settings

package
v2.1.2-hf1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 19, 2021 License: Apache-2.0 Imports: 38 Imported by: 27

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ReplaceStringSecret

func ReplaceStringSecret(val string, secretValues map[string]string) string

ReplaceStringSecret checks if given string is a secret key reference ( starts with $ ) and returns corresponding value from provided map

func UnmarshalDexConfig

func UnmarshalDexConfig(config string) (map[string]interface{}, error)

Types

type Account

type Account struct {
	PasswordHash  string
	PasswordMtime *time.Time
	Enabled       bool
	Capabilities  []AccountCapability
	Tokens        []Token
}

Account holds local account information

func (*Account) FormatCapabilities

func (a *Account) FormatCapabilities() string

FormatCapabilities returns comma separate list of user capabilities.

func (*Account) FormatPasswordMtime

func (a *Account) FormatPasswordMtime() string

FormatPasswordMtime return the formatted password modify time or empty string of password modify time is nil.

func (*Account) HasCapability

func (a *Account) HasCapability(capability AccountCapability) bool

HasCapability return true if the account has the specified capability.

func (*Account) TokenIndex

func (a *Account) TokenIndex(id string) int

TokenIndex return an index of a token with the given identifier or -1 if token not found.

type AccountCapability

type AccountCapability string
const (
	// AccountCapabilityLogin represents capability to create UI session tokens.
	AccountCapabilityLogin AccountCapability = "login"
	// AccountCapabilityLogin represents capability to generate API auth tokens.
	AccountCapabilityApiKey AccountCapability = "apiKey"
)

type ArgoCDDiffOptions

type ArgoCDDiffOptions struct {
	IgnoreAggregatedRoles bool `json:"ignoreAggregatedRoles,omitempty"`

	// If set to true then differences caused by status are ignored.
	IgnoreResourceStatusField IgnoreStatus `json:"ignoreResourceStatusField,omitempty"`
}

func GetDefaultDiffOptions

func GetDefaultDiffOptions() ArgoCDDiffOptions

type ArgoCDSettings

type ArgoCDSettings struct {
	// URL is the externally facing URL users will visit to reach Argo CD.
	// The value here is used when configuring SSO. Omitting this value will disable SSO.
	URL string `json:"url,omitempty"`
	// Indicates if status badge is enabled or not.
	StatusBadgeEnabled bool `json:"statusBadgeEnable"`
	// DexConfig contains portions of a dex config yaml
	DexConfig string `json:"dexConfig,omitempty"`
	// OIDCConfigRAW holds OIDC configuration as a raw string
	OIDCConfigRAW string `json:"oidcConfig,omitempty"`
	// ServerSignature holds the key used to generate JWT tokens.
	ServerSignature []byte `json:"serverSignature,omitempty"`
	// Certificate holds the certificate/private key for the Argo CD API server.
	// If nil, will run insecure without TLS.
	Certificate *tls.Certificate `json:"-"`
	// CertificateIsExternal indicates whether Certificate was loaded from external secret
	CertificateIsExternal bool `json:"-"`
	// WebhookGitLabSecret holds the shared secret for authenticating GitHub webhook events
	WebhookGitHubSecret string `json:"webhookGitHubSecret,omitempty"`
	// WebhookGitLabSecret holds the shared secret for authenticating GitLab webhook events
	WebhookGitLabSecret string `json:"webhookGitLabSecret,omitempty"`
	// WebhookBitbucketUUID holds the UUID for authenticating Bitbucket webhook events
	WebhookBitbucketUUID string `json:"webhookBitbucketUUID,omitempty"`
	// WebhookBitbucketServerSecret holds the shared secret for authenticating BitbucketServer webhook events
	WebhookBitbucketServerSecret string `json:"webhookBitbucketServerSecret,omitempty"`
	// WebhookGogsSecret holds the shared secret for authenticating Gogs webhook events
	WebhookGogsSecret string `json:"webhookGogsSecret,omitempty"`
	// Secrets holds all secrets in argocd-secret as a map[string]string
	Secrets map[string]string `json:"secrets,omitempty"`
	// KustomizeBuildOptions is a string of kustomize build parameters
	KustomizeBuildOptions string `json:"kustomizeBuildOptions,omitempty"`
	// Indicates if anonymous user is enabled or not
	AnonymousUserEnabled bool `json:"anonymousUserEnabled,omitempty"`
	// Specifies token expiration duration
	UserSessionDuration time.Duration `json:"userSessionDuration,omitempty"`
	// UiCssURL local or remote path to user-defined CSS to customize ArgoCD UI
	UiCssURL string `json:"uiCssURL,omitempty"`
	// Content of UI Banner
	UiBannerContent string `json:"uiBannerContent,omitempty"`
	// URL for UI Banner
	UiBannerURL string `json:"uiBannerURL,omitempty"`
	// PasswordPattern for password regular expression
	PasswordPattern string `json:"passwordPattern,omitempty"`
}

ArgoCDSettings holds in-memory runtime configuration options.

func (*ArgoCDSettings) DexOAuth2ClientSecret

func (a *ArgoCDSettings) DexOAuth2ClientSecret() string

DexOAuth2ClientSecret calculates an arbitrary, but predictable OAuth2 client secret string derived from the server secret. This is called by the dex startup wrapper (argocd-dex rundex), as well as the API server, such that they both independently come to the same conclusion of what the OAuth2 shared client secret should be.

func (*ArgoCDSettings) DexRedirectURL

func (a *ArgoCDSettings) DexRedirectURL() (string, error)

func (*ArgoCDSettings) IsDexConfigured

func (a *ArgoCDSettings) IsDexConfigured() bool

func (*ArgoCDSettings) IsSSOConfigured

func (a *ArgoCDSettings) IsSSOConfigured() bool

IsSSOConfigured returns whether or not single-sign-on is configured

func (*ArgoCDSettings) IssuerURL

func (a *ArgoCDSettings) IssuerURL() string

func (*ArgoCDSettings) OAuth2ClientID

func (a *ArgoCDSettings) OAuth2ClientID() string

func (*ArgoCDSettings) OAuth2ClientSecret

func (a *ArgoCDSettings) OAuth2ClientSecret() string

func (*ArgoCDSettings) OIDCConfig

func (a *ArgoCDSettings) OIDCConfig() *OIDCConfig

func (*ArgoCDSettings) RedirectURL

func (a *ArgoCDSettings) RedirectURL() (string, error)

func (*ArgoCDSettings) TLSConfig

func (a *ArgoCDSettings) TLSConfig() *tls.Config

TLSConfig returns a tls.Config with the configured certificates

type FilteredResource

type FilteredResource struct {
	APIGroups []string `json:"apiGroups,omitempty"`
	Kinds     []string `json:"kinds,omitempty"`
	Clusters  []string `json:"clusters,omitempty"`
}

func (FilteredResource) Match

func (r FilteredResource) Match(apiGroup, kind, cluster string) bool

func (FilteredResource) MatchCluster

func (r FilteredResource) MatchCluster(cluster string) bool

type GlobalProjectSettings

type GlobalProjectSettings struct {
	ProjectName   string               `json:"projectName,omitempty"`
	LabelSelector metav1.LabelSelector `json:"labelSelector,omitempty"`
}

type GoogleAnalytics

type GoogleAnalytics struct {
	TrackingID     string `json:"trackingID,omitempty"`
	AnonymizeUsers bool   `json:"anonymizeUsers,omitempty"`
}

type HelmRepoCredentials

type HelmRepoCredentials struct {
	URL            string                   `json:"url,omitempty"`
	Name           string                   `json:"name,omitempty"`
	UsernameSecret *apiv1.SecretKeySelector `json:"usernameSecret,omitempty"`
	PasswordSecret *apiv1.SecretKeySelector `json:"passwordSecret,omitempty"`
	CertSecret     *apiv1.SecretKeySelector `json:"certSecret,omitempty"`
	KeySecret      *apiv1.SecretKeySelector `json:"keySecret,omitempty"`
}

DEPRECATED. Helm repository credentials are now managed using RepoCredentials

type Help

type Help struct {
	// the URL for getting chat help, this will typically be your Slack channel for support
	ChatURL string `json:"chatUrl,omitempty"`
	// the text for getting chat help, defaults to "Chat now!"
	ChatText string `json:"chatText,omitempty"`
}

Help settings

type IgnoreStatus

type IgnoreStatus string
const (
	// IgnoreResourceStatusInCRD ignores status changes for all CRDs
	IgnoreResourceStatusInCRD IgnoreStatus = "crd"
	// IgnoreResourceStatusInAll ignores status changes for all resources
	IgnoreResourceStatusInAll IgnoreStatus = "all"
	// IgnoreResourceStatusInNone ignores status changes for no resources
	IgnoreResourceStatusInNone IgnoreStatus = "off"
)

type KustomizeSettings

type KustomizeSettings struct {
	BuildOptions string
	Versions     []KustomizeVersion
}

KustomizeSettings holds kustomize settings

func (*KustomizeSettings) GetOptions

type KustomizeVersion

type KustomizeVersion struct {
	// Name holds Kustomize version name
	Name string
	// Path holds corresponding binary path
	Path string
	// BuildOptions that are specific to Kustomize version
	BuildOptions string
}

KustomizeVersion holds information about additional Kustomize version

type OIDCConfig

type OIDCConfig struct {
	Name                   string                 `json:"name,omitempty"`
	Issuer                 string                 `json:"issuer,omitempty"`
	ClientID               string                 `json:"clientID,omitempty"`
	ClientSecret           string                 `json:"clientSecret,omitempty"`
	CLIClientID            string                 `json:"cliClientID,omitempty"`
	RequestedScopes        []string               `json:"requestedScopes,omitempty"`
	RequestedIDTokenClaims map[string]*oidc.Claim `json:"requestedIDTokenClaims,omitempty"`
	LogoutURL              string                 `json:"logoutURL,omitempty"`
}

func UnmarshalOIDCConfig

func UnmarshalOIDCConfig(config string) (OIDCConfig, error)

type Repository

type Repository struct {
	// The URL to the repository
	URL string `json:"url,omitempty"`
	// the type of the repo, "git" or "helm", assumed to be "git" if empty or absent
	Type string `json:"type,omitempty"`
	// helm only
	Name string `json:"name,omitempty"`
	// Name of the secret storing the username used to access the repo
	UsernameSecret *apiv1.SecretKeySelector `json:"usernameSecret,omitempty"`
	// Name of the secret storing the password used to access the repo
	PasswordSecret *apiv1.SecretKeySelector `json:"passwordSecret,omitempty"`
	// Name of the secret storing the SSH private key used to access the repo. Git only
	SSHPrivateKeySecret *apiv1.SecretKeySelector `json:"sshPrivateKeySecret,omitempty"`
	// Whether to connect the repository in an insecure way (deprecated)
	InsecureIgnoreHostKey bool `json:"insecureIgnoreHostKey,omitempty"`
	// Whether to connect the repository in an insecure way
	Insecure bool `json:"insecure,omitempty"`
	// Whether the repo is git-lfs enabled. Git only.
	EnableLFS bool `json:"enableLfs,omitempty"`
	// Name of the secret storing the TLS client cert data
	TLSClientCertDataSecret *apiv1.SecretKeySelector `json:"tlsClientCertDataSecret,omitempty"`
	// Name of the secret storing the TLS client cert's key data
	TLSClientCertKeySecret *apiv1.SecretKeySelector `json:"tlsClientCertKeySecret,omitempty"`
	// Whether the repo is helm-oci enabled. Git only.
	EnableOci bool `json:"enableOci,omitempty"`
	// Github App Private Key PEM data
	GithubAppPrivateKeySecret *apiv1.SecretKeySelector `json:"githubAppPrivateKeySecret,omitempty"`
	// Github App ID of the app used to access the repo
	GithubAppId int64 `json:"githubAppID,omitempty"`
	// Github App Installation ID of the installed GitHub App
	GithubAppInstallationId int64 `json:"githubAppInstallationID,omitempty"`
	// Github App Enterprise base url if empty will default to https://api.github.com
	GithubAppEnterpriseBaseURL string `json:"githubAppEnterpriseBaseUrl,omitempty"`
	// Proxy specifies the HTTP/HTTPS proxy used to access the repo
	Proxy string `json:"proxy,omitempty"`
}

Credentials for accessing a Git repository

type RepositoryCredentials

type RepositoryCredentials struct {
	// The URL pattern the repository URL has to match
	URL string `json:"url,omitempty"`
	// Name of the secret storing the username used to access the repo
	UsernameSecret *apiv1.SecretKeySelector `json:"usernameSecret,omitempty"`
	// Name of the secret storing the password used to access the repo
	PasswordSecret *apiv1.SecretKeySelector `json:"passwordSecret,omitempty"`
	// Name of the secret storing the SSH private key used to access the repo. Git only
	SSHPrivateKeySecret *apiv1.SecretKeySelector `json:"sshPrivateKeySecret,omitempty"`
	// Name of the secret storing the TLS client cert data
	TLSClientCertDataSecret *apiv1.SecretKeySelector `json:"tlsClientCertDataSecret,omitempty"`
	// Name of the secret storing the TLS client cert's key data
	TLSClientCertKeySecret *apiv1.SecretKeySelector `json:"tlsClientCertKeySecret,omitempty"`
	// Github App Private Key PEM data
	GithubAppPrivateKeySecret *apiv1.SecretKeySelector `json:"githubAppPrivateKeySecret,omitempty"`
	// Github App ID of the app used to access the repo
	GithubAppId int64 `json:"githubAppID,omitempty"`
	// Github App Installation ID of the installed GitHub App
	GithubAppInstallationId int64 `json:"githubAppInstallationID,omitempty"`
	// Github App Enterprise base url if empty will default to https://api.github.com
	GithubAppEnterpriseBaseURL string `json:"githubAppEnterpriseBaseUrl,omitempty"`
	// EnableOCI specifies whether helm-oci support should be enabled for this repo
	EnableOCI bool `json:"enableOCI,omitempty"`
	// the type of the repositoryCredentials, "git" or "helm", assumed to be "git" if empty or absent
	Type string `json:"type,omitempty"`
}

Credential template for accessing repositories

type ResourcesFilter

type ResourcesFilter struct {
	// ResourceExclusions holds the api groups, kinds per cluster to exclude from Argo CD's watch
	ResourceExclusions []FilteredResource
	// ResourceInclusions holds the only api groups, kinds per cluster that Argo CD will watch
	ResourceInclusions []FilteredResource
}

func (*ResourcesFilter) IsExcludedResource

func (rf *ResourcesFilter) IsExcludedResource(apiGroup, kind, cluster string) bool

Behavior of this function is as follows: +-------------+-------------+-------------+ | Inclusions | Exclusions | Result | +-------------+-------------+-------------+ | Empty | Empty | Allowed | +-------------+-------------+-------------+ | Present | Empty | Allowed | +-------------+-------------+-------------+ | Not Present | Empty | Not Allowed | +-------------+-------------+-------------+ | Empty | Present | Not Allowed | +-------------+-------------+-------------+ | Empty | Not Present | Allowed | +-------------+-------------+-------------+ | Present | Not Present | Allowed | +-------------+-------------+-------------+ | Not Present | Present | Not Allowed | +-------------+-------------+-------------+ | Not Present | Not Present | Not Allowed | +-------------+-------------+-------------+ | Present | Present | Not Allowed | +-------------+-------------+-------------+

type SettingsManager

type SettingsManager struct {
	// contains filtered or unexported fields
}

SettingsManager holds config info for a new manager with which to access Kubernetes ConfigMaps.

func NewSettingsManager

func NewSettingsManager(ctx context.Context, clientset kubernetes.Interface, namespace string) *SettingsManager

NewSettingsManager generates a new SettingsManager pointer and returns it

func (*SettingsManager) AddAccount

func (mgr *SettingsManager) AddAccount(name string, account Account) error

AddAccount save an account with the given name and properties.

func (*SettingsManager) GetAccount

func (mgr *SettingsManager) GetAccount(name string) (*Account, error)

GetAccount return an account info by the specified name.

func (*SettingsManager) GetAccounts

func (mgr *SettingsManager) GetAccounts() (map[string]Account, error)

GetAccounts returns list of configured accounts

func (*SettingsManager) GetAppInstanceLabelKey

func (mgr *SettingsManager) GetAppInstanceLabelKey() (string, error)

func (*SettingsManager) GetConfigManagementPlugins

func (mgr *SettingsManager) GetConfigManagementPlugins() ([]v1alpha1.ConfigManagementPlugin, error)

func (*SettingsManager) GetConfigMapByName

func (mgr *SettingsManager) GetConfigMapByName(configMapName string) (*apiv1.ConfigMap, error)

Returns the ConfigMap with the given name from the cluster. The ConfigMap must be labeled with "app.kubernetes.io/part-of: argocd" in order to be retrievable.

func (*SettingsManager) GetGlobalProjectsSettings

func (mgr *SettingsManager) GetGlobalProjectsSettings() ([]GlobalProjectSettings, error)

GetGlobalProjectsSettings loads the global project settings from argocd-cm ConfigMap

func (*SettingsManager) GetGoogleAnalytics

func (mgr *SettingsManager) GetGoogleAnalytics() (*GoogleAnalytics, error)

func (*SettingsManager) GetHelmRepositories

func (mgr *SettingsManager) GetHelmRepositories() ([]HelmRepoCredentials, error)

DEPRECATED. Helm repository credentials are now managed using RepoCredentials

func (*SettingsManager) GetHelp

func (mgr *SettingsManager) GetHelp() (*Help, error)

func (*SettingsManager) GetKustomizeSettings

func (mgr *SettingsManager) GetKustomizeSettings() (*KustomizeSettings, error)

GetKustomizeSettings loads the kustomize settings from argocd-cm ConfigMap

func (*SettingsManager) GetPasswordPattern added in v2.1.1

func (mgr *SettingsManager) GetPasswordPattern() (string, error)

func (*SettingsManager) GetRepositories

func (mgr *SettingsManager) GetRepositories() ([]Repository, error)

func (*SettingsManager) GetRepositoryCredentials

func (mgr *SettingsManager) GetRepositoryCredentials() ([]RepositoryCredentials, error)

func (*SettingsManager) GetResourceCompareOptions

func (mgr *SettingsManager) GetResourceCompareOptions() (ArgoCDDiffOptions, error)

GetResourceCompareOptions loads the resource compare options settings from the ConfigMap

func (*SettingsManager) GetResourceOverrides

func (mgr *SettingsManager) GetResourceOverrides() (map[string]v1alpha1.ResourceOverride, error)

GetResourceOverrides loads Resource Overrides from argocd-cm ConfigMap

func (*SettingsManager) GetResourcesFilter

func (mgr *SettingsManager) GetResourcesFilter() (*ResourcesFilter, error)

func (*SettingsManager) GetSecretsLister

func (mgr *SettingsManager) GetSecretsLister() (v1listers.SecretLister, error)

func (*SettingsManager) GetSettings

func (mgr *SettingsManager) GetSettings() (*ArgoCDSettings, error)

GetSettings retrieves settings from the ArgoCDConfigMap and secret.

func (*SettingsManager) InitializeSettings

func (mgr *SettingsManager) InitializeSettings(insecureModeEnabled bool) (*ArgoCDSettings, error)

InitializeSettings is used to initialize empty admin password, signature, certificate etc if missing

func (*SettingsManager) ResyncInformers

func (mgr *SettingsManager) ResyncInformers() error

func (*SettingsManager) SaveGPGPublicKeyData

func (mgr *SettingsManager) SaveGPGPublicKeyData(ctx context.Context, gpgPublicKeys map[string]string) error

func (*SettingsManager) SaveRepositories

func (mgr *SettingsManager) SaveRepositories(repos []Repository) error

func (*SettingsManager) SaveRepositoryCredentials

func (mgr *SettingsManager) SaveRepositoryCredentials(creds []RepositoryCredentials) error

func (*SettingsManager) SaveSSHKnownHostsData

func (mgr *SettingsManager) SaveSSHKnownHostsData(ctx context.Context, knownHostsList []string) error

Save the SSH known host data into the corresponding ConfigMap

func (*SettingsManager) SaveSettings

func (mgr *SettingsManager) SaveSettings(settings *ArgoCDSettings) error

SaveSettings serializes ArgoCDSettings and upserts it into K8s secret/configmap

func (*SettingsManager) SaveTLSCertificateData

func (mgr *SettingsManager) SaveTLSCertificateData(ctx context.Context, tlsCertificates map[string]string) error

func (*SettingsManager) Subscribe

func (mgr *SettingsManager) Subscribe(subCh chan<- *ArgoCDSettings)

Subscribe registers a channel in which to subscribe to settings updates

func (*SettingsManager) Unsubscribe

func (mgr *SettingsManager) Unsubscribe(subCh chan<- *ArgoCDSettings)

Unsubscribe unregisters a channel from receiving of settings updates

func (*SettingsManager) UpdateAccount

func (mgr *SettingsManager) UpdateAccount(name string, callback func(account *Account) error) error

UpdateAccount runs the callback function against an account that matches to the specified name and persist changes applied by the callback.

type Token

type Token struct {
	ID        string `json:"id"`
	IssuedAt  int64  `json:"iat"`
	ExpiresAt int64  `json:"exp,omitempty"`
}

Token holds the information about the generated auth token.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL