, 0x77, 0x64, 0xbd, 0xb7, 0x21,
-	0xef, 0x39, 0x32, 0x79, 0xe5, 0x75, 0xd8, 0x6f, 0x52, 0x3a, 0x14, 0x2b, 0xcc, 0x99, 0xe8, 0x1c,
-	0xe4, 0xc9, 0xbd, 0x50, 0xf8, 0x25, 0xaf, 0x13, 0xdc, 0xe5, 0x7b, 0xa1, 0x17, 0x11, 0xca, 0x85,
-	0xc8, 0xbd, 0xd0, 0xfe, 0xbb, 0x05, 0xfa, 0x48, 0x0c, 0xed, 0x42, 0x81, 0x8e, 0x7d, 0x57, 0x15,
-	0xb1, 0x69, 0xd2, 0x74, 0x6b, 0xec, 0xbb, 0xfa, 0xe4, 0xad, 0x2c, 0x0e, 0x16, 0xc7, 0xbe, 0x8b,
-	0x85, 0x7e, 0x34, 0x82, 0x72, 0x14, 0xf4, 0xfb, 0xb7, 0x1d, 0xb7, 0x37, 0x83, 0x7a, 0x86, 0x95,
-	0x2a, 0x8d, 0x37, 0x2f, 0x92, 0x80, 0x22, 0xe3, 0x04, 0xcb, 0xfe, 0x65, 0x11, 0x32, 0x23, 0x0b,
-	0x1a, 0x9a, 0xa7, 0x8d, 0xd6, 0x0c, 0x4f, 0x1b, 0x13, 0x8f, 0x1f, 0x74, 0xe2, 0x88, 0x9e, 0x87,
-	0x62, 0xc8, 0x03, 0x41, 0x85, 0xed, 0x6a, 0x5c, 0x30, 0x44, 0x74, 0x1c, 0x10, 0x2f, 0x52, 0xda,
-	0x0c, 0x97, 0xfc, 0x11, 0x65, 0xe0, 0xab, 0x00, 0xdc, 0xd7, 0x6a, 0xf6, 0x97, 0x99, 0xe3, 0xe6,
-	0xac, 0x56, 0x54, 0x8d, 0xff, 0xa2, 0x52, 0xb4, 0x12, 0x14, 0x6c, 0x20, 0xa2, 0xef, 0x58, 0xb0,
-	0x18, 0x3b, 0x5e, 0x19, 0x51, 0x7c, 0x24, 0x46, 0x88, 0x41, 0x14, 0xa7, 0x90, 0x70, 0x06, 0x19,
-	0x7d, 0x11, 0x2a, 0x94, 0x39, 0x91, 0xac, 0x88, 0xa5, 0x13, 0x67, 0xd1, 0x64, 0x2d, 0x5b, 0xb1,
-	0x12, 0xac, 0xf5, 0xa1, 0x57, 0x00, 0x76, 0x3d, 0xdf, 0xa3, 0x5d, 0xa1, 0x7d, 0xee, 0xe1, 0xea,
-	0xed, 0x95, 0x44, 0x03, 0x36, 0xb4, 0xd9, 0xdf, 0xcc, 0x41, 0xd5, 0xb8, 0x88, 0x38, 0x46, 0x3e,
-	0xcc, 0x5c, 0x9c, 0xe4, 0x8e, 0x79, 0x71, 0x72, 0x1e, 0xca, 0x61, 0xd0, 0xf7, 0x5c, 0x4f, 0xd5,
-	0xc2, 0x8a, 0xdc, 0x44, 0xdb, 0x8a, 0x86, 0x13, 0x2e, 0x62, 0x50, 0xb9, 0x73, 0x97, 0x89, 0x3c,
-	0x14, 0x5f, 0xb3, 0x34, 0xa7, 0x58, 0xd2, 0x38, 0xa7, 0x69, 0x27, 0xc7, 0x14, 0x8a, 0x35, 0x90,
-	0xfd, 0xe7, 0x1c, 0x80, 0xb8, 0xa7, 0xf2, 0xc4, 0xb1, 0xce, 0x1a, 0x14, 0x22, 0x12, 0x06, 0x59,
-	0x3f, 0x70, 0x09, 0x2c, 0x38, 0xa9, 0x29, 0x2d, 0x77, 0xa2, 0x29, 0x2d, 0x7f, 0xe4, 0x94, 0xc6,
-	0x2b, 0x1c, 0xed, 0x6e, 0x47, 0xde, 0xc8, 0x61, 0x64, 0x8b, 0x8c, 0x55, 0x99, 0xd0, 0x15, 0xae,
-	0x75, 0x55, 0x33, 0x71, 0x5a, 0xf6, 0xc0, 0x01, 0xb7, 0xf8, 0x1f, 0x1c, 0x70, 0xdf, 0xb1, 0x60,
-	0x51, 0x7b, 0xf6, 0x7f, 0xeb, 0x6a, 0x54, 0xdb, 0x7d, 0xc8, 0xc4, 0xf6, 0x0f, 0x0b, 0x96, 0xe2,
-	0xd9, 0x40, 0xb5, 0x18, 0x33, 0xe9, 0x29, 0x52, 0x57, 0x31, 0xf9, 0xa3, 0xaf, 0x62, 0xcc, 0xcc,
-	0x5d, 0x38, 0x22, 0x73, 0x7f, 0x2e, 0xd3, 0x4d, 0x7c, 0x60, 0xa2, 0x9b, 0x40, 0xc9, 0x14, 0x34,
-	0xf6, 0xdd, 0x74, 0xf7, 0x65, 0xff, 0xdc, 0x82, 0xf9, 0x98, 0x7d, 0x33, 0x68, 0x8b, 0xd9, 0x84,
-	0x8a, 0x20, 0xb3, 0xd2, 0xb3, 0x89, 0x0c, 0x07, 0xc9, 0x43, 0x43, 0x28, 0xbb, 0x5d, 0xaf, 0xdf,
-	0x8e, 0x88, 0xaf, 0x96, 0xe5, 0x85, 0x19, 0x0c, 0x69, 0x1c, 0x5f, 0x87, 0x42, 0x53, 0x01, 0xe0,
-	0x04, 0xca, 0xfe, 0x4d, 0x1e, 0x16, 0x52, 0x13, 0x1d, 0x4f, 0x5f, 0xf2, 0x2e, 0xa4, 0x65, 0xd8,
-	0x9c, 0xa4, 0xaf, 0x1d, 0xcd, 0xc2, 0xa6, 0x1c, 0x5f, 0x8f, 0xbe, 0x37, 0x92, 0x3a, 0xb2, 0x57,
-	0x63, 0xd7, 0x63, 0x06, 0xd6, 0x32, 0xc6, 0x48, 0x9b, 0x3f, 0xf1, 0x48, 0xfb, 0x23, 0x0b, 0x90,
-	0xf8, 0x05, 0xae, 0x39, 0x99, 0x3c, 0x55, 0x2e, 0x9c, 0x99, 0xdf, 0xce, 0x2a, 0x8b, 0x50, 0x73,
-	0x02, 0x0a, 0x1f, 0x00, 0x6f, 0x9c, 0x32, 0x17, 0x1f, 0xcb, 0x29, 0xb3, 0xfd, 0x15, 0x38, 0x33,
-	0xd1, 0x7a, 0xa9, 0x81, 0xc2, 0x3a, 0x68, 0xa0, 0xe0, 0x91, 0x18, 0x46, 0x43, 0x5f, 0x2e, 0x50,
-	0x59, 0x47, 0xe2, 0x36, 0x27, 0x62, 0xc9, 0xe3, 0x53, 0x46, 0x3b, 0x1a, 0xe3, 0xa1, 0xec, 0xd4,
-	0xcb, 0x1a, 0x7d, 0x43, 0x50, 0xb1, 0xe2, 0xda, 0xdf, 0xce, 0xc1, 0x42, 0xaa, 0x1d, 0x48, 0x0d,
-	0x84, 0xd6, 0x91, 0x03, 0xe1, 0x2c, 0x8d, 0x41, 0x6f, 0xc0, 0x3c, 0x15, 0x5b, 0x31, 0x72, 0x18,
-	0xe9, 0x8c, 0x67, 0x70, 0xce, 0xdf, 0x32, 0xd4, 0x35, 0x4e, 0xef, 0xef, 0xad, 0xce, 0x9b, 0x14,
-	0x9c, 0x82, 0xb3, 0x7f, 0x96, 0x83, 0x27, 0x0e, 0x68, 0x8d, 0xd0, 0x5d, 0xf3, 0xec, 0x45, 0x0e,
-	0xe7, 0xd7, 0x66, 0x10, 0x9e, 0x2a, 0x91, 0xca, 0x0b, 0xf5, 0x83, 0x4e, 0x5e, 0x4e, 0x38, 0x9b,
-	0xef, 0x42, 0xb1, 0x1b, 0x04, 0xbd, 0x78, 0x08, 0x9f, 0xa6, 0x20, 0xe8, 0xd1, 0xb1, 0x51, 0xe1,
-	0xab, 0xc9, 0xdf, 0x29, 0x96, 0xea, 0xed, 0xf7, 0x2c, 0x48, 0x79, 0x11, 0x0d, 0xa0, 0xc8, 0xb5,
-	0x8c, 0x67, 0x70, 0xcf, 0x68, 0xea, 0xbd, 0xc4, 0x75, 0x4a, 0x7c, 0xf1, 0x88, 0x25, 0x0a, 0xf2,
-	0xa0, 0xc0, 0x0d, 0x51, 0x23, 0xcf, 0xd6, 0x8c, 0xd0, 0xf8, 0x2f, 0xca, 0x09, 0x8b, 0x3f, 0x61,
-	0x01, 0x61, 0x5f, 0x84, 0x33, 0x13, 0x16, 0xf1, 0x90, 0xdf, 0x0d, 0xe2, 0x6b, 0x55, 0x23, 0xe4,
-	0xaf, 0x70, 0x22, 0x96, 0x3c, 0x5e, 0x3f, 0x4e, 0x67, 0xd5, 0xa3, 0x1f, 0x5b, 0x70, 0x86, 0x66,
-	0xf5, 0x3d, 0x12, 0xaf, 0xfd, 0xbf, 0x32, 0x6a, 0xd2, 0x7c, 0x3c, 0x69, 0x01, 0x5f, 0xd1, 0xec,
-	0x61, 0x34, 0x8f, 0x3d, 0xcf, 0xa7, 0xc4, 0x1d, 0x46, 0xf1, 0x8f, 0xea, 0x01, 0x59, 0xd1, 0x71,
-	0x22, 0x81, 0xd6, 0x01, 0xe4, 0x65, 0xc8, 0x4d, 0xdd, 0x28, 0x26, 0x87, 0x03, 0xad, 0x84, 0x83,
-	0x0d, 0x29, 0xde, 0x2b, 0xbb, 0x24, 0x62, 0x1b, 0xbc, 0x3d, 0xe2, 0x79, 0x61, 0x5e, 0xf6, 0xca,
-	0x4d, 0x45, 0xc3, 0x09, 0x17, 0x7d, 0x10, 0xe6, 0x7a, 0x64, 0x2c, 0x04, 0x0b, 0x42, 0xb0, 0xca,
-	0x2b, 0xfe, 0x96, 0x24, 0xe1, 0x98, 0x87, 0x6c, 0x28, 0xb9, 0x8e, 0x90, 0x2a, 0x0a, 0x29, 0x10,
-	0xf7, 0x22, 0x97, 0x84, 0x90, 0xe2, 0x34, 0x6a, 0xf7, 0x1f, 0xac, 0x9c, 0x7a, 0xeb, 0xc1, 0xca,
-	0xa9, 0xb7, 0x1f, 0xac, 0x9c, 0x7a, 0x73, 0x7f, 0xc5, 0xba, 0xbf, 0xbf, 0x62, 0xbd, 0xb5, 0xbf,
-	0x62, 0xbd, 0xbd, 0xbf, 0x62, 0xfd, 0x6d, 0x7f, 0xc5, 0xfa, 0xc1, 0xbb, 0x2b, 0xa7, 0x5e, 0x29,
-	0xc7, 0xae, 0xfd, 0x57, 0x00, 0x00, 0x00, 0xff, 0xff, 0x38, 0x84, 0xaf, 0x0d, 0x59, 0x29, 0x00,
-	0x00,
+	0x19, 0x76, 0xcf, 0x6b, 0x67, 0xfe, 0xd9, 0x87, 0x5d, 0x79, 0x30, 0x38, 0xd2, 0xee, 0xaa, 0xc3,
+	0xc3, 0xa0, 0x64, 0x06, 0x1b, 0x02, 0xe6, 0x21, 0x24, 0xcf, 0xae, 0x1d, 0x6f, 0xd6, 0x8f, 0xa5,
+	0x66, 0x13, 0xa4, 0x10, 0x05, 0xda, 0x3d, 0xb5, 0x33, 0xed, 0x99, 0xe9, 0xee, 0x74, 0xd5, 0x8c,
+	0x35, 0x12, 0x41, 0x41, 0x08, 0x29, 0xbc, 0x24, 0x10, 0x42, 0x5c, 0x39, 0x70, 0x42, 0x48, 0x48,
+	0x88, 0x13, 0x12, 0x07, 0x38, 0x20, 0x1f, 0x73, 0x00, 0x11, 0x05, 0xb4, 0xc2, 0x9b, 0x4b, 0x24,
+	0x0e, 0xdc, 0x73, 0x42, 0xf5, 0xe8, 0xae, 0xea, 0x9e, 0x5d, 0x76, 0xed, 0x69, 0x1b, 0x72, 0xeb,
+	0xfe, 0xff, 0xbf, 0xff, 0xef, 0xaf, 0xbf, 0xfe, 0xfa, 0x1f, 0xd5, 0xb0, 0xd5, 0xf3, 0x58, 0x7f,
+	0x7c, 0xab, 0xe9, 0x06, 0xa3, 0x96, 0x13, 0xf5, 0x82, 0x30, 0x0a, 0x6e, 0x8b, 0x87, 0x67, 0xdd,
+	0x6e, 0x2b, 0x1c, 0xf4, 0x5a, 0x4e, 0xe8, 0xd1, 0x96, 0x13, 0x86, 0x43, 0xcf, 0x75, 0x98, 0x17,
+	0xf8, 0xad, 0xc9, 0x79, 0x67, 0x18, 0xf6, 0x9d, 0xf3, 0xad, 0x1e, 0xf1, 0x49, 0xe4, 0x30, 0xd2,
+	0x6d, 0x86, 0x51, 0xc0, 0x02, 0xf4, 0x79, 0xad, 0xaa, 0x19, 0xab, 0x12, 0x0f, 0x5f, 0x77, 0xbb,
+	0xcd, 0x70, 0xd0, 0x6b, 0x72, 0x55, 0x4d, 0x43, 0x55, 0x33, 0x56, 0x75, 0xf6, 0x59, 0xc3, 0x8a,
+	0x5e, 0xd0, 0x0b, 0x5a, 0x42, 0xe3, 0xad, 0xf1, 0x9e, 0x78, 0x13, 0x2f, 0xe2, 0x49, 0x22, 0x9d,
+	0xfd, 0xcc, 0xe0, 0x22, 0x6d, 0x7a, 0x01, 0xb7, 0x6d, 0xe4, 0xb8, 0x7d, 0xcf, 0x27, 0xd1, 0x54,
+	0x1b, 0x3b, 0x22, 0xcc, 0x69, 0x4d, 0x66, 0xec, 0x3b, 0xdb, 0x3a, 0xea, 0xab, 0x68, 0xec, 0x33,
+	0x6f, 0x44, 0x66, 0x3e, 0xf8, 0xec, 0x71, 0x1f, 0x50, 0xb7, 0x4f, 0x46, 0xce, 0xcc, 0x77, 0x9f,
+	0x3e, 0xea, 0xbb, 0x31, 0xf3, 0x86, 0x2d, 0xcf, 0x67, 0x94, 0x45, 0xd9, 0x8f, 0xec, 0xbf, 0x5b,
+	0x00, 0x97, 0xc2, 0x70, 0x27, 0x0a, 0x6e, 0x13, 0x97, 0xa1, 0x6f, 0x40, 0x95, 0xaf, 0xa3, 0xeb,
+	0x30, 0xa7, 0x61, 0xad, 0x5b, 0xe7, 0xea, 0x17, 0x3e, 0xd5, 0x94, 0x6a, 0x9b, 0xa6, 0x5a, 0xed,
+	0x57, 0x2e, 0xdd, 0x9c, 0x9c, 0x6f, 0xde, 0xbc, 0xc5, 0xbf, 0xbf, 0x4e, 0x98, 0xd3, 0x46, 0x77,
+	0xf7, 0xd7, 0x4e, 0x1d, 0xec, 0xaf, 0x81, 0xa6, 0xe1, 0x44, 0x2b, 0x1a, 0x40, 0x89, 0x86, 0xc4,
+	0x6d, 0x14, 0x84, 0xf6, 0xad, 0xe6, 0x03, 0xef, 0x5e, 0x53, 0x9b, 0xdd, 0x09, 0x89, 0xdb, 0x5e,
+	0x54, 0xb0, 0x25, 0xfe, 0x86, 0x05, 0x88, 0xfd, 0x8e, 0x05, 0xcb, 0x5a, 0xec, 0x9a, 0x47, 0x19,
+	0x7a, 0x65, 0x66, 0x85, 0xcd, 0x93, 0xad, 0x90, 0x7f, 0x2d, 0xd6, 0x77, 0x5a, 0x01, 0x55, 0x63,
+	0x8a, 0xb1, 0xba, 0xdb, 0x50, 0xf6, 0x18, 0x19, 0xd1, 0x46, 0x61, 0xbd, 0x78, 0xae, 0x7e, 0xe1,
+	0x72, 0x2e, 0xcb, 0x6b, 0x2f, 0x29, 0xc4, 0xf2, 0x16, 0xd7, 0x8d, 0x25, 0x84, 0xfd, 0x66, 0xc1,
+	0x5c, 0x1c, 0x5f, 0x35, 0x3a, 0x0f, 0x75, 0x1a, 0x8c, 0x23, 0x97, 0x60, 0x12, 0x06, 0xb4, 0x61,
+	0xad, 0x17, 0xcf, 0xd5, 0xda, 0x2b, 0x07, 0xfb, 0x6b, 0xf5, 0x8e, 0x26, 0x63, 0x53, 0x06, 0xfd,
+	0xc0, 0x82, 0xc5, 0x2e, 0xa1, 0xcc, 0xf3, 0x05, 0x7e, 0x6c, 0xf9, 0x57, 0xe6, 0xb3, 0x3c, 0x26,
+	0x6e, 0x6a, 0xcd, 0xed, 0xc7, 0xd5, 0x2a, 0x16, 0x0d, 0x22, 0xc5, 0x29, 0x70, 0xf4, 0x1c, 0xd4,
+	0xbb, 0x84, 0xba, 0x91, 0x17, 0xf2, 0xf7, 0x46, 0x71, 0xdd, 0x3a, 0x57, 0x6b, 0x3f, 0xa6, 0x3e,
+	0xac, 0x6f, 0x6a, 0x16, 0x36, 0xe5, 0xec, 0x3f, 0x17, 0xa1, 0x6e, 0xa0, 0x3e, 0x82, 0x30, 0x1e,
+	0xa6, 0xc2, 0xf8, 0x85, 0x7c, 0xbc, 0x75, 0x54, 0x1c, 0x23, 0x06, 0x15, 0xca, 0x1c, 0x36, 0xa6,
+	0xc2, 0x23, 0xf5, 0x0b, 0xd7, 0x72, 0xc2, 0x13, 0x3a, 0xdb, 0xcb, 0x0a, 0xb1, 0x22, 0xdf, 0xb1,
+	0xc2, 0x42, 0xaf, 0x41, 0x2d, 0x08, 0x79, 0xb6, 0xe0, 0x5b, 0x51, 0x12, 0xc0, 0x9b, 0x73, 0x00,
+	0xdf, 0x8c, 0x75, 0xb5, 0x97, 0x0e, 0xf6, 0xd7, 0x6a, 0xc9, 0x2b, 0xd6, 0x28, 0xb6, 0x0b, 0x8f,
+	0x1b, 0xf6, 0x6d, 0x04, 0x7e, 0xd7, 0x13, 0x1b, 0xba, 0x0e, 0x25, 0x36, 0x0d, 0x89, 0xd8, 0xcc,
+	0x9a, 0x76, 0xd1, 0xee, 0x34, 0x24, 0x58, 0x70, 0xd0, 0x27, 0x60, 0x61, 0x44, 0x28, 0x75, 0x7a,
+	0x44, 0xec, 0x49, 0xad, 0xbd, 0xa2, 0x84, 0x16, 0xae, 0x4b, 0x32, 0x8e, 0xf9, 0xf6, 0x6b, 0xf0,
+	0xe4, 0xe1, 0x21, 0x8a, 0x3e, 0x06, 0x15, 0x4a, 0xa2, 0x09, 0x89, 0x14, 0x90, 0xf6, 0x8c, 0xa0,
+	0x62, 0xc5, 0x45, 0x2d, 0xa8, 0xf9, 0xce, 0x88, 0xd0, 0xd0, 0x71, 0x63, 0xb8, 0x33, 0x4a, 0xb4,
+	0x76, 0x23, 0x66, 0x60, 0x2d, 0x63, 0xff, 0xc3, 0x82, 0x15, 0x03, 0xf3, 0x11, 0x64, 0xa2, 0x41,
+	0x3a, 0x13, 0x5d, 0xc9, 0x27, 0x62, 0x8e, 0x48, 0x45, 0x7f, 0x2c, 0xc2, 0x19, 0x33, 0xae, 0x44,
+	0x7e, 0xe1, 0x5b, 0x12, 0x91, 0x30, 0x78, 0x11, 0x5f, 0x53, 0xee, 0x4c, 0xb6, 0x04, 0x4b, 0x32,
+	0x8e, 0xf9, 0x7c, 0x7f, 0x43, 0x87, 0xf5, 0x95, 0x2f, 0x93, 0xfd, 0xdd, 0x71, 0x58, 0x1f, 0x0b,
+	0x0e, 0xcf, 0x0c, 0xc4, 0x9f, 0x78, 0x51, 0xe0, 0x8f, 0x88, 0xcf, 0xb2, 0x99, 0xe1, 0xb2, 0x66,
+	0x61, 0x53, 0x0e, 0x7d, 0x19, 0x96, 0x99, 0x13, 0xf5, 0x08, 0xc3, 0x64, 0xe2, 0xd1, 0x38, 0x90,
+	0x6b, 0xed, 0x27, 0xd5, 0x97, 0xcb, 0xbb, 0x29, 0x2e, 0xce, 0x48, 0xa3, 0xdf, 0x59, 0xf0, 0x94,
+	0x1b, 0x8c, 0xc2, 0xc0, 0x27, 0x3e, 0xdb, 0x71, 0x22, 0x67, 0x44, 0x18, 0x89, 0x6e, 0x4e, 0x48,
+	0x14, 0x79, 0x5d, 0x42, 0x1b, 0x65, 0xe1, 0xdd, 0xeb, 0x73, 0x78, 0x77, 0x63, 0x46, 0x7b, 0xfb,
+	0x69, 0x65, 0xdc, 0x53, 0x1b, 0x47, 0x23, 0xe3, 0xff, 0x66, 0x16, 0x2f, 0x04, 0x13, 0x67, 0x38,
+	0x26, 0xf4, 0x8a, 0x37, 0x24, 0xb4, 0x51, 0xd1, 0x85, 0xe0, 0x25, 0x4d, 0xc6, 0xa6, 0x8c, 0xfd,
+	0x87, 0x42, 0x2a, 0x44, 0x3b, 0x71, 0xde, 0x11, 0x7b, 0xa9, 0x02, 0x34, 0xaf, 0xbc, 0x23, 0x74,
+	0x1a, 0xa7, 0x4b, 0xd6, 0x23, 0x85, 0x85, 0xde, 0xb4, 0x44, 0x15, 0x88, 0x4f, 0xa5, 0xca, 0xb1,
+	0x0f, 0xa1, 0x22, 0x99, 0x85, 0x25, 0x26, 0x62, 0x13, 0x9a, 0x87, 0x70, 0x28, 0xeb, 0xab, 0x8a,
+	0xb8, 0x24, 0x84, 0x55, 0xd9, 0xc5, 0x31, 0xdf, 0xfe, 0x45, 0x25, 0x7d, 0x06, 0x64, 0x0e, 0xfd,
+	0x89, 0x05, 0xa7, 0xf9, 0x46, 0x39, 0x91, 0x47, 0x03, 0x1f, 0x13, 0x3a, 0x1e, 0x32, 0xe5, 0xcc,
+	0xed, 0x39, 0x83, 0xc6, 0x54, 0xd9, 0x6e, 0x28, 0xbb, 0x4e, 0x67, 0x39, 0x78, 0x06, 0x1e, 0x31,
+	0x58, 0xe8, 0x7b, 0x94, 0x05, 0xd1, 0x54, 0x25, 0x87, 0x79, 0xba, 0xb0, 0x4d, 0x12, 0x0e, 0x83,
+	0x29, 0x3f, 0x6b, 0x5b, 0xfe, 0x5e, 0xa0, 0xfd, 0x73, 0x55, 0x22, 0xe0, 0x18, 0x0a, 0x7d, 0xdb,
+	0x02, 0x08, 0xe3, 0x48, 0xe5, 0x85, 0xec, 0x21, 0x1c, 0x9c, 0xa4, 0x66, 0x27, 0x24, 0x8a, 0x0d,
+	0x50, 0x14, 0x40, 0xa5, 0x4f, 0x9c, 0x21, 0xeb, 0xab, 0x72, 0xf6, 0xfc, 0x1c, 0xf0, 0x57, 0x85,
+	0xa2, 0x6c, 0x09, 0x95, 0x54, 0xac, 0x60, 0xd0, 0x77, 0x2d, 0x58, 0x4e, 0xaa, 0x1b, 0x97, 0x25,
+	0x8d, 0xf2, 0xdc, 0x8d, 0xef, 0xcd, 0x94, 0xc2, 0x36, 0xe2, 0x69, 0x2c, 0x4d, 0xc3, 0x19, 0x50,
+	0xf4, 0x1d, 0x0b, 0xc0, 0x8d, 0xab, 0xa9, 0xcc, 0x07, 0xf5, 0x0b, 0x37, 0xf3, 0x39, 0x51, 0x49,
+	0x95, 0xd6, 0xee, 0x4f, 0x48, 0x14, 0x1b, 0xb0, 0xf6, 0xbb, 0x16, 0x3c, 0x61, 0x7c, 0xf8, 0x55,
+	0x87, 0xb9, 0xfd, 0xcb, 0x13, 0x9e, 0xa6, 0xb7, 0x53, 0xf5, 0xfd, 0x73, 0x66, 0x7d, 0x7f, 0x7f,
+	0x7f, 0xed, 0xe3, 0x47, 0x4d, 0x36, 0x77, 0xb8, 0x86, 0xa6, 0x50, 0x61, 0xb4, 0x02, 0xaf, 0x43,
+	0xdd, 0xb0, 0x59, 0xa5, 0x8f, 0xbc, 0x0a, 0x60, 0x92, 0x33, 0x0c, 0x22, 0x36, 0xf1, 0xec, 0xbf,
+	0x16, 0x60, 0x61, 0x63, 0x38, 0xa6, 0x8c, 0x44, 0x27, 0x6e, 0x28, 0xd6, 0xa1, 0xc4, 0x9b, 0x85,
+	0x6c, 0xfd, 0xe3, 0xbd, 0x04, 0x16, 0x1c, 0x14, 0x42, 0xc5, 0x0d, 0xfc, 0x3d, 0xaf, 0xa7, 0x5a,
+	0xc0, 0xab, 0xf3, 0x9c, 0x1c, 0x69, 0xdd, 0x86, 0xd0, 0xa7, 0x6d, 0x92, 0xef, 0x58, 0xe1, 0xa0,
+	0x1f, 0x59, 0xb0, 0xe2, 0x06, 0xbe, 0x4f, 0x5c, 0x1d, 0xbc, 0xa5, 0xb9, 0xdb, 0xdd, 0x8d, 0xb4,
+	0xc6, 0xf6, 0x87, 0x14, 0xfa, 0x4a, 0x86, 0x81, 0xb3, 0xd8, 0xf6, 0x6f, 0x0b, 0xb0, 0x94, 0xb2,
+	0x1c, 0x3d, 0x03, 0xd5, 0x31, 0x25, 0x91, 0xf0, 0x9c, 0xf4, 0x6f, 0xd2, 0x11, 0xbd, 0xa8, 0xe8,
+	0x38, 0x91, 0xe0, 0xd2, 0xa1, 0x43, 0xe9, 0x9d, 0x20, 0xea, 0x2a, 0x3f, 0x27, 0xd2, 0x3b, 0x8a,
+	0x8e, 0x13, 0x09, 0xde, 0x6f, 0xdc, 0x22, 0x4e, 0x44, 0xa2, 0xdd, 0x60, 0x40, 0x66, 0x26, 0x91,
+	0xb6, 0x66, 0x61, 0x53, 0x4e, 0x38, 0x8d, 0x0d, 0xe9, 0xc6, 0xd0, 0x23, 0x3e, 0x93, 0x66, 0xe6,
+	0xe0, 0xb4, 0xdd, 0x6b, 0x1d, 0x53, 0xa3, 0x76, 0x5a, 0x86, 0x81, 0xb3, 0xd8, 0xf6, 0x5f, 0x2c,
+	0xa8, 0x2b, 0xa7, 0x3d, 0x82, 0xa6, 0xb3, 0x97, 0x6e, 0x3a, 0xdb, 0xf3, 0xc7, 0xe8, 0x11, 0x0d,
+	0xe7, 0xaf, 0x8b, 0x30, 0x53, 0xe9, 0xd0, 0xab, 0x3c, 0xc7, 0x71, 0x1a, 0xe9, 0x5e, 0x8a, 0x8b,
+	0xec, 0x27, 0x4f, 0xb6, 0xba, 0x5d, 0x6f, 0x44, 0xcc, 0xf4, 0x15, 0x6b, 0xc1, 0x86, 0x46, 0xf4,
+	0x86, 0xa5, 0x01, 0x76, 0x03, 0x95, 0x57, 0xf2, 0x6d, 0x89, 0x66, 0x4c, 0xd8, 0x0d, 0xb0, 0x81,
+	0x89, 0xbe, 0x90, 0x0c, 0x82, 0x65, 0x11, 0x90, 0x76, 0x7a, 0x74, 0x7b, 0x3f, 0xd5, 0x00, 0x64,
+	0xc6, 0xb9, 0x29, 0xd4, 0x22, 0x22, 0x5b, 0xac, 0xb8, 0x02, 0xcc, 0x93, 0x44, 0xb0, 0xd2, 0x25,
+	0x8f, 0x71, 0x32, 0xfe, 0xc4, 0x64, 0x8a, 0x35, 0x9a, 0xfd, 0x43, 0x0b, 0xd0, 0x6c, 0xb9, 0xe6,
+	0x63, 0x54, 0xd2, 0xc4, 0xaa, 0x03, 0x9c, 0xe8, 0x49, 0xc4, 0xb1, 0x96, 0x39, 0x41, 0x9a, 0x7c,
+	0x1a, 0xca, 0xa2, 0xa9, 0x55, 0x07, 0x36, 0x89, 0x1e, 0xd1, 0xf6, 0x62, 0xc9, 0xb3, 0xff, 0x64,
+	0x41, 0x36, 0xdd, 0x88, 0x4c, 0x2d, 0x3d, 0x9b, 0xcd, 0xd4, 0x69, 0x2f, 0x9e, 0x7c, 0xce, 0x44,
+	0xaf, 0x40, 0xdd, 0x61, 0x8c, 0x8c, 0x42, 0x26, 0x02, 0xb2, 0x78, 0xdf, 0x01, 0xb9, 0xcc, 0x23,
+	0xe1, 0x7a, 0xd0, 0xf5, 0xf6, 0x3c, 0x11, 0x8c, 0xa6, 0x3a, 0xfb, 0xbd, 0x22, 0x2c, 0xa7, 0x9b,
+	0x2f, 0x34, 0x86, 0x8a, 0x68, 0x76, 0xe4, 0xcd, 0x4f, 0xee, 0xdd, 0x55, 0xe2, 0x12, 0x41, 0xa2,
+	0x58, 0x81, 0xf1, 0xc4, 0x1a, 0xc5, 0xd3, 0x55, 0x26, 0xb1, 0x26, 0x73, 0x55, 0x22, 0x71, 0xec,
+	0x44, 0x55, 0xfc, 0xff, 0x9c, 0xa8, 0x5e, 0x05, 0xe8, 0x0a, 0x6f, 0x8b, 0xbd, 0x2c, 0x3d, 0x78,
+	0x72, 0xd9, 0x4c, 0xb4, 0x60, 0x43, 0x23, 0x3a, 0x0b, 0x05, 0xaf, 0x2b, 0x4e, 0x75, 0xb1, 0x0d,
+	0x4a, 0xb6, 0xb0, 0xb5, 0x89, 0x0b, 0x5e, 0xd7, 0xa6, 0xb0, 0x68, 0x76, 0x9b, 0x27, 0x8e, 0xd5,
+	0x2f, 0xc2, 0x92, 0x7c, 0xda, 0x24, 0xcc, 0xf1, 0x86, 0x54, 0xed, 0xce, 0x13, 0x4a, 0x7c, 0xa9,
+	0x63, 0x32, 0x71, 0x5a, 0xd6, 0xfe, 0x79, 0x01, 0xe0, 0x6a, 0x10, 0x0c, 0x14, 0x66, 0x7c, 0xf4,
+	0xac, 0x23, 0x8f, 0xde, 0x3a, 0x94, 0x06, 0x9e, 0xdf, 0xcd, 0x1e, 0xce, 0x6d, 0xcf, 0xef, 0x62,
+	0xc1, 0x41, 0x17, 0x00, 0x9c, 0xd0, 0x7b, 0x89, 0x44, 0x54, 0x5f, 0xee, 0x25, 0x7e, 0xb9, 0xb4,
+	0xb3, 0xa5, 0x38, 0xd8, 0x90, 0x42, 0xcf, 0xa8, 0xce, 0x50, 0x8e, 0xed, 0x8d, 0x4c, 0x67, 0x58,
+	0xe5, 0x16, 0x1a, 0xad, 0xdf, 0xc5, 0x4c, 0x7e, 0x5c, 0x9f, 0xc9, 0x8f, 0xba, 0x53, 0xde, 0xe9,
+	0x3b, 0x94, 0x1c, 0x76, 0xae, 0x2b, 0xc7, 0xdc, 0x1f, 0xfd, 0xcb, 0x02, 0x7d, 0x7b, 0x85, 0xf6,
+	0xa0, 0x44, 0xa7, 0xbe, 0xab, 0xea, 0xcd, 0x3c, 0x19, 0xb5, 0x33, 0xf5, 0x5d, 0x7d, 0x49, 0x56,
+	0x15, 0x77, 0x80, 0x53, 0xdf, 0xc5, 0x42, 0x3f, 0x9a, 0x40, 0x35, 0x0a, 0x86, 0xc3, 0x5b, 0x8e,
+	0x3b, 0xc8, 0xa1, 0xf4, 0x60, 0xa5, 0x4a, 0xe3, 0x2d, 0x8a, 0xf3, 0xaa, 0xc8, 0x38, 0xc1, 0xb2,
+	0x7f, 0x53, 0x86, 0xcc, 0x74, 0x81, 0xc6, 0xe6, 0xc5, 0xa0, 0x95, 0xe3, 0xc5, 0x60, 0x92, 0xfd,
+	0x0f, 0xbb, 0x1c, 0x44, 0xcf, 0x41, 0x39, 0xe4, 0x7b, 0xa6, 0x22, 0x6c, 0x2d, 0xce, 0xed, 0x62,
+	0x23, 0x0f, 0xd9, 0x5a, 0x29, 0x6d, 0xee, 0x6c, 0xf1, 0x98, 0x8c, 0xfd, 0x2d, 0x00, 0xee, 0x6b,
+	0x35, 0xa6, 0xcb, 0x43, 0x7e, 0x23, 0xaf, 0x1d, 0x55, 0x93, 0xba, 0x48, 0xea, 0x9d, 0x04, 0x05,
+	0x1b, 0x88, 0xe8, 0xfb, 0x16, 0x2c, 0xc7, 0x8e, 0x57, 0x46, 0x94, 0x1f, 0x8a, 0x11, 0x62, 0x66,
+	0xc4, 0x29, 0x24, 0x9c, 0x41, 0x46, 0x5f, 0x83, 0x1a, 0x65, 0x4e, 0x24, 0x8b, 0x57, 0xe5, 0xbe,
+	0x13, 0x5e, 0xb2, 0x97, 0x9d, 0x58, 0x09, 0xd6, 0xfa, 0xd0, 0xcb, 0x00, 0x7b, 0x9e, 0xef, 0xd1,
+	0xbe, 0xd0, 0xbe, 0xf0, 0x60, 0xa5, 0xf1, 0x4a, 0xa2, 0x01, 0x1b, 0xda, 0xec, 0xbf, 0x15, 0x00,
+	0xc4, 0xcf, 0x0d, 0x4f, 0x5c, 0x3c, 0xac, 0x43, 0x29, 0x22, 0x61, 0x90, 0xcd, 0x5c, 0x5c, 0x02,
+	0x0b, 0x4e, 0x6a, 0x8e, 0x28, 0xdc, 0xd7, 0x1c, 0x51, 0x3c, 0x76, 0x8e, 0xe0, 0x39, 0x98, 0xf6,
+	0x77, 0x22, 0x6f, 0xe2, 0x30, 0xb2, 0x4d, 0xa6, 0x2a, 0x91, 0xe9, 0x1c, 0xdc, 0xb9, 0xaa, 0x99,
+	0x38, 0x2d, 0x7b, 0xe8, 0x08, 0x56, 0xfe, 0x1f, 0x8e, 0x60, 0xef, 0x58, 0xb0, 0xac, 0x3d, 0xfb,
+	0xc1, 0xfa, 0x9f, 0xa6, 0xed, 0x3e, 0x62, 0xa6, 0xf8, 0xb7, 0x05, 0x2b, 0x71, 0xf7, 0xaa, 0x8a,
+	0x60, 0x2e, 0x55, 0x2f, 0xf5, 0xb3, 0xa0, 0x78, 0xfc, 0xcf, 0x02, 0x33, 0x61, 0x95, 0x8e, 0x49,
+	0x58, 0x5f, 0xca, 0xd4, 0xbb, 0x8f, 0xcc, 0xd4, 0x3b, 0x94, 0xf4, 0xe9, 0x53, 0xdf, 0x4d, 0xf7,
+	0x07, 0xf6, 0xaf, 0x2c, 0x58, 0x8c, 0xd9, 0x37, 0x82, 0xae, 0xe8, 0x9e, 0xa9, 0x08, 0x32, 0x2b,
+	0xdd, 0x3d, 0xcb, 0x70, 0x90, 0x3c, 0x34, 0x86, 0xaa, 0xdb, 0xf7, 0x86, 0xdd, 0x88, 0xf8, 0x6a,
+	0x5b, 0x9e, 0xcf, 0x61, 0x8c, 0xe0, 0xf8, 0x3a, 0x14, 0x36, 0x14, 0x00, 0x4e, 0xa0, 0xec, 0xdf,
+	0x17, 0x61, 0x29, 0x35, 0x73, 0xf0, 0x11, 0x5d, 0xde, 0xd6, 0x77, 0x0c, 0x9b, 0x93, 0x11, 0x7d,
+	0x57, 0xb3, 0xb0, 0x29, 0xc7, 0xf7, 0x63, 0xe8, 0x4d, 0xa4, 0x8e, 0xec, 0xcf, 0x9b, 0x6b, 0x31,
+	0x03, 0x6b, 0x19, 0x63, 0xe8, 0x2a, 0xde, 0xf7, 0xd0, 0xf5, 0x53, 0x0b, 0x90, 0x58, 0x02, 0xd7,
+	0x9c, 0xcc, 0x46, 0x8d, 0x52, 0xbe, 0x7e, 0x3b, 0xab, 0x2c, 0x42, 0x1b, 0x33, 0x50, 0xf8, 0x10,
+	0x78, 0xe3, 0x1e, 0xb4, 0xfc, 0x48, 0xee, 0x41, 0xed, 0x6f, 0xc2, 0x99, 0x99, 0x8e, 0x43, 0xb5,
+	0xbc, 0xd6, 0x61, 0x2d, 0x2f, 0x8f, 0xc4, 0x30, 0x1a, 0xfb, 0x72, 0x83, 0xaa, 0x3a, 0x12, 0x77,
+	0x38, 0x11, 0x4b, 0x1e, 0xef, 0x83, 0xbb, 0xd1, 0x14, 0x8f, 0x65, 0x2f, 0x59, 0xd5, 0xe8, 0x9b,
+	0x82, 0x8a, 0x15, 0xd7, 0xfe, 0x5e, 0x01, 0x96, 0x52, 0x55, 0x30, 0x35, 0xb2, 0x58, 0xc7, 0x8e,
+	0x2c, 0x79, 0x1a, 0x83, 0x5e, 0x87, 0x45, 0x2a, 0x8e, 0x62, 0xe4, 0x30, 0xd2, 0x9b, 0xe6, 0x70,
+	0x13, 0xdd, 0x31, 0xd4, 0xb5, 0x4f, 0x1f, 0xec, 0xaf, 0x2d, 0x9a, 0x14, 0x9c, 0x82, 0xb3, 0x7f,
+	0x59, 0x80, 0xc7, 0x0e, 0xe9, 0x08, 0xd0, 0x1d, 0xf3, 0x76, 0x40, 0x8e, 0x8f, 0x2f, 0xe4, 0x10,
+	0x9e, 0x2a, 0x91, 0xca, 0x5f, 0xbe, 0x87, 0xdd, 0x0d, 0xdc, 0xe7, 0xf4, 0xb8, 0x07, 0xe5, 0x7e,
+	0x10, 0x0c, 0xe2, 0x31, 0x71, 0x9e, 0x82, 0xa0, 0x87, 0x9b, 0x76, 0x8d, 0xef, 0x26, 0x7f, 0xa7,
+	0x58, 0xaa, 0xb7, 0xdf, 0xb3, 0x20, 0xe5, 0x45, 0x34, 0x82, 0x32, 0xd7, 0x32, 0xcd, 0xe1, 0x4f,
+	0x98, 0xa9, 0xf7, 0x12, 0xd7, 0x29, 0xf1, 0xc5, 0x23, 0x96, 0x28, 0xc8, 0x83, 0x12, 0x37, 0x44,
+	0x75, 0xfa, 0xdb, 0x39, 0xa1, 0xf1, 0x25, 0xca, 0xc1, 0x82, 0x3f, 0x61, 0x01, 0x61, 0x5f, 0x84,
+	0x33, 0x33, 0x16, 0xf1, 0x90, 0xdf, 0x0b, 0xe2, 0x1f, 0x7f, 0x46, 0xc8, 0x5f, 0xe1, 0x44, 0x2c,
+	0x79, 0xbc, 0x7e, 0x9c, 0xce, 0xaa, 0x47, 0x3f, 0xb3, 0xe0, 0x0c, 0xcd, 0xea, 0x7b, 0x28, 0x5e,
+	0xfb, 0xb0, 0x32, 0x6a, 0xd6, 0x7c, 0x3c, 0x6b, 0x01, 0xdf, 0xd1, 0xec, 0x75, 0x29, 0x8f, 0x3d,
+	0xcf, 0xa7, 0xc4, 0x1d, 0x47, 0xf1, 0x42, 0x93, 0xd8, 0xdb, 0x52, 0x74, 0x9c, 0x48, 0xf0, 0xf1,
+	0x55, 0x5e, 0xd7, 0xdf, 0xd0, 0x8d, 0x62, 0x32, 0xbe, 0x76, 0x12, 0x0e, 0x36, 0xa4, 0xd0, 0x39,
+	0xa8, 0xba, 0x24, 0x62, 0x9b, 0xbc, 0x3d, 0xe2, 0x79, 0x61, 0x51, 0xce, 0x59, 0x1b, 0x8a, 0x86,
+	0x13, 0x2e, 0xfa, 0x28, 0x2c, 0x0c, 0xc8, 0x54, 0x08, 0x96, 0x84, 0x60, 0x9d, 0x57, 0xfc, 0x6d,
+	0x49, 0xc2, 0x31, 0x0f, 0xd9, 0x50, 0x71, 0x1d, 0x21, 0x55, 0x16, 0x52, 0x20, 0x6e, 0xee, 0x2f,
+	0x09, 0x21, 0xc5, 0x69, 0x37, 0xef, 0xde, 0x5b, 0x3d, 0xf5, 0xd6, 0xbd, 0xd5, 0x53, 0x6f, 0xdf,
+	0x5b, 0x3d, 0xf5, 0xc6, 0xc1, 0xaa, 0x75, 0xf7, 0x60, 0xd5, 0x7a, 0xeb, 0x60, 0xd5, 0x7a, 0xfb,
+	0x60, 0xd5, 0xfa, 0xe7, 0xc1, 0xaa, 0xf5, 0xe3, 0x77, 0x57, 0x4f, 0xbd, 0x5c, 0x8d, 0x5d, 0xfb,
+	0x9f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xf5, 0xd2, 0xa5, 0x7e, 0x8e, 0x27, 0x00, 0x00,
 }
--- a/pkg/apis/application/v1alpha1/generated.proto
+++ b/pkg/apis/application/v1alpha1/generated.proto
@@ -41,8 +41,6 @@ message AppProjectSpec {

  // Description contains optional project description
  optional string description = 3;
-
-  repeated ProjectRole roles = 4;
 }

 // Application is a definition of Application resource.
@@ -254,13 +252,6 @@ message HookStatus {
  optional string message = 6;
 }

-// JWTToken holds the issuedAt and expiresAt values of a token
-message JWTToken {
-  optional int64 iat = 1;
-
-  optional int64 exp = 2;
-}
-
 // Operation contains requested operation parameters.
 message Operation {
  optional SyncOperation sync = 1;
@@ -292,18 +283,6 @@ message OperationState {
  optional k8s.io.apimachinery.pkg.apis.meta.v1.Time finishedAt = 7;
 }

-// ProjectRole represents a role that has access to a project
-message ProjectRole {
-  optional string name = 1;
-
-  optional string description = 2;
-
-  // Policies Stores a list of casbin formated strings that define access policies for the role in the project.
-  repeated string policies = 3;
-
-  repeated JWTToken jwtTokens = 4;
-}
-
 // Repository is a Git repository holding application configurations
 message Repository {
  optional string repo = 1;
--- a/pkg/apis/application/v1alpha1/types.go
+++ b/pkg/apis/application/v1alpha1/types.go
@@ -443,15 +443,6 @@ type AppProject struct {
 	Spec              AppProjectSpec `json:"spec" protobuf:"bytes,2,opt,name=spec"`
 }

-// ProjectPoliciesString returns Casbin formated string of a project's polcies for each role
-func (proj *AppProject) ProjectPoliciesString() string {
-	var policies []string
-	for _, role := range proj.Spec.Roles {
-		policies = append(policies, role.Policies...)
-	}
-	return strings.Join(policies, "\n")
-}
-
 // AppProjectSpec represents
 type AppProjectSpec struct {
 	// SourceRepos contains list of git repository URLs which can be used for deployment
@@ -462,23 +453,15 @@ type AppProjectSpec struct {

 	// Description contains optional project description
 	Description string `json:"description,omitempty" protobuf:"bytes,3,opt,name=description"`
-
-	Roles []ProjectRole `json:"roles,omitempty" protobuf:"bytes,4,rep,name=roles"`
 }

-// ProjectRole represents a role that has access to a project
-type ProjectRole struct {
-	Name        string `json:"name" protobuf:"bytes,1,opt,name=name"`
-	Description string `json:"description" protobuf:"bytes,2,opt,name=description"`
-	// Policies Stores a list of casbin formated strings that define access policies for the role in the project.
-	Policies  []string   `json:"policies" protobuf:"bytes,3,rep,name=policies"`
-	JWTTokens []JWTToken `json:"jwtTokens" protobuf:"bytes,4,rep,name=jwtTokens"`
-}
-
-// JWTToken holds the issuedAt and expiresAt values of a token
-type JWTToken struct {
-	IssuedAt  int64 `json:"iat,omitempty" protobuf:"int64,1,opt,name=iat"`
-	ExpiresAt int64 `json:"exp,omitempty" protobuf:"int64,2,opt,name=exp"`
+func GetDefaultProject(namespace string) AppProject {
+	return AppProject{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      common.DefaultAppProjectName,
+			Namespace: namespace,
+		},
+	}
 }

 func (app *Application) getFinalizerIndex(name string) int {
@@ -541,14 +524,16 @@ func (spec ApplicationSpec) GetProject() string {
 	return spec.Project
 }

-// IsSourcePermitted validiates if the provided application's source is a one of the allowed sources for the project.
-func (proj AppProject) IsSourcePermitted(src ApplicationSource) bool {
+func (proj AppProject) IsDefault() bool {
+	return proj.Name == "" || proj.Name == common.DefaultAppProjectName
+}

+func (proj AppProject) IsSourcePermitted(src ApplicationSource) bool {
+	if proj.IsDefault() {
+		return true
+	}
 	normalizedURL := git.NormalizeGitURL(src.RepoURL)
 	for _, repoURL := range proj.Spec.SourceRepos {
-		if repoURL == "*" {
-			return true
-		}
 		if git.NormalizeGitURL(repoURL) == normalizedURL {
 			return true
 		}
@@ -556,14 +541,13 @@ func (proj AppProject) IsSourcePermitted(src ApplicationSource) bool {
 	return false
 }

-// IsDestinationPermitted validiates if the provided application's destination is one of the allowed destinations for the project
 func (proj AppProject) IsDestinationPermitted(dst ApplicationDestination) bool {
-
+	if proj.IsDefault() {
+		return true
+	}
 	for _, item := range proj.Spec.Destinations {
-		if item.Server == dst.Server || item.Server == "*" {
-			if item.Namespace == dst.Namespace || item.Namespace == "*" {
-				return true
-			}
+		if item.Server == dst.Server && item.Namespace == dst.Namespace {
+			return true
 		}
 	}
 	return false
--- a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go
+++ b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go
@@ -82,13 +82,6 @@ func (in *AppProjectSpec) DeepCopyInto(out *AppProjectSpec) {
 		*out = make([]ApplicationDestination, len(*in))
 		copy(*out, *in)
 	}
-	if in.Roles != nil {
-		in, out := &in.Roles, &out.Roles
-		*out = make([]ProjectRole, len(*in))
-		for i := range *in {
-			(*in)[i].DeepCopyInto(&(*out)[i])
-		}
-	}
 	return
 }

@@ -493,22 +486,6 @@ func (in *HookStatus) DeepCopy() *HookStatus {
 	return out
 }

-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *JWTToken) DeepCopyInto(out *JWTToken) {
-	*out = *in
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JWTToken.
-func (in *JWTToken) DeepCopy() *JWTToken {
-	if in == nil {
-		return nil
-	}
-	out := new(JWTToken)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *Operation) DeepCopyInto(out *Operation) {
 	*out = *in
@@ -588,32 +565,6 @@ func (in *OperationState) DeepCopy() *OperationState {
 	return out
 }

-// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *ProjectRole) DeepCopyInto(out *ProjectRole) {
-	*out = *in
-	if in.Policies != nil {
-		in, out := &in.Policies, &out.Policies
-		*out = make([]string, len(*in))
-		copy(*out, *in)
-	}
-	if in.JWTTokens != nil {
-		in, out := &in.JWTTokens, &out.JWTTokens
-		*out = make([]JWTToken, len(*in))
-		copy(*out, *in)
-	}
-	return
-}
-
-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProjectRole.
-func (in *ProjectRole) DeepCopy() *ProjectRole {
-	if in == nil {
-		return nil
-	}
-	out := new(ProjectRole)
-	in.DeepCopyInto(out)
-	return out
-}
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *Repository) DeepCopyInto(out *Repository) {
 	*out = *in
--- a/reposerver/repository/repository.go
+++ b/reposerver/repository/repository.go
@@ -13,8 +13,6 @@ import (

 	"github.com/ksonnet/ksonnet/pkg/app"
 	log "github.com/sirupsen/logrus"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"

 	"github.com/argoproj/argo-cd/common"
@@ -23,9 +21,8 @@ import (
 	"github.com/argoproj/argo-cd/util/cache"
 	"github.com/argoproj/argo-cd/util/git"
 	"github.com/argoproj/argo-cd/util/helm"
-	"github.com/argoproj/argo-cd/util/ksonnet"
+	ksutil "github.com/argoproj/argo-cd/util/ksonnet"
 	"github.com/argoproj/argo-cd/util/kube"
-	"github.com/argoproj/argo-cd/util/kustomize"
 )

 const (
@@ -38,7 +35,6 @@ type AppSourceType string
 const (
 	AppSourceKsonnet   AppSourceType = "ksonnet"
 	AppSourceHelm      AppSourceType = "helm"
-	AppSourceKustomize AppSourceType = "kustomize"
 	AppSourceDirectory AppSourceType = "directory"
 )

@@ -82,7 +78,7 @@ func (s *Service) ListDir(ctx context.Context, q *ListDirRequest) (*FileList, er
 		return &res, nil
 	}

-	err = checkoutRevision(gitClient, commitSHA)
+	err = checkoutRevision(gitClient, q.Revision)
 	if err != nil {
 		return nil, err
 	}
@@ -116,11 +112,7 @@ func (s *Service) GetFile(ctx context.Context, q *GetFileRequest) (*GetFileRespo
 	if err != nil {
 		return nil, err
 	}
-	commitSHA, err := gitClient.LsRemote(q.Revision)
-	if err != nil {
-		return nil, err
-	}
-	err = checkoutRevision(gitClient, commitSHA)
+	err = checkoutRevision(gitClient, q.Revision)
 	if err != nil {
 		return nil, err
 	}
@@ -169,7 +161,7 @@ func (s *Service) GenerateManifest(c context.Context, q *ManifestRequest) (*Mani
 		log.Infof("manifest cache miss: %s", cacheKey)
 	}

-	err = checkoutRevision(gitClient, commitSHA)
+	err = checkoutRevision(gitClient, q.Revision)
 	if err != nil {
 		return nil, err
 	}
@@ -213,9 +205,6 @@ func generateManifests(appPath string, q *ManifestRequest) (*ManifestResponse, e
 		if err != nil {
 			return nil, err
 		}
-	case AppSourceKustomize:
-		k := kustomize.NewKustomizeApp(appPath)
-		targetObjs, err = k.Build()
 	case AppSourceDirectory:
 		targetObjs, err = findManifests(appPath)
 	}
@@ -263,9 +252,6 @@ func IdentifyAppSourceTypeByAppDir(appDirPath string) AppSourceType {
 	if pathExists(path.Join(appDirPath, "Chart.yaml")) {
 		return AppSourceHelm
 	}
-	if pathExists(path.Join(appDirPath, "kustomization.yaml")) {
-		return AppSourceKustomize
-	}
 	return AppSourceDirectory
 }

@@ -277,19 +263,20 @@ func IdentifyAppSourceTypeByAppPath(appFilePath string) AppSourceType {
 	if strings.HasSuffix(appFilePath, "Chart.yaml") {
 		return AppSourceHelm
 	}
-	if strings.HasSuffix(appFilePath, "kustomization.yaml") {
-		return AppSourceKustomize
-	}
 	return AppSourceDirectory
 }

 // checkoutRevision is a convenience function to initialize a repo, fetch, and checkout a revision
-func checkoutRevision(gitClient git.Client, commitSHA string) error {
+func checkoutRevision(gitClient git.Client, revision string) error {
 	err := gitClient.Fetch()
 	if err != nil {
 		return err
 	}
-	err = gitClient.Checkout(commitSHA)
+	err = gitClient.Reset()
+	if err != nil {
+		log.Warn(err)
+	}
+	err = gitClient.Checkout(revision)
 	if err != nil {
 		return err
 	}
@@ -308,13 +295,13 @@ func listDirCacheKey(commitSHA string, q *ListDirRequest) string {

 // ksShow runs `ks show` in an app directory after setting any component parameter overrides
 func ksShow(appPath, envName string, overrides []*v1alpha1.ComponentParameter) ([]*unstructured.Unstructured, []*v1alpha1.ComponentParameter, *app.EnvironmentSpec, error) {
-	ksApp, err := ksonnet.NewKsonnetApp(appPath)
+	ksApp, err := ksutil.NewKsonnetApp(appPath)
 	if err != nil {
-		return nil, nil, nil, status.Errorf(codes.FailedPrecondition, "unable to load application from %s: %v", appPath, err)
+		return nil, nil, nil, fmt.Errorf("unable to load application from %s: %v", appPath, err)
 	}
 	params, err := ksApp.ListEnvParams(envName)
 	if err != nil {
-		return nil, nil, nil, status.Errorf(codes.InvalidArgument, "Failed to list ksonnet app params: %v", err)
+		return nil, nil, nil, fmt.Errorf("Failed to list ksonnet app params: %v", err)
 	}
 	if overrides != nil {
 		for _, override := range overrides {
@@ -327,7 +314,7 @@ func ksShow(appPath, envName string, overrides []*v1alpha1.ComponentParameter) (
 	appSpec := ksApp.App()
 	env, err := appSpec.Environment(envName)
 	if err != nil {
-		return nil, nil, nil, status.Errorf(codes.NotFound, "environment %q does not exist in ksonnet app", envName)
+		return nil, nil, nil, fmt.Errorf("environment '%s' does not exist in ksonnet app", envName)
 	}
 	targetObjs, err := ksApp.Show(envName)
 	if err != nil {
@@ -342,7 +329,7 @@ var manifestFile = regexp.MustCompile(`^.*\.(yaml|yml|json)$`)
 func findManifests(appPath string) ([]*unstructured.Unstructured, error) {
 	files, err := ioutil.ReadDir(appPath)
 	if err != nil {
-		return nil, status.Errorf(codes.FailedPrecondition, "Failed to read dir %s: %v", appPath, err)
+		return nil, fmt.Errorf("Failed to read dir %s: %v", appPath, err)
 	}
 	var objs []*unstructured.Unstructured
 	for _, f := range files {
@@ -357,7 +344,7 @@ func findManifests(appPath string) ([]*unstructured.Unstructured, error) {
 			var obj unstructured.Unstructured
 			err = json.Unmarshal(out, &obj)
 			if err != nil {
-				return nil, status.Errorf(codes.FailedPrecondition, "Failed to unmarshal %q: %v", f.Name(), err)
+				return nil, fmt.Errorf("Failed to unmarshal '%s': %v", f.Name(), err)
 			}
 			objs = append(objs, &obj)
 		} else {
@@ -367,7 +354,7 @@ func findManifests(appPath string) ([]*unstructured.Unstructured, error) {
 					// If we get here, we had a multiple objects in a single YAML file which had some
 					// valid k8s objects, but errors parsing others (within the same file). It's very
 					// likely the user messed up a portion of the YAML, so report on that.
-					return nil, status.Errorf(codes.FailedPrecondition, "Failed to unmarshal %q: %v", f.Name(), err)
+					return nil, fmt.Errorf("Failed to unmarshal '%s': %v", f.Name(), err)
 				}
 				// Otherwise, it might be a unrelated YAML file which we will ignore
 				continue
--- a/server/application/application.go
+++ b/server/application/application.go
@@ -15,7 +15,6 @@ import (
 	"k8s.io/api/core/v1"
 	apierr "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/fields"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/kubernetes"
@@ -32,7 +31,6 @@ import (
 	argoutil "github.com/argoproj/argo-cd/util/argo"
 	"github.com/argoproj/argo-cd/util/db"
 	"github.com/argoproj/argo-cd/util/grpc"
-	"github.com/argoproj/argo-cd/util/kube"
 	"github.com/argoproj/argo-cd/util/rbac"
 	"github.com/argoproj/argo-cd/util/session"
 )
@@ -102,8 +100,10 @@ func (s *Server) Create(ctx context.Context, q *ApplicationCreateRequest) (*appv
 		return nil, grpc.ErrPermissionDenied
 	}

-	s.projectLock.Lock(q.Application.Spec.Project)
-	defer s.projectLock.Unlock(q.Application.Spec.Project)
+	if !q.Application.Spec.BelongsToDefaultProject() {
+		s.projectLock.Lock(q.Application.Spec.Project)
+		defer s.projectLock.Unlock(q.Application.Spec.Project)
+	}

 	a := q.Application
 	err := s.validateApp(ctx, &a.Spec)
@@ -258,8 +258,10 @@ func (s *Server) Update(ctx context.Context, q *ApplicationUpdateRequest) (*appv
 		return nil, grpc.ErrPermissionDenied
 	}

-	s.projectLock.Lock(q.Application.Spec.Project)
-	defer s.projectLock.Unlock(q.Application.Spec.Project)
+	if !q.Application.Spec.BelongsToDefaultProject() {
+		s.projectLock.Lock(q.Application.Spec.Project)
+		defer s.projectLock.Unlock(q.Application.Spec.Project)
+	}

 	a := q.Application
 	err := s.validateApp(ctx, &a.Spec)
@@ -300,8 +302,10 @@ func (s *Server) removeInvalidOverrides(a *appv1.Application, q *ApplicationUpda
 // UpdateSpec updates an application spec and filters out any invalid parameter overrides
 func (s *Server) UpdateSpec(ctx context.Context, q *ApplicationUpdateSpecRequest) (*appv1.ApplicationSpec, error) {

-	s.projectLock.Lock(q.Spec.Project)
-	defer s.projectLock.Unlock(q.Spec.Project)
+	if !q.Spec.BelongsToDefaultProject() {
+		s.projectLock.Lock(q.Spec.Project)
+		defer s.projectLock.Unlock(q.Spec.Project)
+	}

 	a, err := s.appclientset.ArgoprojV1alpha1().Applications(s.ns).Get(*q.Name, metav1.GetOptions{})
 	if err != nil {
@@ -344,8 +348,10 @@ func (s *Server) Delete(ctx context.Context, q *ApplicationDeleteRequest) (*Appl
 		return nil, err
 	}

-	s.projectLock.Lock(a.Spec.Project)
-	defer s.projectLock.Unlock(a.Spec.Project)
+	if !a.Spec.BelongsToDefaultProject() {
+		s.projectLock.Lock(a.Spec.Project)
+		defer s.projectLock.Unlock(a.Spec.Project)
+	}

 	if !s.enf.EnforceClaims(ctx.Value("claims"), "applications", "delete", appRBACName(*a)) {
 		return nil, grpc.ErrPermissionDenied
@@ -475,69 +481,35 @@ func (s *Server) ensurePodBelongsToApp(applicationName string, podName, namespac
 	return nil
 }

-func (s *Server) DeleteResource(ctx context.Context, q *ApplicationDeleteResourceRequest) (*ApplicationResponse, error) {
+func (s *Server) DeletePod(ctx context.Context, q *ApplicationDeletePodRequest) (*ApplicationResponse, error) {
 	a, err := s.appclientset.ArgoprojV1alpha1().Applications(s.ns).Get(*q.Name, metav1.GetOptions{})
 	if err != nil {
 		return nil, err
 	}
-	if !s.enf.EnforceClaims(ctx.Value("claims"), "applications/resources", "delete", appRBACName(*a)) {
+
+	if !s.enf.EnforceClaims(ctx.Value("claims"), "applications/pods", "delete", appRBACName(*a)) {
 		return nil, grpc.ErrPermissionDenied
 	}
-	found := findResource(a, q)
-	if found == nil {
-		return nil, status.Errorf(codes.InvalidArgument, "%s %s %s not found as part of application %s", q.Kind, q.APIVersion, q.ResourceName, *q.Name)
-	}
+
 	config, namespace, err := s.getApplicationClusterConfig(*q.Name)
 	if err != nil {
 		return nil, err
 	}
-	err = kube.DeleteResource(config, found, namespace)
+	kubeClientset, err := kubernetes.NewForConfig(config)
+	if err != nil {
+		return nil, err
+	}
+	err = s.ensurePodBelongsToApp(*q.Name, *q.PodName, namespace, kubeClientset)
+	if err != nil {
+		return nil, err
+	}
+	err = kubeClientset.CoreV1().Pods(namespace).Delete(*q.PodName, &metav1.DeleteOptions{})
 	if err != nil {
 		return nil, err
 	}
 	return &ApplicationResponse{}, nil
 }

-func findResource(a *appv1.Application, q *ApplicationDeleteResourceRequest) *unstructured.Unstructured {
-	for _, res := range a.Status.ComparisonResult.Resources {
-		liveObj, err := res.LiveObject()
-		if err != nil {
-			log.Warnf("Failed to unmarshal live object: %v", err)
-			continue
-		}
-		if liveObj == nil {
-			continue
-		}
-		if q.ResourceName == liveObj.GetName() && q.APIVersion == liveObj.GetAPIVersion() && q.Kind == liveObj.GetKind() {
-			return liveObj
-		}
-		liveObj = recurseResourceNode(q.ResourceName, q.APIVersion, q.Kind, res.ChildLiveResources)
-		if liveObj != nil {
-			return liveObj
-		}
-	}
-	return nil
-}
-
-func recurseResourceNode(name, apiVersion, kind string, nodes []appv1.ResourceNode) *unstructured.Unstructured {
-	for _, node := range nodes {
-		var childObj unstructured.Unstructured
-		err := json.Unmarshal([]byte(node.State), &childObj)
-		if err != nil {
-			log.Warnf("Failed to unmarshal child live object: %v", err)
-			continue
-		}
-		if name == childObj.GetName() && apiVersion == childObj.GetAPIVersion() && kind == childObj.GetKind() {
-			return &childObj
-		}
-		recurseChildObj := recurseResourceNode(name, apiVersion, kind, node.Children)
-		if recurseChildObj != nil {
-			return recurseChildObj
-		}
-	}
-	return nil
-}
-
 func (s *Server) PodLogs(q *ApplicationPodLogsQuery, ws ApplicationService_PodLogsServer) error {
 	a, err := s.appclientset.ArgoprojV1alpha1().Applications(s.ns).Get(*q.Name, metav1.GetOptions{})
 	if err != nil {
--- a/server/application/application.pb.go
+++ b/server/application/application.pb.go
@@ -22,7 +22,7 @@
 		ApplicationSyncRequest
 		ApplicationUpdateSpecRequest
 		ApplicationRollbackRequest
-		ApplicationDeleteResourceRequest
+		ApplicationDeletePodRequest
 		ApplicationPodLogsQuery
 		LogEntry
 		OperationTerminateRequest
@@ -359,45 +359,29 @@ func (m *ApplicationRollbackRequest) GetPrune() bool {
 	return false
 }

-type ApplicationDeleteResourceRequest struct {
+type ApplicationDeletePodRequest struct {
 	Name             *string `protobuf:"bytes,1,req,name=name" json:"name,omitempty"`
-	ResourceName     string  `protobuf:"bytes,2,req,name=resourceName" json:"resourceName"`
-	APIVersion       string  `protobuf:"bytes,3,req,name=apiVersion" json:"apiVersion"`
-	Kind             string  `protobuf:"bytes,4,req,name=kind" json:"kind"`
+	PodName          *string `protobuf:"bytes,2,req,name=podName" json:"podName,omitempty"`
 	XXX_unrecognized []byte  `json:"-"`
 }

-func (m *ApplicationDeleteResourceRequest) Reset()         { *m = ApplicationDeleteResourceRequest{} }
-func (m *ApplicationDeleteResourceRequest) String() string { return proto.CompactTextString(m) }
-func (*ApplicationDeleteResourceRequest) ProtoMessage()    {}
-func (*ApplicationDeleteResourceRequest) Descriptor() ([]byte, []int) {
+func (m *ApplicationDeletePodRequest) Reset()         { *m = ApplicationDeletePodRequest{} }
+func (m *ApplicationDeletePodRequest) String() string { return proto.CompactTextString(m) }
+func (*ApplicationDeletePodRequest) ProtoMessage()    {}
+func (*ApplicationDeletePodRequest) Descriptor() ([]byte, []int) {
 	return fileDescriptorApplication, []int{10}
 }

-func (m *ApplicationDeleteResourceRequest) GetName() string {
+func (m *ApplicationDeletePodRequest) GetName() string {
 	if m != nil && m.Name != nil {
 		return *m.Name
 	}
 	return ""
 }

-func (m *ApplicationDeleteResourceRequest) GetResourceName() string {
-	if m != nil {
-		return m.ResourceName
-	}
-	return ""
-}
-
-func (m *ApplicationDeleteResourceRequest) GetAPIVersion() string {
-	if m != nil {
-		return m.APIVersion
-	}
-	return ""
-}
-
-func (m *ApplicationDeleteResourceRequest) GetKind() string {
-	if m != nil {
-		return m.Kind
+func (m *ApplicationDeletePodRequest) GetPodName() string {
+	if m != nil && m.PodName != nil {
+		return *m.PodName
 	}
 	return ""
 }
@@ -535,7 +519,7 @@ func init() {
 	proto.RegisterType((*ApplicationSyncRequest)(nil), "application.ApplicationSyncRequest")
 	proto.RegisterType((*ApplicationUpdateSpecRequest)(nil), "application.ApplicationUpdateSpecRequest")
 	proto.RegisterType((*ApplicationRollbackRequest)(nil), "application.ApplicationRollbackRequest")
-	proto.RegisterType((*ApplicationDeleteResourceRequest)(nil), "application.ApplicationDeleteResourceRequest")
+	proto.RegisterType((*ApplicationDeletePodRequest)(nil), "application.ApplicationDeletePodRequest")
 	proto.RegisterType((*ApplicationPodLogsQuery)(nil), "application.ApplicationPodLogsQuery")
 	proto.RegisterType((*LogEntry)(nil), "application.LogEntry")
 	proto.RegisterType((*OperationTerminateRequest)(nil), "application.OperationTerminateRequest")
@@ -577,8 +561,8 @@ type ApplicationServiceClient interface {
 	Rollback(ctx context.Context, in *ApplicationRollbackRequest, opts ...grpc.CallOption) (*github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.Application, error)
 	// TerminateOperation terminates the currently running operation
 	TerminateOperation(ctx context.Context, in *OperationTerminateRequest, opts ...grpc.CallOption) (*OperationTerminateResponse, error)
-	// DeleteResource deletes a single application resource
-	DeleteResource(ctx context.Context, in *ApplicationDeleteResourceRequest, opts ...grpc.CallOption) (*ApplicationResponse, error)
+	// DeletePod returns stream of log entries for the specified pod. Pod
+	DeletePod(ctx context.Context, in *ApplicationDeletePodRequest, opts ...grpc.CallOption) (*ApplicationResponse, error)
 	// PodLogs returns stream of log entries for the specified pod. Pod
 	PodLogs(ctx context.Context, in *ApplicationPodLogsQuery, opts ...grpc.CallOption) (ApplicationService_PodLogsClient, error)
 }
@@ -722,9 +706,9 @@ func (c *applicationServiceClient) TerminateOperation(ctx context.Context, in *O
 	return out, nil
 }

-func (c *applicationServiceClient) DeleteResource(ctx context.Context, in *ApplicationDeleteResourceRequest, opts ...grpc.CallOption) (*ApplicationResponse, error) {
+func (c *applicationServiceClient) DeletePod(ctx context.Context, in *ApplicationDeletePodRequest, opts ...grpc.CallOption) (*ApplicationResponse, error) {
 	out := new(ApplicationResponse)
-	err := grpc.Invoke(ctx, "/application.ApplicationService/DeleteResource", in, out, c.cc, opts...)
+	err := grpc.Invoke(ctx, "/application.ApplicationService/DeletePod", in, out, c.cc, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -790,8 +774,8 @@ type ApplicationServiceServer interface {
 	Rollback(context.Context, *ApplicationRollbackRequest) (*github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.Application, error)
 	// TerminateOperation terminates the currently running operation
 	TerminateOperation(context.Context, *OperationTerminateRequest) (*OperationTerminateResponse, error)
-	// DeleteResource deletes a single application resource
-	DeleteResource(context.Context, *ApplicationDeleteResourceRequest) (*ApplicationResponse, error)
+	// DeletePod returns stream of log entries for the specified pod. Pod
+	DeletePod(context.Context, *ApplicationDeletePodRequest) (*ApplicationResponse, error)
 	// PodLogs returns stream of log entries for the specified pod. Pod
 	PodLogs(*ApplicationPodLogsQuery, ApplicationService_PodLogsServer) error
 }
@@ -1019,20 +1003,20 @@ func _ApplicationService_TerminateOperation_Handler(srv interface{}, ctx context
 	return interceptor(ctx, in, info, handler)
 }

-func _ApplicationService_DeleteResource_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(ApplicationDeleteResourceRequest)
+func _ApplicationService_DeletePod_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ApplicationDeletePodRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
-		return srv.(ApplicationServiceServer).DeleteResource(ctx, in)
+		return srv.(ApplicationServiceServer).DeletePod(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
-		FullMethod: "/application.ApplicationService/DeleteResource",
+		FullMethod: "/application.ApplicationService/DeletePod",
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ApplicationServiceServer).DeleteResource(ctx, req.(*ApplicationDeleteResourceRequest))
+		return srv.(ApplicationServiceServer).DeletePod(ctx, req.(*ApplicationDeletePodRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
@@ -1107,8 +1091,8 @@ var _ApplicationService_serviceDesc = grpc.ServiceDesc{
 			Handler:    _ApplicationService_TerminateOperation_Handler,
 		},
 		{
-			MethodName: "DeleteResource",
-			Handler:    _ApplicationService_DeleteResource_Handler,
+			MethodName: "DeletePod",
+			Handler:    _ApplicationService_DeletePod_Handler,
 		},
 	},
 	Streams: []grpc.StreamDesc{
@@ -1522,7 +1506,7 @@ func (m *ApplicationRollbackRequest) MarshalTo(dAtA []byte) (int, error) {
 	return i, nil
 }

-func (m *ApplicationDeleteResourceRequest) Marshal() (dAtA []byte, err error) {
+func (m *ApplicationDeletePodRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
 	n, err := m.MarshalTo(dAtA)
@@ -1532,7 +1516,7 @@ func (m *ApplicationDeleteResourceRequest) Marshal() (dAtA []byte, err error) {
 	return dAtA[:n], nil
 }

-func (m *ApplicationDeleteResourceRequest) MarshalTo(dAtA []byte) (int, error) {
+func (m *ApplicationDeletePodRequest) MarshalTo(dAtA []byte) (int, error) {
 	var i int
 	_ = i
 	var l int
@@ -1545,18 +1529,14 @@ func (m *ApplicationDeleteResourceRequest) MarshalTo(dAtA []byte) (int, error) {
 		i = encodeVarintApplication(dAtA, i, uint64(len(*m.Name)))
 		i += copy(dAtA[i:], *m.Name)
 	}
-	dAtA[i] = 0x12
-	i++
-	i = encodeVarintApplication(dAtA, i, uint64(len(m.ResourceName)))
-	i += copy(dAtA[i:], m.ResourceName)
-	dAtA[i] = 0x1a
-	i++
-	i = encodeVarintApplication(dAtA, i, uint64(len(m.APIVersion)))
-	i += copy(dAtA[i:], m.APIVersion)
-	dAtA[i] = 0x22
-	i++
-	i = encodeVarintApplication(dAtA, i, uint64(len(m.Kind)))
-	i += copy(dAtA[i:], m.Kind)
+	if m.PodName == nil {
+		return 0, proto.NewRequiredNotSetError("podName")
+	} else {
+		dAtA[i] = 0x12
+		i++
+		i = encodeVarintApplication(dAtA, i, uint64(len(*m.PodName)))
+		i += copy(dAtA[i:], *m.PodName)
+	}
 	if m.XXX_unrecognized != nil {
 		i += copy(dAtA[i:], m.XXX_unrecognized)
 	}
@@ -1876,19 +1856,17 @@ func (m *ApplicationRollbackRequest) Size() (n int) {
 	return n
 }

-func (m *ApplicationDeleteResourceRequest) Size() (n int) {
+func (m *ApplicationDeletePodRequest) Size() (n int) {
 	var l int
 	_ = l
 	if m.Name != nil {
 		l = len(*m.Name)
 		n += 1 + l + sovApplication(uint64(l))
 	}
-	l = len(m.ResourceName)
-	n += 1 + l + sovApplication(uint64(l))
-	l = len(m.APIVersion)
-	n += 1 + l + sovApplication(uint64(l))
-	l = len(m.Kind)
-	n += 1 + l + sovApplication(uint64(l))
+	if m.PodName != nil {
+		l = len(*m.PodName)
+		n += 1 + l + sovApplication(uint64(l))
+	}
 	if m.XXX_unrecognized != nil {
 		n += len(m.XXX_unrecognized)
 	}
@@ -3177,7 +3155,7 @@ func (m *ApplicationRollbackRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ApplicationDeleteResourceRequest) Unmarshal(dAtA []byte) error {
+func (m *ApplicationDeletePodRequest) Unmarshal(dAtA []byte) error {
 	var hasFields [1]uint64
 	l := len(dAtA)
 	iNdEx := 0
@@ -3201,10 +3179,10 @@ func (m *ApplicationDeleteResourceRequest) Unmarshal(dAtA []byte) error {
 		fieldNum := int32(wire >> 3)
 		wireType := int(wire & 0x7)
 		if wireType == 4 {
-			return fmt.Errorf("proto: ApplicationDeleteResourceRequest: wiretype end group for non-group")
+			return fmt.Errorf("proto: ApplicationDeletePodRequest: wiretype end group for non-group")
 		}
 		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ApplicationDeleteResourceRequest: illegal tag %d (wire type %d)", fieldNum, wire)
+			return fmt.Errorf("proto: ApplicationDeletePodRequest: illegal tag %d (wire type %d)", fieldNum, wire)
 		}
 		switch fieldNum {
 		case 1:
@@ -3240,7 +3218,7 @@ func (m *ApplicationDeleteResourceRequest) Unmarshal(dAtA []byte) error {
 			hasFields[0] |= uint64(0x00000001)
 		case 2:
 			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ResourceName", wireType)
+				return fmt.Errorf("proto: wrong wireType = %d for field PodName", wireType)
 			}
 			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
@@ -3265,69 +3243,10 @@ func (m *ApplicationDeleteResourceRequest) Unmarshal(dAtA []byte) error {
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
-			m.ResourceName = string(dAtA[iNdEx:postIndex])
+			s := string(dAtA[iNdEx:postIndex])
+			m.PodName = &s
 			iNdEx = postIndex
 			hasFields[0] |= uint64(0x00000002)
-		case 3:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field APIVersion", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowApplication
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthApplication
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.APIVersion = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-			hasFields[0] |= uint64(0x00000004)
-		case 4:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Kind", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowApplication
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthApplication
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Kind = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-			hasFields[0] |= uint64(0x00000008)
 		default:
 			iNdEx = preIndex
 			skippy, err := skipApplication(dAtA[iNdEx:])
@@ -3348,13 +3267,7 @@ func (m *ApplicationDeleteResourceRequest) Unmarshal(dAtA []byte) error {
 		return proto.NewRequiredNotSetError("name")
 	}
 	if hasFields[0]&uint64(0x00000002) == 0 {
-		return proto.NewRequiredNotSetError("resourceName")
-	}
-	if hasFields[0]&uint64(0x00000004) == 0 {
-		return proto.NewRequiredNotSetError("apiVersion")
-	}
-	if hasFields[0]&uint64(0x00000008) == 0 {
-		return proto.NewRequiredNotSetError("kind")
+		return proto.NewRequiredNotSetError("podName")
 	}

 	if iNdEx > l {
@@ -3982,88 +3895,86 @@ var (
 func init() { proto.RegisterFile("server/application/application.proto", fileDescriptorApplication) }

 var fileDescriptorApplication = []byte{
-	// 1323 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x58, 0xcd, 0x6f, 0xdc, 0x44,
-	0x14, 0x67, 0x76, 0xb7, 0xf9, 0x78, 0xa9, 0x10, 0x0c, 0x6d, 0x31, 0x26, 0x4d, 0x57, 0x6e, 0x9a,
-	0xa6, 0x29, 0xb5, 0x9b, 0x08, 0x09, 0x54, 0x21, 0xa1, 0x86, 0x96, 0x36, 0x28, 0x94, 0xb0, 0x69,
-	0x41, 0xe2, 0x82, 0xa6, 0xf6, 0x74, 0x63, 0xb2, 0x3b, 0x63, 0x66, 0x66, 0x17, 0x2d, 0x55, 0x0f,
-	0x14, 0xc4, 0x09, 0xa9, 0x42, 0x70, 0xe0, 0x06, 0xf4, 0x8c, 0xb8, 0x70, 0xe7, 0xdc, 0x23, 0x12,
-	0xf7, 0x08, 0x45, 0x5c, 0xf9, 0x1f, 0xd0, 0x8c, 0xed, 0xf5, 0xb8, 0xd9, 0x75, 0x0a, 0x2c, 0xb7,
-	0xf1, 0x9b, 0x37, 0xef, 0xfd, 0xde, 0xc7, 0xcc, 0xfb, 0xc9, 0xb0, 0x28, 0xa9, 0xe8, 0x53, 0x11,
-	0x90, 0x24, 0xe9, 0xc4, 0x21, 0x51, 0x31, 0x67, 0xf6, 0xda, 0x4f, 0x04, 0x57, 0x1c, 0xcf, 0x59,
-	0x22, 0xf7, 0x58, 0x9b, 0xb7, 0xb9, 0x91, 0x07, 0x7a, 0x95, 0xaa, 0xb8, 0xf3, 0x6d, 0xce, 0xdb,
-	0x1d, 0x1a, 0x90, 0x24, 0x0e, 0x08, 0x63, 0x5c, 0x19, 0x65, 0x99, 0xed, 0x7a, 0xbb, 0xaf, 0x4a,
-	0x3f, 0xe6, 0x66, 0x37, 0xe4, 0x82, 0x06, 0xfd, 0xd5, 0xa0, 0x4d, 0x19, 0x15, 0x44, 0xd1, 0x28,
-	0xd3, 0x79, 0xb9, 0xd0, 0xe9, 0x92, 0x70, 0x27, 0x66, 0x54, 0x0c, 0x82, 0x64, 0xb7, 0xad, 0x05,
-	0x32, 0xe8, 0x52, 0x45, 0x46, 0x9d, 0xda, 0x68, 0xc7, 0x6a, 0xa7, 0x77, 0xdb, 0x0f, 0x79, 0x37,
-	0x20, 0xc2, 0x00, 0xfb, 0xc8, 0x2c, 0x2e, 0x84, 0x51, 0x71, 0xda, 0x0e, 0xaf, 0xbf, 0x4a, 0x3a,
-	0xc9, 0x0e, 0x39, 0x68, 0x6a, 0xbd, 0xca, 0x94, 0xa0, 0x09, 0xcf, 0x72, 0x65, 0x96, 0xb1, 0xe2,
-	0x62, 0x60, 0x2d, 0x53, 0x1b, 0x1e, 0x83, 0x67, 0x2e, 0x17, 0xbe, 0xde, 0xed, 0x51, 0x31, 0xc0,
-	0x18, 0x1a, 0x8c, 0x74, 0xa9, 0x83, 0x9a, 0x68, 0x79, 0xb6, 0x65, 0xd6, 0x78, 0x01, 0xa6, 0x05,
-	0xbd, 0x23, 0xa8, 0xdc, 0x71, 0x6a, 0x4d, 0xb4, 0x3c, 0xb3, 0xde, 0x78, 0xb4, 0x77, 0xea, 0xa9,
-	0x56, 0x2e, 0xc4, 0x4b, 0x30, 0xad, 0xdd, 0xd3, 0x50, 0x39, 0xf5, 0x66, 0x7d, 0x79, 0x76, 0xfd,
-	0xe8, 0xfe, 0xde, 0xa9, 0x99, 0xad, 0x54, 0x24, 0x5b, 0xf9, 0xa6, 0xf7, 0x25, 0x82, 0x05, 0xcb,
-	0x61, 0x8b, 0x4a, 0xde, 0x13, 0x21, 0xbd, 0xda, 0xa7, 0x4c, 0xc9, 0xc7, 0xdd, 0xd7, 0x86, 0xee,
-	0x97, 0xe1, 0xa8, 0xc8, 0x54, 0x6f, 0xe8, 0xbd, 0x9a, 0xde, 0xcb, 0x30, 0x94, 0x76, 0xf0, 0x12,
-	0xcc, 0xe5, 0xdf, 0xb7, 0x36, 0xae, 0x38, 0x75, 0x4b, 0xd1, 0xde, 0xf0, 0xb6, 0xc0, 0xb1, 0x70,
-	0xbc, 0x4d, 0x58, 0x7c, 0x87, 0x4a, 0x35, 0x1e, 0x41, 0x13, 0x66, 0x04, 0xed, 0xc7, 0x32, 0xe6,
-	0xcc, 0x64, 0x20, 0x37, 0x3a, 0x94, 0x7a, 0xc7, 0xe1, 0xb9, 0x72, 0x64, 0x09, 0x67, 0x92, 0x7a,
-	0x0f, 0x51, 0xc9, 0xd3, 0x1b, 0x82, 0x12, 0x45, 0x5b, 0xf4, 0xe3, 0x1e, 0x95, 0x0a, 0x33, 0xb0,
-	0x5b, 0xd5, 0x38, 0x9c, 0x5b, 0x7b, 0xd3, 0x2f, 0x0a, 0xeb, 0xe7, 0x85, 0x35, 0x8b, 0x0f, 0xc3,
-	0xc8, 0x4f, 0x76, 0xdb, 0xbe, 0xee, 0x11, 0xdf, 0x6e, 0xfb, 0xbc, 0x47, 0x7c, 0xcb, 0x53, 0x1e,
-	0xb5, 0xa5, 0x87, 0x4f, 0xc0, 0x54, 0x2f, 0x91, 0x54, 0xa8, 0xb4, 0x8a, 0xad, 0xec, 0xcb, 0xfb,
-	0xa2, 0x0c, 0xf2, 0x56, 0x12, 0x59, 0x20, 0x77, 0xfe, 0x47, 0x90, 0x25, 0x78, 0xde, 0xf5, 0x12,
-	0x8a, 0x2b, 0xb4, 0x43, 0x0b, 0x14, 0xa3, 0x8a, 0xe2, 0xc0, 0x74, 0x48, 0x64, 0x48, 0x22, 0x9a,
-	0xc5, 0x93, 0x7f, 0x7a, 0x7f, 0x21, 0x38, 0x61, 0x99, 0xda, 0x1e, 0xb0, 0xb0, 0xca, 0xd0, 0xa1,
-	0xd5, 0xc5, 0xf3, 0x30, 0x15, 0x89, 0x41, 0xab, 0xc7, 0x9c, 0xba, 0xd5, 0xff, 0x99, 0x0c, 0xbb,
-	0x70, 0x24, 0x11, 0x3d, 0x46, 0x9d, 0x86, 0xb5, 0x99, 0x8a, 0x70, 0x08, 0x33, 0x52, 0xe9, 0x7b,
-	0xdb, 0x1e, 0x38, 0x47, 0x9a, 0x68, 0x79, 0x6e, 0xed, 0xda, 0x7f, 0xc8, 0x9d, 0x8e, 0x64, 0x3b,
-	0x33, 0xd7, 0x1a, 0x1a, 0xf6, 0xbe, 0x43, 0x30, 0x7f, 0xa0, 0x80, 0xdb, 0x09, 0xad, 0x8c, 0x3a,
-	0x82, 0x86, 0x4c, 0x68, 0x68, 0x6e, 0xd3, 0xdc, 0xda, 0x5b, 0x93, 0xa9, 0xa8, 0x76, 0x9a, 0x25,
-	0xc0, 0x58, 0xd7, 0x57, 0xde, 0xb5, 0x2b, 0xce, 0x3b, 0x9d, 0xdb, 0x24, 0xdc, 0xad, 0x02, 0xe6,
-	0x42, 0x2d, 0x8e, 0x0c, 0xac, 0xfa, 0x3a, 0x68, 0x53, 0xfb, 0x7b, 0xa7, 0x6a, 0x1b, 0x57, 0x5a,
-	0xb5, 0x38, 0xfa, 0xf7, 0x85, 0xf0, 0x7e, 0x46, 0xd0, 0x1c, 0xd1, 0x5e, 0xe9, 0x9b, 0x50, 0x05,
-	0xe7, 0xc9, 0x5f, 0x9f, 0x35, 0x00, 0x92, 0xc4, 0xef, 0x51, 0x61, 0x3a, 0x29, 0x7d, 0x7c, 0x70,
-	0x16, 0x00, 0x5c, 0xde, 0xda, 0xc8, 0x76, 0x5a, 0x96, 0x16, 0x76, 0xa0, 0xb1, 0x1b, 0xb3, 0xc8,
-	0x69, 0x58, 0x56, 0x8d, 0xc4, 0xfb, 0xb1, 0x06, 0xcf, 0x5b, 0x80, 0xb7, 0x78, 0xb4, 0xc9, 0xdb,
-	0x15, 0xaf, 0xa4, 0x03, 0xd3, 0x09, 0x8f, 0x0a, 0x88, 0xad, 0xfc, 0x13, 0x7b, 0x30, 0x1b, 0x72,
-	0xa6, 0x88, 0x1e, 0x52, 0xa5, 0x37, 0xb1, 0x10, 0xeb, 0x28, 0x65, 0xcc, 0x42, 0xba, 0x4d, 0x43,
-	0xce, 0x22, 0x69, 0xf0, 0xd4, 0xf3, 0x28, 0xed, 0x1d, 0x7c, 0x1d, 0x66, 0xcd, 0xf7, 0xcd, 0xb8,
-	0x4b, 0xb3, 0x96, 0x5e, 0xf1, 0xd3, 0x69, 0xe8, 0xdb, 0xd3, 0xb0, 0x68, 0x1a, 0x3d, 0x0d, 0xfd,
-	0xfe, 0xaa, 0xaf, 0x4f, 0xb4, 0x8a, 0xc3, 0x1a, 0x97, 0x22, 0x71, 0x67, 0x33, 0x66, 0x54, 0x3a,
-	0x53, 0x96, 0xc3, 0x42, 0xac, 0x0b, 0x7e, 0x87, 0x77, 0x3a, 0xfc, 0x13, 0x67, 0xba, 0x59, 0x2b,
-	0x0a, 0x9e, 0xca, 0xbc, 0x4f, 0x61, 0x66, 0x93, 0xb7, 0xaf, 0x32, 0x25, 0x06, 0x7a, 0x48, 0xe9,
-	0x70, 0x28, 0x53, 0x69, 0x5a, 0xf2, 0x21, 0x95, 0x09, 0xf1, 0x0d, 0x98, 0x55, 0x71, 0x97, 0x6e,
-	0x2b, 0xd2, 0x4d, 0xb2, 0xa6, 0xff, 0x07, 0xb8, 0x87, 0xc8, 0x72, 0x13, 0x5e, 0x00, 0x2f, 0xbc,
-	0x93, 0xe8, 0x91, 0x1c, 0x73, 0x76, 0x93, 0x8a, 0x6e, 0xcc, 0x48, 0xe5, 0x7b, 0xe5, 0xcd, 0x83,
-	0x3b, 0xea, 0x40, 0x3a, 0x29, 0xd6, 0x3e, 0x7f, 0x16, 0xb0, 0x7d, 0x91, 0xa8, 0xe8, 0xc7, 0x21,
-	0xc5, 0x0f, 0x10, 0x34, 0x36, 0x63, 0xa9, 0xf0, 0xc9, 0xd2, 0xdd, 0x7b, 0x7c, 0x6c, 0xbb, 0x13,
-	0xba, 0xbf, 0xda, 0x95, 0x37, 0x7f, 0xff, 0xf7, 0x3f, 0xbf, 0xa9, 0x9d, 0xc0, 0xc7, 0x0c, 0x03,
-	0xea, 0xaf, 0xda, 0x84, 0x44, 0xe2, 0xaf, 0x10, 0x60, 0xad, 0x56, 0x9e, 0xde, 0xf8, 0xfc, 0x38,
-	0x7c, 0x23, 0xa6, 0xbc, 0x7b, 0xd2, 0x4a, 0xbc, 0xaf, 0x29, 0x96, 0x4e, 0xb3, 0x51, 0x30, 0x00,
-	0x56, 0x0c, 0x80, 0x45, 0xec, 0x8d, 0x02, 0x10, 0xdc, 0xd5, 0xd9, 0xbc, 0x17, 0xd0, 0xd4, 0xef,
-	0xf7, 0x08, 0x8e, 0xbc, 0x4f, 0x54, 0xb8, 0x73, 0x58, 0x86, 0xb6, 0x26, 0x93, 0x21, 0xe3, 0xcb,
-	0x40, 0xf5, 0x4e, 0x1b, 0x98, 0x27, 0xf1, 0x8b, 0x39, 0x4c, 0xa9, 0x04, 0x25, 0xdd, 0x12, 0xda,
-	0x8b, 0x08, 0x3f, 0x44, 0x30, 0x95, 0x0e, 0x7e, 0x7c, 0x66, 0x1c, 0xc4, 0x12, 0x31, 0x70, 0x27,
-	0x34, 0x5e, 0xbd, 0x73, 0x06, 0xe0, 0x69, 0x6f, 0x64, 0x21, 0x2f, 0x95, 0xb8, 0xc1, 0xd7, 0x08,
-	0xea, 0xd7, 0xe8, 0xa1, 0x6d, 0x36, 0x29, 0x64, 0x07, 0x52, 0x37, 0xa2, 0xc2, 0xf8, 0x3e, 0x82,
-	0xa3, 0xd7, 0xa8, 0xca, 0xe9, 0x99, 0x1c, 0x9f, 0xbe, 0x12, 0x83, 0x73, 0xe7, 0x7d, 0x8b, 0xe9,
-	0xe6, 0x5b, 0x43, 0x4a, 0x76, 0xc1, 0xb8, 0x3e, 0x8b, 0xcf, 0x54, 0x35, 0x57, 0x77, 0xe8, 0xf3,
-	0x57, 0x04, 0x53, 0xe9, 0x40, 0x1d, 0xef, 0xbe, 0xc4, 0x98, 0x26, 0x96, 0xa3, 0xab, 0x06, 0xe8,
-	0xeb, 0xee, 0xc5, 0xd1, 0x40, 0xed, 0xf3, 0xfa, 0xa5, 0x8a, 0x88, 0x22, 0xbe, 0x41, 0x5f, 0xae,
-	0xec, 0x2f, 0x08, 0xa0, 0x60, 0x04, 0xf8, 0x5c, 0x75, 0x10, 0x16, 0x6b, 0x70, 0x27, 0xc8, 0x09,
-	0x3c, 0xdf, 0x04, 0xb3, 0xec, 0x36, 0xab, 0xb2, 0xae, 0x19, 0xc3, 0x25, 0xc3, 0x1b, 0x70, 0x1f,
-	0xa6, 0xd2, 0x11, 0x3d, 0x3e, 0xeb, 0x25, 0x86, 0xe8, 0x36, 0x2b, 0xde, 0x9f, 0xb4, 0xf0, 0x59,
-	0xcf, 0xad, 0x54, 0xf6, 0xdc, 0x0f, 0x08, 0x1a, 0x9a, 0x65, 0xe1, 0xd3, 0xe3, 0xec, 0x59, 0x6c,
-	0x72, 0x62, 0xa5, 0x3e, 0x6f, 0xa0, 0x9d, 0xf1, 0xaa, 0xb3, 0x33, 0x60, 0xe1, 0x25, 0xb4, 0x82,
-	0x7f, 0x42, 0x30, 0x93, 0xf3, 0x28, 0x7c, 0x76, 0x6c, 0xd8, 0x65, 0xa6, 0x35, 0x31, 0xa8, 0x81,
-	0x81, 0x7a, 0xce, 0x5b, 0xac, 0x82, 0x2a, 0x32, 0xe7, 0x1a, 0xee, 0xb7, 0x08, 0xf0, 0x70, 0xdc,
-	0x0d, 0x07, 0x20, 0x5e, 0x2a, 0xb9, 0x1a, 0x3b, 0x49, 0xdd, 0xb3, 0x87, 0xea, 0x95, 0xef, 0xf5,
-	0x4a, 0xe5, 0xbd, 0xe6, 0x43, 0xff, 0x0f, 0x10, 0x3c, 0x5d, 0x26, 0x81, 0xf8, 0xc2, 0x61, 0x9d,
-	0x56, 0x22, 0x8b, 0x4f, 0xd0, 0x71, 0x2f, 0x19, 0x48, 0x4b, 0x2b, 0xd5, 0xb9, 0xca, 0xdd, 0x7f,
-	0x86, 0x60, 0x3a, 0x63, 0x79, 0x78, 0x71, 0x9c, 0x6d, 0x9b, 0x06, 0xba, 0xc7, 0x4b, 0x5a, 0x39,
-	0x13, 0xf2, 0x5e, 0x31, 0x6e, 0x57, 0x71, 0x50, 0xe5, 0x36, 0xe1, 0x91, 0x0c, 0xee, 0x66, 0x14,
-	0xf1, 0x5e, 0xd0, 0xe1, 0x6d, 0x79, 0x11, 0xad, 0xbf, 0xf6, 0x68, 0x7f, 0x01, 0xfd, 0xb6, 0xbf,
-	0x80, 0xfe, 0xd8, 0x5f, 0x40, 0x1f, 0xf8, 0x55, 0xff, 0x18, 0x0e, 0xfe, 0x8b, 0xf9, 0x3b, 0x00,
-	0x00, 0xff, 0xff, 0x23, 0x18, 0x5a, 0x1f, 0xa0, 0x11, 0x00, 0x00,
+	// 1288 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x58, 0x41, 0x8f, 0x1b, 0x35,
+	0x14, 0xc6, 0xd9, 0x74, 0x77, 0xe3, 0xed, 0xa1, 0x32, 0x6d, 0x19, 0xa6, 0xe9, 0x36, 0x72, 0xb7,
+	0x6d, 0x9a, 0xd2, 0x99, 0xee, 0x0a, 0x09, 0x54, 0x21, 0x21, 0x96, 0x96, 0xb6, 0xb0, 0x94, 0x25,
+	0xdb, 0x0a, 0x89, 0x0b, 0x72, 0x67, 0xdc, 0xc9, 0xb0, 0x89, 0x3d, 0xd8, 0x4e, 0x50, 0xa8, 0x7a,
+	0xa0, 0x42, 0x5c, 0x40, 0x42, 0x08, 0x0e, 0xdc, 0x80, 0x9e, 0xb9, 0x71, 0xe7, 0xdc, 0x23, 0x12,
+	0xf7, 0x0a, 0xad, 0xb8, 0xf2, 0x1b, 0x40, 0xf6, 0xcc, 0x64, 0x3c, 0xdd, 0x64, 0xb6, 0x40, 0xb8,
+	0x79, 0x9e, 0xed, 0xf7, 0x7d, 0x7e, 0xef, 0xd9, 0xdf, 0x4b, 0xe0, 0x9a, 0xa4, 0x62, 0x44, 0x85,
+	0x4f, 0x92, 0xa4, 0x1f, 0x07, 0x44, 0xc5, 0x9c, 0xd9, 0x63, 0x2f, 0x11, 0x5c, 0x71, 0xb4, 0x62,
+	0x99, 0xdc, 0xa3, 0x11, 0x8f, 0xb8, 0xb1, 0xfb, 0x7a, 0x94, 0x2e, 0x71, 0x9b, 0x11, 0xe7, 0x51,
+	0x9f, 0xfa, 0x24, 0x89, 0x7d, 0xc2, 0x18, 0x57, 0x66, 0xb1, 0xcc, 0x66, 0xf1, 0xee, 0xcb, 0xd2,
+	0x8b, 0xb9, 0x99, 0x0d, 0xb8, 0xa0, 0xfe, 0x68, 0xdd, 0x8f, 0x28, 0xa3, 0x82, 0x28, 0x1a, 0x66,
+	0x6b, 0x5e, 0x2c, 0xd6, 0x0c, 0x48, 0xd0, 0x8b, 0x19, 0x15, 0x63, 0x3f, 0xd9, 0x8d, 0xb4, 0x41,
+	0xfa, 0x03, 0xaa, 0xc8, 0xb4, 0x5d, 0x37, 0xa2, 0x58, 0xf5, 0x86, 0x77, 0xbc, 0x80, 0x0f, 0x7c,
+	0x22, 0x0c, 0xb1, 0x0f, 0xcd, 0xe0, 0x62, 0x10, 0x16, 0xbb, 0xed, 0xe3, 0x8d, 0xd6, 0x49, 0x3f,
+	0xe9, 0x91, 0xfd, 0xae, 0x36, 0xab, 0x5c, 0x09, 0x9a, 0xf0, 0x2c, 0x56, 0x66, 0x18, 0x2b, 0x2e,
+	0xc6, 0xd6, 0x30, 0xf5, 0x81, 0x19, 0x3c, 0xf2, 0x5a, 0x81, 0xf5, 0xee, 0x90, 0x8a, 0x31, 0x42,
+	0xb0, 0xce, 0xc8, 0x80, 0x3a, 0xa0, 0x05, 0xda, 0x8d, 0xae, 0x19, 0xa3, 0x55, 0xb8, 0x24, 0xe8,
+	0x5d, 0x41, 0x65, 0xcf, 0xa9, 0xb5, 0x40, 0x7b, 0x79, 0xb3, 0xfe, 0xe8, 0xf1, 0xa9, 0x67, 0xba,
+	0xb9, 0x11, 0x9d, 0x85, 0x4b, 0x1a, 0x9e, 0x06, 0xca, 0x59, 0x68, 0x2d, 0xb4, 0x1b, 0x9b, 0x87,
+	0xf7, 0x1e, 0x9f, 0x5a, 0xde, 0x4e, 0x4d, 0xb2, 0x9b, 0x4f, 0xe2, 0xcf, 0x01, 0x5c, 0xb5, 0x00,
+	0xbb, 0x54, 0xf2, 0xa1, 0x08, 0xe8, 0xd5, 0x11, 0x65, 0x4a, 0x3e, 0x09, 0x5f, 0x9b, 0xc0, 0xb7,
+	0xe1, 0x61, 0x91, 0x2d, 0xbd, 0xa9, 0xe7, 0x6a, 0x7a, 0x2e, 0xe3, 0x50, 0x9a, 0x41, 0x67, 0xe1,
+	0x4a, 0xfe, 0x7d, 0xfb, 0xc6, 0x15, 0x67, 0xc1, 0x5a, 0x68, 0x4f, 0xe0, 0x6d, 0xe8, 0x58, 0x3c,
+	0xde, 0x26, 0x2c, 0xbe, 0x4b, 0xa5, 0x9a, 0xcd, 0xa0, 0x05, 0x97, 0x05, 0x1d, 0xc5, 0x32, 0xe6,
+	0xcc, 0x44, 0x20, 0x77, 0x3a, 0xb1, 0xe2, 0x63, 0xf0, 0xd9, 0xf2, 0xc9, 0x12, 0xce, 0x24, 0xc5,
+	0x0f, 0x41, 0x09, 0xe9, 0x75, 0x41, 0x89, 0xa2, 0x5d, 0xfa, 0xd1, 0x90, 0x4a, 0x85, 0x18, 0xb4,
+	0x4b, 0xd5, 0x00, 0xae, 0x6c, 0xbc, 0xe1, 0x15, 0x89, 0xf5, 0xf2, 0xc4, 0x9a, 0xc1, 0x07, 0x41,
+	0xe8, 0x25, 0xbb, 0x91, 0xa7, 0x6b, 0xc4, 0xb3, 0xcb, 0x3e, 0xaf, 0x11, 0xcf, 0x42, 0xca, 0x4f,
+	0x6d, 0xad, 0x43, 0xc7, 0xe1, 0xe2, 0x30, 0x91, 0x54, 0xa8, 0x34, 0x8b, 0xdd, 0xec, 0x0b, 0x7f,
+	0x56, 0x26, 0x79, 0x3b, 0x09, 0x2d, 0x92, 0xbd, 0xff, 0x91, 0x64, 0x89, 0x1e, 0xbe, 0x5e, 0x62,
+	0x71, 0x85, 0xf6, 0x69, 0xc1, 0x62, 0x5a, 0x52, 0x1c, 0xb8, 0x14, 0x10, 0x19, 0x90, 0x90, 0x66,
+	0xe7, 0xc9, 0x3f, 0xf1, 0x9f, 0x00, 0x1e, 0xb7, 0x5c, 0xed, 0x8c, 0x59, 0x50, 0xe5, 0xe8, 0xc0,
+	0xec, 0xa2, 0x26, 0x5c, 0x0c, 0xc5, 0xb8, 0x3b, 0x64, 0xce, 0x82, 0x55, 0xff, 0x99, 0x0d, 0xb9,
+	0xf0, 0x50, 0x22, 0x86, 0x8c, 0x3a, 0x75, 0x6b, 0x32, 0x35, 0xa1, 0x00, 0x2e, 0x4b, 0xa5, 0xef,
+	0x6d, 0x34, 0x76, 0x0e, 0xb5, 0x40, 0x7b, 0x65, 0xe3, 0xda, 0x7f, 0x88, 0x9d, 0x3e, 0xc9, 0x4e,
+	0xe6, 0xae, 0x3b, 0x71, 0x8c, 0xbf, 0x03, 0xb0, 0xb9, 0x2f, 0x81, 0x3b, 0x09, 0xad, 0x3c, 0x75,
+	0x08, 0xeb, 0x32, 0xa1, 0x81, 0xb9, 0x4d, 0x2b, 0x1b, 0x6f, 0xce, 0x27, 0xa3, 0x1a, 0x34, 0x0b,
+	0x80, 0xf1, 0xae, 0xaf, 0xbc, 0x6b, 0x67, 0x9c, 0xf7, 0xfb, 0x77, 0x48, 0xb0, 0x5b, 0x45, 0xcc,
+	0x85, 0xb5, 0x38, 0x34, 0xb4, 0x16, 0x36, 0xa1, 0x76, 0xb5, 0xf7, 0xf8, 0x54, 0xed, 0xc6, 0x95,
+	0x6e, 0x2d, 0x0e, 0xff, 0x7d, 0x22, 0xf0, 0x5b, 0xf0, 0xc4, 0xbe, 0xea, 0xda, 0xe6, 0xe1, 0x01,
+	0x05, 0x96, 0xf0, 0xb0, 0x78, 0x72, 0xba, 0xf9, 0x27, 0xfe, 0xb1, 0x06, 0x9f, 0xb3, 0xbc, 0x6d,
+	0xf3, 0x70, 0x8b, 0x47, 0x15, 0x2f, 0xd8, 0x4c, 0x4f, 0x08, 0xc3, 0x46, 0xc0, 0x99, 0x22, 0x5a,
+	0x40, 0x4a, 0xef, 0x55, 0x61, 0xd6, 0xef, 0x9f, 0x8c, 0x59, 0x40, 0x77, 0x68, 0xc0, 0x59, 0x28,
+	0x9d, 0xba, 0x09, 0x4d, 0xf6, 0xfe, 0xd9, 0x33, 0xe8, 0x3a, 0x6c, 0x98, 0xef, 0x5b, 0xf1, 0x80,
+	0x66, 0xe5, 0xd6, 0xf1, 0x52, 0xa5, 0xf2, 0x6c, 0xa5, 0x2a, 0x12, 0xaa, 0x95, 0xca, 0x1b, 0xad,
+	0x7b, 0x7a, 0x47, 0xb7, 0xd8, 0xac, 0x79, 0x29, 0x12, 0xf7, 0xb7, 0x62, 0x46, 0xa5, 0xb3, 0x68,
+	0x01, 0x16, 0x66, 0x9d, 0x8c, 0xbb, 0xbc, 0xdf, 0xe7, 0x1f, 0x3b, 0x4b, 0xad, 0x5a, 0x91, 0x8c,
+	0xd4, 0x86, 0x3f, 0x81, 0xcb, 0x5b, 0x3c, 0xba, 0xca, 0x94, 0x18, 0x6b, 0x01, 0xd1, 0xc7, 0xa1,
+	0x4c, 0xa5, 0x61, 0xc9, 0x05, 0x24, 0x33, 0xa2, 0x9b, 0xb0, 0xa1, 0xe2, 0x01, 0xdd, 0x51, 0x64,
+	0x90, 0x64, 0x05, 0xf9, 0x0f, 0x78, 0x4f, 0x98, 0xe5, 0x2e, 0xb0, 0x0f, 0x9f, 0x7f, 0x27, 0xd1,
+	0x72, 0x19, 0x73, 0x76, 0x8b, 0x8a, 0x41, 0xcc, 0x48, 0xe5, 0x5b, 0x82, 0x9b, 0xd0, 0x9d, 0xb6,
+	0x21, 0x7d, 0xc5, 0x37, 0xfe, 0x3a, 0x02, 0x91, 0x5d, 0xe4, 0x54, 0x8c, 0xe2, 0x80, 0xa2, 0xaf,
+	0x00, 0xac, 0x6f, 0xc5, 0x52, 0xa1, 0x93, 0xa5, 0x7b, 0xf1, 0xa4, 0xa4, 0xba, 0x73, 0xba, 0x5b,
+	0x1a, 0x0a, 0x37, 0x1f, 0xfc, 0xf6, 0xc7, 0x37, 0xb5, 0xe3, 0xe8, 0xa8, 0xe9, 0x4e, 0x46, 0xeb,
+	0x76, 0xb3, 0x20, 0xd1, 0x97, 0x00, 0x22, 0xbd, 0xac, 0xac, 0xac, 0xe8, 0xc2, 0x2c, 0x7e, 0x53,
+	0x14, 0xd8, 0x3d, 0x69, 0x05, 0xde, 0xd3, 0xed, 0x8f, 0x0e, 0xb3, 0x59, 0x60, 0x08, 0x74, 0x0c,
+	0x81, 0x35, 0x84, 0xa7, 0x11, 0xf0, 0xef, 0xe9, 0x68, 0xde, 0xf7, 0x69, 0x8a, 0xfb, 0x3d, 0x80,
+	0x87, 0xde, 0x23, 0x2a, 0xe8, 0x1d, 0x14, 0xa1, 0xed, 0xf9, 0x44, 0xc8, 0x60, 0x19, 0xaa, 0xf8,
+	0xb4, 0xa1, 0x79, 0x12, 0x9d, 0xc8, 0x69, 0x4a, 0x25, 0x28, 0x19, 0x94, 0xd8, 0x5e, 0x02, 0xe8,
+	0x21, 0x80, 0x8b, 0xa9, 0x28, 0xa3, 0x33, 0xb3, 0x28, 0x96, 0x44, 0xdb, 0x9d, 0x93, 0xf4, 0xe1,
+	0xf3, 0x86, 0xe0, 0x69, 0x3c, 0x35, 0x91, 0x97, 0x4b, 0xba, 0xfd, 0x35, 0x80, 0x0b, 0xd7, 0xe8,
+	0x81, 0x65, 0x36, 0x2f, 0x66, 0xfb, 0x42, 0x37, 0x25, 0xc3, 0xe8, 0x01, 0x80, 0x87, 0xaf, 0x51,
+	0x95, 0xb7, 0x4e, 0x72, 0x76, 0xf8, 0x4a, 0xdd, 0x95, 0xdb, 0xf4, 0xac, 0x2e, 0x34, 0x9f, 0x9a,
+	0xb4, 0x4b, 0x17, 0x0d, 0xf4, 0x39, 0x74, 0xa6, 0xaa, 0xb8, 0x06, 0x13, 0xcc, 0x5f, 0x00, 0x5c,
+	0x4c, 0xc5, 0x6e, 0x36, 0x7c, 0xa9, 0x9b, 0x99, 0x5b, 0x8c, 0xae, 0x1a, 0xa2, 0xaf, 0xba, 0x97,
+	0xa6, 0x13, 0xb5, 0xf7, 0xeb, 0x97, 0x2a, 0x24, 0x8a, 0x78, 0x86, 0x7d, 0x39, 0xb3, 0x3f, 0x03,
+	0x08, 0x0b, 0xb5, 0x46, 0xe7, 0xab, 0x0f, 0x61, 0x29, 0xba, 0x3b, 0x47, 0xbd, 0xc6, 0x9e, 0x39,
+	0x4c, 0xdb, 0x6d, 0x55, 0x45, 0x5d, 0xab, 0xf9, 0x65, 0xa3, 0xe9, 0x68, 0x04, 0x17, 0x53, 0xfd,
+	0x9c, 0x1d, 0xf5, 0x52, 0xf7, 0xe6, 0xb6, 0x2a, 0xde, 0x9f, 0x34, 0xf1, 0x59, 0xcd, 0x75, 0x2a,
+	0x6b, 0xee, 0x07, 0x00, 0xeb, 0xba, 0x03, 0x42, 0xa7, 0x67, 0xf9, 0xb3, 0x3a, 0xbd, 0xb9, 0xa5,
+	0xfa, 0x82, 0xa1, 0x76, 0x06, 0x57, 0x47, 0x67, 0xcc, 0x82, 0xcb, 0xa0, 0x83, 0x7e, 0x02, 0x70,
+	0x39, 0xef, 0x71, 0xd0, 0xb9, 0x99, 0xc7, 0x2e, 0x77, 0x41, 0x73, 0xa3, 0xea, 0x1b, 0xaa, 0xe7,
+	0xf1, 0x5a, 0x15, 0x55, 0x91, 0x81, 0x6b, 0xba, 0xdf, 0x02, 0x88, 0x26, 0x72, 0x37, 0x11, 0x40,
+	0x74, 0xb6, 0x04, 0x35, 0x53, 0x49, 0xdd, 0x73, 0x07, 0xae, 0x2b, 0xdf, 0xeb, 0x4e, 0xe5, 0xbd,
+	0xe6, 0x13, 0xfc, 0x2f, 0x00, 0x6c, 0x4c, 0x3a, 0x34, 0xd4, 0xae, 0x2e, 0xb2, 0xa2, 0x89, 0x7b,
+	0x8a, 0x3a, 0xdb, 0x30, 0x44, 0x5e, 0xe8, 0x74, 0xaa, 0x88, 0x24, 0x3c, 0x94, 0xfe, 0xbd, 0xac,
+	0x43, 0xbb, 0x8f, 0x3e, 0x05, 0x70, 0x29, 0xeb, 0xf0, 0xd0, 0xda, 0x2c, 0x04, 0xbb, 0x05, 0x74,
+	0x8f, 0x95, 0x56, 0xe5, 0x5d, 0x10, 0x7e, 0xc9, 0x80, 0xaf, 0x23, 0xff, 0xe9, 0xc1, 0xfd, 0x3e,
+	0x8f, 0xe4, 0x25, 0xb0, 0xf9, 0xca, 0xa3, 0xbd, 0x55, 0xf0, 0xeb, 0xde, 0x2a, 0xf8, 0x7d, 0x6f,
+	0x15, 0xbc, 0xef, 0x55, 0xfd, 0xf6, 0xdf, 0xff, 0x1f, 0xc9, 0xdf, 0x01, 0x00, 0x00, 0xff, 0xff,
+	0x6a, 0x89, 0x9d, 0x9f, 0x38, 0x11, 0x00, 0x00,
 }
--- a/server/application/application.pb.gw.go
+++ b/server/application/application.pb.gw.go
@@ -382,12 +382,8 @@ func request_ApplicationService_TerminateOperation_0(ctx context.Context, marsha

 }

-var (
-	filter_ApplicationService_DeleteResource_0 = &utilities.DoubleArray{Encoding: map[string]int{"name": 0}, Base: []int{1, 1, 0}, Check: []int{0, 1, 2}}
-)
-
-func request_ApplicationService_DeleteResource_0(ctx context.Context, marshaler runtime.Marshaler, client ApplicationServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
-	var protoReq ApplicationDeleteResourceRequest
+func request_ApplicationService_DeletePod_0(ctx context.Context, marshaler runtime.Marshaler, client ApplicationServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
+	var protoReq ApplicationDeletePodRequest
 	var metadata runtime.ServerMetadata

 	var (
@@ -408,11 +404,18 @@ func request_ApplicationService_DeleteResource_0(ctx context.Context, marshaler
 		return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "name", err)
 	}

-	if err := runtime.PopulateQueryParameters(&protoReq, req.URL.Query(), filter_ApplicationService_DeleteResource_0); err != nil {
-		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
+	val, ok = pathParams["podName"]
+	if !ok {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "podName")
 	}

-	msg, err := client.DeleteResource(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
+	protoReq.PodName, err = runtime.StringP(val)
+
+	if err != nil {
+		return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "podName", err)
+	}
+
+	msg, err := client.DeletePod(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
 	return msg, metadata, err

 }
@@ -857,7 +860,7 @@ func RegisterApplicationServiceHandlerClient(ctx context.Context, mux *runtime.S

 	})

-	mux.Handle("DELETE", pattern_ApplicationService_DeleteResource_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
+	mux.Handle("DELETE", pattern_ApplicationService_DeletePod_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
 		ctx, cancel := context.WithCancel(req.Context())
 		defer cancel()
 		if cn, ok := w.(http.CloseNotifier); ok {
@@ -875,14 +878,14 @@ func RegisterApplicationServiceHandlerClient(ctx context.Context, mux *runtime.S
 			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
 			return
 		}
-		resp, md, err := request_ApplicationService_DeleteResource_0(rctx, inboundMarshaler, client, req, pathParams)
+		resp, md, err := request_ApplicationService_DeletePod_0(rctx, inboundMarshaler, client, req, pathParams)
 		ctx = runtime.NewServerMetadataContext(ctx, md)
 		if err != nil {
 			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
 			return
 		}

-		forward_ApplicationService_DeleteResource_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
+		forward_ApplicationService_DeletePod_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)

 	})

@@ -943,7 +946,7 @@ var (

 	pattern_ApplicationService_TerminateOperation_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3, 2, 4}, []string{"api", "v1", "applications", "name", "operation"}, ""))

-	pattern_ApplicationService_DeleteResource_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3, 2, 4}, []string{"api", "v1", "applications", "name", "resource"}, ""))
+	pattern_ApplicationService_DeletePod_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3, 2, 4, 1, 0, 4, 1, 5, 5}, []string{"api", "v1", "applications", "name", "pods", "podName"}, ""))

 	pattern_ApplicationService_PodLogs_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3, 2, 4, 1, 0, 4, 1, 5, 5, 2, 6}, []string{"api", "v1", "applications", "name", "pods", "podName", "logs"}, ""))
 )
@@ -973,7 +976,7 @@ var (

 	forward_ApplicationService_TerminateOperation_0 = runtime.ForwardResponseMessage

-	forward_ApplicationService_DeleteResource_0 = runtime.ForwardResponseMessage
+	forward_ApplicationService_DeletePod_0 = runtime.ForwardResponseMessage

 	forward_ApplicationService_PodLogs_0 = runtime.ForwardResponseStream
 )
--- a/server/application/application.proto
+++ b/server/application/application.proto
@@ -72,11 +72,9 @@ message ApplicationRollbackRequest {
 	optional bool prune = 4 [(gogoproto.nullable) = false];
 }

-message ApplicationDeleteResourceRequest {
+message ApplicationDeletePodRequest {
 	required string name = 1;
-	required string resourceName = 2 [(gogoproto.nullable) = false];
-	required string apiVersion = 3 [(gogoproto.customname) = "APIVersion", (gogoproto.nullable) = false];
-	required string kind = 4 [(gogoproto.nullable) = false];
+	required string podName = 2;
 }

 message ApplicationPodLogsQuery {
@@ -181,9 +179,9 @@ service ApplicationService {
 		};
 	}

-	// DeleteResource deletes a single application resource
-	rpc DeleteResource(ApplicationDeleteResourceRequest) returns (ApplicationResponse) {
-		option (google.api.http).delete = "/api/v1/applications/{name}/resource";
+	// DeletePod returns stream of log entries for the specified pod. Pod
+	rpc DeletePod(ApplicationDeletePodRequest) returns (ApplicationResponse) {
+		option (google.api.http).delete = "/api/v1/applications/{name}/pods/{podName}";
 	}

 	// PodLogs returns stream of log entries for the specified pod. Pod
--- a/server/application/application_test.go
+++ b/server/application/application_test.go
@@ -6,7 +6,6 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 	"golang.org/x/net/context"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes/fake"

 	"github.com/argoproj/argo-cd/common"
@@ -79,9 +78,7 @@ func newTestAppServer() ApplicationServiceServer {
 	enforcer := rbac.NewEnforcer(kubeclientset, testNamespace, common.ArgoCDRBACConfigMapName, nil)
 	enforcer.SetBuiltinPolicy(test.BuiltinPolicy)
 	enforcer.SetDefaultRole("role:admin")
-	enforcer.SetClaimsEnforcerFunc(func(rvals ...interface{}) bool {
-		return true
-	})
+
 	db := db.NewDB(testNamespace, kubeclientset)
 	ctx := context.Background()
 	_, err := db.CreateRepository(ctx, fakeRepo())
@@ -96,18 +93,10 @@ func newTestAppServer() ApplicationServiceServer {
 	mockRepoClient := &mockrepo.Clientset{}
 	mockRepoClient.On("NewRepositoryClient").Return(&fakeCloser{}, &mockRepoServiceClient, nil)

-	defaultProj := &appsv1.AppProject{
-		ObjectMeta: metav1.ObjectMeta{Name: "default", Namespace: "default"},
-		Spec: appsv1.AppProjectSpec{
-			SourceRepos:  []string{"*"},
-			Destinations: []appsv1.ApplicationDestination{{Server: "*", Namespace: "*"}},
-		},
-	}
-
 	return NewServer(
 		testNamespace,
 		kubeclientset,
-		apps.NewSimpleClientset(defaultProj),
+		apps.NewSimpleClientset(),
 		mockRepoClient,
 		db,
 		enforcer,
--- a/server/cluster/cluster.go
+++ b/server/cluster/cluster.go
@@ -6,10 +6,7 @@ import (
 	"golang.org/x/net/context"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
-	"k8s.io/client-go/kubernetes"
-	"k8s.io/client-go/tools/clientcmd"

-	"github.com/argoproj/argo-cd/common"
 	appv1 "github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1"
 	"github.com/argoproj/argo-cd/util/db"
 	"github.com/argoproj/argo-cd/util/grpc"
@@ -79,53 +76,6 @@ func (s *Server) Create(ctx context.Context, q *ClusterCreateRequest) (*appv1.Cl
 	return redact(clust), err
 }

-// Create creates a cluster
-func (s *Server) CreateFromKubeConfig(ctx context.Context, q *ClusterCreateFromKubeConfigRequest) (*appv1.Cluster, error) {
-	kubeconfig, err := clientcmd.Load([]byte(q.Kubeconfig))
-	if err != nil {
-		return nil, status.Errorf(codes.Internal, "Could not unmarshal kubeconfig: %v", err)
-	}
-
-	var clusterServer string
-	var clusterInsecure bool
-	if q.InCluster {
-		clusterServer = common.KubernetesInternalAPIServerAddr
-	} else if cluster, ok := kubeconfig.Clusters[q.Context]; ok {
-		clusterServer = cluster.Server
-		clusterInsecure = cluster.InsecureSkipTLSVerify
-	} else {
-		return nil, status.Errorf(codes.Internal, "Context %s does not exist in kubeconfig", q.Context)
-	}
-
-	c := &appv1.Cluster{
-		Server: clusterServer,
-		Name:   q.Context,
-		Config: appv1.ClusterConfig{
-			TLSClientConfig: appv1.TLSClientConfig{
-				Insecure: clusterInsecure,
-			},
-		},
-	}
-
-	// Temporarily install RBAC resources for managing the cluster
-	clientset, err := kubernetes.NewForConfig(c.RESTConfig())
-	if err != nil {
-		return nil, status.Errorf(codes.Internal, "Could not create Kubernetes clientset: %v", err)
-	}
-
-	bearerToken, err := common.InstallClusterManagerRBAC(clientset)
-	if err != nil {
-		return nil, status.Errorf(codes.Internal, "Could not install cluster manager RBAC: %v", err)
-	}
-
-	c.Config.BearerToken = bearerToken
-
-	return s.Create(ctx, &ClusterCreateRequest{
-		Cluster: c,
-		Upsert:  q.Upsert,
-	})
-}
-
 // Get returns a cluster from a query
 func (s *Server) Get(ctx context.Context, q *ClusterQuery) (*appv1.Cluster, error) {
 	if !s.enf.EnforceClaims(ctx.Value("claims"), "clusters", "get", q.Server) {
--- a/server/cluster/cluster.pb.go
+++ b/server/cluster/cluster.pb.go
@@ -15,7 +15,6 @@
 		ClusterQuery
 		ClusterResponse
 		ClusterCreateRequest
-		ClusterCreateFromKubeConfigRequest
 		ClusterUpdateRequest
 */
 package cluster
@@ -93,48 +92,6 @@ func (m *ClusterCreateRequest) GetUpsert() bool {
 	return false
 }

-type ClusterCreateFromKubeConfigRequest struct {
-	Kubeconfig string `protobuf:"bytes,1,opt,name=kubeconfig,proto3" json:"kubeconfig,omitempty"`
-	Context    string `protobuf:"bytes,2,opt,name=context,proto3" json:"context,omitempty"`
-	Upsert     bool   `protobuf:"varint,3,opt,name=upsert,proto3" json:"upsert,omitempty"`
-	InCluster  bool   `protobuf:"varint,4,opt,name=inCluster,proto3" json:"inCluster,omitempty"`
-}
-
-func (m *ClusterCreateFromKubeConfigRequest) Reset()         { *m = ClusterCreateFromKubeConfigRequest{} }
-func (m *ClusterCreateFromKubeConfigRequest) String() string { return proto.CompactTextString(m) }
-func (*ClusterCreateFromKubeConfigRequest) ProtoMessage()    {}
-func (*ClusterCreateFromKubeConfigRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptorCluster, []int{3}
-}
-
-func (m *ClusterCreateFromKubeConfigRequest) GetKubeconfig() string {
-	if m != nil {
-		return m.Kubeconfig
-	}
-	return ""
-}
-
-func (m *ClusterCreateFromKubeConfigRequest) GetContext() string {
-	if m != nil {
-		return m.Context
-	}
-	return ""
-}
-
-func (m *ClusterCreateFromKubeConfigRequest) GetUpsert() bool {
-	if m != nil {
-		return m.Upsert
-	}
-	return false
-}
-
-func (m *ClusterCreateFromKubeConfigRequest) GetInCluster() bool {
-	if m != nil {
-		return m.InCluster
-	}
-	return false
-}
-
 type ClusterUpdateRequest struct {
 	Cluster *github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.Cluster `protobuf:"bytes,1,opt,name=cluster" json:"cluster,omitempty"`
 }
@@ -142,7 +99,7 @@ type ClusterUpdateRequest struct {
 func (m *ClusterUpdateRequest) Reset()                    { *m = ClusterUpdateRequest{} }
 func (m *ClusterUpdateRequest) String() string            { return proto.CompactTextString(m) }
 func (*ClusterUpdateRequest) ProtoMessage()               {}
-func (*ClusterUpdateRequest) Descriptor() ([]byte, []int) { return fileDescriptorCluster, []int{4} }
+func (*ClusterUpdateRequest) Descriptor() ([]byte, []int) { return fileDescriptorCluster, []int{3} }

 func (m *ClusterUpdateRequest) GetCluster() *github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.Cluster {
 	if m != nil {
@@ -155,7 +112,6 @@ func init() {
 	proto.RegisterType((*ClusterQuery)(nil), "cluster.ClusterQuery")
 	proto.RegisterType((*ClusterResponse)(nil), "cluster.ClusterResponse")
 	proto.RegisterType((*ClusterCreateRequest)(nil), "cluster.ClusterCreateRequest")
-	proto.RegisterType((*ClusterCreateFromKubeConfigRequest)(nil), "cluster.ClusterCreateFromKubeConfigRequest")
 	proto.RegisterType((*ClusterUpdateRequest)(nil), "cluster.ClusterUpdateRequest")
 }

@@ -174,8 +130,6 @@ type ClusterServiceClient interface {
 	List(ctx context.Context, in *ClusterQuery, opts ...grpc.CallOption) (*github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.ClusterList, error)
 	// Create creates a cluster
 	Create(ctx context.Context, in *ClusterCreateRequest, opts ...grpc.CallOption) (*github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.Cluster, error)
-	// CreateFromKubeConfig installs the argocd-manager service account into the cluster specified in the given kubeconfig and context
-	CreateFromKubeConfig(ctx context.Context, in *ClusterCreateFromKubeConfigRequest, opts ...grpc.CallOption) (*github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.Cluster, error)
 	// Get returns a cluster by server address
 	Get(ctx context.Context, in *ClusterQuery, opts ...grpc.CallOption) (*github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.Cluster, error)
 	// Update updates a cluster
@@ -210,15 +164,6 @@ func (c *clusterServiceClient) Create(ctx context.Context, in *ClusterCreateRequ
 	return out, nil
 }

-func (c *clusterServiceClient) CreateFromKubeConfig(ctx context.Context, in *ClusterCreateFromKubeConfigRequest, opts ...grpc.CallOption) (*github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.Cluster, error) {
-	out := new(github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.Cluster)
-	err := grpc.Invoke(ctx, "/cluster.ClusterService/CreateFromKubeConfig", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
 func (c *clusterServiceClient) Get(ctx context.Context, in *ClusterQuery, opts ...grpc.CallOption) (*github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.Cluster, error) {
 	out := new(github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.Cluster)
 	err := grpc.Invoke(ctx, "/cluster.ClusterService/Get", in, out, c.cc, opts...)
@@ -253,8 +198,6 @@ type ClusterServiceServer interface {
 	List(context.Context, *ClusterQuery) (*github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.ClusterList, error)
 	// Create creates a cluster
 	Create(context.Context, *ClusterCreateRequest) (*github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.Cluster, error)
-	// CreateFromKubeConfig installs the argocd-manager service account into the cluster specified in the given kubeconfig and context
-	CreateFromKubeConfig(context.Context, *ClusterCreateFromKubeConfigRequest) (*github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.Cluster, error)
 	// Get returns a cluster by server address
 	Get(context.Context, *ClusterQuery) (*github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.Cluster, error)
 	// Update updates a cluster
@@ -303,24 +246,6 @@ func _ClusterService_Create_Handler(srv interface{}, ctx context.Context, dec fu
 	return interceptor(ctx, in, info, handler)
 }

-func _ClusterService_CreateFromKubeConfig_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(ClusterCreateFromKubeConfigRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(ClusterServiceServer).CreateFromKubeConfig(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/cluster.ClusterService/CreateFromKubeConfig",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ClusterServiceServer).CreateFromKubeConfig(ctx, req.(*ClusterCreateFromKubeConfigRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
 func _ClusterService_Get_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(ClusterQuery)
 	if err := dec(in); err != nil {
@@ -387,10 +312,6 @@ var _ClusterService_serviceDesc = grpc.ServiceDesc{
 			MethodName: "Create",
 			Handler:    _ClusterService_Create_Handler,
 		},
-		{
-			MethodName: "CreateFromKubeConfig",
-			Handler:    _ClusterService_CreateFromKubeConfig_Handler,
-		},
 		{
 			MethodName: "Get",
 			Handler:    _ClusterService_Get_Handler,
@@ -488,56 +409,6 @@ func (m *ClusterCreateRequest) MarshalTo(dAtA []byte) (int, error) {
 	return i, nil
 }

-func (m *ClusterCreateFromKubeConfigRequest) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
-}
-
-func (m *ClusterCreateFromKubeConfigRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Kubeconfig) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintCluster(dAtA, i, uint64(len(m.Kubeconfig)))
-		i += copy(dAtA[i:], m.Kubeconfig)
-	}
-	if len(m.Context) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintCluster(dAtA, i, uint64(len(m.Context)))
-		i += copy(dAtA[i:], m.Context)
-	}
-	if m.Upsert {
-		dAtA[i] = 0x18
-		i++
-		if m.Upsert {
-			dAtA[i] = 1
-		} else {
-			dAtA[i] = 0
-		}
-		i++
-	}
-	if m.InCluster {
-		dAtA[i] = 0x20
-		i++
-		if m.InCluster {
-			dAtA[i] = 1
-		} else {
-			dAtA[i] = 0
-		}
-		i++
-	}
-	return i, nil
-}
-
 func (m *ClusterUpdateRequest) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
@@ -604,26 +475,6 @@ func (m *ClusterCreateRequest) Size() (n int) {
 	return n
 }

-func (m *ClusterCreateFromKubeConfigRequest) Size() (n int) {
-	var l int
-	_ = l
-	l = len(m.Kubeconfig)
-	if l > 0 {
-		n += 1 + l + sovCluster(uint64(l))
-	}
-	l = len(m.Context)
-	if l > 0 {
-		n += 1 + l + sovCluster(uint64(l))
-	}
-	if m.Upsert {
-		n += 2
-	}
-	if m.InCluster {
-		n += 2
-	}
-	return n
-}
-
 func (m *ClusterUpdateRequest) Size() (n int) {
 	var l int
 	_ = l
@@ -879,154 +730,6 @@ func (m *ClusterCreateRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ClusterCreateFromKubeConfigRequest) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowCluster
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: ClusterCreateFromKubeConfigRequest: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ClusterCreateFromKubeConfigRequest: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Kubeconfig", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowCluster
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthCluster
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Kubeconfig = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 2:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Context", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowCluster
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthCluster
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Context = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 3:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Upsert", wireType)
-			}
-			var v int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowCluster
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				v |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			m.Upsert = bool(v != 0)
-		case 4:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field InCluster", wireType)
-			}
-			var v int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowCluster
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				v |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			m.InCluster = bool(v != 0)
-		default:
-			iNdEx = preIndex
-			skippy, err := skipCluster(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if skippy < 0 {
-				return ErrInvalidLengthCluster
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
 func (m *ClusterUpdateRequest) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
@@ -1218,41 +921,35 @@ var (
 func init() { proto.RegisterFile("server/cluster/cluster.proto", fileDescriptorCluster) }

 var fileDescriptorCluster = []byte{
-	// 564 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x95, 0xcd, 0x6e, 0x13, 0x31,
-	0x10, 0xc7, 0xe5, 0xb6, 0xda, 0x12, 0x83, 0xf8, 0xb0, 0x0a, 0x5a, 0xd2, 0x10, 0xa5, 0x3e, 0x54,
-	0x55, 0xa0, 0xb6, 0x12, 0x2e, 0x55, 0x8f, 0x0d, 0x2a, 0x42, 0x70, 0x21, 0x88, 0x0b, 0xaa, 0x84,
-	0x36, 0x9b, 0x61, 0xbb, 0x24, 0x5d, 0x2f, 0xb6, 0x37, 0x02, 0x21, 0x84, 0x04, 0x57, 0xc4, 0x05,
-	0xee, 0x3c, 0x02, 0xaf, 0xc1, 0x11, 0x89, 0x1b, 0x27, 0x14, 0xf1, 0x20, 0x68, 0xbd, 0x76, 0xbe,
-	0xc3, 0x85, 0x88, 0x53, 0xec, 0x19, 0x67, 0xe6, 0x37, 0x33, 0xff, 0x4c, 0x70, 0x45, 0x81, 0x1c,
-	0x80, 0xe4, 0x61, 0x3f, 0x53, 0x7a, 0xfc, 0xc9, 0x52, 0x29, 0xb4, 0x20, 0x9b, 0xf6, 0x5a, 0xde,
-	0x8a, 0x44, 0x24, 0x8c, 0x8d, 0xe7, 0xa7, 0xc2, 0x5d, 0xae, 0x44, 0x42, 0x44, 0x7d, 0xe0, 0x41,
-	0x1a, 0xf3, 0x20, 0x49, 0x84, 0x0e, 0x74, 0x2c, 0x12, 0x65, 0xbd, 0xb4, 0x77, 0xa0, 0x58, 0x2c,
-	0x8c, 0x37, 0x14, 0x12, 0xf8, 0xa0, 0xc1, 0x23, 0x48, 0x40, 0x06, 0x1a, 0xba, 0xf6, 0xcd, 0xbd,
-	0x28, 0xd6, 0xa7, 0x59, 0x87, 0x85, 0xe2, 0x8c, 0x07, 0xd2, 0xa4, 0x78, 0x6e, 0x0e, 0xfb, 0x61,
-	0x97, 0xa7, 0xbd, 0x28, 0xff, 0xb2, 0xe2, 0x41, 0x9a, 0xf6, 0xe3, 0xd0, 0x04, 0xe7, 0x83, 0x46,
-	0xd0, 0x4f, 0x4f, 0x83, 0xb9, 0x50, 0x74, 0x17, 0x5f, 0x68, 0x15, 0xb4, 0x0f, 0x33, 0x90, 0xaf,
-	0xc8, 0x35, 0xec, 0x15, 0xb5, 0xf9, 0xa8, 0x86, 0xf6, 0x4a, 0x6d, 0x7b, 0xa3, 0x57, 0xf0, 0x25,
-	0xfb, 0xae, 0x0d, 0x2a, 0x15, 0x89, 0x02, 0xfa, 0x01, 0xe1, 0x2d, 0x6b, 0x6b, 0x49, 0x08, 0x34,
-	0xb4, 0xe1, 0x45, 0x06, 0x4a, 0x93, 0x13, 0xec, 0x3a, 0x60, 0x82, 0x9c, 0x6f, 0x1e, 0xb1, 0x31,
-	0x30, 0x73, 0xc0, 0xe6, 0xf0, 0x34, 0xec, 0xb2, 0xb4, 0x17, 0xb1, 0x1c, 0x98, 0x4d, 0x00, 0x33,
-	0x07, 0xcc, 0x5c, 0x56, 0x17, 0x32, 0x27, 0xcc, 0x52, 0x05, 0x52, 0xfb, 0x6b, 0x35, 0xb4, 0x77,
-	0xae, 0x6d, 0x6f, 0xf4, 0x33, 0xc2, 0x74, 0x0a, 0xe7, 0x58, 0x8a, 0xb3, 0xfb, 0x59, 0x07, 0x5a,
-	0x22, 0x79, 0x16, 0x47, 0x0e, 0xae, 0x8a, 0x71, 0x2f, 0xeb, 0x40, 0x68, 0x8c, 0xb6, 0xc8, 0x09,
-	0x0b, 0xf1, 0xf1, 0x66, 0x28, 0x12, 0x0d, 0x2f, 0x8b, 0xf8, 0xa5, 0xb6, 0xbb, 0x4e, 0x24, 0x5e,
-	0x9f, 0x4c, 0x4c, 0x2a, 0xb8, 0x14, 0x27, 0x36, 0xb3, 0xbf, 0x61, 0x5c, 0x63, 0x03, 0xd5, 0xa3,
-	0x26, 0x3d, 0x4e, 0xbb, 0xff, 0xab, 0x49, 0xcd, 0x9f, 0x1e, 0xbe, 0x68, 0x8d, 0x8f, 0x40, 0x0e,
-	0xe2, 0x10, 0xc8, 0x5b, 0xbc, 0xf1, 0x20, 0x56, 0x9a, 0x5c, 0x65, 0x4e, 0xad, 0x93, 0x83, 0x2f,
-	0x1f, 0xff, 0x7b, 0xfa, 0x3c, 0x3c, 0xf5, 0xdf, 0xfd, 0xf8, 0xfd, 0x69, 0x8d, 0x90, 0xcb, 0x46,
-	0xc1, 0x83, 0x86, 0xfb, 0x6d, 0x28, 0xf2, 0x11, 0x61, 0xaf, 0x98, 0x0c, 0xb9, 0x31, 0xcb, 0x30,
-	0x25, 0xa0, 0xf2, 0x0a, 0x5a, 0x41, 0x77, 0x0c, 0xc7, 0x36, 0x9d, 0xe3, 0x38, 0x1c, 0x29, 0xe9,
-	0x6b, 0x2e, 0xe0, 0x05, 0x52, 0x21, 0x37, 0x17, 0xe3, 0x2d, 0x14, 0xd4, 0x4a, 0x60, 0x77, 0x0d,
-	0x6c, 0x8d, 0x6e, 0xcf, 0xc2, 0xee, 0x8f, 0x95, 0x79, 0x88, 0xea, 0xe4, 0x3d, 0xc2, 0xeb, 0x77,
-	0x61, 0xe9, 0x0c, 0x57, 0xd8, 0x37, 0x72, 0x7d, 0x16, 0x85, 0xbf, 0x2e, 0x56, 0xc1, 0x1b, 0xf2,
-	0x05, 0x61, 0xaf, 0x10, 0xf3, 0xfc, 0x20, 0xa7, 0x44, 0xbe, 0x12, 0xa0, 0xa6, 0x01, 0xba, 0x55,
-	0xde, 0x99, 0x07, 0x72, 0xb9, 0x2d, 0xd8, 0x78, 0xb2, 0x27, 0xd8, 0xbb, 0x03, 0x7d, 0xd0, 0xb0,
-	0xac, 0x53, 0xfe, 0xac, 0x79, 0xb4, 0xd5, 0x6c, 0xfd, 0xf5, 0xe5, 0xf5, 0x1f, 0x1d, 0x7c, 0x1b,
-	0x56, 0xd1, 0xf7, 0x61, 0x15, 0xfd, 0x1a, 0x56, 0xd1, 0x93, 0xfa, 0xdf, 0x96, 0xf1, 0xf4, 0xff,
-	0x44, 0xc7, 0x33, 0x4b, 0xf7, 0xf6, 0x9f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x23, 0xc4, 0x8d, 0xa4,
-	0x40, 0x06, 0x00, 0x00,
+	// 472 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x94, 0xcf, 0x8b, 0x13, 0x31,
+	0x14, 0xc7, 0xc9, 0xaa, 0xa3, 0x46, 0xf1, 0x47, 0x58, 0xa5, 0x8e, 0x6b, 0xd9, 0xcd, 0x41, 0x96,
+	0x45, 0x13, 0x5a, 0x2f, 0x8b, 0xc7, 0x5d, 0x51, 0x04, 0x2f, 0x56, 0xbc, 0xc8, 0x82, 0x64, 0xa7,
+	0x8f, 0xec, 0xd8, 0x71, 0x12, 0x93, 0xcc, 0x80, 0x88, 0x08, 0x7a, 0x15, 0x2f, 0xfe, 0x01, 0x5e,
+	0xfd, 0x53, 0x3c, 0x0a, 0xfe, 0x03, 0x52, 0xfc, 0x43, 0x64, 0x32, 0x49, 0xbb, 0x6d, 0xa9, 0x17,
+	0xcb, 0x9e, 0x9a, 0xbc, 0xa4, 0xef, 0x7d, 0xf2, 0x7d, 0xdf, 0x79, 0x78, 0xc3, 0x82, 0xa9, 0xc1,
+	0xf0, 0xac, 0xa8, 0xac, 0x9b, 0xfe, 0x32, 0x6d, 0x94, 0x53, 0xe4, 0x6c, 0xd8, 0xa6, 0xeb, 0x52,
+	0x49, 0xe5, 0x63, 0xbc, 0x59, 0xb5, 0xc7, 0xe9, 0x86, 0x54, 0x4a, 0x16, 0xc0, 0x85, 0xce, 0xb9,
+	0x28, 0x4b, 0xe5, 0x84, 0xcb, 0x55, 0x69, 0xc3, 0x29, 0x1d, 0xed, 0x5a, 0x96, 0x2b, 0x7f, 0x9a,
+	0x29, 0x03, 0xbc, 0xee, 0x71, 0x09, 0x25, 0x18, 0xe1, 0x60, 0x18, 0xee, 0x3c, 0x96, 0xb9, 0x3b,
+	0xaa, 0x0e, 0x59, 0xa6, 0x5e, 0x73, 0x61, 0x7c, 0x89, 0x57, 0x7e, 0x71, 0x37, 0x1b, 0x72, 0x3d,
+	0x92, 0xcd, 0x9f, 0x2d, 0x17, 0x5a, 0x17, 0x79, 0xe6, 0x93, 0xf3, 0xba, 0x27, 0x0a, 0x7d, 0x24,
+	0x16, 0x52, 0xd1, 0xdb, 0xf8, 0xe2, 0x7e, 0x4b, 0xfb, 0xb4, 0x02, 0xf3, 0x96, 0x5c, 0xc7, 0x49,
+	0xfb, 0xb6, 0x0e, 0xda, 0x44, 0xdb, 0xe7, 0x07, 0x61, 0x47, 0xaf, 0xe2, 0xcb, 0xe1, 0xde, 0x00,
+	0xac, 0x56, 0xa5, 0x05, 0xfa, 0x19, 0xe1, 0xf5, 0x10, 0xdb, 0x37, 0x20, 0x1c, 0x0c, 0xe0, 0x4d,
+	0x05, 0xd6, 0x91, 0x03, 0x1c, 0x15, 0xf0, 0x49, 0x2e, 0xf4, 0xf7, 0xd8, 0x14, 0x98, 0x45, 0x60,
+	0xbf, 0x78, 0x99, 0x0d, 0x99, 0x1e, 0x49, 0xd6, 0x00, 0xb3, 0x63, 0xc0, 0x2c, 0x02, 0xb3, 0x58,
+	0x35, 0xa6, 0x6c, 0x08, 0x2b, 0x6d, 0xc1, 0xb8, 0xce, 0xda, 0x26, 0xda, 0x3e, 0x37, 0x08, 0x3b,
+	0xea, 0x26, 0x34, 0xcf, 0xf5, 0xf0, 0xa4, 0x68, 0xfa, 0xdf, 0xcf, 0xe0, 0x4b, 0x21, 0xf8, 0x0c,
+	0x4c, 0x9d, 0x67, 0x40, 0x3e, 0xe0, 0xd3, 0x4f, 0x72, 0xeb, 0xc8, 0x35, 0x16, 0x6d, 0x71, 0x5c,
+	0xe1, 0xf4, 0xe1, 0xff, 0x97, 0x6f, 0xd2, 0xd3, 0xce, 0xc7, 0x5f, 0x7f, 0xbe, 0xae, 0x11, 0x72,
+	0xc5, 0x5b, 0xa5, 0xee, 0x45, 0x13, 0x5a, 0xf2, 0x05, 0xe1, 0xa4, 0xed, 0x08, 0xb9, 0x35, 0xcf,
+	0x30, 0xd3, 0xa9, 0x74, 0x05, 0x52, 0xd0, 0x2d, 0xcf, 0x71, 0x93, 0x2e, 0x70, 0xdc, 0x9f, 0xb4,
+	0xec, 0x13, 0xc2, 0xa7, 0x1e, 0xc1, 0x52, 0x45, 0x56, 0x48, 0x41, 0x6e, 0xcc, 0x53, 0xf0, 0x77,
+	0xad, 0x83, 0xdf, 0x93, 0x6f, 0x08, 0x27, 0xad, 0x35, 0x16, 0x65, 0x99, 0xb1, 0xcc, 0x4a, 0x80,
+	0xfa, 0x1e, 0xe8, 0x4e, 0xba, 0xb5, 0x08, 0x14, 0x6b, 0x07, 0xb0, 0xa9, 0x4e, 0x07, 0x38, 0x79,
+	0x00, 0x05, 0x38, 0x58, 0xa6, 0x54, 0x67, 0x3e, 0x3c, 0xf9, 0x18, 0xc3, 0xfb, 0x77, 0x96, 0xbf,
+	0x7f, 0x6f, 0xf7, 0xc7, 0xb8, 0x8b, 0x7e, 0x8e, 0xbb, 0xe8, 0xf7, 0xb8, 0x8b, 0x5e, 0xec, 0xfc,
+	0x6b, 0x86, 0xcc, 0x8e, 0xb7, 0xc3, 0xc4, 0xcf, 0x8a, 0x7b, 0x7f, 0x03, 0x00, 0x00, 0xff, 0xff,
+	0x2c, 0xae, 0x46, 0x1e, 0xf7, 0x04, 0x00, 0x00,
 }
--- a/server/cluster/cluster.pb.gw.go
+++ b/server/cluster/cluster.pb.gw.go
@@ -66,19 +66,6 @@ func request_ClusterService_Create_0(ctx context.Context, marshaler runtime.Mars

 }

-func request_ClusterService_CreateFromKubeConfig_0(ctx context.Context, marshaler runtime.Marshaler, client ClusterServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
-	var protoReq ClusterCreateFromKubeConfigRequest
-	var metadata runtime.ServerMetadata
-
-	if err := marshaler.NewDecoder(req.Body).Decode(&protoReq); err != nil {
-		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
-	}
-
-	msg, err := client.CreateFromKubeConfig(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
-	return msg, metadata, err
-
-}
-
 func request_ClusterService_Get_0(ctx context.Context, marshaler runtime.Marshaler, client ClusterServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
 	var protoReq ClusterQuery
 	var metadata runtime.ServerMetadata
@@ -260,35 +247,6 @@ func RegisterClusterServiceHandlerClient(ctx context.Context, mux *runtime.Serve

 	})

-	mux.Handle("POST", pattern_ClusterService_CreateFromKubeConfig_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
-		ctx, cancel := context.WithCancel(req.Context())
-		defer cancel()
-		if cn, ok := w.(http.CloseNotifier); ok {
-			go func(done <-chan struct{}, closed <-chan bool) {
-				select {
-				case <-done:
-				case <-closed:
-					cancel()
-				}
-			}(ctx.Done(), cn.CloseNotify())
-		}
-		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
-		rctx, err := runtime.AnnotateContext(ctx, mux, req)
-		if err != nil {
-			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
-			return
-		}
-		resp, md, err := request_ClusterService_CreateFromKubeConfig_0(rctx, inboundMarshaler, client, req, pathParams)
-		ctx = runtime.NewServerMetadataContext(ctx, md)
-		if err != nil {
-			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
-			return
-		}
-
-		forward_ClusterService_CreateFromKubeConfig_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
-
-	})
-
 	mux.Handle("GET", pattern_ClusterService_Get_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
 		ctx, cancel := context.WithCancel(req.Context())
 		defer cancel()
@@ -384,8 +342,6 @@ var (

 	pattern_ClusterService_Create_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"api", "v1", "clusters"}, ""))

-	pattern_ClusterService_CreateFromKubeConfig_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"api", "v1", "clusters-kubeconfig"}, ""))
-
 	pattern_ClusterService_Get_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3}, []string{"api", "v1", "clusters", "server"}, ""))

 	pattern_ClusterService_Update_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3}, []string{"api", "v1", "clusters", "cluster.server"}, ""))
@@ -398,8 +354,6 @@ var (

 	forward_ClusterService_Create_0 = runtime.ForwardResponseMessage

-	forward_ClusterService_CreateFromKubeConfig_0 = runtime.ForwardResponseMessage
-
 	forward_ClusterService_Get_0 = runtime.ForwardResponseMessage

 	forward_ClusterService_Update_0 = runtime.ForwardResponseMessage
--- a/server/cluster/cluster.proto
+++ b/server/cluster/cluster.proto
@@ -24,13 +24,6 @@ message ClusterCreateRequest {
 	bool upsert = 2;
 }

-message ClusterCreateFromKubeConfigRequest {
-	string kubeconfig = 1;
-	string context = 2;
-	bool upsert = 3;
-	bool inCluster = 4;
-}
-
 message ClusterUpdateRequest {
 	github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.Cluster cluster = 1;
 }
@@ -50,14 +43,6 @@ service ClusterService {
 			body: "cluster"
 		};
 	}
-
-	// CreateFromKubeConfig installs the argocd-manager service account into the cluster specified in the given kubeconfig and context
-	rpc CreateFromKubeConfig(ClusterCreateFromKubeConfigRequest) returns (github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.Cluster) {
-		option (google.api.http) = {
-			post: "/api/v1/clusters-kubeconfig"
-			body: "*"
-		};
-	}
 	
 	// Get returns a cluster by server address
 	rpc Get(ClusterQuery) returns (github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.Cluster) {
--- a/server/project/project.go
+++ b/server/project/project.go
@@ -3,14 +3,8 @@ package project
 import (
 	"context"
 	"fmt"
-	"strings"

-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
-	"k8s.io/api/core/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/fields"
-	"k8s.io/client-go/kubernetes"
+	"strings"

 	"github.com/argoproj/argo-cd/common"
 	"github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1"
@@ -19,118 +13,28 @@ import (
 	"github.com/argoproj/argo-cd/util/argo"
 	"github.com/argoproj/argo-cd/util/git"
 	"github.com/argoproj/argo-cd/util/grpc"
-	projectutil "github.com/argoproj/argo-cd/util/project"
 	"github.com/argoproj/argo-cd/util/rbac"
 	"github.com/argoproj/argo-cd/util/session"
-	jwt "github.com/dgrijalva/jwt-go"
-)
-
-const (
-	// JWTTokenSubFormat format of the JWT token subject that ArgoCD vends out.
-	JWTTokenSubFormat = "proj:%s:%s"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+	"k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
 )

 // Server provides a Project service
 type Server struct {
-	ns            string
-	enf           *rbac.Enforcer
-	appclientset  appclientset.Interface
-	kubeclientset kubernetes.Interface
-	auditLogger   *argo.AuditLogger
-	projectLock   *util.KeyLock
-	sessionMgr    *session.SessionManager
+	ns           string
+	enf          *rbac.Enforcer
+	appclientset appclientset.Interface
+	auditLogger  *argo.AuditLogger
+	projectLock  *util.KeyLock
 }

 // NewServer returns a new instance of the Project service
-func NewServer(ns string, kubeclientset kubernetes.Interface, appclientset appclientset.Interface, enf *rbac.Enforcer, projectLock *util.KeyLock, sessionMgr *session.SessionManager) *Server {
+func NewServer(ns string, kubeclientset kubernetes.Interface, appclientset appclientset.Interface, enf *rbac.Enforcer, projectLock *util.KeyLock) *Server {
 	auditLogger := argo.NewAuditLogger(ns, kubeclientset, "argocd-server")
-	return &Server{enf: enf, appclientset: appclientset, kubeclientset: kubeclientset, ns: ns, projectLock: projectLock, auditLogger: auditLogger, sessionMgr: sessionMgr}
-}
-
-// CreateToken creates a new token to access a project
-func (s *Server) CreateToken(ctx context.Context, q *ProjectTokenCreateRequest) (*ProjectTokenResponse, error) {
-	if !s.enf.EnforceClaims(ctx.Value("claims"), "projects", "update", q.Project) {
-		return nil, grpc.ErrPermissionDenied
-	}
-	project, err := s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Get(q.Project, metav1.GetOptions{})
-	if err != nil {
-		return nil, err
-	}
-	err = validateProject(project)
-	if err != nil {
-		return nil, err
-	}
-
-	s.projectLock.Lock(q.Project)
-	defer s.projectLock.Unlock(q.Project)
-
-	index, err := projectutil.GetRoleIndexByName(project, q.Role)
-	if err != nil {
-		return nil, status.Errorf(codes.NotFound, "project '%s' does not have role '%s'", q.Project, q.Role)
-	}
-
-	tokenName := fmt.Sprintf(JWTTokenSubFormat, q.Project, q.Role)
-	jwtToken, err := s.sessionMgr.Create(tokenName, q.ExpiresIn)
-	if err != nil {
-		return nil, status.Error(codes.InvalidArgument, err.Error())
-	}
-	parser := &jwt.Parser{
-		SkipClaimsValidation: true,
-	}
-	claims := jwt.StandardClaims{}
-	_, _, err = parser.ParseUnverified(jwtToken, &claims)
-	if err != nil {
-		return nil, status.Error(codes.InvalidArgument, err.Error())
-	}
-	issuedAt := claims.IssuedAt
-	expiresAt := claims.ExpiresAt
-
-	project.Spec.Roles[index].JWTTokens = append(project.Spec.Roles[index].JWTTokens, v1alpha1.JWTToken{IssuedAt: issuedAt, ExpiresAt: expiresAt})
-	_, err = s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Update(project)
-	if err != nil {
-		return nil, err
-	}
-	s.logEvent(project, ctx, argo.EventReasonResourceCreated, "create token")
-	return &ProjectTokenResponse{Token: jwtToken}, nil
-
-}
-
-// DeleteToken deletes a token in a project
-func (s *Server) DeleteToken(ctx context.Context, q *ProjectTokenDeleteRequest) (*EmptyResponse, error) {
-	if !s.enf.EnforceClaims(ctx.Value("claims"), "projects", "delete", q.Project) {
-		return nil, grpc.ErrPermissionDenied
-	}
-	project, err := s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Get(q.Project, metav1.GetOptions{})
-	if err != nil {
-		return nil, err
-	}
-	err = validateProject(project)
-	if err != nil {
-		return nil, err
-	}
-
-	s.projectLock.Lock(q.Project)
-	defer s.projectLock.Unlock(q.Project)
-
-	roleIndex, err := projectutil.GetRoleIndexByName(project, q.Role)
-	if err != nil {
-		return &EmptyResponse{}, nil
-	}
-	if project.Spec.Roles[roleIndex].JWTTokens == nil {
-		return &EmptyResponse{}, nil
-	}
-	jwtTokenIndex, err := projectutil.GetJWTTokenIndexByIssuedAt(project, roleIndex, q.Iat)
-	if err != nil {
-		return &EmptyResponse{}, nil
-	}
-	project.Spec.Roles[roleIndex].JWTTokens[jwtTokenIndex] = project.Spec.Roles[roleIndex].JWTTokens[len(project.Spec.Roles[roleIndex].JWTTokens)-1]
-	project.Spec.Roles[roleIndex].JWTTokens = project.Spec.Roles[roleIndex].JWTTokens[:len(project.Spec.Roles[roleIndex].JWTTokens)-1]
-	_, err = s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Update(project)
-	if err != nil {
-		return nil, err
-	}
-	s.logEvent(project, ctx, argo.EventReasonResourceDeleted, "deleted token")
-	return &EmptyResponse{}, nil
+	return &Server{enf: enf, appclientset: appclientset, ns: ns, projectLock: projectLock, auditLogger: auditLogger}
 }

 // Create a new project.
@@ -138,7 +42,9 @@ func (s *Server) Create(ctx context.Context, q *ProjectCreateRequest) (*v1alpha1
 	if !s.enf.EnforceClaims(ctx.Value("claims"), "projects", "create", q.Project.Name) {
 		return nil, grpc.ErrPermissionDenied
 	}
-
+	if q.Project.Name == common.DefaultAppProjectName {
+		return nil, status.Errorf(codes.InvalidArgument, "name '%s' is reserved and cannot be used as a project name", q.Project.Name)
+	}
 	err := validateProject(q.Project)
 	if err != nil {
 		return nil, err
@@ -153,6 +59,7 @@ func (s *Server) Create(ctx context.Context, q *ProjectCreateRequest) (*v1alpha1
 // List returns list of projects
 func (s *Server) List(ctx context.Context, q *ProjectQuery) (*v1alpha1.AppProjectList, error) {
 	list, err := s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).List(metav1.ListOptions{})
+	list.Items = append(list.Items, v1alpha1.GetDefaultProject(s.ns))
 	if list != nil {
 		newItems := make([]v1alpha1.AppProject, 0)
 		for i := range list.Items {
@@ -214,58 +121,6 @@ func getRemovedSources(oldProj, newProj *v1alpha1.AppProject) map[string]bool {
 	return removed
 }

-func validateJWTToken(proj string, token string, policy string) error {
-	err := validatePolicy(proj, policy)
-	if err != nil {
-		return err
-	}
-	policyComponents := strings.Split(policy, ",")
-	if strings.Trim(policyComponents[2], " ") != "applications" {
-		return status.Errorf(codes.InvalidArgument, "incorrect format for '%s' as JWT tokens can only access applications", policy)
-	}
-	roleComponents := strings.Split(strings.Trim(policyComponents[1], " "), ":")
-	if len(roleComponents) != 3 {
-		return status.Errorf(codes.InvalidArgument, "incorrect number of role arguments for '%s' policy", policy)
-	}
-	if roleComponents[0] != "proj" {
-		return status.Errorf(codes.InvalidArgument, "incorrect policy format for '%s' as role should start with 'proj:'", policy)
-	}
-	if roleComponents[1] != proj {
-		return status.Errorf(codes.InvalidArgument, "incorrect policy format for '%s' as policy can't grant access to other projects", policy)
-	}
-	if roleComponents[2] != token {
-		return status.Errorf(codes.InvalidArgument, "incorrect policy format for '%s' as policy can't grant access to other roles", policy)
-	}
-	return nil
-}
-
-func validatePolicy(proj string, policy string) error {
-	policyComponents := strings.Split(policy, ",")
-	if len(policyComponents) != 6 {
-		return status.Errorf(codes.InvalidArgument, "incorrect number of policy arguments for '%s'", policy)
-	}
-	if strings.Trim(policyComponents[0], " ") != "p" {
-		return status.Errorf(codes.InvalidArgument, "policies can only use the policy format: '%s'", policy)
-	}
-	if len(strings.Trim(policyComponents[1], " ")) <= 0 {
-		return status.Errorf(codes.InvalidArgument, "incorrect policy format for '%s' as subject must be longer than 0 characters:", policy)
-	}
-	if len(strings.Trim(policyComponents[2], " ")) <= 0 {
-		return status.Errorf(codes.InvalidArgument, "incorrect policy format for '%s' as object must be longer than 0 characters:", policy)
-	}
-	if len(strings.Trim(policyComponents[3], " ")) <= 0 {
-		return status.Errorf(codes.InvalidArgument, "incorrect policy format for '%s' as action must be longer than 0 characters:", policy)
-	}
-	if !strings.HasPrefix(strings.Trim(policyComponents[4], " "), proj) {
-		return status.Errorf(codes.InvalidArgument, "incorrect policy format for '%s' as policies can't grant access to other projects", policy)
-	}
-	effect := strings.Trim(policyComponents[5], " ")
-	if effect != "allow" && effect != "deny" {
-		return status.Errorf(codes.InvalidArgument, "incorrect policy format for '%s' as effect can only have value 'allow' or 'deny'", policy)
-	}
-	return nil
-}
-
 func validateProject(p *v1alpha1.AppProject) error {
 	destKeys := make(map[string]bool)
 	for _, dest := range p.Spec.Destinations {
@@ -278,9 +133,7 @@ func validateProject(p *v1alpha1.AppProject) error {
 	}
 	srcRepos := make(map[string]bool)
 	for i, src := range p.Spec.SourceRepos {
-		if src != "*" {
-			src = git.NormalizeGitURL(src)
-		}
+		src = git.NormalizeGitURL(src)
 		p.Spec.SourceRepos[i] = src
 		if _, ok := srcRepos[src]; !ok {
 			srcRepos[src] = true
@@ -288,39 +141,14 @@ func validateProject(p *v1alpha1.AppProject) error {
 			return status.Errorf(codes.InvalidArgument, "source repository %s should not be listed more than once.", src)
 		}
 	}
-
-	roleNames := make(map[string]bool)
-	for _, role := range p.Spec.Roles {
-		existingPolicies := make(map[string]bool)
-		for _, policy := range role.Policies {
-			var err error
-			if role.JWTTokens != nil {
-				err = validateJWTToken(p.Name, role.Name, policy)
-			} else {
-				err = validatePolicy(p.Name, policy)
-			}
-			if err != nil {
-				return err
-			}
-			if _, ok := existingPolicies[policy]; !ok {
-				existingPolicies[policy] = true
-			} else {
-				return status.Errorf(codes.AlreadyExists, "policy '%s' already exists for role '%s'", policy, role.Name)
-			}
-		}
-		if _, ok := roleNames[role.Name]; !ok {
-			roleNames[role.Name] = true
-		} else {
-			return status.Errorf(codes.AlreadyExists, "can't have duplicate roles: role '%s' already exists", role.Name)
-		}
-
-	}
-
 	return nil
 }

 // Update updates a project
 func (s *Server) Update(ctx context.Context, q *ProjectUpdateRequest) (*v1alpha1.AppProject, error) {
+	if q.Project.Name == common.DefaultAppProjectName {
+		return nil, grpc.ErrPermissionDenied
+	}
 	if !s.enf.EnforceClaims(ctx.Value("claims"), "projects", "update", q.Project.Name) {
 		return nil, grpc.ErrPermissionDenied
 	}
@@ -377,9 +205,6 @@ func (s *Server) Update(ctx context.Context, q *ProjectUpdateRequest) (*v1alpha1

 // Delete deletes a project
 func (s *Server) Delete(ctx context.Context, q *ProjectQuery) (*EmptyResponse, error) {
-	if q.Name == common.DefaultAppProjectName {
-		return nil, status.Errorf(codes.InvalidArgument, "name '%s' is reserved and cannot be deleted", q.Name)
-	}
 	if !s.enf.EnforceClaims(ctx.Value("claims"), "projects", "delete", q.Name) {
 		return nil, grpc.ErrPermissionDenied
 	}
@@ -407,22 +232,6 @@ func (s *Server) Delete(ctx context.Context, q *ProjectQuery) (*EmptyResponse, e
 	return &EmptyResponse{}, err
 }

-func (s *Server) ListEvents(ctx context.Context, q *ProjectQuery) (*v1.EventList, error) {
-	if !s.enf.EnforceClaims(ctx.Value("claims"), "projects/events", "get", q.Name) {
-		return nil, grpc.ErrPermissionDenied
-	}
-	proj, err := s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Get(q.Name, metav1.GetOptions{})
-	if err != nil {
-		return nil, err
-	}
-	fieldSelector := fields.SelectorFromSet(map[string]string{
-		"involvedObject.name":      proj.Name,
-		"involvedObject.uid":       string(proj.UID),
-		"involvedObject.namespace": proj.Namespace,
-	}).String()
-	return s.kubeclientset.CoreV1().Events(s.ns).List(metav1.ListOptions{FieldSelector: fieldSelector})
-}
-
 func (s *Server) logEvent(p *v1alpha1.AppProject, ctx context.Context, reason string, action string) {
 	s.auditLogger.LogAppProjEvent(p, argo.EventInfo{Reason: reason, Action: action, Username: session.Username(ctx)}, v1.EventTypeNormal)
 }
--- a/server/project/project.pb.go
+++ b/server/project/project.pb.go
@@ -13,9 +13,6 @@

 	It has these top-level messages:
 		ProjectCreateRequest
-		ProjectTokenDeleteRequest
-		ProjectTokenCreateRequest
-		ProjectTokenResponse
 		ProjectQuery
 		ProjectUpdateRequest
 		EmptyResponse
@@ -27,7 +24,7 @@ import fmt "fmt"
 import math "math"
 import _ "github.com/gogo/protobuf/gogoproto"
 import _ "google.golang.org/genproto/googleapis/api/annotations"
-import k8s_io_api_core_v1 "k8s.io/api/core/v1"
+import _ "k8s.io/api/core/v1"
 import _ "k8s.io/apimachinery/pkg/apis/meta/v1"
 import github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1 "github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1"

@@ -64,98 +61,6 @@ func (m *ProjectCreateRequest) GetProject() *github_com_argoproj_argo_cd_pkg_api
 	return nil
 }

-// ProjectTokenCreateRequest defines project token deletion parameters.
-type ProjectTokenDeleteRequest struct {
-	Project string `protobuf:"bytes,1,opt,name=project,proto3" json:"project,omitempty"`
-	Role    string `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"`
-	Iat     int64  `protobuf:"varint,3,opt,name=iat,proto3" json:"iat,omitempty"`
-}
-
-func (m *ProjectTokenDeleteRequest) Reset()                    { *m = ProjectTokenDeleteRequest{} }
-func (m *ProjectTokenDeleteRequest) String() string            { return proto.CompactTextString(m) }
-func (*ProjectTokenDeleteRequest) ProtoMessage()               {}
-func (*ProjectTokenDeleteRequest) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{1} }
-
-func (m *ProjectTokenDeleteRequest) GetProject() string {
-	if m != nil {
-		return m.Project
-	}
-	return ""
-}
-
-func (m *ProjectTokenDeleteRequest) GetRole() string {
-	if m != nil {
-		return m.Role
-	}
-	return ""
-}
-
-func (m *ProjectTokenDeleteRequest) GetIat() int64 {
-	if m != nil {
-		return m.Iat
-	}
-	return 0
-}
-
-// ProjectTokenCreateRequest defines project token creation parameters.
-type ProjectTokenCreateRequest struct {
-	Project     string `protobuf:"bytes,1,opt,name=project,proto3" json:"project,omitempty"`
-	Description string `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"`
-	Role        string `protobuf:"bytes,3,opt,name=role,proto3" json:"role,omitempty"`
-	// expiresIn represents a duration in seconds
-	ExpiresIn int64 `protobuf:"varint,4,opt,name=expiresIn,proto3" json:"expiresIn,omitempty"`
-}
-
-func (m *ProjectTokenCreateRequest) Reset()                    { *m = ProjectTokenCreateRequest{} }
-func (m *ProjectTokenCreateRequest) String() string            { return proto.CompactTextString(m) }
-func (*ProjectTokenCreateRequest) ProtoMessage()               {}
-func (*ProjectTokenCreateRequest) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{2} }
-
-func (m *ProjectTokenCreateRequest) GetProject() string {
-	if m != nil {
-		return m.Project
-	}
-	return ""
-}
-
-func (m *ProjectTokenCreateRequest) GetDescription() string {
-	if m != nil {
-		return m.Description
-	}
-	return ""
-}
-
-func (m *ProjectTokenCreateRequest) GetRole() string {
-	if m != nil {
-		return m.Role
-	}
-	return ""
-}
-
-func (m *ProjectTokenCreateRequest) GetExpiresIn() int64 {
-	if m != nil {
-		return m.ExpiresIn
-	}
-	return 0
-}
-
-// ProjectTokenResponse wraps the created token or returns an empty string if deleted.
-type ProjectTokenResponse struct {
-	Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
-}
-
-func (m *ProjectTokenResponse) Reset()                    { *m = ProjectTokenResponse{} }
-func (m *ProjectTokenResponse) String() string            { return proto.CompactTextString(m) }
-func (*ProjectTokenResponse) ProtoMessage()               {}
-func (*ProjectTokenResponse) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{3} }
-
-func (m *ProjectTokenResponse) GetToken() string {
-	if m != nil {
-		return m.Token
-	}
-	return ""
-}
-
 // ProjectQuery is a query for Project resources
 type ProjectQuery struct {
 	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
@@ -164,7 +69,7 @@ type ProjectQuery struct {
 func (m *ProjectQuery) Reset()                    { *m = ProjectQuery{} }
 func (m *ProjectQuery) String() string            { return proto.CompactTextString(m) }
 func (*ProjectQuery) ProtoMessage()               {}
-func (*ProjectQuery) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{4} }
+func (*ProjectQuery) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{1} }

 func (m *ProjectQuery) GetName() string {
 	if m != nil {
@@ -180,7 +85,7 @@ type ProjectUpdateRequest struct {
 func (m *ProjectUpdateRequest) Reset()                    { *m = ProjectUpdateRequest{} }
 func (m *ProjectUpdateRequest) String() string            { return proto.CompactTextString(m) }
 func (*ProjectUpdateRequest) ProtoMessage()               {}
-func (*ProjectUpdateRequest) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{5} }
+func (*ProjectUpdateRequest) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{2} }

 func (m *ProjectUpdateRequest) GetProject() *github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.AppProject {
 	if m != nil {
@@ -195,13 +100,10 @@ type EmptyResponse struct {
 func (m *EmptyResponse) Reset()                    { *m = EmptyResponse{} }
 func (m *EmptyResponse) String() string            { return proto.CompactTextString(m) }
 func (*EmptyResponse) ProtoMessage()               {}
-func (*EmptyResponse) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{6} }
+func (*EmptyResponse) Descriptor() ([]byte, []int) { return fileDescriptorProject, []int{3} }

 func init() {
 	proto.RegisterType((*ProjectCreateRequest)(nil), "project.ProjectCreateRequest")
-	proto.RegisterType((*ProjectTokenDeleteRequest)(nil), "project.ProjectTokenDeleteRequest")
-	proto.RegisterType((*ProjectTokenCreateRequest)(nil), "project.ProjectTokenCreateRequest")
-	proto.RegisterType((*ProjectTokenResponse)(nil), "project.ProjectTokenResponse")
 	proto.RegisterType((*ProjectQuery)(nil), "project.ProjectQuery")
 	proto.RegisterType((*ProjectUpdateRequest)(nil), "project.ProjectUpdateRequest")
 	proto.RegisterType((*EmptyResponse)(nil), "project.EmptyResponse")
@@ -218,10 +120,6 @@ const _ = grpc.SupportPackageIsVersion4
 // Client API for ProjectService service

 type ProjectServiceClient interface {
-	// Create a new project token.
-	CreateToken(ctx context.Context, in *ProjectTokenCreateRequest, opts ...grpc.CallOption) (*ProjectTokenResponse, error)
-	// Delete a new project token.
-	DeleteToken(ctx context.Context, in *ProjectTokenDeleteRequest, opts ...grpc.CallOption) (*EmptyResponse, error)
 	// Create a new project.
 	Create(ctx context.Context, in *ProjectCreateRequest, opts ...grpc.CallOption) (*github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.AppProject, error)
 	// List returns list of projects
@@ -232,8 +130,6 @@ type ProjectServiceClient interface {
 	Update(ctx context.Context, in *ProjectUpdateRequest, opts ...grpc.CallOption) (*github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.AppProject, error)
 	// Delete deletes a project
 	Delete(ctx context.Context, in *ProjectQuery, opts ...grpc.CallOption) (*EmptyResponse, error)
-	// ListEvents returns a list of project events
-	ListEvents(ctx context.Context, in *ProjectQuery, opts ...grpc.CallOption) (*k8s_io_api_core_v1.EventList, error)
 }

 type projectServiceClient struct {
@@ -244,24 +140,6 @@ func NewProjectServiceClient(cc *grpc.ClientConn) ProjectServiceClient {
 	return &projectServiceClient{cc}
 }

-func (c *projectServiceClient) CreateToken(ctx context.Context, in *ProjectTokenCreateRequest, opts ...grpc.CallOption) (*ProjectTokenResponse, error) {
-	out := new(ProjectTokenResponse)
-	err := grpc.Invoke(ctx, "/project.ProjectService/CreateToken", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *projectServiceClient) DeleteToken(ctx context.Context, in *ProjectTokenDeleteRequest, opts ...grpc.CallOption) (*EmptyResponse, error) {
-	out := new(EmptyResponse)
-	err := grpc.Invoke(ctx, "/project.ProjectService/DeleteToken", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
 func (c *projectServiceClient) Create(ctx context.Context, in *ProjectCreateRequest, opts ...grpc.CallOption) (*github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.AppProject, error) {
 	out := new(github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.AppProject)
 	err := grpc.Invoke(ctx, "/project.ProjectService/Create", in, out, c.cc, opts...)
@@ -307,22 +185,9 @@ func (c *projectServiceClient) Delete(ctx context.Context, in *ProjectQuery, opt
 	return out, nil
 }

-func (c *projectServiceClient) ListEvents(ctx context.Context, in *ProjectQuery, opts ...grpc.CallOption) (*k8s_io_api_core_v1.EventList, error) {
-	out := new(k8s_io_api_core_v1.EventList)
-	err := grpc.Invoke(ctx, "/project.ProjectService/ListEvents", in, out, c.cc, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
 // Server API for ProjectService service

 type ProjectServiceServer interface {
-	// Create a new project token.
-	CreateToken(context.Context, *ProjectTokenCreateRequest) (*ProjectTokenResponse, error)
-	// Delete a new project token.
-	DeleteToken(context.Context, *ProjectTokenDeleteRequest) (*EmptyResponse, error)
 	// Create a new project.
 	Create(context.Context, *ProjectCreateRequest) (*github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.AppProject, error)
 	// List returns list of projects
@@ -333,50 +198,12 @@ type ProjectServiceServer interface {
 	Update(context.Context, *ProjectUpdateRequest) (*github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.AppProject, error)
 	// Delete deletes a project
 	Delete(context.Context, *ProjectQuery) (*EmptyResponse, error)
-	// ListEvents returns a list of project events
-	ListEvents(context.Context, *ProjectQuery) (*k8s_io_api_core_v1.EventList, error)
 }

 func RegisterProjectServiceServer(s *grpc.Server, srv ProjectServiceServer) {
 	s.RegisterService(&_ProjectService_serviceDesc, srv)
 }

-func _ProjectService_CreateToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(ProjectTokenCreateRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(ProjectServiceServer).CreateToken(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/project.ProjectService/CreateToken",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ProjectServiceServer).CreateToken(ctx, req.(*ProjectTokenCreateRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _ProjectService_DeleteToken_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(ProjectTokenDeleteRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(ProjectServiceServer).DeleteToken(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/project.ProjectService/DeleteToken",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ProjectServiceServer).DeleteToken(ctx, req.(*ProjectTokenDeleteRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
 func _ProjectService_Create_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(ProjectCreateRequest)
 	if err := dec(in); err != nil {
@@ -467,36 +294,10 @@ func _ProjectService_Delete_Handler(srv interface{}, ctx context.Context, dec fu
 	return interceptor(ctx, in, info, handler)
 }

-func _ProjectService_ListEvents_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(ProjectQuery)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(ProjectServiceServer).ListEvents(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/project.ProjectService/ListEvents",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ProjectServiceServer).ListEvents(ctx, req.(*ProjectQuery))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
 var _ProjectService_serviceDesc = grpc.ServiceDesc{
 	ServiceName: "project.ProjectService",
 	HandlerType: (*ProjectServiceServer)(nil),
 	Methods: []grpc.MethodDesc{
-		{
-			MethodName: "CreateToken",
-			Handler:    _ProjectService_CreateToken_Handler,
-		},
-		{
-			MethodName: "DeleteToken",
-			Handler:    _ProjectService_DeleteToken_Handler,
-		},
 		{
 			MethodName: "Create",
 			Handler:    _ProjectService_Create_Handler,
@@ -517,10 +318,6 @@ var _ProjectService_serviceDesc = grpc.ServiceDesc{
 			MethodName: "Delete",
 			Handler:    _ProjectService_Delete_Handler,
 		},
-		{
-			MethodName: "ListEvents",
-			Handler:    _ProjectService_ListEvents_Handler,
-		},
 	},
 	Streams:  []grpc.StreamDesc{},
 	Metadata: "server/project/project.proto",
@@ -554,106 +351,6 @@ func (m *ProjectCreateRequest) MarshalTo(dAtA []byte) (int, error) {
 	return i, nil
 }

-func (m *ProjectTokenDeleteRequest) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
-}
-
-func (m *ProjectTokenDeleteRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Project) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintProject(dAtA, i, uint64(len(m.Project)))
-		i += copy(dAtA[i:], m.Project)
-	}
-	if len(m.Role) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintProject(dAtA, i, uint64(len(m.Role)))
-		i += copy(dAtA[i:], m.Role)
-	}
-	if m.Iat != 0 {
-		dAtA[i] = 0x18
-		i++
-		i = encodeVarintProject(dAtA, i, uint64(m.Iat))
-	}
-	return i, nil
-}
-
-func (m *ProjectTokenCreateRequest) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
-}
-
-func (m *ProjectTokenCreateRequest) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Project) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintProject(dAtA, i, uint64(len(m.Project)))
-		i += copy(dAtA[i:], m.Project)
-	}
-	if len(m.Description) > 0 {
-		dAtA[i] = 0x12
-		i++
-		i = encodeVarintProject(dAtA, i, uint64(len(m.Description)))
-		i += copy(dAtA[i:], m.Description)
-	}
-	if len(m.Role) > 0 {
-		dAtA[i] = 0x1a
-		i++
-		i = encodeVarintProject(dAtA, i, uint64(len(m.Role)))
-		i += copy(dAtA[i:], m.Role)
-	}
-	if m.ExpiresIn != 0 {
-		dAtA[i] = 0x20
-		i++
-		i = encodeVarintProject(dAtA, i, uint64(m.ExpiresIn))
-	}
-	return i, nil
-}
-
-func (m *ProjectTokenResponse) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
-}
-
-func (m *ProjectTokenResponse) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Token) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintProject(dAtA, i, uint64(len(m.Token)))
-		i += copy(dAtA[i:], m.Token)
-	}
-	return i, nil
-}
-
 func (m *ProjectQuery) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
@@ -743,54 +440,6 @@ func (m *ProjectCreateRequest) Size() (n int) {
 	return n
 }

-func (m *ProjectTokenDeleteRequest) Size() (n int) {
-	var l int
-	_ = l
-	l = len(m.Project)
-	if l > 0 {
-		n += 1 + l + sovProject(uint64(l))
-	}
-	l = len(m.Role)
-	if l > 0 {
-		n += 1 + l + sovProject(uint64(l))
-	}
-	if m.Iat != 0 {
-		n += 1 + sovProject(uint64(m.Iat))
-	}
-	return n
-}
-
-func (m *ProjectTokenCreateRequest) Size() (n int) {
-	var l int
-	_ = l
-	l = len(m.Project)
-	if l > 0 {
-		n += 1 + l + sovProject(uint64(l))
-	}
-	l = len(m.Description)
-	if l > 0 {
-		n += 1 + l + sovProject(uint64(l))
-	}
-	l = len(m.Role)
-	if l > 0 {
-		n += 1 + l + sovProject(uint64(l))
-	}
-	if m.ExpiresIn != 0 {
-		n += 1 + sovProject(uint64(m.ExpiresIn))
-	}
-	return n
-}
-
-func (m *ProjectTokenResponse) Size() (n int) {
-	var l int
-	_ = l
-	l = len(m.Token)
-	if l > 0 {
-		n += 1 + l + sovProject(uint64(l))
-	}
-	return n
-}
-
 func (m *ProjectQuery) Size() (n int) {
 	var l int
 	_ = l
@@ -913,368 +562,6 @@ func (m *ProjectCreateRequest) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *ProjectTokenDeleteRequest) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowProject
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: ProjectTokenDeleteRequest: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ProjectTokenDeleteRequest: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Project", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowProject
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthProject
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Project = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 2:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Role", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowProject
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthProject
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Role = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 3:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Iat", wireType)
-			}
-			m.Iat = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowProject
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.Iat |= (int64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		default:
-			iNdEx = preIndex
-			skippy, err := skipProject(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if skippy < 0 {
-				return ErrInvalidLengthProject
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
-func (m *ProjectTokenCreateRequest) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowProject
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: ProjectTokenCreateRequest: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ProjectTokenCreateRequest: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Project", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowProject
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthProject
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Project = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 2:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Description", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowProject
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthProject
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Description = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 3:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Role", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowProject
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthProject
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Role = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		case 4:
-			if wireType != 0 {
-				return fmt.Errorf("proto: wrong wireType = %d for field ExpiresIn", wireType)
-			}
-			m.ExpiresIn = 0
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowProject
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				m.ExpiresIn |= (int64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-		default:
-			iNdEx = preIndex
-			skippy, err := skipProject(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if skippy < 0 {
-				return ErrInvalidLengthProject
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
-func (m *ProjectTokenResponse) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowProject
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: ProjectTokenResponse: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: ProjectTokenResponse: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowProject
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthProject
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Token = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		default:
-			iNdEx = preIndex
-			skippy, err := skipProject(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if skippy < 0 {
-				return ErrInvalidLengthProject
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
 func (m *ProjectQuery) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
@@ -1595,49 +882,36 @@ var (
 func init() { proto.RegisterFile("server/project/project.proto", fileDescriptorProject) }

 var fileDescriptorProject = []byte{
-	// 689 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x55, 0x5d, 0x6b, 0x13, 0x4d,
-	0x14, 0x66, 0x9a, 0xbe, 0x79, 0xed, 0xc4, 0x8f, 0x32, 0xb4, 0x9a, 0xc6, 0x36, 0x86, 0xb9, 0x90,
-	0x12, 0xec, 0x0c, 0x69, 0x15, 0x8a, 0x77, 0x7e, 0x14, 0x29, 0x78, 0xa1, 0x51, 0x41, 0xf4, 0xa2,
-	0x4c, 0x37, 0x87, 0xed, 0x36, 0xc9, 0xce, 0x38, 0x3b, 0x5d, 0x2d, 0xa5, 0x20, 0xc5, 0x1b, 0xf5,
-	0xd2, 0x9f, 0x20, 0xf8, 0x5b, 0xbc, 0x14, 0xfc, 0x03, 0x12, 0xfc, 0x21, 0x32, 0xb3, 0xbb, 0x49,
-	0xb6, 0xe9, 0x16, 0x84, 0xe0, 0x55, 0xce, 0x9e, 0x39, 0x73, 0x9e, 0xe7, 0x39, 0x1f, 0x19, 0xbc,
-	0x1c, 0x81, 0x8e, 0x41, 0x73, 0xa5, 0xe5, 0x3e, 0x78, 0x26, 0xfb, 0x65, 0x4a, 0x4b, 0x23, 0xc9,
-	0xff, 0xe9, 0x67, 0x6d, 0xc1, 0x97, 0xbe, 0x74, 0x3e, 0x6e, 0xad, 0xe4, 0xb8, 0xb6, 0xec, 0x4b,
-	0xe9, 0xf7, 0x80, 0x0b, 0x15, 0x70, 0x11, 0x86, 0xd2, 0x08, 0x13, 0xc8, 0x30, 0x4a, 0x4f, 0x69,
-	0x77, 0x33, 0x62, 0x81, 0x74, 0xa7, 0x9e, 0xd4, 0xc0, 0xe3, 0x16, 0xf7, 0x21, 0x04, 0x2d, 0x0c,
-	0x74, 0xd2, 0x98, 0xdb, 0xa3, 0x98, 0xbe, 0xf0, 0xf6, 0x82, 0x10, 0xf4, 0x21, 0x57, 0x5d, 0xdf,
-	0x3a, 0x22, 0xde, 0x07, 0x23, 0xce, 0xba, 0xb5, 0xed, 0x07, 0x66, 0xef, 0x60, 0x97, 0x79, 0xb2,
-	0xcf, 0x85, 0x76, 0xc4, 0xf6, 0x9d, 0xb1, 0xe6, 0x75, 0x46, 0xb7, 0x85, 0x52, 0xbd, 0xc0, 0x73,
-	0x94, 0x78, 0xdc, 0x12, 0x3d, 0xb5, 0x27, 0x26, 0x52, 0xd1, 0xb7, 0x78, 0xe1, 0x49, 0xa2, 0xf1,
-	0x81, 0x06, 0x61, 0xa0, 0x0d, 0x6f, 0x0e, 0x20, 0x32, 0x64, 0x07, 0x67, 0xda, 0xab, 0xa8, 0x81,
-	0x56, 0x2b, 0xeb, 0x5b, 0x6c, 0x04, 0xca, 0x32, 0x50, 0x67, 0xec, 0x78, 0x1d, 0xa6, 0xba, 0x3e,
-	0xb3, 0xa0, 0x6c, 0x0c, 0x94, 0x65, 0xa0, 0xec, 0x9e, 0x52, 0x29, 0x48, 0x3b, 0xcb, 0x4a, 0x5f,
-	0xe3, 0xa5, 0xd4, 0xf7, 0x5c, 0x76, 0x21, 0x7c, 0x08, 0x3d, 0x18, 0xa1, 0x57, 0xf3, 0xe8, 0x73,
-	0xc3, 0x6b, 0x84, 0xe0, 0x59, 0x2d, 0x7b, 0x50, 0x9d, 0x71, 0x6e, 0x67, 0x93, 0x79, 0x5c, 0x0a,
-	0x84, 0xa9, 0x96, 0x1a, 0x68, 0xb5, 0xd4, 0xb6, 0x26, 0xfd, 0x88, 0xf2, 0xd9, 0xf3, 0xda, 0x8a,
-	0xb3, 0x37, 0x70, 0xa5, 0x03, 0x91, 0xa7, 0x03, 0x65, 0x05, 0xa4, 0x20, 0xe3, 0xae, 0x21, 0x7e,
-	0x69, 0x0c, 0x7f, 0x19, 0xcf, 0xc1, 0x3b, 0x15, 0x68, 0x88, 0xb6, 0xc3, 0xea, 0xac, 0x63, 0x31,
-	0x72, 0xd0, 0x5b, 0xc3, 0x0a, 0x3b, 0x2a, 0x6d, 0x88, 0x94, 0x0c, 0x23, 0x20, 0x0b, 0xf8, 0x3f,
-	0x63, 0x1d, 0x29, 0x87, 0xe4, 0x83, 0x52, 0x7c, 0x31, 0x8d, 0x7e, 0x7a, 0x00, 0xfa, 0xd0, 0xe2,
-	0x85, 0xa2, 0x0f, 0x69, 0x90, 0xb3, 0xc7, 0x7a, 0xf6, 0x42, 0x75, 0xfe, 0x65, 0xcf, 0xae, 0xe0,
-	0x4b, 0x5b, 0x7d, 0x65, 0x0e, 0x33, 0x0d, 0xeb, 0xdf, 0x2e, 0xe0, 0xcb, 0x69, 0xd4, 0x33, 0xd0,
-	0x71, 0xe0, 0x01, 0xf9, 0x84, 0x70, 0x25, 0x29, 0xb7, 0x93, 0x4b, 0x28, 0xcb, 0x56, 0xaa, 0xb0,
-	0x21, 0xb5, 0x95, 0x33, 0x63, 0x32, 0x14, 0xba, 0x79, 0xf2, 0xf3, 0xf7, 0x97, 0x99, 0x75, 0xba,
-	0xe6, 0x56, 0x29, 0x6e, 0x65, 0x4b, 0x1a, 0xf1, 0xa3, 0xd4, 0x3a, 0xe6, 0xb6, 0x11, 0x11, 0x3f,
-	0xb2, 0x3f, 0xc7, 0xdc, 0x95, 0xf2, 0x2e, 0x6a, 0x92, 0xf7, 0x08, 0x57, 0x92, 0xc9, 0x3a, 0x8f,
-	0x4c, 0x6e, 0xf6, 0x6a, 0x57, 0x87, 0x31, 0x39, 0xad, 0xf4, 0x8e, 0x63, 0xc1, 0x9b, 0x7f, 0xc7,
-	0x82, 0x7c, 0x46, 0xb8, 0x9c, 0xa8, 0x25, 0x13, 0x32, 0xf3, 0x55, 0x98, 0x4e, 0xb7, 0xe8, 0x75,
-	0xc7, 0x73, 0x91, 0xce, 0x9f, 0xe6, 0x69, 0x0b, 0x72, 0x82, 0xf0, 0xec, 0xe3, 0x20, 0x32, 0x64,
-	0xf1, 0x34, 0x17, 0x37, 0x6e, 0xb5, 0xed, 0xa9, 0x70, 0xb0, 0x08, 0xb4, 0xea, 0x78, 0x10, 0x32,
-	0xc1, 0x83, 0x7c, 0x40, 0xb8, 0xf4, 0x08, 0x0a, 0x39, 0x4c, 0xa9, 0x0e, 0x37, 0x1c, 0xfe, 0x12,
-	0xb9, 0x36, 0xd9, 0x2f, 0xbb, 0x45, 0xc7, 0xe4, 0x2b, 0xc2, 0xe5, 0x64, 0x81, 0x26, 0x3b, 0x93,
-	0x5b, 0xac, 0x69, 0x31, 0xda, 0x70, 0x8c, 0xd6, 0x6a, 0xab, 0x85, 0x13, 0xc4, 0xec, 0x3f, 0x7e,
-	0x47, 0x18, 0xc1, 0x1c, 0x45, 0xdb, 0xb1, 0x97, 0xb8, 0x9c, 0xcc, 0x67, 0x51, 0xb9, 0x8a, 0xe6,
-	0x35, 0xd5, 0xdf, 0x2c, 0xd4, 0xbf, 0x8f, 0xb1, 0x6d, 0xd4, 0x56, 0x0c, 0xa1, 0x89, 0x8a, 0xb2,
-	0xaf, 0xb0, 0xe4, 0x85, 0xb2, 0x0a, 0x99, 0x7d, 0xc5, 0x58, 0xdc, 0x62, 0xee, 0x8a, 0x6b, 0xf2,
-	0x4d, 0x07, 0xd2, 0x20, 0xf5, 0x02, 0x10, 0x0e, 0x2e, 0xfb, 0xfd, 0xcd, 0xef, 0x83, 0x3a, 0xfa,
-	0x31, 0xa8, 0xa3, 0x5f, 0x83, 0x3a, 0x7a, 0xd5, 0x3c, 0xef, 0xfd, 0xca, 0x3f, 0xc8, 0xbb, 0x65,
-	0xf7, 0x4e, 0x6d, 0xfc, 0x09, 0x00, 0x00, 0xff, 0xff, 0x53, 0xd4, 0xec, 0x49, 0xa9, 0x07, 0x00,
-	0x00,
+	// 487 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x94, 0xcd, 0x6e, 0x13, 0x31,
+	0x10, 0xc7, 0x65, 0x28, 0x41, 0x98, 0x4f, 0x59, 0x2d, 0x94, 0xa5, 0x04, 0xb4, 0xa7, 0x2a, 0x52,
+	0x6d, 0xa5, 0xe5, 0x50, 0x71, 0xe3, 0xa3, 0x42, 0x95, 0x38, 0x40, 0x10, 0x12, 0xe2, 0x52, 0xb9,
+	0xde, 0x91, 0xe3, 0x26, 0xbb, 0x36, 0xb6, 0xb3, 0x28, 0x42, 0x5c, 0x2a, 0x6e, 0x1c, 0x79, 0x04,
+	0x6e, 0x3c, 0x09, 0x47, 0x24, 0x5e, 0x00, 0x45, 0x3c, 0x08, 0x5a, 0x67, 0x4d, 0x9a, 0xa6, 0xe1,
+	0xb4, 0xe2, 0x94, 0xc9, 0xf8, 0xe3, 0xff, 0x9b, 0xf1, 0x7f, 0x07, 0x6f, 0x38, 0xb0, 0x25, 0x58,
+	0x66, 0xac, 0x3e, 0x02, 0xe1, 0xe3, 0x2f, 0x35, 0x56, 0x7b, 0x4d, 0x2e, 0xd6, 0x7f, 0x93, 0x55,
+	0xa9, 0xa5, 0x0e, 0x39, 0x56, 0x45, 0xd3, 0xe5, 0x64, 0x43, 0x6a, 0x2d, 0x87, 0xc0, 0xb8, 0x51,
+	0x8c, 0x17, 0x85, 0xf6, 0xdc, 0x2b, 0x5d, 0xb8, 0x7a, 0x35, 0x1d, 0xec, 0x3a, 0xaa, 0x74, 0x58,
+	0x15, 0xda, 0x02, 0x2b, 0xbb, 0x4c, 0x42, 0x01, 0x96, 0x7b, 0xc8, 0xea, 0x3d, 0x0f, 0x66, 0x7b,
+	0x72, 0x2e, 0xfa, 0xaa, 0x00, 0x3b, 0x66, 0x66, 0x20, 0xab, 0x84, 0x63, 0x39, 0x78, 0x7e, 0xd6,
+	0xa9, 0x7d, 0xa9, 0x7c, 0x7f, 0x74, 0x48, 0x85, 0xce, 0x19, 0xb7, 0x01, 0xec, 0x28, 0x04, 0x5b,
+	0x22, 0x9b, 0x9d, 0xe6, 0xc6, 0x0c, 0x95, 0x08, 0x48, 0xac, 0xec, 0xf2, 0xa1, 0xe9, 0xf3, 0x85,
+	0xab, 0xd2, 0xf7, 0x78, 0xf5, 0xc5, 0xb4, 0xc6, 0x27, 0x16, 0xb8, 0x87, 0x1e, 0xbc, 0x1b, 0x81,
+	0xf3, 0xe4, 0x00, 0xc7, 0xda, 0xd7, 0xd1, 0x7d, 0xb4, 0x79, 0x79, 0x7b, 0x8f, 0xce, 0x44, 0x69,
+	0x14, 0x0d, 0xc1, 0x81, 0xc8, 0xa8, 0x19, 0x48, 0x5a, 0x89, 0xd2, 0x13, 0xa2, 0x34, 0x8a, 0xd2,
+	0x47, 0xc6, 0xd4, 0x22, 0xbd, 0x78, 0x6b, 0x9a, 0xe2, 0x2b, 0x75, 0xee, 0xe5, 0x08, 0xec, 0x98,
+	0x10, 0xbc, 0x52, 0xf0, 0x1c, 0x82, 0xda, 0xa5, 0x5e, 0x88, 0x4f, 0xc0, 0xbd, 0x36, 0xd9, 0xff,
+	0x84, 0xbb, 0x8e, 0xaf, 0xee, 0xe5, 0xc6, 0x8f, 0x7b, 0xe0, 0x8c, 0x2e, 0x1c, 0x6c, 0x7f, 0xbb,
+	0x80, 0xaf, 0xd5, 0xbb, 0x5e, 0x81, 0x2d, 0x95, 0x00, 0xf2, 0x19, 0xe1, 0xd6, 0xb4, 0x67, 0xe4,
+	0x2e, 0x8d, 0xb6, 0x39, 0xab, 0x97, 0x49, 0x33, 0x74, 0xe9, 0x9d, 0xe3, 0x9f, 0xbf, 0xbf, 0x9c,
+	0x5b, 0x4b, 0x6f, 0x04, 0x47, 0x95, 0xdd, 0xe8, 0x55, 0xf7, 0x10, 0x75, 0xc8, 0x31, 0xc2, 0x2b,
+	0xcf, 0x95, 0xf3, 0x64, 0xed, 0x34, 0x4b, 0x68, 0x6f, 0xb2, 0xdf, 0x08, 0x43, 0xa5, 0x90, 0xae,
+	0x07, 0x0e, 0x42, 0x16, 0x38, 0xc8, 0x27, 0x84, 0xcf, 0x3f, 0x83, 0xa5, 0x0c, 0x0d, 0xf5, 0xe1,
+	0x5e, 0xd0, 0xbf, 0x4d, 0x6e, 0x9d, 0xd6, 0x67, 0x1f, 0x2a, 0xd7, 0x7c, 0x24, 0x5f, 0x11, 0x6e,
+	0x4d, 0x0d, 0xb3, 0xf8, 0x32, 0x73, 0x46, 0x6a, 0x8a, 0x68, 0x27, 0x10, 0x6d, 0x25, 0x9b, 0x8b,
+	0x44, 0x51, 0xbe, 0xfa, 0x94, 0x33, 0xee, 0x39, 0x0d, 0x88, 0xd5, 0x8b, 0xbd, 0xc1, 0xad, 0xa7,
+	0x30, 0x04, 0x0f, 0xcb, 0xda, 0x75, 0xf3, 0x6f, 0x7a, 0xce, 0x8b, 0xb1, 0xfe, 0xce, 0xb2, 0xfa,
+	0x1f, 0xef, 0x7e, 0x9f, 0xb4, 0xd1, 0x8f, 0x49, 0x1b, 0xfd, 0x9a, 0xb4, 0xd1, 0xdb, 0xce, 0xbf,
+	0x86, 0xc5, 0xfc, 0xf4, 0x3b, 0x6c, 0x85, 0xa1, 0xb0, 0xf3, 0x27, 0x00, 0x00, 0xff, 0xff, 0x59,
+	0x47, 0x12, 0x67, 0x16, 0x05, 0x00, 0x00,
 }
--- a/server/project/project.pb.gw.go
+++ b/server/project/project.pb.gw.go
@@ -28,94 +28,6 @@ var _ status.Status
 var _ = runtime.String
 var _ = utilities.NewDoubleArray

-func request_ProjectService_CreateToken_0(ctx context.Context, marshaler runtime.Marshaler, client ProjectServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
-	var protoReq ProjectTokenCreateRequest
-	var metadata runtime.ServerMetadata
-
-	if err := marshaler.NewDecoder(req.Body).Decode(&protoReq); err != nil {
-		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
-	}
-
-	var (
-		val string
-		ok  bool
-		err error
-		_   = err
-	)
-
-	val, ok = pathParams["project"]
-	if !ok {
-		return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "project")
-	}
-
-	protoReq.Project, err = runtime.String(val)
-
-	if err != nil {
-		return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "project", err)
-	}
-
-	val, ok = pathParams["role"]
-	if !ok {
-		return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "role")
-	}
-
-	protoReq.Role, err = runtime.String(val)
-
-	if err != nil {
-		return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "role", err)
-	}
-
-	msg, err := client.CreateToken(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
-	return msg, metadata, err
-
-}
-
-var (
-	filter_ProjectService_DeleteToken_0 = &utilities.DoubleArray{Encoding: map[string]int{"project": 0, "role": 1}, Base: []int{1, 1, 2, 0, 0}, Check: []int{0, 1, 1, 2, 3}}
-)
-
-func request_ProjectService_DeleteToken_0(ctx context.Context, marshaler runtime.Marshaler, client ProjectServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
-	var protoReq ProjectTokenDeleteRequest
-	var metadata runtime.ServerMetadata
-
-	var (
-		val string
-		ok  bool
-		err error
-		_   = err
-	)
-
-	val, ok = pathParams["project"]
-	if !ok {
-		return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "project")
-	}
-
-	protoReq.Project, err = runtime.String(val)
-
-	if err != nil {
-		return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "project", err)
-	}
-
-	val, ok = pathParams["role"]
-	if !ok {
-		return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "role")
-	}
-
-	protoReq.Role, err = runtime.String(val)
-
-	if err != nil {
-		return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "role", err)
-	}
-
-	if err := runtime.PopulateQueryParameters(&protoReq, req.URL.Query(), filter_ProjectService_DeleteToken_0); err != nil {
-		return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err)
-	}
-
-	msg, err := client.DeleteToken(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
-	return msg, metadata, err
-
-}
-
 func request_ProjectService_Create_0(ctx context.Context, marshaler runtime.Marshaler, client ProjectServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
 	var protoReq ProjectCreateRequest
 	var metadata runtime.ServerMetadata
@@ -231,33 +143,6 @@ func request_ProjectService_Delete_0(ctx context.Context, marshaler runtime.Mars

 }

-func request_ProjectService_ListEvents_0(ctx context.Context, marshaler runtime.Marshaler, client ProjectServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) {
-	var protoReq ProjectQuery
-	var metadata runtime.ServerMetadata
-
-	var (
-		val string
-		ok  bool
-		err error
-		_   = err
-	)
-
-	val, ok = pathParams["name"]
-	if !ok {
-		return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "name")
-	}
-
-	protoReq.Name, err = runtime.String(val)
-
-	if err != nil {
-		return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "name", err)
-	}
-
-	msg, err := client.ListEvents(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD))
-	return msg, metadata, err
-
-}
-
 // RegisterProjectServiceHandlerFromEndpoint is same as RegisterProjectServiceHandler but
 // automatically dials to "endpoint" and closes the connection when "ctx" gets done.
 func RegisterProjectServiceHandlerFromEndpoint(ctx context.Context, mux *runtime.ServeMux, endpoint string, opts []grpc.DialOption) (err error) {
@@ -296,64 +181,6 @@ func RegisterProjectServiceHandler(ctx context.Context, mux *runtime.ServeMux, c
 // "ProjectServiceClient" to call the correct interceptors.
 func RegisterProjectServiceHandlerClient(ctx context.Context, mux *runtime.ServeMux, client ProjectServiceClient) error {

-	mux.Handle("POST", pattern_ProjectService_CreateToken_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
-		ctx, cancel := context.WithCancel(req.Context())
-		defer cancel()
-		if cn, ok := w.(http.CloseNotifier); ok {
-			go func(done <-chan struct{}, closed <-chan bool) {
-				select {
-				case <-done:
-				case <-closed:
-					cancel()
-				}
-			}(ctx.Done(), cn.CloseNotify())
-		}
-		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
-		rctx, err := runtime.AnnotateContext(ctx, mux, req)
-		if err != nil {
-			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
-			return
-		}
-		resp, md, err := request_ProjectService_CreateToken_0(rctx, inboundMarshaler, client, req, pathParams)
-		ctx = runtime.NewServerMetadataContext(ctx, md)
-		if err != nil {
-			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
-			return
-		}
-
-		forward_ProjectService_CreateToken_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
-
-	})
-
-	mux.Handle("DELETE", pattern_ProjectService_DeleteToken_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
-		ctx, cancel := context.WithCancel(req.Context())
-		defer cancel()
-		if cn, ok := w.(http.CloseNotifier); ok {
-			go func(done <-chan struct{}, closed <-chan bool) {
-				select {
-				case <-done:
-				case <-closed:
-					cancel()
-				}
-			}(ctx.Done(), cn.CloseNotify())
-		}
-		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
-		rctx, err := runtime.AnnotateContext(ctx, mux, req)
-		if err != nil {
-			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
-			return
-		}
-		resp, md, err := request_ProjectService_DeleteToken_0(rctx, inboundMarshaler, client, req, pathParams)
-		ctx = runtime.NewServerMetadataContext(ctx, md)
-		if err != nil {
-			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
-			return
-		}
-
-		forward_ProjectService_DeleteToken_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
-
-	})
-
 	mux.Handle("POST", pattern_ProjectService_Create_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
 		ctx, cancel := context.WithCancel(req.Context())
 		defer cancel()
@@ -499,43 +326,10 @@ func RegisterProjectServiceHandlerClient(ctx context.Context, mux *runtime.Serve

 	})

-	mux.Handle("GET", pattern_ProjectService_ListEvents_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) {
-		ctx, cancel := context.WithCancel(req.Context())
-		defer cancel()
-		if cn, ok := w.(http.CloseNotifier); ok {
-			go func(done <-chan struct{}, closed <-chan bool) {
-				select {
-				case <-done:
-				case <-closed:
-					cancel()
-				}
-			}(ctx.Done(), cn.CloseNotify())
-		}
-		inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req)
-		rctx, err := runtime.AnnotateContext(ctx, mux, req)
-		if err != nil {
-			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
-			return
-		}
-		resp, md, err := request_ProjectService_ListEvents_0(rctx, inboundMarshaler, client, req, pathParams)
-		ctx = runtime.NewServerMetadataContext(ctx, md)
-		if err != nil {
-			runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err)
-			return
-		}
-
-		forward_ProjectService_ListEvents_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...)
-
-	})
-
 	return nil
 }

 var (
-	pattern_ProjectService_CreateToken_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3, 2, 4, 1, 0, 4, 1, 5, 5, 2, 6}, []string{"api", "v1", "projects", "project", "roles", "role", "token"}, ""))
-
-	pattern_ProjectService_DeleteToken_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3, 2, 4, 1, 0, 4, 1, 5, 5, 2, 6}, []string{"api", "v1", "projects", "project", "roles", "role", "token"}, ""))
-
 	pattern_ProjectService_Create_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"api", "v1", "projects"}, ""))

 	pattern_ProjectService_List_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"api", "v1", "projects"}, ""))
@@ -545,15 +339,9 @@ var (
 	pattern_ProjectService_Update_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3}, []string{"api", "v1", "projects", "project.metadata.name"}, ""))

 	pattern_ProjectService_Delete_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3}, []string{"api", "v1", "projects", "name"}, ""))
-
-	pattern_ProjectService_ListEvents_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3, 2, 4}, []string{"api", "v1", "projects", "name", "events"}, ""))
 )

 var (
-	forward_ProjectService_CreateToken_0 = runtime.ForwardResponseMessage
-
-	forward_ProjectService_DeleteToken_0 = runtime.ForwardResponseMessage
-
 	forward_ProjectService_Create_0 = runtime.ForwardResponseMessage

 	forward_ProjectService_List_0 = runtime.ForwardResponseMessage
@@ -563,6 +351,4 @@ var (
 	forward_ProjectService_Update_0 = runtime.ForwardResponseMessage

 	forward_ProjectService_Delete_0 = runtime.ForwardResponseMessage
-
-	forward_ProjectService_ListEvents_0 = runtime.ForwardResponseMessage
 )
--- a/server/project/project.proto
+++ b/server/project/project.proto
@@ -18,27 +18,6 @@ message ProjectCreateRequest {
  github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.AppProject project = 1;
 }

-// ProjectTokenCreateRequest defines project token deletion parameters.
-message ProjectTokenDeleteRequest {
-    string project = 1;
-    string role = 2;
-    int64 iat = 3;
-}
-
-// ProjectTokenCreateRequest defines project token creation parameters. 
-message ProjectTokenCreateRequest {
-    string project = 1;
-    string description = 2;
-    string role = 3;
-    // expiresIn represents a duration in seconds
-    int64 expiresIn = 4;
-}
-// ProjectTokenResponse wraps the created token or returns an empty string if deleted.
-message ProjectTokenResponse {
-    string token = 1;
-}
-
-
 // ProjectQuery is a query for Project resources
 message ProjectQuery {
 	string name = 1;
@@ -53,19 +32,6 @@ message EmptyResponse {}
 // ProjectService
 service ProjectService {

-  // Create a new project token.
-  rpc CreateToken(ProjectTokenCreateRequest) returns (ProjectTokenResponse) {
-    option (google.api.http) = {
-      post: "/api/v1/projects/{project}/roles/{role}/token"
-      body: "*"
-    };
-  }
-
-    // Delete a new project token.
-  rpc DeleteToken(ProjectTokenDeleteRequest) returns (EmptyResponse) {
-    option (google.api.http).delete = "/api/v1/projects/{project}/roles/{role}/token";
-  }
-
  // Create a new project.
  rpc Create(ProjectCreateRequest) returns (github.com.argoproj.argo_cd.pkg.apis.application.v1alpha1.AppProject) {
    option (google.api.http) = {
@@ -96,9 +62,4 @@ service ProjectService {
  rpc Delete(ProjectQuery) returns (EmptyResponse) {
      option (google.api.http).delete = "/api/v1/projects/{name}";
  }
-
-  // ListEvents returns a list of project events
-  rpc ListEvents(ProjectQuery) returns (k8s.io.api.core.v1.EventList) {
-      option (google.api.http).get = "/api/v1/projects/{name}/events";
-  }
 }
--- a/server/project/project_test.go
+++ b/server/project/project_test.go
@@ -2,7 +2,6 @@ package project

 import (
 	"context"
-	"fmt"
 	"testing"

 	"github.com/stretchr/testify/assert"
@@ -16,19 +15,13 @@ import (
 	apps "github.com/argoproj/argo-cd/pkg/client/clientset/versioned/fake"
 	"github.com/argoproj/argo-cd/test"
 	"github.com/argoproj/argo-cd/util"
-	jwtutil "github.com/argoproj/argo-cd/util/jwt"
 	"github.com/argoproj/argo-cd/util/rbac"
-	"github.com/argoproj/argo-cd/util/session"
-	"github.com/argoproj/argo-cd/util/settings"
 )

 func TestProjectServer(t *testing.T) {
 	enforcer := rbac.NewEnforcer(fake.NewSimpleClientset(), "default", common.ArgoCDRBACConfigMapName, nil)
 	enforcer.SetBuiltinPolicy(test.BuiltinPolicy)
 	enforcer.SetDefaultRole("role:admin")
-	enforcer.SetClaimsEnforcerFunc(func(rvals ...interface{}) bool {
-		return true
-	})
 	existingProj := v1alpha1.AppProject{
 		ObjectMeta: v1.ObjectMeta{Name: "test", Namespace: "default"},
 		Spec: v1alpha1.AppProjectSpec{
@@ -40,15 +33,13 @@ func TestProjectServer(t *testing.T) {
 		},
 	}

-	policyTemplate := "p, proj:%s:%s, applications, %s, %s/%s, %s"
-
 	t.Run("TestRemoveDestinationSuccessful", func(t *testing.T) {
 		existingApp := v1alpha1.Application{
 			ObjectMeta: v1.ObjectMeta{Name: "test", Namespace: "default"},
 			Spec:       v1alpha1.ApplicationSpec{Project: "test", Destination: v1alpha1.ApplicationDestination{Namespace: "ns3", Server: "https://server3"}},
 		}

-		projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, util.NewKeyLock(), nil)
+		projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, util.NewKeyLock())

 		updatedProj := existingProj.DeepCopy()
 		updatedProj.Spec.Destinations = updatedProj.Spec.Destinations[1:]
@@ -64,7 +55,7 @@ func TestProjectServer(t *testing.T) {
 			Spec:       v1alpha1.ApplicationSpec{Project: "test", Destination: v1alpha1.ApplicationDestination{Namespace: "ns1", Server: "https://server1"}},
 		}

-		projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, util.NewKeyLock(), nil)
+		projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, util.NewKeyLock())

 		updatedProj := existingProj.DeepCopy()
 		updatedProj.Spec.Destinations = updatedProj.Spec.Destinations[1:]
@@ -81,7 +72,7 @@ func TestProjectServer(t *testing.T) {
 			Spec:       v1alpha1.ApplicationSpec{Project: "test"},
 		}

-		projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, util.NewKeyLock(), nil)
+		projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, util.NewKeyLock())

 		updatedProj := existingProj.DeepCopy()
 		updatedProj.Spec.SourceRepos = []string{}
@@ -97,7 +88,7 @@ func TestProjectServer(t *testing.T) {
 			Spec:       v1alpha1.ApplicationSpec{Project: "test", Source: v1alpha1.ApplicationSource{RepoURL: "https://github.com/argoproj/argo-cd.git"}},
 		}

-		projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, util.NewKeyLock(), nil)
+		projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, util.NewKeyLock())

 		updatedProj := existingProj.DeepCopy()
 		updatedProj.Spec.SourceRepos = []string{}
@@ -109,221 +100,24 @@ func TestProjectServer(t *testing.T) {
 	})

 	t.Run("TestDeleteProjectSuccessful", func(t *testing.T) {
-		projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj), enforcer, util.NewKeyLock(), nil)
+		projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj), enforcer, util.NewKeyLock())

 		_, err := projectServer.Delete(context.Background(), &ProjectQuery{Name: "test"})

 		assert.Nil(t, err)
 	})

-	t.Run("TestDeleteDefaultProjectFailure", func(t *testing.T) {
-		defaultProj := v1alpha1.AppProject{
-			ObjectMeta: v1.ObjectMeta{Name: "default", Namespace: "default"},
-			Spec:       v1alpha1.AppProjectSpec{},
-		}
-		projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&defaultProj), enforcer, util.NewKeyLock(), nil)
-
-		_, err := projectServer.Delete(context.Background(), &ProjectQuery{Name: defaultProj.Name})
-		assert.Equal(t, codes.InvalidArgument, grpc.Code(err))
-	})
-
 	t.Run("TestDeleteProjectReferencedByApp", func(t *testing.T) {
 		existingApp := v1alpha1.Application{
 			ObjectMeta: v1.ObjectMeta{Name: "test", Namespace: "default"},
 			Spec:       v1alpha1.ApplicationSpec{Project: "test"},
 		}

-		projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, util.NewKeyLock(), nil)
+		projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, util.NewKeyLock())

 		_, err := projectServer.Delete(context.Background(), &ProjectQuery{Name: "test"})

 		assert.NotNil(t, err)
 		assert.Equal(t, codes.InvalidArgument, grpc.Code(err))
 	})
-
-	t.Run("TestCreateTokenSuccesfully", func(t *testing.T) {
-		sessionMgr := session.NewSessionManager(&settings.ArgoCDSettings{})
-		projectWithRole := existingProj.DeepCopy()
-		tokenName := "testToken"
-		projectWithRole.Spec.Roles = []v1alpha1.ProjectRole{{Name: tokenName}}
-		projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projectWithRole), enforcer, util.NewKeyLock(), sessionMgr)
-		tokenResponse, err := projectServer.CreateToken(context.Background(), &ProjectTokenCreateRequest{Project: projectWithRole.Name, Role: tokenName, ExpiresIn: 1})
-		assert.Nil(t, err)
-		claims, err := sessionMgr.Parse(tokenResponse.Token)
-		assert.Nil(t, err)
-
-		mapClaims, err := jwtutil.MapClaims(claims)
-		subject, ok := mapClaims["sub"].(string)
-		assert.True(t, ok)
-		expectedSubject := fmt.Sprintf(JWTTokenSubFormat, projectWithRole.Name, tokenName)
-		assert.Equal(t, expectedSubject, subject)
-		assert.Nil(t, err)
-	})
-
-	t.Run("TestDeleteTokenSuccesfully", func(t *testing.T) {
-		sessionMgr := session.NewSessionManager(&settings.ArgoCDSettings{})
-		projWithToken := existingProj.DeepCopy()
-		tokenName := "testToken"
-		issuedAt := int64(1)
-		secondIssuedAt := issuedAt + 1
-		token := v1alpha1.ProjectRole{Name: tokenName, JWTTokens: []v1alpha1.JWTToken{{IssuedAt: issuedAt}, {IssuedAt: secondIssuedAt}}}
-		projWithToken.Spec.Roles = append(projWithToken.Spec.Roles, token)
-
-		projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, util.NewKeyLock(), sessionMgr)
-		_, err := projectServer.DeleteToken(context.Background(), &ProjectTokenDeleteRequest{Project: projWithToken.Name, Role: tokenName, Iat: issuedAt})
-		assert.Nil(t, err)
-		projWithoutToken, err := projectServer.Get(context.Background(), &ProjectQuery{Name: projWithToken.Name})
-		assert.Nil(t, err)
-		assert.Len(t, projWithoutToken.Spec.Roles, 1)
-		assert.Len(t, projWithoutToken.Spec.Roles[0].JWTTokens, 1)
-		assert.Equal(t, projWithoutToken.Spec.Roles[0].JWTTokens[0].IssuedAt, secondIssuedAt)
-	})
-
-	t.Run("TestCreateTwoTokensInRoleSuccess", func(t *testing.T) {
-		sessionMgr := session.NewSessionManager(&settings.ArgoCDSettings{})
-		projWithToken := existingProj.DeepCopy()
-		tokenName := "testToken"
-		token := v1alpha1.ProjectRole{Name: tokenName, JWTTokens: []v1alpha1.JWTToken{{IssuedAt: 1}}}
-		projWithToken.Spec.Roles = append(projWithToken.Spec.Roles, token)
-		projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, util.NewKeyLock(), sessionMgr)
-		_, err := projectServer.CreateToken(context.Background(), &ProjectTokenCreateRequest{Project: projWithToken.Name, Role: tokenName})
-		assert.Nil(t, err)
-		projWithTwoTokens, err := projectServer.Get(context.Background(), &ProjectQuery{Name: projWithToken.Name})
-		assert.Nil(t, err)
-		assert.Len(t, projWithTwoTokens.Spec.Roles, 1)
-		assert.Len(t, projWithTwoTokens.Spec.Roles[0].JWTTokens, 2)
-	})
-
-	t.Run("TestAddWildcardSource", func(t *testing.T) {
-
-		proj := existingProj.DeepCopy()
-		wildSouceRepo := "*"
-		proj.Spec.SourceRepos = append(proj.Spec.SourceRepos, wildSouceRepo)
-
-		projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(proj), enforcer, util.NewKeyLock(), nil)
-		request := &ProjectUpdateRequest{Project: proj}
-		updatedProj, err := projectServer.Update(context.Background(), request)
-		assert.Nil(t, err)
-		assert.Equal(t, wildSouceRepo, updatedProj.Spec.SourceRepos[1])
-	})
-
-	t.Run("TestCreateRolePolicySuccessfully", func(t *testing.T) {
-		action := "create"
-		object := "testApplication"
-		roleName := "testRole"
-		effect := "allow"
-
-		projWithRole := existingProj.DeepCopy()
-		role := v1alpha1.ProjectRole{Name: roleName, JWTTokens: []v1alpha1.JWTToken{{IssuedAt: 1}}}
-		policy := fmt.Sprintf(policyTemplate, projWithRole.Name, roleName, action, projWithRole.Name, object, effect)
-		role.Policies = append(role.Policies, policy)
-		projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role)
-
-		projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithRole), enforcer, util.NewKeyLock(), nil)
-		request := &ProjectUpdateRequest{Project: projWithRole}
-		_, err := projectServer.Update(context.Background(), request)
-		assert.Nil(t, err)
-		t.Log(projWithRole.Spec.Roles[0].Policies[0])
-		expectedPolicy := fmt.Sprintf(policyTemplate, projWithRole.Name, role.Name, action, projWithRole.Name, object, effect)
-		assert.Equal(t, projWithRole.Spec.Roles[0].Policies[0], expectedPolicy)
-	})
-
-	t.Run("TestValidatePolicyDuplicatePolicyFailure", func(t *testing.T) {
-		action := "create"
-		object := "testApplication"
-		roleName := "testRole"
-		effect := "allow"
-
-		projWithRole := existingProj.DeepCopy()
-		role := v1alpha1.ProjectRole{Name: roleName, JWTTokens: []v1alpha1.JWTToken{{IssuedAt: 1}}}
-		policy := fmt.Sprintf(policyTemplate, projWithRole.Name, roleName, action, projWithRole.Name, object, effect)
-		role.Policies = append(role.Policies, policy)
-		role.Policies = append(role.Policies, policy)
-		projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role)
-
-		projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithRole), enforcer, util.NewKeyLock(), nil)
-		request := &ProjectUpdateRequest{Project: projWithRole}
-		_, err := projectServer.Update(context.Background(), request)
-		expectedErr := fmt.Sprintf("rpc error: code = AlreadyExists desc = policy '%s' already exists for role '%s'", policy, roleName)
-		assert.EqualError(t, err, expectedErr)
-	})
-
-	t.Run("TestValidateProjectAccessToSeparateProjectObjectFailure", func(t *testing.T) {
-		action := "create"
-		object := "testApplication"
-		roleName := "testRole"
-		otherProject := "other-project"
-		effect := "allow"
-
-		projWithRole := existingProj.DeepCopy()
-		role := v1alpha1.ProjectRole{Name: roleName, JWTTokens: []v1alpha1.JWTToken{{IssuedAt: 1}}}
-		policy := fmt.Sprintf(policyTemplate, projWithRole.Name, roleName, action, otherProject, object, effect)
-		role.Policies = append(role.Policies, policy)
-		projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role)
-
-		projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithRole), enforcer, util.NewKeyLock(), nil)
-		request := &ProjectUpdateRequest{Project: projWithRole}
-		_, err := projectServer.Update(context.Background(), request)
-		expectedErr := fmt.Sprintf("rpc error: code = InvalidArgument desc = incorrect policy format for '%s' as policies can't grant access to other projects", policy)
-		assert.EqualError(t, err, expectedErr)
-	})
-
-	t.Run("TestValidateProjectIncorrectProjectInRoleFailure", func(t *testing.T) {
-		action := "create"
-		object := "testApplication"
-		roleName := "testRole"
-		otherProject := "other-project"
-		effect := "allow"
-
-		projWithRole := existingProj.DeepCopy()
-		role := v1alpha1.ProjectRole{Name: roleName, JWTTokens: []v1alpha1.JWTToken{{IssuedAt: 1}}}
-		invalidPolicy := fmt.Sprintf(policyTemplate, otherProject, roleName, action, projWithRole.Name, object, effect)
-		role.Policies = append(role.Policies, invalidPolicy)
-		projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role)
-
-		projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithRole), enforcer, util.NewKeyLock(), nil)
-		request := &ProjectUpdateRequest{Project: projWithRole}
-		_, err := projectServer.Update(context.Background(), request)
-		expectedErr := fmt.Sprintf("rpc error: code = InvalidArgument desc = incorrect policy format for '%s' as policy can't grant access to other projects", invalidPolicy)
-		assert.EqualError(t, err, expectedErr)
-	})
-
-	t.Run("TestValidateProjectIncorrectTokenInRoleFailure", func(t *testing.T) {
-		action := "create"
-		object := "testApplication"
-		roleName := "testRole"
-		otherToken := "other-token"
-		effect := "allow"
-
-		projWithRole := existingProj.DeepCopy()
-		role := v1alpha1.ProjectRole{Name: roleName, JWTTokens: []v1alpha1.JWTToken{{IssuedAt: 1}}}
-		invalidPolicy := fmt.Sprintf(policyTemplate, projWithRole.Name, otherToken, action, projWithRole.Name, object, effect)
-		role.Policies = append(role.Policies, invalidPolicy)
-		projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role)
-
-		projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithRole), enforcer, util.NewKeyLock(), nil)
-		request := &ProjectUpdateRequest{Project: projWithRole}
-		_, err := projectServer.Update(context.Background(), request)
-		expectedErr := fmt.Sprintf("rpc error: code = InvalidArgument desc = incorrect policy format for '%s' as policy can't grant access to other roles", invalidPolicy)
-		assert.EqualError(t, err, expectedErr)
-	})
-
-	t.Run("TestValidateProjectInvalidEffectFailure", func(t *testing.T) {
-		action := "create"
-		object := "testApplication"
-		roleName := "testRole"
-		effect := "testEffect"
-
-		projWithRole := existingProj.DeepCopy()
-		role := v1alpha1.ProjectRole{Name: roleName, JWTTokens: []v1alpha1.JWTToken{{IssuedAt: 1}}}
-		invalidPolicy := fmt.Sprintf(policyTemplate, projWithRole.Name, roleName, action, projWithRole.Name, object, effect)
-		role.Policies = append(role.Policies, invalidPolicy)
-		projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role)
-
-		projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithRole), enforcer, util.NewKeyLock(), nil)
-		request := &ProjectUpdateRequest{Project: projWithRole}
-		_, err := projectServer.Update(context.Background(), request)
-		expectedErr := fmt.Sprintf("rpc error: code = InvalidArgument desc = incorrect policy format for '%s' as effect can only have value 'allow' or 'deny'", invalidPolicy)
-		assert.EqualError(t, err, expectedErr)
-	})
 }
--- a/server/repository/repository.go
+++ b/server/repository/repository.go
@@ -86,11 +86,6 @@ func (s *Server) ListApps(ctx context.Context, q *RepoAppsQuery) (*RepoAppsRespo
 		return nil, err
 	}

-	kustomizationRes, err := repoClient.ListDir(ctx, &repository.ListDirRequest{Repo: repo, Revision: revision, Path: "*kustomization.yaml"})
-	if err != nil {
-		return nil, err
-	}
-
 	items := make([]*AppInfo, 0)

 	for i := range ksonnetRes.Items {
@@ -101,10 +96,6 @@ func (s *Server) ListApps(ctx context.Context, q *RepoAppsQuery) (*RepoAppsRespo
 		items = append(items, &AppInfo{Type: string(repository.AppSourceHelm), Path: helmRes.Items[i]})
 	}

-	for i := range kustomizationRes.Items {
-		items = append(items, &AppInfo{Type: string(repository.AppSourceKustomize), Path: kustomizationRes.Items[i]})
-	}
-
 	return &RepoAppsResponse{Items: items}, nil
 }

@@ -171,15 +162,9 @@ func (s *Server) GetAppDetails(ctx context.Context, q *RepoAppDetailsQuery) (*Re
 			Type: string(appSourceType),
 			Helm: &appSpec,
 		}, nil
-	case repository.AppSourceKustomize:
-		appSpec := KustomizeAppSpec{
-			Path: q.Path,
-		}
-		return &RepoAppDetailsResponse{
-			Type:      string(appSourceType),
-			Kustomize: &appSpec,
-		}, nil
+
 	}
+
 	return nil, status.Errorf(codes.InvalidArgument, "specified application path is not supported")
 }

--- a/server/repository/repository.pb.go
+++ b/server/repository/repository.pb.go
@@ -19,7 +19,6 @@
 		RepoAppsResponse
 		KsonnetAppSpec
 		HelmAppSpec
-		KustomizeAppSpec
 		KsonnetEnvironment
 		KsonnetEnvironmentDestination
 		RepoQuery
@@ -138,10 +137,9 @@ func (m *RepoAppDetailsQuery) GetPath() string {

 // RepoAppDetailsResponse application details
 type RepoAppDetailsResponse struct {
-	Type      string            `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
-	Ksonnet   *KsonnetAppSpec   `protobuf:"bytes,2,opt,name=ksonnet" json:"ksonnet,omitempty"`
-	Helm      *HelmAppSpec      `protobuf:"bytes,3,opt,name=helm" json:"helm,omitempty"`
-	Kustomize *KustomizeAppSpec `protobuf:"bytes,4,opt,name=kustomize" json:"kustomize,omitempty"`
+	Type    string          `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
+	Ksonnet *KsonnetAppSpec `protobuf:"bytes,2,opt,name=ksonnet" json:"ksonnet,omitempty"`
+	Helm    *HelmAppSpec    `protobuf:"bytes,3,opt,name=helm" json:"helm,omitempty"`
 }

 func (m *RepoAppDetailsResponse) Reset()                    { *m = RepoAppDetailsResponse{} }
@@ -170,13 +168,6 @@ func (m *RepoAppDetailsResponse) GetHelm() *HelmAppSpec {
 	return nil
 }

-func (m *RepoAppDetailsResponse) GetKustomize() *KustomizeAppSpec {
-	if m != nil {
-		return m.Kustomize
-	}
-	return nil
-}
-
 // RepoAppsResponse contains applications of specified repository
 type RepoAppsResponse struct {
 	Items []*AppInfo `protobuf:"bytes,1,rep,name=items" json:"items,omitempty"`
@@ -261,23 +252,6 @@ func (m *HelmAppSpec) GetValueFiles() []string {
 	return nil
 }

-// KustomizeAppSpec contains kustomize app name and path in source repo
-type KustomizeAppSpec struct {
-	Path string `protobuf:"bytes,1,opt,name=path,proto3" json:"path,omitempty"`
-}
-
-func (m *KustomizeAppSpec) Reset()                    { *m = KustomizeAppSpec{} }
-func (m *KustomizeAppSpec) String() string            { return proto.CompactTextString(m) }
-func (*KustomizeAppSpec) ProtoMessage()               {}
-func (*KustomizeAppSpec) Descriptor() ([]byte, []int) { return fileDescriptorRepository, []int{7} }
-
-func (m *KustomizeAppSpec) GetPath() string {
-	if m != nil {
-		return m.Path
-	}
-	return ""
-}
-
 type KsonnetEnvironment struct {
 	// Name is the user defined name of an environment
 	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
@@ -292,7 +266,7 @@ type KsonnetEnvironment struct {
 func (m *KsonnetEnvironment) Reset()                    { *m = KsonnetEnvironment{} }
 func (m *KsonnetEnvironment) String() string            { return proto.CompactTextString(m) }
 func (*KsonnetEnvironment) ProtoMessage()               {}
-func (*KsonnetEnvironment) Descriptor() ([]byte, []int) { return fileDescriptorRepository, []int{8} }
+func (*KsonnetEnvironment) Descriptor() ([]byte, []int) { return fileDescriptorRepository, []int{7} }

 func (m *KsonnetEnvironment) GetName() string {
 	if m != nil {
@@ -333,7 +307,7 @@ func (m *KsonnetEnvironmentDestination) Reset()         { *m = KsonnetEnvironmen
 func (m *KsonnetEnvironmentDestination) String() string { return proto.CompactTextString(m) }
 func (*KsonnetEnvironmentDestination) ProtoMessage()    {}
 func (*KsonnetEnvironmentDestination) Descriptor() ([]byte, []int) {
-	return fileDescriptorRepository, []int{9}
+	return fileDescriptorRepository, []int{8}
 }

 func (m *KsonnetEnvironmentDestination) GetServer() string {
@@ -358,7 +332,7 @@ type RepoQuery struct {
 func (m *RepoQuery) Reset()                    { *m = RepoQuery{} }
 func (m *RepoQuery) String() string            { return proto.CompactTextString(m) }
 func (*RepoQuery) ProtoMessage()               {}
-func (*RepoQuery) Descriptor() ([]byte, []int) { return fileDescriptorRepository, []int{10} }
+func (*RepoQuery) Descriptor() ([]byte, []int) { return fileDescriptorRepository, []int{9} }

 func (m *RepoQuery) GetRepo() string {
 	if m != nil {
@@ -373,7 +347,7 @@ type RepoResponse struct {
 func (m *RepoResponse) Reset()                    { *m = RepoResponse{} }
 func (m *RepoResponse) String() string            { return proto.CompactTextString(m) }
 func (*RepoResponse) ProtoMessage()               {}
-func (*RepoResponse) Descriptor() ([]byte, []int) { return fileDescriptorRepository, []int{11} }
+func (*RepoResponse) Descriptor() ([]byte, []int) { return fileDescriptorRepository, []int{10} }

 type RepoCreateRequest struct {
 	Repo   *github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.Repository `protobuf:"bytes,1,opt,name=repo" json:"repo,omitempty"`
@@ -383,7 +357,7 @@ type RepoCreateRequest struct {
 func (m *RepoCreateRequest) Reset()                    { *m = RepoCreateRequest{} }
 func (m *RepoCreateRequest) String() string            { return proto.CompactTextString(m) }
 func (*RepoCreateRequest) ProtoMessage()               {}
-func (*RepoCreateRequest) Descriptor() ([]byte, []int) { return fileDescriptorRepository, []int{12} }
+func (*RepoCreateRequest) Descriptor() ([]byte, []int) { return fileDescriptorRepository, []int{11} }

 func (m *RepoCreateRequest) GetRepo() *github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.Repository {
 	if m != nil {
@@ -406,7 +380,7 @@ type RepoUpdateRequest struct {
 func (m *RepoUpdateRequest) Reset()                    { *m = RepoUpdateRequest{} }
 func (m *RepoUpdateRequest) String() string            { return proto.CompactTextString(m) }
 func (*RepoUpdateRequest) ProtoMessage()               {}
-func (*RepoUpdateRequest) Descriptor() ([]byte, []int) { return fileDescriptorRepository, []int{13} }
+func (*RepoUpdateRequest) Descriptor() ([]byte, []int) { return fileDescriptorRepository, []int{12} }

 func (m *RepoUpdateRequest) GetRepo() *github_com_argoproj_argo_cd_pkg_apis_application_v1alpha1.Repository {
 	if m != nil {
@@ -423,7 +397,6 @@ func init() {
 	proto.RegisterType((*RepoAppsResponse)(nil), "repository.RepoAppsResponse")
 	proto.RegisterType((*KsonnetAppSpec)(nil), "repository.KsonnetAppSpec")
 	proto.RegisterType((*HelmAppSpec)(nil), "repository.HelmAppSpec")
-	proto.RegisterType((*KustomizeAppSpec)(nil), "repository.KustomizeAppSpec")
 	proto.RegisterType((*KsonnetEnvironment)(nil), "repository.KsonnetEnvironment")
 	proto.RegisterType((*KsonnetEnvironmentDestination)(nil), "repository.KsonnetEnvironmentDestination")
 	proto.RegisterType((*RepoQuery)(nil), "repository.RepoQuery")
@@ -853,16 +826,6 @@ func (m *RepoAppDetailsResponse) MarshalTo(dAtA []byte) (int, error) {
 		}
 		i += n2
 	}
-	if m.Kustomize != nil {
-		dAtA[i] = 0x22
-		i++
-		i = encodeVarintRepository(dAtA, i, uint64(m.Kustomize.Size()))
-		n3, err := m.Kustomize.MarshalTo(dAtA[i:])
-		if err != nil {
-			return 0, err
-		}
-		i += n3
-	}
 	return i, nil
 }

@@ -943,11 +906,11 @@ func (m *KsonnetAppSpec) MarshalTo(dAtA []byte) (int, error) {
 				dAtA[i] = 0x12
 				i++
 				i = encodeVarintRepository(dAtA, i, uint64(v.Size()))
-				n4, err := v.MarshalTo(dAtA[i:])
+				n3, err := v.MarshalTo(dAtA[i:])
 				if err != nil {
 					return 0, err
 				}
-				i += n4
+				i += n3
 			}
 		}
 	}
@@ -999,30 +962,6 @@ func (m *HelmAppSpec) MarshalTo(dAtA []byte) (int, error) {
 	return i, nil
 }

-func (m *KustomizeAppSpec) Marshal() (dAtA []byte, err error) {
-	size := m.Size()
-	dAtA = make([]byte, size)
-	n, err := m.MarshalTo(dAtA)
-	if err != nil {
-		return nil, err
-	}
-	return dAtA[:n], nil
-}
-
-func (m *KustomizeAppSpec) MarshalTo(dAtA []byte) (int, error) {
-	var i int
-	_ = i
-	var l int
-	_ = l
-	if len(m.Path) > 0 {
-		dAtA[i] = 0xa
-		i++
-		i = encodeVarintRepository(dAtA, i, uint64(len(m.Path)))
-		i += copy(dAtA[i:], m.Path)
-	}
-	return i, nil
-}
-
 func (m *KsonnetEnvironment) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
@@ -1060,11 +999,11 @@ func (m *KsonnetEnvironment) MarshalTo(dAtA []byte) (int, error) {
 		dAtA[i] = 0x22
 		i++
 		i = encodeVarintRepository(dAtA, i, uint64(m.Destination.Size()))
-		n5, err := m.Destination.MarshalTo(dAtA[i:])
+		n4, err := m.Destination.MarshalTo(dAtA[i:])
 		if err != nil {
 			return 0, err
 		}
-		i += n5
+		i += n4
 	}
 	return i, nil
 }
@@ -1160,11 +1099,11 @@ func (m *RepoCreateRequest) MarshalTo(dAtA []byte) (int, error) {
 		dAtA[i] = 0xa
 		i++
 		i = encodeVarintRepository(dAtA, i, uint64(m.Repo.Size()))
-		n6, err := m.Repo.MarshalTo(dAtA[i:])
+		n5, err := m.Repo.MarshalTo(dAtA[i:])
 		if err != nil {
 			return 0, err
 		}
-		i += n6
+		i += n5
 	}
 	if m.Upsert {
 		dAtA[i] = 0x10
@@ -1198,11 +1137,11 @@ func (m *RepoUpdateRequest) MarshalTo(dAtA []byte) (int, error) {
 		dAtA[i] = 0xa
 		i++
 		i = encodeVarintRepository(dAtA, i, uint64(m.Repo.Size()))
-		n7, err := m.Repo.MarshalTo(dAtA[i:])
+		n6, err := m.Repo.MarshalTo(dAtA[i:])
 		if err != nil {
 			return 0, err
 		}
-		i += n7
+		i += n6
 	}
 	return i, nil
 }
@@ -1277,10 +1216,6 @@ func (m *RepoAppDetailsResponse) Size() (n int) {
 		l = m.Helm.Size()
 		n += 1 + l + sovRepository(uint64(l))
 	}
-	if m.Kustomize != nil {
-		l = m.Kustomize.Size()
-		n += 1 + l + sovRepository(uint64(l))
-	}
 	return n
 }

@@ -1343,16 +1278,6 @@ func (m *HelmAppSpec) Size() (n int) {
 	return n
 }

-func (m *KustomizeAppSpec) Size() (n int) {
-	var l int
-	_ = l
-	l = len(m.Path)
-	if l > 0 {
-		n += 1 + l + sovRepository(uint64(l))
-	}
-	return n
-}
-
 func (m *KsonnetEnvironment) Size() (n int) {
 	var l int
 	_ = l
@@ -1918,39 +1843,6 @@ func (m *RepoAppDetailsResponse) Unmarshal(dAtA []byte) error {
 				return err
 			}
 			iNdEx = postIndex
-		case 4:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Kustomize", wireType)
-			}
-			var msglen int
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowRepository
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				msglen |= (int(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			if msglen < 0 {
-				return ErrInvalidLengthRepository
-			}
-			postIndex := iNdEx + msglen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			if m.Kustomize == nil {
-				m.Kustomize = &KustomizeAppSpec{}
-			}
-			if err := m.Kustomize.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
-				return err
-			}
-			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipRepository(dAtA[iNdEx:])
@@ -2421,85 +2313,6 @@ func (m *HelmAppSpec) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
-func (m *KustomizeAppSpec) Unmarshal(dAtA []byte) error {
-	l := len(dAtA)
-	iNdEx := 0
-	for iNdEx < l {
-		preIndex := iNdEx
-		var wire uint64
-		for shift := uint(0); ; shift += 7 {
-			if shift >= 64 {
-				return ErrIntOverflowRepository
-			}
-			if iNdEx >= l {
-				return io.ErrUnexpectedEOF
-			}
-			b := dAtA[iNdEx]
-			iNdEx++
-			wire |= (uint64(b) & 0x7F) << shift
-			if b < 0x80 {
-				break
-			}
-		}
-		fieldNum := int32(wire >> 3)
-		wireType := int(wire & 0x7)
-		if wireType == 4 {
-			return fmt.Errorf("proto: KustomizeAppSpec: wiretype end group for non-group")
-		}
-		if fieldNum <= 0 {
-			return fmt.Errorf("proto: KustomizeAppSpec: illegal tag %d (wire type %d)", fieldNum, wire)
-		}
-		switch fieldNum {
-		case 1:
-			if wireType != 2 {
-				return fmt.Errorf("proto: wrong wireType = %d for field Path", wireType)
-			}
-			var stringLen uint64
-			for shift := uint(0); ; shift += 7 {
-				if shift >= 64 {
-					return ErrIntOverflowRepository
-				}
-				if iNdEx >= l {
-					return io.ErrUnexpectedEOF
-				}
-				b := dAtA[iNdEx]
-				iNdEx++
-				stringLen |= (uint64(b) & 0x7F) << shift
-				if b < 0x80 {
-					break
-				}
-			}
-			intStringLen := int(stringLen)
-			if intStringLen < 0 {
-				return ErrInvalidLengthRepository
-			}
-			postIndex := iNdEx + intStringLen
-			if postIndex > l {
-				return io.ErrUnexpectedEOF
-			}
-			m.Path = string(dAtA[iNdEx:postIndex])
-			iNdEx = postIndex
-		default:
-			iNdEx = preIndex
-			skippy, err := skipRepository(dAtA[iNdEx:])
-			if err != nil {
-				return err
-			}
-			if skippy < 0 {
-				return ErrInvalidLengthRepository
-			}
-			if (iNdEx + skippy) > l {
-				return io.ErrUnexpectedEOF
-			}
-			iNdEx += skippy
-		}
-	}
-
-	if iNdEx > l {
-		return io.ErrUnexpectedEOF
-	}
-	return nil
-}
 func (m *KsonnetEnvironment) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
@@ -3201,62 +3014,60 @@ var (
 func init() { proto.RegisterFile("server/repository/repository.proto", fileDescriptorRepository) }

 var fileDescriptorRepository = []byte{
-	// 911 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x56, 0x4f, 0x6f, 0x5b, 0x45,
-	0x10, 0xd7, 0xc6, 0xa9, 0x13, 0x8f, 0xdb, 0x2a, 0xdd, 0x96, 0x60, 0x1e, 0x8e, 0x1b, 0x2d, 0x12,
-	0x24, 0x40, 0xdf, 0x53, 0x4c, 0x0f, 0x51, 0x10, 0x42, 0x81, 0x84, 0x12, 0x95, 0x03, 0xbc, 0x2a,
-	0x48, 0xe5, 0x40, 0xf5, 0x6a, 0x0f, 0xce, 0x62, 0xfb, 0xed, 0xf2, 0x76, 0x6d, 0xc9, 0x54, 0xb9,
-	0x20, 0x51, 0x71, 0x86, 0x3b, 0x77, 0xee, 0x7c, 0x08, 0x24, 0x2e, 0x48, 0x7c, 0x01, 0x14, 0x71,
-	0xe3, 0x4b, 0xa0, 0xdd, 0xf7, 0xc7, 0xeb, 0xf8, 0xd9, 0x20, 0x14, 0x71, 0x9b, 0x9d, 0xfd, 0xcd,
-	0xcc, 0x6f, 0x67, 0x66, 0x67, 0x17, 0x98, 0xc2, 0x64, 0x8c, 0x49, 0x90, 0xa0, 0x14, 0x8a, 0x6b,
-	0x91, 0x4c, 0x1c, 0xd1, 0x97, 0x89, 0xd0, 0x82, 0xc2, 0x54, 0xe3, 0xdd, 0xe9, 0x89, 0x9e, 0xb0,
-	0xea, 0xc0, 0x48, 0x29, 0xc2, 0x6b, 0xf6, 0x84, 0xe8, 0x0d, 0x30, 0x88, 0x24, 0x0f, 0xa2, 0x38,
-	0x16, 0x3a, 0xd2, 0x5c, 0xc4, 0x2a, 0xdb, 0x65, 0xfd, 0x7d, 0xe5, 0x73, 0x61, 0x77, 0x3b, 0x22,
-	0xc1, 0x60, 0xbc, 0x17, 0xf4, 0x30, 0xc6, 0x24, 0xd2, 0xd8, 0xcd, 0x30, 0x27, 0x3d, 0xae, 0xcf,
-	0x46, 0x4f, 0xfd, 0x8e, 0x18, 0x06, 0x51, 0x62, 0x43, 0x7c, 0x69, 0x85, 0x7b, 0x9d, 0x6e, 0x20,
-	0xfb, 0x3d, 0x63, 0xac, 0x82, 0x48, 0xca, 0x01, 0xef, 0x58, 0xe7, 0xc1, 0x78, 0x2f, 0x1a, 0xc8,
-	0xb3, 0x68, 0xce, 0x15, 0x7b, 0x17, 0x6e, 0x84, 0x28, 0xc5, 0xa1, 0x94, 0xea, 0x93, 0x11, 0x26,
-	0x13, 0x4a, 0x61, 0xd5, 0x9c, 0xa0, 0x41, 0xb6, 0xc9, 0x4e, 0x2d, 0xb4, 0x32, 0xf5, 0x60, 0x3d,
-	0xc1, 0x31, 0x57, 0x5c, 0xc4, 0x8d, 0x15, 0xab, 0x2f, 0xd6, 0x6c, 0x0f, 0xd6, 0x0e, 0xa5, 0x3c,
-	0x89, 0xbf, 0x10, 0xc6, 0x54, 0x4f, 0x24, 0xe6, 0xa6, 0x46, 0x36, 0x3a, 0x19, 0xe9, 0xb3, 0xcc,
-	0xcc, 0xca, 0xec, 0x31, 0xdc, 0xce, 0x62, 0x1e, 0xa1, 0x8e, 0xf8, 0xe0, 0xbf, 0x45, 0x2e, 0x5c,
-	0x57, 0x1c, 0xd7, 0xbf, 0x12, 0xd8, 0x9c, 0xf5, 0x1d, 0xa2, 0x92, 0x22, 0x56, 0x58, 0xca, 0xee,
-	0x3e, 0xac, 0xf5, 0x95, 0x88, 0x63, 0xd4, 0xd6, 0x7b, 0xbd, 0xed, 0xf9, 0x4e, 0x41, 0x1f, 0xa6,
-	0x5b, 0x87, 0x52, 0x3e, 0x92, 0xd8, 0x09, 0x73, 0x28, 0x7d, 0x03, 0x56, 0xcf, 0x70, 0x30, 0xb4,
-	0x81, 0xeb, 0xed, 0x17, 0x5d, 0x93, 0x0f, 0x71, 0x30, 0xcc, 0xf1, 0x16, 0x44, 0x0f, 0xa0, 0xd6,
-	0x1f, 0x29, 0x2d, 0x86, 0xfc, 0x6b, 0x6c, 0xac, 0x5a, 0x8b, 0xe6, 0x4c, 0x90, 0x7c, 0x33, 0x37,
-	0x9b, 0xc2, 0xd9, 0x3b, 0xb0, 0x91, 0x17, 0xa7, 0x38, 0xc6, 0x2e, 0x5c, 0xe3, 0x1a, 0x87, 0xaa,
-	0x41, 0xb6, 0x2b, 0x3b, 0xf5, 0xf6, 0x6d, 0xd7, 0x57, 0x56, 0x88, 0x30, 0x45, 0xb0, 0xbf, 0x08,
-	0xdc, 0x9c, 0x3d, 0x83, 0x49, 0x42, 0x1c, 0x0d, 0x8b, 0x24, 0x18, 0xb9, 0xac, 0x44, 0xf4, 0x63,
-	0xb8, 0x8e, 0xf1, 0x98, 0x27, 0x22, 0x1e, 0x62, 0xac, 0x55, 0xa3, 0x62, 0x83, 0xbd, 0xb9, 0x38,
-	0x3b, 0xfe, 0xb1, 0x03, 0x3f, 0x8e, 0x75, 0x32, 0x09, 0x67, 0x3c, 0x78, 0x4f, 0xe0, 0xd6, 0x1c,
-	0x84, 0x6e, 0x40, 0xa5, 0x8f, 0x93, 0x8c, 0x8d, 0x11, 0xe9, 0x7d, 0xb8, 0x36, 0x8e, 0x06, 0x23,
-	0xcc, 0xea, 0xd1, 0x2a, 0x89, 0xe8, 0xb8, 0x09, 0x53, 0xf0, 0xc1, 0xca, 0x3e, 0x61, 0xa7, 0x50,
-	0x77, 0xb2, 0xff, 0xaf, 0x4f, 0xda, 0x02, 0xb0, 0x3e, 0x3e, 0xe0, 0x03, 0x4c, 0xcf, 0x59, 0x0b,
-	0x1d, 0x0d, 0x7b, 0x15, 0x36, 0x2e, 0x97, 0xa8, 0xf0, 0x43, 0x9c, 0xce, 0xfb, 0x89, 0x00, 0x9d,
-	0x27, 0x58, 0x4a, 0xa3, 0x05, 0xd0, 0xdf, 0x57, 0x9f, 0x62, 0xe2, 0xb4, 0xb5, 0xa3, 0x29, 0x6b,
-	0x6c, 0xfa, 0x10, 0xea, 0x5d, 0x54, 0x9a, 0xc7, 0xf6, 0x3e, 0x67, 0x8d, 0xb4, 0xbb, 0x3c, 0x3b,
-	0x47, 0x53, 0x83, 0xd0, 0xb5, 0x66, 0xa7, 0xb0, 0xb5, 0x14, 0x4d, 0x37, 0xa1, 0x9a, 0x8e, 0xba,
-	0x8c, 0x77, 0xb6, 0xa2, 0x4d, 0xa8, 0x99, 0x13, 0x28, 0x19, 0x75, 0x30, 0x23, 0x3e, 0x55, 0xb0,
-	0xbb, 0x50, 0x33, 0xed, 0xba, 0xf0, 0x36, 0xb3, 0x9b, 0x70, 0xdd, 0x00, 0xf2, 0x5e, 0x66, 0xcf,
-	0x09, 0xdc, 0x32, 0x8a, 0xf7, 0x13, 0x8c, 0x34, 0x86, 0xf8, 0xd5, 0x08, 0x95, 0xa6, 0x8f, 0x1d,
-	0xcb, 0x7a, 0xfb, 0xd8, 0x9f, 0x0e, 0x3b, 0x3f, 0x1f, 0x76, 0x56, 0x78, 0xd2, 0xe9, 0xfa, 0xb2,
-	0xdf, 0xf3, 0xcd, 0xb0, 0xf3, 0x9d, 0x61, 0xe7, 0xe7, 0xc3, 0xce, 0x0f, 0x8b, 0xec, 0x64, 0xe3,
-	0x64, 0x13, 0xaa, 0x23, 0xa9, 0x30, 0x49, 0xaf, 0xfb, 0x7a, 0x98, 0xad, 0x58, 0x9c, 0xf2, 0x38,
-	0x95, 0xdd, 0xff, 0x85, 0x47, 0xfb, 0xe7, 0xb5, 0x34, 0x60, 0xaa, 0x7c, 0x84, 0xc9, 0x98, 0x77,
-	0x90, 0x3e, 0x27, 0xb0, 0xfa, 0x11, 0x57, 0x9a, 0xbe, 0xe0, 0xd6, 0xb5, 0x48, 0xa9, 0x77, 0x72,
-	0x25, 0x14, 0x4c, 0x04, 0xd6, 0xfc, 0xe6, 0xf7, 0x3f, 0x7f, 0x58, 0xd9, 0xa4, 0x77, 0xec, 0x3b,
-	0x33, 0xde, 0x9b, 0xbe, 0x63, 0x1c, 0x15, 0x1d, 0xc2, 0xba, 0x41, 0x99, 0xb9, 0x43, 0x5f, 0xba,
-	0xcc, 0xa5, 0x78, 0x2a, 0xbc, 0x66, 0xd9, 0x56, 0x51, 0xdc, 0x1d, 0x1b, 0x82, 0xd1, 0xed, 0xb2,
-	0x10, 0xc1, 0x33, 0xb3, 0x3a, 0x37, 0x6f, 0x94, 0xa2, 0xdf, 0x12, 0xb8, 0xf1, 0xc0, 0x4e, 0x92,
-	0x6c, 0x66, 0xd3, 0xbb, 0x25, 0x9e, 0xdd, 0xb7, 0xc2, 0x63, 0x8b, 0x01, 0x05, 0x81, 0xc0, 0x12,
-	0xd8, 0xa5, 0xaf, 0xfd, 0x13, 0x81, 0xe0, 0x99, 0xb9, 0x62, 0xe7, 0xf4, 0x7b, 0x02, 0xd5, 0xb4,
-	0x15, 0xe9, 0xd6, 0x65, 0xff, 0x33, 0x2d, 0xea, 0x5d, 0x4d, 0x33, 0x30, 0x66, 0x19, 0x36, 0x59,
-	0x69, 0x15, 0x0e, 0xd2, 0x96, 0xfd, 0x8e, 0x40, 0xe5, 0x01, 0x2e, 0xec, 0x89, 0x2b, 0x62, 0xf2,
-	0x8a, 0x65, 0xb2, 0x45, 0x5f, 0x5e, 0x92, 0x2b, 0xfa, 0x23, 0x81, 0x6a, 0x7a, 0x45, 0xe6, 0xf3,
-	0x33, 0x73, 0x75, 0xae, 0x8a, 0x95, 0x6f, 0x59, 0xed, 0x78, 0x4b, 0x5a, 0xc8, 0xf2, 0x38, 0xcf,
-	0x72, 0xf5, 0x39, 0x54, 0x8f, 0x70, 0x80, 0x1a, 0x17, 0x65, 0xab, 0x71, 0x59, 0x5d, 0x34, 0x4b,
-	0x96, 0x80, 0xd7, 0x97, 0x25, 0xe0, 0xbd, 0xb7, 0x7f, 0xb9, 0x68, 0x91, 0xdf, 0x2e, 0x5a, 0xe4,
-	0x8f, 0x8b, 0x16, 0xf9, 0xec, 0xde, 0xb2, 0x5f, 0xd8, 0xdc, 0x4f, 0xf1, 0x69, 0xd5, 0x7e, 0xb8,
-	0xde, 0xfa, 0x3b, 0x00, 0x00, 0xff, 0xff, 0xe5, 0x27, 0xab, 0x67, 0x45, 0x0a, 0x00, 0x00,
+	// 880 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x56, 0x4f, 0x6f, 0x1b, 0x45,
+	0x14, 0xd7, 0xc6, 0xa9, 0x93, 0x3c, 0xb7, 0x55, 0x3b, 0x2d, 0xc1, 0x2c, 0x8e, 0x1b, 0x0d, 0x07,
+	0x12, 0xa0, 0xbb, 0x8a, 0xe9, 0x21, 0x2a, 0x42, 0x28, 0x90, 0x50, 0xa2, 0x72, 0x80, 0xad, 0x82,
+	0x54, 0x0e, 0x54, 0x5b, 0xfb, 0xe1, 0x2c, 0x5e, 0xcf, 0x0c, 0x33, 0xe3, 0x95, 0xac, 0x2a, 0x17,
+	0x24, 0x22, 0x6e, 0x48, 0x70, 0xe7, 0xce, 0x9d, 0x0f, 0xc1, 0x11, 0x89, 0x2f, 0x80, 0x22, 0x6e,
+	0x7c, 0x09, 0x34, 0xb3, 0xeb, 0xf5, 0x38, 0x5e, 0x1b, 0x84, 0x22, 0x6e, 0x6f, 0xde, 0xbc, 0x3f,
+	0xbf, 0xf7, 0x9b, 0xf7, 0xde, 0x2e, 0x50, 0x85, 0x32, 0x43, 0x19, 0x4a, 0x14, 0x5c, 0x25, 0x9a,
+	0xcb, 0xb1, 0x23, 0x06, 0x42, 0x72, 0xcd, 0x09, 0x4c, 0x35, 0xfe, 0xdd, 0x3e, 0xef, 0x73, 0xab,
+	0x0e, 0x8d, 0x94, 0x5b, 0xf8, 0xad, 0x3e, 0xe7, 0xfd, 0x14, 0xc3, 0x58, 0x24, 0x61, 0xcc, 0x18,
+	0xd7, 0xb1, 0x4e, 0x38, 0x53, 0xc5, 0x2d, 0x1d, 0xec, 0xab, 0x20, 0xe1, 0xf6, 0xb6, 0xcb, 0x25,
+	0x86, 0xd9, 0x5e, 0xd8, 0x47, 0x86, 0x32, 0xd6, 0xd8, 0x2b, 0x6c, 0x8e, 0xfb, 0x89, 0x3e, 0x1d,
+	0x3d, 0x0f, 0xba, 0x7c, 0x18, 0xc6, 0xd2, 0xa6, 0xf8, 0xca, 0x0a, 0xf7, 0xbb, 0xbd, 0x50, 0x0c,
+	0xfa, 0xc6, 0x59, 0x85, 0xb1, 0x10, 0x69, 0xd2, 0xb5, 0xc1, 0xc3, 0x6c, 0x2f, 0x4e, 0xc5, 0x69,
+	0x3c, 0x17, 0x8a, 0xbe, 0x07, 0x37, 0x22, 0x14, 0xfc, 0x40, 0x08, 0xf5, 0xe9, 0x08, 0xe5, 0x98,
+	0x10, 0x58, 0x35, 0x15, 0x34, 0xbd, 0x6d, 0x6f, 0x67, 0x23, 0xb2, 0x32, 0xf1, 0x61, 0x5d, 0x62,
+	0x96, 0xa8, 0x84, 0xb3, 0xe6, 0x8a, 0xd5, 0x97, 0x67, 0xba, 0x07, 0x6b, 0x07, 0x42, 0x1c, 0xb3,
+	0x2f, 0xb9, 0x71, 0xd5, 0x63, 0x81, 0x13, 0x57, 0x23, 0x1b, 0x9d, 0x88, 0xf5, 0x69, 0xe1, 0x66,
+	0x65, 0xfa, 0x14, 0xee, 0x14, 0x39, 0x0f, 0x51, 0xc7, 0x49, 0xfa, 0xdf, 0x32, 0x97, 0xa1, 0x6b,
+	0x4e, 0xe8, 0xef, 0x3d, 0xd8, 0x9c, 0x8d, 0x1d, 0xa1, 0x12, 0x9c, 0x29, 0xac, 0x44, 0xf7, 0x00,
+	0xd6, 0x06, 0x8a, 0x33, 0x86, 0xda, 0x46, 0x6f, 0x74, 0xfc, 0xc0, 0x79, 0xd0, 0xc7, 0xf9, 0xd5,
+	0x81, 0x10, 0x4f, 0x04, 0x76, 0xa3, 0x89, 0x29, 0x79, 0x13, 0x56, 0x4f, 0x31, 0x1d, 0xda, 0xc4,
+	0x8d, 0xce, 0xcb, 0xae, 0xcb, 0x47, 0x98, 0x0e, 0x27, 0xf6, 0xd6, 0x88, 0xbe, 0x0b, 0xb7, 0x26,
+	0x04, 0x97, 0x50, 0x76, 0xe1, 0x5a, 0xa2, 0x71, 0xa8, 0x9a, 0xde, 0x76, 0x6d, 0xa7, 0xd1, 0xb9,
+	0xe3, 0x46, 0x28, 0xc8, 0x8c, 0x72, 0x0b, 0xfa, 0x97, 0x07, 0x37, 0x67, 0x71, 0x98, 0x42, 0x58,
+	0x3c, 0x2c, 0x0b, 0x31, 0x72, 0x15, 0xcd, 0xe4, 0x13, 0xb8, 0x8e, 0x2c, 0x4b, 0x24, 0x67, 0x43,
+	0x64, 0x5a, 0x35, 0x6b, 0x36, 0xd9, 0x5b, 0x8b, 0x2b, 0x0c, 0x8e, 0x1c, 0xf3, 0x23, 0xa6, 0xe5,
+	0x38, 0x9a, 0x89, 0xe0, 0x3f, 0x83, 0xdb, 0x73, 0x26, 0xe4, 0x16, 0xd4, 0x06, 0x38, 0x2e, 0xd0,
+	0x18, 0x91, 0x3c, 0x80, 0x6b, 0x59, 0x9c, 0x8e, 0xb0, 0xe0, 0xb4, 0x5d, 0x91, 0xd1, 0x09, 0x13,
+	0xe5, 0xc6, 0x0f, 0x57, 0xf6, 0x3d, 0x7a, 0x02, 0x0d, 0x87, 0xc1, 0x7f, 0x5d, 0x69, 0x1b, 0xc0,
+	0xc6, 0xf8, 0x30, 0x49, 0x31, 0xaf, 0x73, 0x23, 0x72, 0x34, 0xf4, 0x67, 0x0f, 0xc8, 0x7c, 0xe2,
+	0xca, 0xf0, 0x6d, 0x80, 0xc1, 0xbe, 0xfa, 0x0c, 0xa5, 0xd3, 0x72, 0x8e, 0xa6, 0xaa, 0xe9, 0xc8,
+	0x63, 0x68, 0xf4, 0x50, 0xe9, 0x84, 0xd9, 0x59, 0x6b, 0xae, 0xda, 0xaa, 0x77, 0x97, 0x57, 0x7d,
+	0x38, 0x75, 0x88, 0x5c, 0x6f, 0x7a, 0x02, 0x5b, 0x4b, 0xad, 0xc9, 0x26, 0xd4, 0xf3, 0x35, 0x54,
+	0xe0, 0x2e, 0x4e, 0xa4, 0x05, 0x1b, 0xa6, 0x02, 0x25, 0xe2, 0x2e, 0x16, 0xc0, 0xa7, 0x0a, 0x7a,
+	0x0f, 0x36, 0x4c, 0x1b, 0x2e, 0x9c, 0x34, 0x7a, 0x13, 0xae, 0x1b, 0x83, 0x49, 0x8f, 0xd2, 0x73,
+	0x0f, 0x6e, 0x1b, 0xc5, 0x07, 0x12, 0x63, 0x8d, 0x11, 0x7e, 0x3d, 0x42, 0xa5, 0xc9, 0x53, 0xc7,
+	0xb3, 0xd1, 0x39, 0x0a, 0xa6, 0x8b, 0x28, 0x98, 0x2c, 0x22, 0x2b, 0x3c, 0xeb, 0xf6, 0x02, 0x31,
+	0xe8, 0x07, 0x66, 0x11, 0x05, 0xce, 0x22, 0x0a, 0x26, 0x8b, 0x28, 0x88, 0x4a, 0x76, 0x8a, 0x51,
+	0xdf, 0x84, 0xfa, 0x48, 0x28, 0x94, 0xf9, 0x28, 0xae, 0x47, 0xc5, 0x89, 0xb2, 0x1c, 0xc7, 0x89,
+	0xe8, 0xfd, 0x2f, 0x38, 0x3a, 0xbf, 0xac, 0xe5, 0x09, 0x73, 0xe5, 0x13, 0x94, 0x59, 0xd2, 0x45,
+	0x72, 0xee, 0xc1, 0xea, 0xc7, 0x89, 0xd2, 0xe4, 0x25, 0xf7, 0x5d, 0x4b, 0x4a, 0xfd, 0xe3, 0x2b,
+	0x81, 0x60, 0x32, 0xd0, 0xd6, 0x37, 0xbf, 0xff, 0xf9, 0xe3, 0xca, 0x26, 0xb9, 0x6b, 0xbf, 0x01,
+	0xd9, 0xde, 0xf4, 0x1b, 0x93, 0xa0, 0x22, 0x43, 0x58, 0x37, 0x56, 0x66, 0x9f, 0x90, 0x57, 0x2e,
+	0x63, 0x29, 0xd7, 0xb8, 0xdf, 0xaa, 0xba, 0x2a, 0x1f, 0x77, 0xc7, 0xa6, 0xa0, 0x64, 0xbb, 0x2a,
+	0x45, 0xf8, 0xc2, 0x9c, 0xce, 0xcc, 0xf7, 0x43, 0x91, 0x6f, 0x3d, 0xb8, 0xf1, 0xc8, 0x6e, 0x88,
+	0x62, 0x9f, 0x92, 0x7b, 0x15, 0x91, 0xdd, 0x3d, 0xee, 0xd3, 0xc5, 0x06, 0x25, 0x80, 0xd0, 0x02,
+	0xd8, 0x25, 0xaf, 0xff, 0x13, 0x80, 0xf0, 0x85, 0x19, 0xb1, 0x33, 0xf2, 0x83, 0x07, 0xf5, 0xbc,
+	0x15, 0xc9, 0xd6, 0xe5, 0xf8, 0x33, 0x2d, 0xea, 0x5f, 0x4d, 0x33, 0x50, 0x6a, 0x11, 0xb6, 0x68,
+	0xe5, 0x2b, 0x3c, 0xcc, 0x5b, 0xf6, 0x3b, 0x0f, 0x6a, 0x8f, 0x70, 0x61, 0x4f, 0x5c, 0x11, 0x92,
+	0xd7, 0x2c, 0x92, 0x2d, 0xf2, 0xea, 0x12, 0xae, 0xc8, 0x4f, 0x1e, 0xd4, 0xf3, 0x11, 0x99, 0xe7,
+	0x67, 0x66, 0x74, 0xae, 0x0a, 0x55, 0x60, 0x51, 0xed, 0xf8, 0x4b, 0x5a, 0xc8, 0xe2, 0x38, 0x2b,
+	0xb8, 0xfa, 0x02, 0xea, 0x87, 0x98, 0xa2, 0xc6, 0x45, 0x6c, 0x35, 0x2f, 0xab, 0xcb, 0x66, 0x29,
+	0x08, 0x78, 0x63, 0x19, 0x01, 0xef, 0xbf, 0xf3, 0xeb, 0x45, 0xdb, 0xfb, 0xed, 0xa2, 0xed, 0xfd,
+	0x71, 0xd1, 0xf6, 0x3e, 0xbf, 0xbf, 0xec, 0x0f, 0x69, 0xee, 0x2f, 0xee, 0x79, 0xdd, 0xfe, 0x0c,
+	0xbd, 0xfd, 0x77, 0x00, 0x00, 0x00, 0xff, 0xff, 0xed, 0x5f, 0xa2, 0x2b, 0xe1, 0x09, 0x00, 0x00,
 }
--- a/server/repository/repository.proto
+++ b/server/repository/repository.proto
@@ -36,7 +36,6 @@ message RepoAppDetailsResponse {
 	string type = 1;
 	KsonnetAppSpec ksonnet = 2;
 	HelmAppSpec helm = 3;
-	KustomizeAppSpec kustomize = 4;
 }

 // RepoAppsResponse contains applications of specified repository
@@ -59,11 +58,6 @@ message HelmAppSpec {
 	repeated string valueFiles = 3;
 }

-// KustomizeAppSpec contains kustomize app name and path in source repo
-message KustomizeAppSpec {
-	string path = 1;
-}
-
 message KsonnetEnvironment {
    // Name is the user defined name of an environment
    string name = 1;
--- a/server/server.go
+++ b/server/server.go
@@ -12,7 +12,6 @@ import (
 	"strings"
 	"time"

-	jwt "github.com/dgrijalva/jwt-go"
 	"github.com/gobuffalo/packr"
 	golang_proto "github.com/golang/protobuf/proto"
 	"github.com/grpc-ecosystem/go-grpc-middleware"
@@ -21,15 +20,12 @@ import (
 	"github.com/grpc-ecosystem/grpc-gateway/runtime"
 	log "github.com/sirupsen/logrus"
 	"github.com/soheilhy/cmux"
-	netCtx "golang.org/x/net/context"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/metadata"
 	"google.golang.org/grpc/reflection"
 	"google.golang.org/grpc/status"
-	apierrors "k8s.io/apimachinery/pkg/api/errors"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/client-go/kubernetes"

@@ -37,7 +33,6 @@ import (
 	"github.com/argoproj/argo-cd/common"
 	"github.com/argoproj/argo-cd/errors"
 	"github.com/argoproj/argo-cd/pkg/apiclient"
-	"github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1"
 	appclientset "github.com/argoproj/argo-cd/pkg/client/clientset/versioned"
 	"github.com/argoproj/argo-cd/reposerver"
 	"github.com/argoproj/argo-cd/server/account"
@@ -53,16 +48,14 @@ import (
 	"github.com/argoproj/argo-cd/util/dex"
 	dexutil "github.com/argoproj/argo-cd/util/dex"
 	grpc_util "github.com/argoproj/argo-cd/util/grpc"
-	"github.com/argoproj/argo-cd/util/healthz"
 	jsonutil "github.com/argoproj/argo-cd/util/json"
-	jwtutil "github.com/argoproj/argo-cd/util/jwt"
-	projectutil "github.com/argoproj/argo-cd/util/project"
 	"github.com/argoproj/argo-cd/util/rbac"
 	util_session "github.com/argoproj/argo-cd/util/session"
 	settings_util "github.com/argoproj/argo-cd/util/settings"
 	"github.com/argoproj/argo-cd/util/swagger"
 	tlsutil "github.com/argoproj/argo-cd/util/tls"
 	"github.com/argoproj/argo-cd/util/webhook"
+	netCtx "golang.org/x/net/context"
 )

 var (
@@ -70,13 +63,6 @@ var (
 	ErrNoSession = status.Errorf(codes.Unauthenticated, "no session information")
 )

-var noCacheHeaders = map[string]string{
-	"Expires":         time.Unix(0, 0).Format(time.RFC1123),
-	"Cache-Control":   "no-cache, private, max-age=0",
-	"Pragma":          "no-cache",
-	"X-Accel-Expires": "0",
-}
-
 var backoff = wait.Backoff{
 	Steps:    5,
 	Duration: 500 * time.Millisecond,
@@ -120,23 +106,6 @@ type ArgoCDServerOpts struct {
 	RepoClientset   reposerver.Clientset
 }

-// initializeDefaultProject creates the default project if it does not already exist
-func initializeDefaultProject(opts ArgoCDServerOpts) error {
-	defaultProj := &v1alpha1.AppProject{
-		ObjectMeta: metav1.ObjectMeta{Name: common.DefaultAppProjectName, Namespace: opts.Namespace},
-		Spec: v1alpha1.AppProjectSpec{
-			SourceRepos:  []string{"*"},
-			Destinations: []v1alpha1.ApplicationDestination{{Server: "*", Namespace: "*"}},
-		},
-	}
-
-	_, err := opts.AppClientset.ArgoprojV1alpha1().AppProjects(opts.Namespace).Create(defaultProj)
-	if apierrors.IsAlreadyExists(err) {
-		return nil
-	}
-	return err
-}
-
 // initializeSettings sets default secret settings (password set to hostname)
 func initializeSettings(settingsMgr *settings_util.SettingsManager, opts ArgoCDServerOpts) (*settings_util.ArgoCDSettings, error) {

@@ -151,11 +120,8 @@ func initializeSettings(settingsMgr *settings_util.SettingsManager, opts ArgoCDS
 // NewServer returns a new instance of the ArgoCD API server
 func NewServer(opts ArgoCDServerOpts) *ArgoCDServer {
 	settingsMgr := settings_util.NewSettingsManager(opts.KubeClientset, opts.Namespace)
-
 	settings, err := initializeSettings(settingsMgr, opts)
 	errors.CheckError(err)
-	err = initializeDefaultProject(opts)
-	errors.CheckError(err)
 	sessionMgr := util_session.NewSessionManager(settings)

 	enf := rbac.NewEnforcer(opts.KubeClientset, opts.Namespace, common.ArgoCDRBACConfigMapName, nil)
@@ -359,7 +325,7 @@ func (a *ArgoCDServer) newGRPCServer() *grpc.Server {
 		grpc_util.ErrorCodeUnaryServerInterceptor(),
 		grpc_util.PanicLoggerUnaryServerInterceptor(a.log),
 	)))
-	a.enf.SetClaimsEnforcerFunc(EnforceClaims(a.enf, a.AppClientset, a.Namespace))
+
 	grpcS := grpc.NewServer(sOpts...)
 	db := db.NewDB(a.Namespace, a.KubeClientset)
 	clusterService := cluster.NewServer(db, a.enf)
@@ -367,7 +333,7 @@ func (a *ArgoCDServer) newGRPCServer() *grpc.Server {
 	sessionService := session.NewServer(a.sessionMgr)
 	projectLock := util.NewKeyLock()
 	applicationService := application.NewServer(a.Namespace, a.KubeClientset, a.AppClientset, a.RepoClientset, db, a.enf, projectLock)
-	projectService := project.NewServer(a.Namespace, a.KubeClientset, a.AppClientset, a.enf, projectLock, a.sessionMgr)
+	projectService := project.NewServer(a.Namespace, a.KubeClientset, a.AppClientset, a.enf, projectLock)
 	settingsService := settings.NewServer(a.settingsMgr)
 	accountService := account.NewServer(a.sessionMgr, a.settingsMgr)
 	version.RegisterVersionServiceServer(grpcS, &version.Server{})
@@ -438,10 +404,6 @@ func (a *ArgoCDServer) newHTTPServer(ctx context.Context, port int) *http.Server
 	mustRegisterGWHandler(project.RegisterProjectServiceHandlerFromEndpoint, ctx, gwmux, endpoint, dOpts)

 	swagger.ServeSwaggerUI(mux, packr.NewBox("."), "/swagger-ui")
-	healthz.ServeHealthCheck(mux, func() error {
-		_, err := a.KubeClientset.(*kubernetes.Clientset).ServerVersion()
-		return err
-	})

 	// Dex reverse proxy and client app and OAuth2 login/callback
 	a.registerDexHandlers(mux)
@@ -463,9 +425,6 @@ func (a *ArgoCDServer) newHTTPServer(ctx context.Context, port int) *http.Server

 			// serve index.html for non file requests to support HTML5 History API
 			if acceptHTML && !fileRequest && (request.Method == "GET" || request.Method == "HEAD") {
-				for k, v := range noCacheHeaders {
-					writer.Header().Set(k, v)
-				}
 				http.ServeFile(writer, request, a.StaticAssetsDir+"/index.html")
 			} else {
 				http.ServeFile(writer, request, a.StaticAssetsDir+request.URL.Path)
@@ -624,71 +583,3 @@ func bug21955WorkaroundInterceptor(ctx context.Context, req interface{}, _ *grpc
 	}
 	return handler(ctx, req)
 }
-
-func EnforceClaims(enf *rbac.Enforcer, a appclientset.Interface, namespace string) func(rvals ...interface{}) bool {
-	return func(rvals ...interface{}) bool {
-		claims, ok := rvals[0].(jwt.Claims)
-		if !ok {
-			if rvals[0] == nil {
-				vals := append([]interface{}{""}, rvals[1:]...)
-				return enf.Enforce(vals...)
-			}
-			return enf.Enforce(rvals...)
-		}
-
-		mapClaims, err := jwtutil.MapClaims(claims)
-		if err != nil {
-			vals := append([]interface{}{""}, rvals[1:]...)
-			return enf.Enforce(vals...)
-		}
-		groups := jwtutil.GetGroups(mapClaims)
-		for _, group := range groups {
-			vals := append([]interface{}{group}, rvals[1:]...)
-			if enf.Enforcer.Enforce(vals...) {
-				return true
-			}
-		}
-
-		user := jwtutil.GetField(mapClaims, "sub")
-		if strings.HasPrefix(user, "proj:") {
-			return enforceProjectToken(enf, a, namespace, user, mapClaims, rvals...)
-		}
-		vals := append([]interface{}{user}, rvals[1:]...)
-		return enf.Enforce(vals...)
-	}
-}
-
-func enforceProjectToken(enf *rbac.Enforcer, a appclientset.Interface, namespace string, user string, claims jwt.MapClaims, rvals ...interface{}) bool {
-	userSplit := strings.Split(user, ":")
-	if len(userSplit) != 3 {
-		return false
-	}
-	projName := userSplit[1]
-	tokenName := userSplit[2]
-	proj, err := a.ArgoprojV1alpha1().AppProjects(namespace).Get(projName, metav1.GetOptions{})
-	if err != nil {
-		return false
-	}
-	index, err := projectutil.GetRoleIndexByName(proj, tokenName)
-	if err != nil {
-		return false
-	}
-	if proj.Spec.Roles[index].JWTTokens == nil {
-		return false
-	}
-	iatField, ok := claims["iat"]
-	if !ok {
-		return false
-	}
-	iatFloat, ok := iatField.(float64)
-	if !ok {
-		return false
-	}
-	iat := int64(iatFloat)
-	_, err = projectutil.GetJWTTokenIndexByIssuedAt(proj, index, iat)
-	if err != nil {
-		return false
-	}
-	vals := append([]interface{}{user}, rvals[1:]...)
-	return enf.EnforceCustomPolicy(proj.ProjectPoliciesString(), vals...)
-}
--- a/server/server_test.go
+++ b/server/server_test.go
@@ -1,240 +0,0 @@
-package server
-
-import (
-	"fmt"
-	"testing"
-
-	jwt "github.com/dgrijalva/jwt-go"
-	log "github.com/sirupsen/logrus"
-	"github.com/stretchr/testify/assert"
-	apiv1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/client-go/kubernetes/fake"
-
-	"github.com/argoproj/argo-cd/common"
-	"github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1"
-	apps "github.com/argoproj/argo-cd/pkg/client/clientset/versioned/fake"
-	"github.com/argoproj/argo-cd/util/rbac"
-)
-
-const (
-	fakeNamespace     = "fake-ns"
-	builtinPolicyFile = "builtin-policy.csv"
-)
-
-func fakeConfigMap() *apiv1.ConfigMap {
-	cm := apiv1.ConfigMap{
-		TypeMeta: v1.TypeMeta{
-			Kind:       "ConfigMap",
-			APIVersion: "v1",
-		},
-		ObjectMeta: v1.ObjectMeta{
-			Name:      common.ArgoCDConfigMapName,
-			Namespace: fakeNamespace,
-		},
-		Data: make(map[string]string),
-	}
-	return &cm
-}
-
-func fakeSecret(policy ...string) *apiv1.Secret {
-	secret := apiv1.Secret{
-		TypeMeta: v1.TypeMeta{
-			Kind:       "Secret",
-			APIVersion: "v1",
-		},
-		ObjectMeta: v1.ObjectMeta{
-			Name:      common.ArgoCDSecretName,
-			Namespace: fakeNamespace,
-		},
-		Data: make(map[string][]byte),
-	}
-	return &secret
-}
-
-func TestEnforceProjectToken(t *testing.T) {
-	projectName := "testProj"
-	roleName := "testRole"
-	subFormat := "proj:%s:%s"
-	policyTemplate := "p, %s, applications, get, %s/%s, %s"
-
-	defaultObject := "*"
-	defaultEffect := "allow"
-	defaultTestObject := fmt.Sprintf("%s/%s", projectName, "test")
-	defaultIssuedAt := int64(1)
-	defaultSub := fmt.Sprintf(subFormat, projectName, roleName)
-	defaultPolicy := fmt.Sprintf(policyTemplate, defaultSub, projectName, defaultObject, defaultEffect)
-
-	role := v1alpha1.ProjectRole{Name: roleName, Policies: []string{defaultPolicy}, JWTTokens: []v1alpha1.JWTToken{{IssuedAt: defaultIssuedAt}}}
-	existingProj := v1alpha1.AppProject{
-		ObjectMeta: v1.ObjectMeta{Name: projectName, Namespace: fakeNamespace},
-		Spec: v1alpha1.AppProjectSpec{
-			Roles: []v1alpha1.ProjectRole{role},
-		},
-	}
-	cm := fakeConfigMap()
-	secret := fakeSecret()
-	kubeclientset := fake.NewSimpleClientset(cm, secret)
-
-	t.Run("TestEnforceProjectTokenSuccessful", func(t *testing.T) {
-		s := NewServer(ArgoCDServerOpts{Namespace: fakeNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj)})
-		s.newGRPCServer()
-		claims := jwt.MapClaims{"sub": defaultSub, "iat": defaultIssuedAt}
-		assert.True(t, s.enf.EnforceClaims(claims, "applications", "get", defaultTestObject))
-	})
-
-	t.Run("TestEnforceProjectTokenWithDiffCreateAtFailure", func(t *testing.T) {
-		s := NewServer(ArgoCDServerOpts{Namespace: fakeNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj)})
-		s.newGRPCServer()
-		diffCreateAt := defaultIssuedAt + 1
-		claims := jwt.MapClaims{"sub": defaultSub, "iat": diffCreateAt}
-		assert.False(t, s.enf.EnforceClaims(claims, "applications", "get", defaultTestObject))
-	})
-
-	t.Run("TestEnforceProjectTokenIncorrectSubFormatFailure", func(t *testing.T) {
-		s := NewServer(ArgoCDServerOpts{Namespace: fakeNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj)})
-		s.newGRPCServer()
-		invalidSub := "proj:test"
-		claims := jwt.MapClaims{"sub": invalidSub, "iat": defaultIssuedAt}
-		assert.False(t, s.enf.EnforceClaims(claims, "applications", "get", defaultTestObject))
-	})
-
-	t.Run("TestEnforceProjectTokenNoTokenFailure", func(t *testing.T) {
-		s := NewServer(ArgoCDServerOpts{Namespace: fakeNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj)})
-		s.newGRPCServer()
-		nonExistentToken := "fake-token"
-		invalidSub := fmt.Sprintf(subFormat, projectName, nonExistentToken)
-		claims := jwt.MapClaims{"sub": invalidSub, "iat": defaultIssuedAt}
-
-		assert.False(t, s.enf.EnforceClaims(claims, "applications", "get", defaultTestObject))
-	})
-
-	t.Run("TestEnforceProjectTokenNotJWTTokenFailure", func(t *testing.T) {
-		proj := existingProj.DeepCopy()
-		proj.Spec.Roles[0].JWTTokens = nil
-		s := NewServer(ArgoCDServerOpts{Namespace: fakeNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(proj)})
-		s.newGRPCServer()
-		claims := jwt.MapClaims{"sub": defaultSub, "iat": defaultIssuedAt}
-		assert.False(t, s.enf.EnforceClaims(claims, "applications", "get", defaultTestObject))
-	})
-
-	t.Run("TestEnforceProjectTokenExplicitDeny", func(t *testing.T) {
-		denyApp := "testDenyApp"
-		allowPolicy := fmt.Sprintf(policyTemplate, defaultSub, projectName, defaultObject, defaultEffect)
-		denyPolicy := fmt.Sprintf(policyTemplate, defaultSub, projectName, denyApp, "deny")
-		role := v1alpha1.ProjectRole{Name: roleName, Policies: []string{allowPolicy, denyPolicy}, JWTTokens: []v1alpha1.JWTToken{{IssuedAt: defaultIssuedAt}}}
-		proj := existingProj.DeepCopy()
-		proj.Spec.Roles[0] = role
-
-		s := NewServer(ArgoCDServerOpts{Namespace: fakeNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(proj)})
-		s.newGRPCServer()
-
-		claims := jwt.MapClaims{"sub": defaultSub, "iat": defaultIssuedAt}
-		allowedObject := fmt.Sprintf("%s/%s", projectName, "test")
-		denyObject := fmt.Sprintf("%s/%s", projectName, denyApp)
-		assert.True(t, s.enf.EnforceClaims(claims, "applications", "get", allowedObject))
-		assert.False(t, s.enf.EnforceClaims(claims, "applications", "get", denyObject))
-	})
-}
-
-func TestEnforceClaims(t *testing.T) {
-	kubeclientset := fake.NewSimpleClientset(fakeConfigMap())
-
-	enf := rbac.NewEnforcer(kubeclientset, fakeNamespace, common.ArgoCDConfigMapName, nil)
-	enf.SetBuiltinPolicy(box.String(builtinPolicyFile))
-	enf.SetClaimsEnforcerFunc(EnforceClaims(enf, nil, fakeNamespace))
-	policy := `
-g, org2:team2, role:admin
-g, bob, role:admin
-`
-	enf.SetUserPolicy(policy)
-	allowed := []jwt.Claims{
-		jwt.MapClaims{"groups": []string{"org1:team1", "org2:team2"}},
-		jwt.StandardClaims{Subject: "admin"},
-	}
-	for _, c := range allowed {
-		if !assert.True(t, enf.EnforceClaims(c, "applications", "delete", "foo/obj")) {
-			log.Errorf("%v: expected true, got false", c)
-		}
-	}
-
-	disallowed := []jwt.Claims{
-		jwt.MapClaims{"groups": []string{"org3:team3"}},
-		jwt.StandardClaims{Subject: "nobody"},
-	}
-	for _, c := range disallowed {
-		if !assert.False(t, enf.EnforceClaims(c, "applications", "delete", "foo/obj")) {
-			log.Errorf("%v: expected true, got false", c)
-		}
-	}
-}
-
-func TestDefaultRoleWithClaims(t *testing.T) {
-	kubeclientset := fake.NewSimpleClientset()
-	enf := rbac.NewEnforcer(kubeclientset, fakeNamespace, common.ArgoCDConfigMapName, nil)
-	enf.SetBuiltinPolicy(box.String(builtinPolicyFile))
-	enf.SetClaimsEnforcerFunc(EnforceClaims(enf, nil, fakeNamespace))
-	claims := jwt.MapClaims{"groups": []string{"org1:team1", "org2:team2"}}
-
-	assert.False(t, enf.EnforceClaims(claims, "applications", "get", "foo/bar"))
-	// after setting the default role to be the read-only role, this should now pass
-	enf.SetDefaultRole("role:readonly")
-	assert.True(t, enf.EnforceClaims(claims, "applications", "get", "foo/bar"))
-}
-
-func TestEnforceNilClaims(t *testing.T) {
-	kubeclientset := fake.NewSimpleClientset(fakeConfigMap())
-	enf := rbac.NewEnforcer(kubeclientset, fakeNamespace, common.ArgoCDConfigMapName, nil)
-	enf.SetBuiltinPolicy(box.String(builtinPolicyFile))
-	enf.SetClaimsEnforcerFunc(EnforceClaims(enf, nil, fakeNamespace))
-	assert.False(t, enf.EnforceClaims(nil, "applications", "get", "foo/obj"))
-	enf.SetDefaultRole("role:readonly")
-	assert.True(t, enf.EnforceClaims(nil, "applications", "get", "foo/obj"))
-}
-
-func TestInitializingExistingDefaultProject(t *testing.T) {
-	cm := fakeConfigMap()
-	secret := fakeSecret()
-	kubeclientset := fake.NewSimpleClientset(cm, secret)
-	defaultProj := &v1alpha1.AppProject{
-		ObjectMeta: v1.ObjectMeta{Name: common.DefaultAppProjectName, Namespace: fakeNamespace},
-		Spec:       v1alpha1.AppProjectSpec{},
-	}
-	appClientSet := apps.NewSimpleClientset(defaultProj)
-
-	argoCDOpts := ArgoCDServerOpts{
-		Namespace:     fakeNamespace,
-		KubeClientset: kubeclientset,
-		AppClientset:  appClientSet,
-	}
-
-	argocd := NewServer(argoCDOpts)
-	assert.NotNil(t, argocd)
-
-	proj, err := appClientSet.ArgoprojV1alpha1().AppProjects(fakeNamespace).Get(common.DefaultAppProjectName, v1.GetOptions{})
-	assert.Nil(t, err)
-	assert.NotNil(t, proj)
-	assert.Equal(t, proj.Name, common.DefaultAppProjectName)
-}
-
-func TestInitializingNotExistingDefaultProject(t *testing.T) {
-	cm := fakeConfigMap()
-	secret := fakeSecret()
-	kubeclientset := fake.NewSimpleClientset(cm, secret)
-	appClientSet := apps.NewSimpleClientset()
-
-	argoCDOpts := ArgoCDServerOpts{
-		Namespace:     fakeNamespace,
-		KubeClientset: kubeclientset,
-		AppClientset:  appClientSet,
-	}
-
-	argocd := NewServer(argoCDOpts)
-	assert.NotNil(t, argocd)
-
-	proj, err := appClientSet.ArgoprojV1alpha1().AppProjects(fakeNamespace).Get(common.DefaultAppProjectName, v1.GetOptions{})
-	assert.Nil(t, err)
-	assert.NotNil(t, proj)
-	assert.Equal(t, proj.Name, common.DefaultAppProjectName)
-
-}
--- a/server/session/session.go
+++ b/server/session/session.go
@@ -34,11 +34,11 @@ func (s *Server) Create(ctx context.Context, q *SessionCreateRequest) (*SessionR
 	if err != nil {
 		return nil, err
 	}
-	jwtToken, err := s.mgr.Create(q.Username, 0)
+	tokenString, err := s.mgr.Create(q.Username, 0)
 	if err != nil {
 		return nil, err
 	}
-	return &SessionResponse{Token: jwtToken}, nil
+	return &SessionResponse{Token: tokenString}, nil
 }

 // Delete an authentication cookie from the client.  This makes sense only for the Web client.
--- a/server/swagger.json
+++ b/server/swagger.json
@@ -291,6 +291,37 @@
        }
      }
    },
+    "/api/v1/applications/{name}/pods/{podName}": {
+      "delete": {
+        "tags": [
+          "ApplicationService"
+        ],
+        "summary": "DeletePod returns stream of log entries for the specified pod. Pod",
+        "operationId": "DeletePod",
+        "parameters": [
+          {
+            "type": "string",
+            "name": "name",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "name": "podName",
+            "in": "path",
+            "required": true
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "(empty)",
+            "schema": {
+              "$ref": "#/definitions/applicationApplicationResponse"
+            }
+          }
+        }
+      }
+    },
    "/api/v1/applications/{name}/pods/{podName}/logs": {
      "get": {
        "tags": [
@@ -359,31 +390,6 @@
        }
      }
    },
-    "/api/v1/applications/{name}/resource": {
-      "delete": {
-        "tags": [
-          "ApplicationService"
-        ],
-        "summary": "DeleteResource deletes a single application resource",
-        "operationId": "DeleteResource",
-        "parameters": [
-          {
-            "type": "string",
-            "name": "name",
-            "in": "path",
-            "required": true
-          }
-        ],
-        "responses": {
-          "200": {
-            "description": "(empty)",
-            "schema": {
-              "$ref": "#/definitions/applicationApplicationResponse"
-            }
-          }
-        }
-      }
-    },
    "/api/v1/applications/{name}/rollback": {
      "post": {
        "tags": [
@@ -532,33 +538,6 @@
        }
      }
    },
-    "/api/v1/clusters-kubeconfig": {
-      "post": {
-        "tags": [
-          "ClusterService"
-        ],
-        "summary": "CreateFromKubeConfig installs the argocd-manager service account into the cluster specified in the given kubeconfig and context",
-        "operationId": "CreateFromKubeConfig",
-        "parameters": [
-          {
-            "name": "body",
-            "in": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/clusterClusterCreateFromKubeConfigRequest"
-            }
-          }
-        ],
-        "responses": {
-          "200": {
-            "description": "(empty)",
-            "schema": {
-              "$ref": "#/definitions/v1alpha1Cluster"
-            }
-          }
-        }
-      }
-    },
    "/api/v1/clusters/{cluster.server}": {
      "put": {
        "tags": [
@@ -737,31 +716,6 @@
        }
      }
    },
-    "/api/v1/projects/{name}/events": {
-      "get": {
-        "tags": [
-          "ProjectService"
-        ],
-        "summary": "ListEvents returns a list of project events",
-        "operationId": "ListEvents",
-        "parameters": [
-          {
-            "type": "string",
-            "name": "name",
-            "in": "path",
-            "required": true
-          }
-        ],
-        "responses": {
-          "200": {
-            "description": "(empty)",
-            "schema": {
-              "$ref": "#/definitions/v1EventList"
-            }
-          }
-        }
-      }
-    },
    "/api/v1/projects/{project.metadata.name}": {
      "put": {
        "tags": [
@@ -795,74 +749,6 @@
        }
      }
    },
-    "/api/v1/projects/{project}/roles/{role}/token": {
-      "post": {
-        "tags": [
-          "ProjectService"
-        ],
-        "summary": "Create a new project token.",
-        "operationId": "CreateToken",
-        "parameters": [
-          {
-            "type": "string",
-            "name": "project",
-            "in": "path",
-            "required": true
-          },
-          {
-            "type": "string",
-            "name": "role",
-            "in": "path",
-            "required": true
-          },
-          {
-            "name": "body",
-            "in": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/projectProjectTokenCreateRequest"
-            }
-          }
-        ],
-        "responses": {
-          "200": {
-            "description": "(empty)",
-            "schema": {
-              "$ref": "#/definitions/projectProjectTokenResponse"
-            }
-          }
-        }
-      },
-      "delete": {
-        "tags": [
-          "ProjectService"
-        ],
-        "summary": "Delete a new project token.",
-        "operationId": "DeleteToken",
-        "parameters": [
-          {
-            "type": "string",
-            "name": "project",
-            "in": "path",
-            "required": true
-          },
-          {
-            "type": "string",
-            "name": "role",
-            "in": "path",
-            "required": true
-          }
-        ],
-        "responses": {
-          "200": {
-            "description": "(empty)",
-            "schema": {
-              "$ref": "#/definitions/projectEmptyResponse"
-            }
-          }
-        }
-      }
-    },
    "/api/v1/repositories": {
      "get": {
        "tags": [
@@ -1330,25 +1216,6 @@
    "applicationOperationTerminateResponse": {
      "type": "object"
    },
-    "clusterClusterCreateFromKubeConfigRequest": {
-      "type": "object",
-      "properties": {
-        "context": {
-          "type": "string"
-        },
-        "inCluster": {
-          "type": "boolean",
-          "format": "boolean"
-        },
-        "kubeconfig": {
-          "type": "string"
-        },
-        "upsert": {
-          "type": "boolean",
-          "format": "boolean"
-        }
-      }
-    },
    "clusterClusterResponse": {
      "type": "object"
    },
@@ -1397,35 +1264,6 @@
        }
      }
    },
-    "projectProjectTokenCreateRequest": {
-      "description": "ProjectTokenCreateRequest defines project token creation parameters.",
-      "type": "object",
-      "properties": {
-        "description": {
-          "type": "string"
-        },
-        "expiresIn": {
-          "type": "string",
-          "format": "int64",
-          "title": "expiresIn represents a duration in seconds"
-        },
-        "project": {
-          "type": "string"
-        },
-        "role": {
-          "type": "string"
-        }
-      }
-    },
-    "projectProjectTokenResponse": {
-      "description": "ProjectTokenResponse wraps the created token or returns an empty string if deleted.",
-      "type": "object",
-      "properties": {
-        "token": {
-          "type": "string"
-        }
-      }
-    },
    "projectProjectUpdateRequest": {
      "type": "object",
      "properties": {
@@ -1515,15 +1353,6 @@
        }
      }
    },
-    "repositoryKustomizeAppSpec": {
-      "type": "object",
-      "title": "KustomizeAppSpec contains kustomize app name and path in source repo",
-      "properties": {
-        "path": {
-          "type": "string"
-        }
-      }
-    },
    "repositoryManifestResponse": {
      "type": "object",
      "properties": {
@@ -1560,9 +1389,6 @@
        "ksonnet": {
          "$ref": "#/definitions/repositoryKsonnetAppSpec"
        },
-        "kustomize": {
-          "$ref": "#/definitions/repositoryKustomizeAppSpec"
-        },
        "type": {
          "type": "string"
        }
@@ -1979,12 +1805,6 @@
            "$ref": "#/definitions/v1alpha1ApplicationDestination"
          }
        },
-        "roles": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/v1alpha1ProjectRole"
-          }
-        },
        "sourceRepos": {
          "type": "array",
          "title": "SourceRepos contains list of git repository URLs which can be used for deployment",
@@ -2327,20 +2147,6 @@
        }
      }
    },
-    "v1alpha1JWTToken": {
-      "type": "object",
-      "title": "JWTToken holds the issuedAt and expiresAt values of a token",
-      "properties": {
-        "exp": {
-          "type": "string",
-          "format": "int64"
-        },
-        "iat": {
-          "type": "string",
-          "format": "int64"
-        }
-      }
-    },
    "v1alpha1Operation": {
      "description": "Operation contains requested operation parameters.",
      "type": "object",
@@ -2382,31 +2188,6 @@
        }
      }
    },
-    "v1alpha1ProjectRole": {
-      "type": "object",
-      "title": "ProjectRole represents a role that has access to a project",
-      "properties": {
-        "description": {
-          "type": "string"
-        },
-        "jwtTokens": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/v1alpha1JWTToken"
-          }
-        },
-        "name": {
-          "type": "string"
-        },
-        "policies": {
-          "description": "Policies Stores a list of casbin formated strings that define access policies for the role in the project.",
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        }
-      }
-    },
    "v1alpha1Repository": {
      "type": "object",
      "title": "Repository is a Git repository holding application configurations",
--- a/test/e2e/app_management_test.go
+++ b/test/e2e/app_management_test.go
@@ -5,16 +5,17 @@ import (
 	"testing"
 	"time"

+	"github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1"
 	"github.com/stretchr/testify/assert"
-	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/fields"
+
 	// load the gcp plugin (required to authenticate against GKE clusters).
 	_ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
-	_ "k8s.io/client-go/plugin/pkg/client/auth/oidc"

-	"github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1"
 	"github.com/argoproj/argo-cd/util/argo"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/fields"
+	_ "k8s.io/client-go/plugin/pkg/client/auth/oidc"
 )

 func TestAppManagement(t *testing.T) {
--- a/test/e2e/fixture.go
+++ b/test/e2e/fixture.go
@@ -27,7 +27,6 @@ import (
 	"github.com/argoproj/argo-cd/cmd/argocd/commands"
 	"github.com/argoproj/argo-cd/common"
 	"github.com/argoproj/argo-cd/controller"
-	"github.com/argoproj/argo-cd/errors"
 	argocdclient "github.com/argoproj/argo-cd/pkg/apiclient"
 	"github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1"
 	appclientset "github.com/argoproj/argo-cd/pkg/client/clientset/versioned"
@@ -190,10 +189,7 @@ func (f *Fixture) ensureClusterRegistered() error {
 		return err
 	}
 	// Install RBAC resources for managing the cluster
-	clientset, err := kubernetes.NewForConfig(conf)
-	errors.CheckError(err)
-	managerBearerToken, err := common.InstallClusterManagerRBAC(clientset)
-	errors.CheckError(err)
+	managerBearerToken := common.InstallClusterManagerRBAC(conf)
 	clst := commands.NewCluster(f.Config.Host, conf, managerBearerToken)
 	clstCreateReq := cluster.ClusterCreateRequest{Cluster: clst}
 	_, err = cluster.NewServer(f.DB, f.Enforcer).Create(context.Background(), &clstCreateReq)
@@ -259,7 +255,6 @@ func NewFixture() (*Fixture, error) {
 	}
 	db := db.NewDB(namespace, kubeClient)
 	enforcer := rbac.NewEnforcer(kubeClient, namespace, common.ArgoCDRBACConfigMapName, nil)
-	enforcer.SetClaimsEnforcerFunc(server.EnforceClaims(enforcer, appClient, namespace))
 	err = enforcer.SetBuiltinPolicy(test.BuiltinPolicy)
 	if err != nil {
 		return nil, err
--- a/test/e2e/project_management_test.go
+++ b/test/e2e/project_management_test.go
@@ -6,13 +6,12 @@ import (
 	"testing"
 	"time"

+	"github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1"
+	"github.com/argoproj/argo-cd/util/argo"
 	"github.com/stretchr/testify/assert"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/fields"
-
-	"github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1"
-	"github.com/argoproj/argo-cd/util/argo"
 )

 func TestProjectManagement(t *testing.T) {
@@ -43,7 +42,9 @@ func TestProjectManagement(t *testing.T) {
 			"-d", "https://192.168.99.100:8443,default",
 			"-d", "https://192.168.99.100:8443,service",
 			"-s", "https://github.com/argoproj/argo-cd.git")
-		assert.Nil(t, err)
+		if err != nil {
+			t.Fatalf("Unable to create project %v", err)
+		}

 		proj, err := fixture.AppClient.ArgoprojV1alpha1().AppProjects(fixture.Namespace).Get(projectName, metav1.GetOptions{})
 		if err != nil {
@@ -201,7 +202,8 @@ func TestProjectManagement(t *testing.T) {
 		}

 		_, err = fixture.RunCli("proj", "add-source", projectName, "https://github.com/argoproj/argo-cd.git")
-		assert.Nil(t, err)
+		assert.NotNil(t, err)
+		assert.True(t, strings.Contains(err.Error(), "already defined"))

 		proj, err := fixture.AppClient.ArgoprojV1alpha1().AppProjects(fixture.Namespace).Get(projectName, metav1.GetOptions{})
 		if err != nil {
@@ -233,7 +235,8 @@ func TestProjectManagement(t *testing.T) {
 		}

 		_, err = fixture.RunCli("proj", "remove-source", projectName, "https://github.com/argoproj/argo-cd.git")
-		assert.Nil(t, err)
+		assert.NotNil(t, err)
+		assert.True(t, strings.Contains(err.Error(), "does not exist"))

 		proj, err := fixture.AppClient.ArgoprojV1alpha1().AppProjects(fixture.Namespace).Get(projectName, metav1.GetOptions{})
 		if err != nil {
@@ -243,40 +246,4 @@ func TestProjectManagement(t *testing.T) {
 		assert.Equal(t, 0, len(proj.Spec.SourceRepos))
 		assertProjHasEvent(proj, "update", argo.EventReasonResourceUpdated)
 	})
-
-	t.Run("TestUseJWTToken", func(t *testing.T) {
-		projectName := "proj-" + strconv.FormatInt(time.Now().Unix(), 10)
-		appName := "app-" + strconv.FormatInt(time.Now().Unix(), 10)
-		roleName := "roleTest"
-		testApp := &v1alpha1.Application{
-			ObjectMeta: metav1.ObjectMeta{
-				Name: appName,
-			},
-			Spec: v1alpha1.ApplicationSpec{
-				Source: v1alpha1.ApplicationSource{
-					RepoURL: "https://github.com/argoproj/argo-cd.git", Path: ".", Environment: "minikube",
-				},
-				Destination: v1alpha1.ApplicationDestination{
-					Server:    fixture.Config.Host,
-					Namespace: fixture.Namespace,
-				},
-				Project: projectName,
-			},
-		}
-		_, err := fixture.AppClient.ArgoprojV1alpha1().AppProjects(fixture.Namespace).Create(&v1alpha1.AppProject{ObjectMeta: metav1.ObjectMeta{Name: projectName}})
-		assert.Nil(t, err)
-
-		_, err = fixture.AppClient.ArgoprojV1alpha1().Applications(fixture.Namespace).Create(testApp)
-		assert.Nil(t, err)
-
-		_, err = fixture.RunCli("proj", "role", "create", projectName, roleName)
-		assert.Nil(t, err)
-
-		_, err = fixture.RunCli("proj", "role", "create-token", projectName, roleName)
-		assert.Nil(t, err)
-
-		_, err = fixture.RunCli("proj", "role", "add-policy", projectName, roleName, "-a", "get", "-o", "*", "-p", "allow")
-		assert.Nil(t, err)
-
-	})
 }
--- a/util/argo/argo.go
+++ b/util/argo/argo.go
@@ -232,8 +232,8 @@ func GetSpecErrors(
 				if len(helmConditions) > 0 {
 					conditions = append(conditions, helmConditions...)
 				}
-			case repository.AppSourceDirectory, repository.AppSourceKustomize:
-				maniDirConditions := verifyGenerateManifests(ctx, repoRes, spec, repoClient)
+			case repository.AppSourceDirectory:
+				maniDirConditions := verifyManifestDirectory(ctx, repoRes, spec, repoClient)
 				if len(maniDirConditions) > 0 {
 					conditions = append(conditions, maniDirConditions...)
 				}
@@ -276,12 +276,16 @@ func GetSpecErrors(
 	return conditions, nil
 }

-// GetAppProject returns a project from an application
 func GetAppProject(spec *argoappv1.ApplicationSpec, appclientset appclientset.Interface, ns string) (*argoappv1.AppProject, error) {
+	var proj *argoappv1.AppProject
+	var err error
 	if spec.BelongsToDefaultProject() {
-		return appclientset.ArgoprojV1alpha1().AppProjects(ns).Get(common.DefaultAppProjectName, metav1.GetOptions{})
+		defaultProj := argoappv1.GetDefaultProject(ns)
+		proj = &defaultProj
+	} else {
+		proj, err = appclientset.ArgoprojV1alpha1().AppProjects(ns).Get(spec.Project, metav1.GetOptions{})
 	}
-	return appclientset.ArgoprojV1alpha1().AppProjects(ns).Get(spec.Project, metav1.GetOptions{})
+	return proj, err
 }

 // queryAppSourceType queries repo server for yaml files in a directory, and determines its
@@ -313,9 +317,6 @@ func queryAppSourceType(ctx context.Context, spec *argoappv1.ApplicationSpec, re
 		if trimmedPath == "Chart.yaml" {
 			return repository.AppSourceHelm, nil
 		}
-		if trimmedPath == "kustomization.yaml" {
-			return repository.AppSourceKustomize, nil
-		}
 	}
 	return repository.AppSourceDirectory, nil
 }
@@ -409,8 +410,8 @@ func verifyHelmChart(ctx context.Context, repoRes *argoappv1.Repository, spec *a
 	return conditions
 }

-// verifyGenerateManifests verifies a repo path can generate manifests
-func verifyGenerateManifests(ctx context.Context, repoRes *argoappv1.Repository, spec *argoappv1.ApplicationSpec, repoClient repository.RepositoryServiceClient) []argoappv1.ApplicationCondition {
+// verifyManifestDirectory verifies a repo path contains at least one valid k8s manifest
+func verifyManifestDirectory(ctx context.Context, repoRes *argoappv1.Repository, spec *argoappv1.ApplicationSpec, repoClient repository.RepositoryServiceClient) []argoappv1.ApplicationCondition {
 	var conditions []argoappv1.ApplicationCondition
 	if spec.Destination.Server == "" || spec.Destination.Namespace == "" {
 		conditions = append(conditions, argoappv1.ApplicationCondition{
@@ -434,7 +435,7 @@ func verifyGenerateManifests(ctx context.Context, repoRes *argoappv1.Repository,
 	if err != nil {
 		conditions = append(conditions, argoappv1.ApplicationCondition{
 			Type:    argoappv1.ApplicationConditionInvalidSpecError,
-			Message: fmt.Sprintf("Unable to generate manifests in %s: %v", spec.Source.Path, err),
+			Message: fmt.Sprintf("Unable to get manifests in %s: %v", spec.Source.Path, err),
 		})
 	} else if len(manRes.Manifests) == 0 {
 		conditions = append(conditions, argoappv1.ApplicationCondition{
--- a/util/argo/argo_test.go
+++ b/util/argo/argo_test.go
@@ -29,23 +29,6 @@ func TestRefreshApp(t *testing.T) {
 	//assert.True(t, ok)
 }

-func TestGetAppProjectWithNoProjDefined(t *testing.T) {
-	projName := "default"
-	namespace := "default"
-
-	testProj := &argoappv1.AppProject{
-		ObjectMeta: metav1.ObjectMeta{Name: projName, Namespace: namespace},
-	}
-
-	var testApp argoappv1.Application
-	testApp.Name = "test-app"
-	testApp.Namespace = namespace
-	appClientset := appclientset.NewSimpleClientset(testProj)
-	proj, err := GetAppProject(&testApp.Spec, appClientset, namespace)
-	assert.Nil(t, err)
-	assert.Equal(t, proj.Name, projName)
-}
-
 func TestCheckValidParam(t *testing.T) {
 	oldAppSet := make(map[string]map[string]bool)
 	oldAppSet["testComponent"] = make(map[string]bool)
--- a/util/db/cluster.go
+++ b/util/db/cluster.go
@@ -58,10 +58,11 @@ func (s *db) CreateCluster(ctx context.Context, c *appv1.Cluster) (*appv1.Cluste
 		},
 	}
 	clusterSecret.Data = clusterToData(c)
+	clusterSecret.Annotations = AnnotationsFromConnectionState(&c.ConnectionState)
 	clusterSecret, err = s.kubeclientset.CoreV1().Secrets(s.ns).Create(clusterSecret)
 	if err != nil {
 		if apierr.IsAlreadyExists(err) {
-			return nil, status.Errorf(codes.AlreadyExists, "cluster %q already exists", c.Server)
+			return nil, status.Errorf(codes.AlreadyExists, "cluster '%s' already exists", c.Server)
 		}
 		return nil, err
 	}
@@ -118,7 +119,7 @@ func (s *db) getClusterSecret(server string) (*apiv1.Secret, error) {
 	clusterSecret, err := s.kubeclientset.CoreV1().Secrets(s.ns).Get(secName, metav1.GetOptions{})
 	if err != nil {
 		if apierr.IsNotFound(err) {
-			return nil, status.Errorf(codes.NotFound, "cluster %q not found", server)
+			return nil, status.Errorf(codes.NotFound, "cluster '%s' not found", server)
 		}
 		return nil, err
 	}
--- a/util/git/client.go
+++ b/util/git/client.go
@@ -136,7 +136,7 @@ func (m *nativeGitClient) setCredentials() error {
 func (m *nativeGitClient) Fetch() error {
 	var err error
 	log.Debugf("Fetching repo %s at %s", m.repoURL, m.root)
-	if _, err = m.runCmd("git", "fetch", "origin", "--tags", "--force"); err != nil {
+	if _, err = m.runCmd("git", "fetch", "origin"); err != nil {
 		return err
 	}
 	// git fetch does not update the HEAD reference. The following command will update the local
@@ -192,10 +192,7 @@ func (m *nativeGitClient) Checkout(revision string) error {
 	if revision == "" || revision == "HEAD" {
 		revision = "origin/HEAD"
 	}
-	if _, err := m.runCmd("git", "checkout", "--force", revision); err != nil {
-		return err
-	}
-	if _, err := m.runCmd("git", "clean", "-fd"); err != nil {
+	if _, err := m.runCmd("git", "checkout", revision); err != nil {
 		return err
 	}
 	return nil
--- a/util/git/git.go
+++ b/util/git/git.go
@@ -61,8 +61,6 @@ func IsSSHURL(url string) bool {

 const gitSSHCommand = "ssh -q -F /dev/null -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ConnectTimeout=20"

-//TODO: Make sure every public method works with '*' repo
-
 // GetGitCommandEnvAndURL returns URL and env options for git operation
 func GetGitCommandEnvAndURL(repo, username, password string, sshPrivateKey string) (string, []string, error) {
 	cmdURL := repo
--- a/util/health/health.go
+++ b/util/health/health.go
@@ -33,8 +33,6 @@ func GetAppHealth(obj *unstructured.Unstructured) (*appv1.HealthStatus, error) {
 		health, err = getReplicaSetHealth(obj)
 	case kube.DaemonSetKind:
 		health, err = getDaemonSetHealth(obj)
-	case kube.PersistentVolumeClaimKind:
-		health, err = getPvcHealth(obj)
 	default:
 		health = &appv1.HealthStatus{Status: appv1.HealthStatusHealthy}
 	}
@@ -70,29 +68,6 @@ func IsWorse(current, new appv1.HealthStatusCode) bool {
 	return newIndex > currentIndex
 }

-func getPvcHealth(obj *unstructured.Unstructured) (*appv1.HealthStatus, error) {
-	obj, err := kube.ConvertToVersion(obj, "", "v1")
-	if err != nil {
-		return nil, err
-	}
-	var pvc coreV1.PersistentVolumeClaim
-	err = runtime.DefaultUnstructuredConverter.FromUnstructured(obj.Object, &pvc)
-	if err != nil {
-		return nil, err
-	}
-
-	switch pvc.Status.Phase {
-	case coreV1.ClaimLost:
-		return &appv1.HealthStatus{Status: appv1.HealthStatusDegraded}, nil
-	case coreV1.ClaimPending:
-		return &appv1.HealthStatus{Status: appv1.HealthStatusProgressing}, nil
-	case coreV1.ClaimBound:
-		return &appv1.HealthStatus{Status: appv1.HealthStatusHealthy}, nil
-	default:
-		return &appv1.HealthStatus{Status: appv1.HealthStatusUnknown}, nil
-	}
-}
-
 func getIngressHealth(obj *unstructured.Unstructured) (*appv1.HealthStatus, error) {
 	obj, err := kube.ConvertToVersion(obj, "extensions", "v1beta1")
 	if err != nil {
@@ -147,7 +122,6 @@ func getDeploymentHealth(obj *unstructured.Unstructured) (*appv1.HealthStatus, e
 	if err != nil {
 		return nil, err
 	}
-
 	// Borrowed at kubernetes/kubectl/rollout_status.go https://github.com/kubernetes/kubernetes/blob/5232ad4a00ec93942d0b2c6359ee6cd1201b46bc/pkg/kubectl/rollout_status.go#L80
 	if deployment.Generation <= deployment.Status.ObservedGeneration {
 		cond := getDeploymentCondition(deployment.Status, v1.DeploymentProgressing)
--- a/util/health/health_test.go
+++ b/util/health/health_test.go
@@ -58,27 +58,3 @@ func TestStatefulSetHealth(t *testing.T) {
 	assert.NotNil(t, health)
 	assert.Equal(t, appv1.HealthStatusHealthy, health.Status)
 }
-
-func TestPvcHealthy(t *testing.T) {
-	yamlBytes, err := ioutil.ReadFile("./testdata/pvc-bound.yaml")
-	assert.Nil(t, err)
-	var obj unstructured.Unstructured
-	err = yaml.Unmarshal(yamlBytes, &obj)
-	assert.Nil(t, err)
-	health, err := GetAppHealth(&obj)
-	assert.Nil(t, err)
-	assert.NotNil(t, health)
-	assert.Equal(t, appv1.HealthStatusHealthy, health.Status)
-}
-
-func TestPvcPending(t *testing.T) {
-	yamlBytes, err := ioutil.ReadFile("./testdata/pvc-pending.yaml")
-	assert.Nil(t, err)
-	var obj unstructured.Unstructured
-	err = yaml.Unmarshal(yamlBytes, &obj)
-	assert.Nil(t, err)
-	health, err := GetAppHealth(&obj)
-	assert.Nil(t, err)
-	assert.NotNil(t, health)
-	assert.Equal(t, appv1.HealthStatusProgressing, health.Status)
-}
--- a/util/health/testdata/pvc-bound.yaml
+++ b/util/health/testdata/pvc-bound.yaml
@@ -1,34 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  annotations:
-    control-plane.alpha.kubernetes.io/leader: '{"holderIdentity":"e57a9040-a984-11e8-836b-c4b301c4d0d1","leaseDurationSeconds":15,"acquireTime":"2018-08-27T23:00:54Z","renewTime":"2018-08-27T23:00:56Z","leaderTransitions":0}'
-    kubectl.kubernetes.io/last-applied-configuration: |
-      {"apiVersion":"v1","kind":"PersistentVolumeClaim","metadata":{"annotations":{},"labels":{"applications.argoproj.io/app-name":"working-pvc"},"name":"testpvc","namespace":"argocd"},"spec":{"accessModes":["ReadWriteOnce"],"resources":{"requests":{"storage":"2Gi"}}}}
-    pv.kubernetes.io/bind-completed: "yes"
-    pv.kubernetes.io/bound-by-controller: "yes"
-    volume.beta.kubernetes.io/storage-provisioner: docker.io/hostpath
-  creationTimestamp: 2018-08-27T23:00:54Z
-  finalizers:
-  - kubernetes.io/pvc-protection
-  labels:
-    applications.argoproj.io/app-name: working-pvc
-  name: testpvc
-  namespace: argocd
-  resourceVersion: "323170"
-  selfLink: /api/v1/namespaces/argocd/persistentvolumeclaims/testpvc
-  uid: 0cedda2c-aa4d-11e8-a271-025000000001
-spec:
-  accessModes:
-  - ReadWriteOnce
-  resources:
-    requests:
-      storage: 2Gi
-  storageClassName: hostpath
-  volumeName: pvc-0cedda2c-aa4d-11e8-a271-025000000001
-status:
-  accessModes:
-  - ReadWriteOnce
-  capacity:
-    storage: 2Gi
-  phase: Bound
--- a/util/health/testdata/pvc-pending.yaml
+++ b/util/health/testdata/pvc-pending.yaml
@@ -1,26 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  annotations:
-    kubectl.kubernetes.io/last-applied-configuration: |
-      {"apiVersion":"v1","kind":"PersistentVolumeClaim","metadata":{"annotations":{},"labels":{"applications.argoproj.io/app-name":"working-pvc"},"name":"testpvc-2","namespace":"argocd"},"spec":{"accessModes":["ReadWriteOnce"],"resources":{"requests":{"storage":"2Gi"}},"storageClassName":"slow"}}
-    volume.beta.kubernetes.io/storage-provisioner: kubernetes.io/aws-ebs
-  creationTimestamp: 2018-08-27T23:00:54Z
-  finalizers:
-  - kubernetes.io/pvc-protection
-  labels:
-    applications.argoproj.io/app-name: working-pvc
-  name: testpvc-2
-  namespace: argocd
-  resourceVersion: "323141"
-  selfLink: /api/v1/namespaces/argocd/persistentvolumeclaims/testpvc-2
-  uid: 0cedfc44-aa4d-11e8-a271-025000000001
-spec:
-  accessModes:
-  - ReadWriteOnce
-  resources:
-    requests:
-      storage: 2Gi
-  storageClassName: slow
-status:
-  phase: Pending
--- a/util/healthz/healthz.go
+++ b/util/healthz/healthz.go
@@ -1,21 +0,0 @@
-package healthz
-
-import (
-	"fmt"
-	"net/http"
-
-	log "github.com/sirupsen/logrus"
-)
-
-// ServeHealthCheck serves the health check endpoint.
-// ServeHealthCheck relies on the provided function to return an error if unhealthy and nil otherwise.
-func ServeHealthCheck(mux *http.ServeMux, f func() error) {
-	mux.HandleFunc("/healthz", func(w http.ResponseWriter, r *http.Request) {
-		if err := f(); err != nil {
-			w.WriteHeader(http.StatusServiceUnavailable)
-			log.Errorln(w, err)
-		} else {
-			fmt.Fprintln(w, "ok")
-		}
-	})
-}
--- a/util/healthz/healthz_test.go
+++ b/util/healthz/healthz_test.go
@@ -1,59 +0,0 @@
-package healthz
-
-import (
-	"fmt"
-	"net"
-	"net/http"
-	"testing"
-)
-
-func TestHealthCheck(t *testing.T) {
-	sentinel := false
-
-	serve := func(c chan<- string) {
-		// listen on first available dynamic (unprivileged) port
-		listener, err := net.Listen("tcp", ":0")
-		if err != nil {
-			panic(err)
-		}
-
-		// send back the address so that it can be used
-		c <- listener.Addr().String()
-
-		mux := http.NewServeMux()
-		ServeHealthCheck(mux, func() error {
-			if sentinel {
-				return fmt.Errorf("This is a dummy error")
-			}
-			return nil
-		})
-		panic(http.Serve(listener, mux))
-	}
-
-	c := make(chan string, 1)
-
-	// run a local webserver to test data retrieval
-	go serve(c)
-
-	address := <-c
-	t.Logf("Listening at address: %s", address)
-
-	server := "http://" + address
-
-	resp, err := http.Get(server + "/healthz")
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if resp.StatusCode != 200 {
-		t.Fatalf("Was expecting status code 200 from health check, but got %d instead", resp.StatusCode)
-	}
-
-	sentinel = true
-
-	resp, _ = http.Get(server + "/healthz")
-	if resp.StatusCode != 503 {
-		t.Fatalf("Was expecting status code 503 from health check, but got %d instead", resp.StatusCode)
-	}
-
-}
--- a/util/ksonnet/ksonnet.go
+++ b/util/ksonnet/ksonnet.go
@@ -119,14 +119,7 @@ func (k *ksonnetApp) Show(environment string) ([]*unstructured.Unstructured, err
 	if err != nil {
 		return nil, fmt.Errorf("`ks show` failed: %v", err)
 	}
-	data, err := kube.SplitYAML(out)
-	if err == nil {
-		// Address https://github.com/ksonnet/ksonnet/issues/707
-		for _, d := range data {
-			kube.UnsetLabel(d, "ksonnet.io/component")
-		}
-	}
-	return data, err
+	return kube.SplitYAML(out)
 }

 // ListEnvParams returns list of environment parameters
--- a/util/kube/kube.go
+++ b/util/kube/kube.go
@@ -49,14 +49,13 @@ const (
 )

 const (
-	ServiceKind               = "Service"
-	EndpointsKind             = "Endpoints"
-	DeploymentKind            = "Deployment"
-	ReplicaSetKind            = "ReplicaSet"
-	StatefulSetKind           = "StatefulSet"
-	DaemonSetKind             = "DaemonSet"
-	IngressKind               = "Ingress"
-	PersistentVolumeClaimKind = "PersistentVolumeClaim"
+	ServiceKind     = "Service"
+	EndpointsKind   = "Endpoints"
+	DeploymentKind  = "Deployment"
+	ReplicaSetKind  = "ReplicaSet"
+	StatefulSetKind = "StatefulSet"
+	DaemonSetKind   = "DaemonSet"
+	IngressKind     = "Ingress"
 )

 const (
@@ -108,16 +107,6 @@ func MustToUnstructured(obj interface{}) *unstructured.Unstructured {
 	return uObj
 }

-// UnsetLabel removes our app labels from an unstructured object
-func UnsetLabel(target *unstructured.Unstructured, key string) {
-	if labels := target.GetLabels(); labels != nil {
-		if _, ok := labels[key]; ok {
-			delete(labels, key)
-			target.SetLabels(labels)
-		}
-	}
-}
-
 // SetLabel sets our app labels against an unstructured object
 func SetLabel(target *unstructured.Unstructured, key, val string) error {
 	labels := target.GetLabels()
--- a/util/kube/kube_test.go
+++ b/util/kube/kube_test.go
@@ -169,49 +169,6 @@ func TestConvertToVersion(t *testing.T) {
 	assert.Equal(t, "v1", gvk.Version)
 }

-const depWithLabel = `
-apiVersion: extensions/v1beta2
-kind: Deployment
-metadata:
-  name: nginx-deployment
-  labels:
-    foo: bar
-spec:
-  template:
-    metadata:
-      labels:
-        app: nginx
-    spec:
-      containers:
-      - image: nginx:1.7.9
-        name: nginx
-        ports:
-        - containerPort: 80
-`
-
-func TestUnsetLabels(t *testing.T) {
-	for _, yamlStr := range []string{depWithLabel} {
-		var obj unstructured.Unstructured
-		err := yaml.Unmarshal([]byte(yamlStr), &obj)
-		assert.Nil(t, err)
-
-		err = SetLabel(&obj, "foo", "bar")
-		assert.Nil(t, err)
-
-		UnsetLabel(&obj, "foo")
-
-		manifestBytes, err := json.MarshalIndent(obj.Object, "", "  ")
-		assert.Nil(t, err)
-		log.Println(string(manifestBytes))
-
-		var dep extv1beta1.Deployment
-		err = json.Unmarshal(manifestBytes, &dep)
-		assert.Nil(t, err)
-		assert.Equal(t, 0, len(dep.ObjectMeta.Labels))
-	}
-
-}
-
 const depWithoutSelector = `
 apiVersion: extensions/v1beta1
 kind: Deployment
--- a/util/kustomize/kustomize.go
+++ b/util/kustomize/kustomize.go
@@ -1,31 +0,0 @@
-package kustomize
-
-import (
-	"github.com/argoproj/pkg/exec"
-	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-
-	"github.com/argoproj/argo-cd/util/kube"
-)
-
-// Kustomize provides wrapper functionality around the `kustomize` command.
-type Kustomize interface {
-	// Build returns a list of unstructured objects from a `kustomize build` command
-	Build() ([]*unstructured.Unstructured, error)
-}
-
-// NewKustomizeApp create a new wrapper to run commands on the `kustomize` command-line tool.
-func NewKustomizeApp(path string) Kustomize {
-	return &kustomize{path: path}
-}
-
-type kustomize struct {
-	path string
-}
-
-func (k *kustomize) Build() ([]*unstructured.Unstructured, error) {
-	out, err := exec.RunCommand("kustomize", "build", k.path)
-	if err != nil {
-		return nil, err
-	}
-	return kube.SplitYAML(out)
-}
--- a/util/project/util.go
+++ b/util/project/util.go
@@ -1,24 +0,0 @@
-package project
-
-import "fmt"
-import "github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1"
-
-// GetRoleIndexByName looks up the index of a role in a project by the name
-func GetRoleIndexByName(proj *v1alpha1.AppProject, name string) (int, error) {
-	for i, role := range proj.Spec.Roles {
-		if name == role.Name {
-			return i, nil
-		}
-	}
-	return -1, fmt.Errorf("role '%s' does not exist in project '%s'", name, proj.Name)
-}
-
-// GetJWTTokenIndexByIssuedAt looks up the index of a JWTToken in a project by the issue at time
-func GetJWTTokenIndexByIssuedAt(proj *v1alpha1.AppProject, roleIndex int, issuedAt int64) (int, error) {
-	for i, token := range proj.Spec.Roles[roleIndex].JWTTokens {
-		if issuedAt == token.IssuedAt {
-			return i, nil
-		}
-	}
-	return -1, fmt.Errorf("JWT token for role '%s' issued at '%d' does not exist in project '%s'", proj.Spec.Roles[roleIndex].Name, issuedAt, proj.Name)
-}
--- a/util/rbac/builtin-policy.csv
+++ b/util/rbac/builtin-policy.csv
@@ -6,33 +6,31 @@
 # 2. All other resources:
 # p, <user/group>, <resource>, <action>, <object>

-p, role:readonly, applications, get, */*, allow
-p, role:readonly, applications/events, get, */*, allow
-p, role:readonly, applications/manifests, get, */*, allow
-p, role:readonly, applications/logs, get, */*, allow
-p, role:readonly, clusters, get, *, allow
-p, role:readonly, repositories, get, *, allow
-p, role:readonly, repositories/apps, get, *, allow
-p, role:readonly, projects, get, *, allow
-p, role:readonly, projects/events, get, */*, allow
-
-p, role:admin, applications, create, */*, allow
-p, role:admin, applications, update, */*, allow
-p, role:admin, applications, delete, */*, allow
-p, role:admin, applications, sync, */*, allow
-p, role:admin, applications, rollback, */*, allow
-p, role:admin, applications, terminateop, */*, allow
-p, role:admin, applications/resources, delete, */*, allow
-p, role:admin, clusters, create, *, allow
-p, role:admin, clusters, update, *, allow
-p, role:admin, clusters, delete, *, allow
-p, role:admin, repositories, create, *, allow
-p, role:admin, repositories, update, *, allow
-p, role:admin, repositories, delete, *, allow
-p, role:admin, projects, create, *, allow
-p, role:admin, projects, update, *, allow
-p, role:admin, projects, delete, *, allow
+p, role:readonly, applications, get, */*
+p, role:readonly, applications/events, get, */*
+p, role:readonly, applications/manifests, get, */*
+p, role:readonly, applications/logs, get, */*
+p, role:readonly, clusters, get, *
+p, role:readonly, repositories, get, *
+p, role:readonly, repositories/apps, get, *
+p, role:readonly, projects, get, *

+p, role:admin, applications, create, */*
+p, role:admin, applications, update, */*
+p, role:admin, applications, delete, */*
+p, role:admin, applications, sync, */*
+p, role:admin, applications, rollback, */*
+p, role:admin, applications, terminateop, */*
+p, role:admin, applications/pods, delete, */*
+p, role:admin, clusters, create, *
+p, role:admin, clusters, update, *
+p, role:admin, clusters, delete, *
+p, role:admin, repositories, create, *
+p, role:admin, repositories, update, *
+p, role:admin, repositories, delete, *
+p, role:admin, projects, create, *
+p, role:admin, projects, update, *
+p, role:admin, projects, delete, *

 g, role:admin, role:readonly
 g, admin, role:admin
--- a/util/rbac/model.conf
+++ b/util/rbac/model.conf
@@ -2,13 +2,13 @@
 r = sub, res, act, obj

 [policy_definition]
-p = sub, res, act, obj, eft
+p = sub, res, act, obj

 [role_definition]
 g = _, _

 [policy_effect]
-e = some(where (p.eft == allow)) && !some(where (p.eft == deny))
+e = some(where (p.eft == allow))

 [matchers]
 m = g(r.sub, p.sub) && keyMatch(r.res, p.res) && keyMatch(r.act, p.act) && keyMatch(r.obj, p.obj)
--- a/util/rbac/rbac.go
+++ b/util/rbac/rbac.go
@@ -7,6 +7,7 @@ import (

 	"github.com/casbin/casbin"
 	"github.com/casbin/casbin/model"
+	jwt "github.com/dgrijalva/jwt-go"
 	"github.com/gobuffalo/packr"
 	scas "github.com/qiangmzsx/string-adapter"
 	log "github.com/sirupsen/logrus"
@@ -17,6 +18,8 @@ import (
 	v1 "k8s.io/client-go/informers/core/v1"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/tools/cache"
+
+	jwtutil "github.com/argoproj/argo-cd/util/jwt"
 )

 const (
@@ -44,14 +47,10 @@ type Enforcer struct {
 	userDefinedPolicy string
 }

-func loadModel() model.Model {
+func NewEnforcer(clientset kubernetes.Interface, namespace, configmap string, claimsEnforcer ClaimsEnforcerFunc) *Enforcer {
 	box := packr.NewBox(".")
 	modelConf := box.String(builtinModelFile)
-	return casbin.NewModel(modelConf)
-}
-
-func NewEnforcer(clientset kubernetes.Interface, namespace, configmap string, claimsEnforcer ClaimsEnforcerFunc) *Enforcer {
-	model := loadModel()
+	model := casbin.NewModel(modelConf)
 	adapter := scas.NewAdapter("")
 	enf := casbin.NewEnforcer(model, adapter)
 	enf.EnableLog(false)
@@ -91,26 +90,42 @@ func (e *Enforcer) Enforce(rvals ...interface{}) bool {
 	return e.Enforcer.Enforce(rvals...)
 }

-// EnforceCustomPolicy enforce a custom policy with the buildin and user defined policies in case of explicit deny of that resource
-func (e *Enforcer) EnforceCustomPolicy(policy string, rvals ...interface{}) bool {
-	model := loadModel()
-	policies := fmt.Sprintf("%s\n%s\n%s", e.builtinPolicy, e.userDefinedPolicy, policy)
-	adapter := scas.NewAdapter(policies)
-	enf := casbin.NewEnforcer(model, adapter)
-	enf.EnableLog(false)
-	return enf.Enforce(rvals...)
-}
-
 // EnforceClaims checks if the first value is a jwt.Claims and runs enforce against its groups and sub
 func (e *Enforcer) EnforceClaims(rvals ...interface{}) bool {
-	// Return false if no enforcer is provided
+	// Use default claims enforcer if it is nil
 	if e.claimsEnforcerFunc == nil {
-		return false
+		return e.defaultEnforceClaims(rvals...)
 	}

 	return e.claimsEnforcerFunc(rvals...)
 }

+func (e *Enforcer) defaultEnforceClaims(rvals ...interface{}) bool {
+	claims, ok := rvals[0].(jwt.Claims)
+	if !ok {
+		if rvals[0] == nil {
+			vals := append([]interface{}{""}, rvals[1:]...)
+			return e.Enforce(vals...)
+		}
+		return e.Enforce(rvals...)
+	}
+	mapClaims, err := jwtutil.MapClaims(claims)
+	if err != nil {
+		vals := append([]interface{}{""}, rvals[1:]...)
+		return e.Enforce(vals...)
+	}
+	groups := jwtutil.GetGroups(mapClaims)
+	for _, group := range groups {
+		vals := append([]interface{}{group}, rvals[1:]...)
+		if e.Enforcer.Enforce(vals...) {
+			return true
+		}
+	}
+	user := jwtutil.GetField(mapClaims, "sub")
+	vals := append([]interface{}{user}, rvals[1:]...)
+	return e.Enforce(vals...)
+}
+
 // SetBuiltinPolicy sets a built-in policy, which augments any user defined policies
 func (e *Enforcer) SetBuiltinPolicy(policy string) error {
 	e.builtinPolicy = policy
--- a/util/rbac/rbac_test.go
+++ b/util/rbac/rbac_test.go
@@ -5,12 +5,12 @@ import (
 	"testing"
 	"time"

+	jwt "github.com/dgrijalva/jwt-go"
 	"github.com/gobuffalo/packr"
 	log "github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/assert"
 	apiv1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-
 	"k8s.io/client-go/kubernetes/fake"
 )

@@ -84,7 +84,7 @@ func TestBuiltinPolicyEnforcer(t *testing.T) {
 // TestPolicyInformer verifies the informer will get updated with a new configmap
 func TestPolicyInformer(t *testing.T) {
 	cm := fakeConfigMap()
-	cm.Data[ConfigMapPolicyCSVKey] = "p, admin, applications, delete, */*, allow"
+	cm.Data[ConfigMapPolicyCSVKey] = "p, admin, applications, delete, */*"
 	kubeclientset := fake.NewSimpleClientset(cm)
 	enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfgMapName, nil)

@@ -115,26 +115,18 @@ func TestResourceActionWildcards(t *testing.T) {
 	kubeclientset := fake.NewSimpleClientset(fakeConfigMap())
 	enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfgMapName, nil)
 	policy := `
-p, alice, *, get, foo/obj, allow
-p, bob, repositories, *, foo/obj, allow
-p, cathy, *, *, foo/obj, allow
-p, dave, applications, get, foo/obj, allow
-p, dave, applications/*, get, foo/obj, allow
-p, eve, *, get, foo/obj, deny
-p, mallory, repositories, *, foo/obj, deny
-p, mallory, repositories, *, foo/obj, allow
-p, mike, *, *, foo/obj, allow
-p, mike, *, *, foo/obj, deny
-p, trudy, applications, get, foo/obj, allow
-p, trudy, applications/*, get, foo/obj, allow
-p, trudy, applications/secrets, get, foo/obj, deny
+p, alice, *, get, foo/obj
+p, bob, repositories, *, foo/obj
+p, cathy, *, *, foo/obj
+p, dave, applications, get, foo/obj
+p, dave, applications/*, get, foo/obj
 `
 	enf.SetUserPolicy(policy)

 	// Verify the resource wildcard
 	assert.True(t, enf.Enforce("alice", "applications", "get", "foo/obj"))
-	assert.True(t, enf.Enforce("alice", "applications/resources", "get", "foo/obj"))
-	assert.False(t, enf.Enforce("alice", "applications/resources", "delete", "foo/obj"))
+	assert.True(t, enf.Enforce("alice", "applications/pods", "get", "foo/obj"))
+	assert.False(t, enf.Enforce("alice", "applications/pods", "delete", "foo/obj"))

 	// Verify action wildcards work
 	assert.True(t, enf.Enforce("bob", "repositories", "get", "foo/obj"))
@@ -145,32 +137,11 @@ p, trudy, applications/secrets, get, foo/obj, deny
 	assert.True(t, enf.Enforce("cathy", "repositories", "get", "foo/obj"))
 	assert.True(t, enf.Enforce("cathy", "repositories", "delete", "foo/obj"))
 	assert.True(t, enf.Enforce("cathy", "applications", "get", "foo/obj"))
-	assert.True(t, enf.Enforce("cathy", "applications/resources", "delete", "foo/obj"))
+	assert.True(t, enf.Enforce("cathy", "applications/pods", "delete", "foo/obj"))

 	// Verify wildcards with sub-resources
 	assert.True(t, enf.Enforce("dave", "applications", "get", "foo/obj"))
 	assert.True(t, enf.Enforce("dave", "applications/logs", "get", "foo/obj"))
-
-	// Verify the resource wildcard
-	assert.False(t, enf.Enforce("eve", "applications", "get", "foo/obj"))
-	assert.False(t, enf.Enforce("eve", "applications/resources", "get", "foo/obj"))
-	assert.False(t, enf.Enforce("eve", "applications/resources", "delete", "foo/obj"))
-
-	// Verify action wildcards work
-	assert.False(t, enf.Enforce("mallory", "repositories", "get", "foo/obj"))
-	assert.False(t, enf.Enforce("mallory", "repositories", "delete", "foo/obj"))
-	assert.False(t, enf.Enforce("mallory", "applications", "get", "foo/obj"))
-
-	// Verify resource and action wildcards work in conjunction
-	assert.False(t, enf.Enforce("mike", "repositories", "get", "foo/obj"))
-	assert.False(t, enf.Enforce("mike", "repositories", "delete", "foo/obj"))
-	assert.False(t, enf.Enforce("mike", "applications", "get", "foo/obj"))
-	assert.False(t, enf.Enforce("mike", "applications/resources", "delete", "foo/obj"))
-
-	// Verify wildcards with sub-resources
-	assert.True(t, enf.Enforce("trudy", "applications", "get", "foo/obj"))
-	assert.True(t, enf.Enforce("trudy", "applications/logs", "get", "foo/obj"))
-	assert.False(t, enf.Enforce("trudy", "applications/secrets", "get", "foo/obj"))
 }

 // TestProjectIsolationEnforcement verifies the ability to create Project specific policies
@@ -178,8 +149,8 @@ func TestProjectIsolationEnforcement(t *testing.T) {
 	kubeclientset := fake.NewSimpleClientset(fakeConfigMap())
 	enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfgMapName, nil)
 	policy := `
-p, role:foo-admin, *, *, foo/*, allow
-p, role:bar-admin, *, *, bar/*, allow
+p, role:foo-admin, *, *, foo/*
+p, role:bar-admin, *, *, bar/*
 g, alice, role:foo-admin
 g, bob, role:bar-admin
 `
@@ -198,7 +169,7 @@ func TestProjectReadOnly(t *testing.T) {
 	kubeclientset := fake.NewSimpleClientset(fakeConfigMap())
 	enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfgMapName, nil)
 	policy := `
-p, role:foo-readonly, *, get, foo/*, allow
+p, role:foo-readonly, *, get, foo/*
 g, alice, role:foo-readonly
 `
 	enf.SetBuiltinPolicy(policy)
@@ -209,6 +180,36 @@ g, alice, role:foo-readonly
 	assert.False(t, enf.Enforce("bob", "applications", "get", "foo/obj"))
 }

+func TestEnforceClaims(t *testing.T) {
+	kubeclientset := fake.NewSimpleClientset(fakeConfigMap())
+	enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfgMapName, nil)
+	enf.SetBuiltinPolicy(box.String(builtinPolicyFile))
+	policy := `
+g, org2:team2, role:admin
+g, bob, role:admin
+`
+	enf.SetUserPolicy(policy)
+	allowed := []jwt.Claims{
+		jwt.MapClaims{"groups": []string{"org1:team1", "org2:team2"}},
+		jwt.StandardClaims{Subject: "admin"},
+	}
+	for _, c := range allowed {
+		if !assert.True(t, enf.EnforceClaims(c, "applications", "delete", "foo/obj")) {
+			log.Errorf("%v: expected true, got false", c)
+		}
+	}
+
+	disallowed := []jwt.Claims{
+		jwt.MapClaims{"groups": []string{"org3:team3"}},
+		jwt.StandardClaims{Subject: "nobody"},
+	}
+	for _, c := range disallowed {
+		if !assert.False(t, enf.EnforceClaims(c, "applications", "delete", "foo/obj")) {
+			log.Errorf("%v: expected true, got false", c)
+		}
+	}
+}
+
 // TestDefaultRole tests the ability to set a default role
 func TestDefaultRole(t *testing.T) {
 	kubeclientset := fake.NewSimpleClientset()
@@ -216,11 +217,14 @@ func TestDefaultRole(t *testing.T) {
 	err := enf.syncUpdate(fakeConfigMap())
 	assert.Nil(t, err)
 	enf.SetBuiltinPolicy(box.String(builtinPolicyFile))
+	claims := jwt.MapClaims{"groups": []string{"org1:team1", "org2:team2"}}

 	assert.False(t, enf.Enforce("bob", "applications", "get", "foo/bar"))
+	assert.False(t, enf.EnforceClaims(claims, "applications", "get", "foo/bar"))
 	// after setting the default role to be the read-only role, this should now pass
 	enf.SetDefaultRole("role:readonly")
 	assert.True(t, enf.Enforce("bob", "applications", "get", "foo/bar"))
+	assert.True(t, enf.EnforceClaims(claims, "applications", "get", "foo/bar"))
 }

 // TestURLAsObjectName tests the ability to have a URL as an object name
@@ -230,9 +234,9 @@ func TestURLAsObjectName(t *testing.T) {
 	err := enf.syncUpdate(fakeConfigMap())
 	assert.Nil(t, err)
 	policy := `
-p, alice, repositories, *, foo/*, allow
-p, bob, repositories, *, foo/https://github.com/argoproj/argo-cd.git, allow
-p, cathy, repositories, *, foo/*, allow
+p, alice, repositories, *, foo/*
+p, bob, repositories, *, foo/https://github.com/argoproj/argo-cd.git
+p, cathy, repositories, *, foo/*
 `
 	enf.SetUserPolicy(policy)

@@ -244,36 +248,40 @@ p, cathy, repositories, *, foo/*, allow

 }

+func TestEnforceNilClaims(t *testing.T) {
+	kubeclientset := fake.NewSimpleClientset(fakeConfigMap())
+	enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfgMapName, nil)
+	enf.SetBuiltinPolicy(box.String(builtinPolicyFile))
+	assert.False(t, enf.EnforceClaims(nil, "applications", "get", "foo/obj"))
+	enf.SetDefaultRole("role:readonly")
+	assert.True(t, enf.EnforceClaims(nil, "applications", "get", "foo/obj"))
+}
+
 func TestEnableDisableEnforce(t *testing.T) {
 	kubeclientset := fake.NewSimpleClientset(fakeConfigMap())
 	enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfgMapName, nil)
 	policy := `
-p, alice, *, get, foo/obj, allow
-p, mike, *, get, foo/obj, deny
+p, alice, *, get, foo/obj
 `
 	enf.SetUserPolicy(policy)

 	assert.True(t, enf.Enforce("alice", "applications", "get", "foo/obj"))
-	assert.False(t, enf.Enforce("alice", "applications/resources", "delete", "foo/obj"))
-	assert.False(t, enf.Enforce("mike", "applications", "get", "foo/obj"))
-	assert.False(t, enf.Enforce("mike", "applications/resources", "delete", "foo/obj"))
+	assert.False(t, enf.Enforce("alice", "applications/pods", "delete", "foo/obj"))

 	enf.EnableEnforce(false)
 	assert.True(t, enf.Enforce("alice", "applications", "get", "foo/obj"))
-	assert.True(t, enf.Enforce("alice", "applications/resources", "delete", "foo/obj"))
-	assert.True(t, enf.Enforce("mike", "applications", "get", "foo/obj"))
-	assert.True(t, enf.Enforce("mike", "applications/resources", "delete", "foo/obj"))
+	assert.True(t, enf.Enforce("alice", "applications/pods", "delete", "foo/obj"))
 }

 func TestUpdatePolicy(t *testing.T) {
 	kubeclientset := fake.NewSimpleClientset(fakeConfigMap())
 	enf := NewEnforcer(kubeclientset, fakeNamespace, fakeConfgMapName, nil)

-	enf.SetUserPolicy("p, alice, *, get, foo/obj, allow")
+	enf.SetUserPolicy("p, alice, *, get, foo/obj")
 	assert.True(t, enf.Enforce("alice", "applications", "get", "foo/obj"))
 	assert.False(t, enf.Enforce("bob", "applications", "get", "foo/obj"))

-	enf.SetUserPolicy("p, bob, *, get, foo/obj, allow")
+	enf.SetUserPolicy("p, bob, *, get, foo/obj")
 	assert.False(t, enf.Enforce("alice", "applications", "get", "foo/obj"))
 	assert.True(t, enf.Enforce("bob", "applications", "get", "foo/obj"))

@@ -281,11 +289,11 @@ func TestUpdatePolicy(t *testing.T) {
 	assert.False(t, enf.Enforce("alice", "applications", "get", "foo/obj"))
 	assert.False(t, enf.Enforce("bob", "applications", "get", "foo/obj"))

-	enf.SetBuiltinPolicy("p, alice, *, get, foo/obj, allow")
+	enf.SetBuiltinPolicy("p, alice, *, get, foo/obj")
 	assert.True(t, enf.Enforce("alice", "applications", "get", "foo/obj"))
 	assert.False(t, enf.Enforce("bob", "applications", "get", "foo/obj"))

-	enf.SetBuiltinPolicy("p, bob, *, get, foo/obj, allow")
+	enf.SetBuiltinPolicy("p, bob, *, get, foo/obj")
 	assert.False(t, enf.Enforce("alice", "applications", "get", "foo/obj"))
 	assert.True(t, enf.Enforce("bob", "applications", "get", "foo/obj"))

--- a/util/session/sessionmanager.go
+++ b/util/session/sessionmanager.go
@@ -72,7 +72,7 @@ func NewSessionManager(settings *settings.ArgoCDSettings) *SessionManager {

 // Create creates a new token for a given subject (user) and returns it as a string.
 // Passing a value of `0` for secondsBeforeExpiry creates a token that never expires.
-func (mgr *SessionManager) Create(subject string, secondsBeforeExpiry int64) (string, error) {
+func (mgr *SessionManager) Create(subject string, secondsBeforeExpiry int) (string, error) {
 	// Create a new token object, specifying signing method and the claims
 	// you would like it to contain.
 	now := time.Now().UTC()
@@ -86,7 +86,6 @@ func (mgr *SessionManager) Create(subject string, secondsBeforeExpiry int64) (st
 		expires := now.Add(time.Duration(secondsBeforeExpiry) * time.Second)
 		claims.ExpiresAt = expires.Unix()
 	}
-
 	return mgr.signClaims(claims)
 }

--- a/util/settings/settings.go
+++ b/util/settings/settings.go
@@ -11,6 +11,11 @@ import (
 	"syscall"
 	"time"

+	"github.com/argoproj/argo-cd/common"
+	"github.com/argoproj/argo-cd/errors"
+	"github.com/argoproj/argo-cd/util"
+	"github.com/argoproj/argo-cd/util/password"
+	tlsutil "github.com/argoproj/argo-cd/util/tls"
 	"github.com/ghodss/yaml"
 	log "github.com/sirupsen/logrus"
 	"golang.org/x/crypto/ssh/terminal"
@@ -21,12 +26,6 @@ import (
 	"k8s.io/client-go/informers/core/v1"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/tools/cache"
-
-	"github.com/argoproj/argo-cd/common"
-	"github.com/argoproj/argo-cd/errors"
-	"github.com/argoproj/argo-cd/util"
-	"github.com/argoproj/argo-cd/util/password"
-	tlsutil "github.com/argoproj/argo-cd/util/tls"
 )

 // ArgoCDSettings holds in-memory runtime configuration options.
@@ -124,7 +123,6 @@ func updateSettingsFromSecret(settings *ArgoCDSettings, argoCDSecret *apiv1.Secr
 			settings.AdminPasswordMtime = adminPasswordMtime
 		}
 	}
-
 	secretKey, ok := argoCDSecret.Data[settingServerSignatureKey]
 	if !ok {
 		return fmt.Errorf("server secret key not found")
@@ -202,7 +200,6 @@ func (mgr *SettingsManager) SaveSettings(settings *ArgoCDSettings) error {
 		}
 		createSecret = true
 	}
-
 	argoCDSecret.StringData = make(map[string]string)
 	argoCDSecret.StringData[settingServerSignatureKey] = string(settings.ServerSignature)
 	argoCDSecret.StringData[settingAdminPasswordHashKey] = settings.AdminPasswordHash
Author	SHA1	Message	Date
Jesse Suen	20693fd44c	Bump version to v0.7.2, add release notes, update manifests	2018-08-21 00:16:15 -07:00
Jesse Suen	37bb65b0ac	API discovery becomes best effort when partial resource list is returned (resolves #524 ) (#525 )	2018-08-21 00:10:43 -07:00
@@ -1 +1 @@
 .8.2
 .7.2