Documentation ¶
Index ¶
- func ReplaceStringSecret(val string, secretValues map[string]string) string
- func UnmarshalDexConfig(config string) (map[string]interface{}, error)
- type Account
- type AccountCapability
- type ArgoCDDiffOptions
- type ArgoCDSettings
- func (a *ArgoCDSettings) DexOAuth2ClientSecret() string
- func (a *ArgoCDSettings) DexRedirectURL() (string, error)
- func (a *ArgoCDSettings) IsDexConfigured() bool
- func (a *ArgoCDSettings) IsSSOConfigured() bool
- func (a *ArgoCDSettings) IssuerURL() string
- func (a *ArgoCDSettings) OAuth2ClientID() string
- func (a *ArgoCDSettings) OAuth2ClientSecret() string
- func (a *ArgoCDSettings) OIDCConfig() *OIDCConfig
- func (a *ArgoCDSettings) RedirectURL() (string, error)
- func (a *ArgoCDSettings) TLSConfig() *tls.Config
- type FilteredResource
- type GlobalProjectSettings
- type GoogleAnalytics
- type HelmRepoCredentials
- type Help
- type IgnoreStatus
- type KustomizeSettings
- type KustomizeVersion
- type OIDCConfig
- type Repository
- type RepositoryCredentials
- type ResourcesFilter
- type SettingsManager
- func (mgr *SettingsManager) AddAccount(name string, account Account) error
- func (mgr *SettingsManager) GetAccount(name string) (*Account, error)
- func (mgr *SettingsManager) GetAccounts() (map[string]Account, error)
- func (mgr *SettingsManager) GetAppInstanceLabelKey() (string, error)
- func (mgr *SettingsManager) GetConfigManagementPlugins() ([]v1alpha1.ConfigManagementPlugin, error)
- func (mgr *SettingsManager) GetConfigMapByName(configMapName string) (*apiv1.ConfigMap, error)
- func (mgr *SettingsManager) GetGlobalProjectsSettings() ([]GlobalProjectSettings, error)
- func (mgr *SettingsManager) GetGoogleAnalytics() (*GoogleAnalytics, error)
- func (mgr *SettingsManager) GetHelmRepositories() ([]HelmRepoCredentials, error)
- func (mgr *SettingsManager) GetHelp() (*Help, error)
- func (mgr *SettingsManager) GetKustomizeSettings() (*KustomizeSettings, error)
- func (mgr *SettingsManager) GetPasswordPattern() (string, error)
- func (mgr *SettingsManager) GetRepositories() ([]Repository, error)
- func (mgr *SettingsManager) GetRepositoryCredentials() ([]RepositoryCredentials, error)
- func (mgr *SettingsManager) GetResourceCompareOptions() (ArgoCDDiffOptions, error)
- func (mgr *SettingsManager) GetResourceOverrides() (map[string]v1alpha1.ResourceOverride, error)
- func (mgr *SettingsManager) GetResourcesFilter() (*ResourcesFilter, error)
- func (mgr *SettingsManager) GetSecretsLister() (v1listers.SecretLister, error)
- func (mgr *SettingsManager) GetSettings() (*ArgoCDSettings, error)
- func (mgr *SettingsManager) InitializeSettings(insecureModeEnabled bool) (*ArgoCDSettings, error)
- func (mgr *SettingsManager) ResyncInformers() error
- func (mgr *SettingsManager) SaveGPGPublicKeyData(ctx context.Context, gpgPublicKeys map[string]string) error
- func (mgr *SettingsManager) SaveRepositories(repos []Repository) error
- func (mgr *SettingsManager) SaveRepositoryCredentials(creds []RepositoryCredentials) error
- func (mgr *SettingsManager) SaveSSHKnownHostsData(ctx context.Context, knownHostsList []string) error
- func (mgr *SettingsManager) SaveSettings(settings *ArgoCDSettings) error
- func (mgr *SettingsManager) SaveTLSCertificateData(ctx context.Context, tlsCertificates map[string]string) error
- func (mgr *SettingsManager) Subscribe(subCh chan<- *ArgoCDSettings)
- func (mgr *SettingsManager) Unsubscribe(subCh chan<- *ArgoCDSettings)
- func (mgr *SettingsManager) UpdateAccount(name string, callback func(account *Account) error) error
- type Token
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ReplaceStringSecret ¶
ReplaceStringSecret checks if given string is a secret key reference ( starts with $ ) and returns corresponding value from provided map
func UnmarshalDexConfig ¶
Types ¶
type Account ¶
type Account struct { PasswordHash string PasswordMtime *time.Time Enabled bool Capabilities []AccountCapability Tokens []Token }
Account holds local account information
func (*Account) FormatCapabilities ¶
FormatCapabilities returns comma separate list of user capabilities.
func (*Account) FormatPasswordMtime ¶
FormatPasswordMtime return the formatted password modify time or empty string of password modify time is nil.
func (*Account) HasCapability ¶
func (a *Account) HasCapability(capability AccountCapability) bool
HasCapability return true if the account has the specified capability.
func (*Account) TokenIndex ¶
TokenIndex return an index of a token with the given identifier or -1 if token not found.
type AccountCapability ¶
type AccountCapability string
const ( // AccountCapabilityLogin represents capability to create UI session tokens. AccountCapabilityLogin AccountCapability = "login" // AccountCapabilityLogin represents capability to generate API auth tokens. AccountCapabilityApiKey AccountCapability = "apiKey" )
type ArgoCDDiffOptions ¶
type ArgoCDDiffOptions struct { IgnoreAggregatedRoles bool `json:"ignoreAggregatedRoles,omitempty"` // If set to true then differences caused by status are ignored. IgnoreResourceStatusField IgnoreStatus `json:"ignoreResourceStatusField,omitempty"` }
func GetDefaultDiffOptions ¶
func GetDefaultDiffOptions() ArgoCDDiffOptions
type ArgoCDSettings ¶
type ArgoCDSettings struct { // URL is the externally facing URL users will visit to reach Argo CD. // The value here is used when configuring SSO. Omitting this value will disable SSO. URL string `json:"url,omitempty"` // Indicates if status badge is enabled or not. StatusBadgeEnabled bool `json:"statusBadgeEnable"` // DexConfig contains portions of a dex config yaml DexConfig string `json:"dexConfig,omitempty"` // OIDCConfigRAW holds OIDC configuration as a raw string OIDCConfigRAW string `json:"oidcConfig,omitempty"` // ServerSignature holds the key used to generate JWT tokens. ServerSignature []byte `json:"serverSignature,omitempty"` // Certificate holds the certificate/private key for the Argo CD API server. // If nil, will run insecure without TLS. Certificate *tls.Certificate `json:"-"` // CertificateIsExternal indicates whether Certificate was loaded from external secret CertificateIsExternal bool `json:"-"` // WebhookGitLabSecret holds the shared secret for authenticating GitHub webhook events WebhookGitHubSecret string `json:"webhookGitHubSecret,omitempty"` // WebhookGitLabSecret holds the shared secret for authenticating GitLab webhook events WebhookGitLabSecret string `json:"webhookGitLabSecret,omitempty"` // WebhookBitbucketUUID holds the UUID for authenticating Bitbucket webhook events WebhookBitbucketUUID string `json:"webhookBitbucketUUID,omitempty"` // WebhookBitbucketServerSecret holds the shared secret for authenticating BitbucketServer webhook events WebhookBitbucketServerSecret string `json:"webhookBitbucketServerSecret,omitempty"` // WebhookGogsSecret holds the shared secret for authenticating Gogs webhook events WebhookGogsSecret string `json:"webhookGogsSecret,omitempty"` // Secrets holds all secrets in argocd-secret as a map[string]string Secrets map[string]string `json:"secrets,omitempty"` // KustomizeBuildOptions is a string of kustomize build parameters KustomizeBuildOptions string `json:"kustomizeBuildOptions,omitempty"` // Indicates if anonymous user is enabled or not AnonymousUserEnabled bool `json:"anonymousUserEnabled,omitempty"` // Specifies token expiration duration UserSessionDuration time.Duration `json:"userSessionDuration,omitempty"` // UiCssURL local or remote path to user-defined CSS to customize ArgoCD UI UiCssURL string `json:"uiCssURL,omitempty"` // Content of UI Banner UiBannerContent string `json:"uiBannerContent,omitempty"` // URL for UI Banner UiBannerURL string `json:"uiBannerURL,omitempty"` // PasswordPattern for password regular expression PasswordPattern string `json:"passwordPattern,omitempty"` }
ArgoCDSettings holds in-memory runtime configuration options.
func (*ArgoCDSettings) DexOAuth2ClientSecret ¶
func (a *ArgoCDSettings) DexOAuth2ClientSecret() string
DexOAuth2ClientSecret calculates an arbitrary, but predictable OAuth2 client secret string derived from the server secret. This is called by the dex startup wrapper (argocd-dex rundex), as well as the API server, such that they both independently come to the same conclusion of what the OAuth2 shared client secret should be.
func (*ArgoCDSettings) DexRedirectURL ¶
func (a *ArgoCDSettings) DexRedirectURL() (string, error)
func (*ArgoCDSettings) IsDexConfigured ¶
func (a *ArgoCDSettings) IsDexConfigured() bool
func (*ArgoCDSettings) IsSSOConfigured ¶
func (a *ArgoCDSettings) IsSSOConfigured() bool
IsSSOConfigured returns whether or not single-sign-on is configured
func (*ArgoCDSettings) IssuerURL ¶
func (a *ArgoCDSettings) IssuerURL() string
func (*ArgoCDSettings) OAuth2ClientID ¶
func (a *ArgoCDSettings) OAuth2ClientID() string
func (*ArgoCDSettings) OAuth2ClientSecret ¶
func (a *ArgoCDSettings) OAuth2ClientSecret() string
func (*ArgoCDSettings) OIDCConfig ¶
func (a *ArgoCDSettings) OIDCConfig() *OIDCConfig
func (*ArgoCDSettings) RedirectURL ¶
func (a *ArgoCDSettings) RedirectURL() (string, error)
func (*ArgoCDSettings) TLSConfig ¶
func (a *ArgoCDSettings) TLSConfig() *tls.Config
TLSConfig returns a tls.Config with the configured certificates
type FilteredResource ¶
type FilteredResource struct { APIGroups []string `json:"apiGroups,omitempty"` Kinds []string `json:"kinds,omitempty"` Clusters []string `json:"clusters,omitempty"` }
func (FilteredResource) Match ¶
func (r FilteredResource) Match(apiGroup, kind, cluster string) bool
func (FilteredResource) MatchCluster ¶
func (r FilteredResource) MatchCluster(cluster string) bool
type GlobalProjectSettings ¶
type GlobalProjectSettings struct { ProjectName string `json:"projectName,omitempty"` LabelSelector metav1.LabelSelector `json:"labelSelector,omitempty"` }
type GoogleAnalytics ¶
type HelmRepoCredentials ¶
type HelmRepoCredentials struct { URL string `json:"url,omitempty"` Name string `json:"name,omitempty"` UsernameSecret *apiv1.SecretKeySelector `json:"usernameSecret,omitempty"` PasswordSecret *apiv1.SecretKeySelector `json:"passwordSecret,omitempty"` CertSecret *apiv1.SecretKeySelector `json:"certSecret,omitempty"` KeySecret *apiv1.SecretKeySelector `json:"keySecret,omitempty"` }
DEPRECATED. Helm repository credentials are now managed using RepoCredentials
type Help ¶
type Help struct { // the URL for getting chat help, this will typically be your Slack channel for support ChatURL string `json:"chatUrl,omitempty"` // the text for getting chat help, defaults to "Chat now!" ChatText string `json:"chatText,omitempty"` }
Help settings
type IgnoreStatus ¶
type IgnoreStatus string
const ( // IgnoreResourceStatusInCRD ignores status changes for all CRDs IgnoreResourceStatusInCRD IgnoreStatus = "crd" // IgnoreResourceStatusInAll ignores status changes for all resources IgnoreResourceStatusInAll IgnoreStatus = "all" // IgnoreResourceStatusInNone ignores status changes for no resources IgnoreResourceStatusInNone IgnoreStatus = "off" )
type KustomizeSettings ¶
type KustomizeSettings struct { BuildOptions string Versions []KustomizeVersion }
KustomizeSettings holds kustomize settings
func (*KustomizeSettings) GetOptions ¶
func (ks *KustomizeSettings) GetOptions(source v1alpha1.ApplicationSource) (*v1alpha1.KustomizeOptions, error)
type KustomizeVersion ¶
type KustomizeVersion struct { // Name holds Kustomize version name Name string // Path holds corresponding binary path Path string // BuildOptions that are specific to Kustomize version BuildOptions string }
KustomizeVersion holds information about additional Kustomize version
type OIDCConfig ¶
type OIDCConfig struct { Name string `json:"name,omitempty"` Issuer string `json:"issuer,omitempty"` ClientID string `json:"clientID,omitempty"` ClientSecret string `json:"clientSecret,omitempty"` CLIClientID string `json:"cliClientID,omitempty"` RequestedScopes []string `json:"requestedScopes,omitempty"` RequestedIDTokenClaims map[string]*oidc.Claim `json:"requestedIDTokenClaims,omitempty"` LogoutURL string `json:"logoutURL,omitempty"` }
func UnmarshalOIDCConfig ¶
func UnmarshalOIDCConfig(config string) (OIDCConfig, error)
type Repository ¶
type Repository struct { // The URL to the repository URL string `json:"url,omitempty"` // the type of the repo, "git" or "helm", assumed to be "git" if empty or absent Type string `json:"type,omitempty"` // helm only Name string `json:"name,omitempty"` // Name of the secret storing the username used to access the repo UsernameSecret *apiv1.SecretKeySelector `json:"usernameSecret,omitempty"` // Name of the secret storing the password used to access the repo PasswordSecret *apiv1.SecretKeySelector `json:"passwordSecret,omitempty"` // Name of the secret storing the SSH private key used to access the repo. Git only SSHPrivateKeySecret *apiv1.SecretKeySelector `json:"sshPrivateKeySecret,omitempty"` // Whether to connect the repository in an insecure way (deprecated) InsecureIgnoreHostKey bool `json:"insecureIgnoreHostKey,omitempty"` // Whether to connect the repository in an insecure way Insecure bool `json:"insecure,omitempty"` // Whether the repo is git-lfs enabled. Git only. EnableLFS bool `json:"enableLfs,omitempty"` // Name of the secret storing the TLS client cert data TLSClientCertDataSecret *apiv1.SecretKeySelector `json:"tlsClientCertDataSecret,omitempty"` // Name of the secret storing the TLS client cert's key data TLSClientCertKeySecret *apiv1.SecretKeySelector `json:"tlsClientCertKeySecret,omitempty"` // Whether the repo is helm-oci enabled. Git only. EnableOci bool `json:"enableOci,omitempty"` // Github App Private Key PEM data GithubAppPrivateKeySecret *apiv1.SecretKeySelector `json:"githubAppPrivateKeySecret,omitempty"` // Github App ID of the app used to access the repo GithubAppId int64 `json:"githubAppID,omitempty"` // Github App Installation ID of the installed GitHub App GithubAppInstallationId int64 `json:"githubAppInstallationID,omitempty"` // Github App Enterprise base url if empty will default to https://api.github.com GithubAppEnterpriseBaseURL string `json:"githubAppEnterpriseBaseUrl,omitempty"` // Proxy specifies the HTTP/HTTPS proxy used to access the repo Proxy string `json:"proxy,omitempty"` }
Credentials for accessing a Git repository
type RepositoryCredentials ¶
type RepositoryCredentials struct { // The URL pattern the repository URL has to match URL string `json:"url,omitempty"` // Name of the secret storing the username used to access the repo UsernameSecret *apiv1.SecretKeySelector `json:"usernameSecret,omitempty"` // Name of the secret storing the password used to access the repo PasswordSecret *apiv1.SecretKeySelector `json:"passwordSecret,omitempty"` // Name of the secret storing the SSH private key used to access the repo. Git only SSHPrivateKeySecret *apiv1.SecretKeySelector `json:"sshPrivateKeySecret,omitempty"` // Name of the secret storing the TLS client cert data TLSClientCertDataSecret *apiv1.SecretKeySelector `json:"tlsClientCertDataSecret,omitempty"` // Name of the secret storing the TLS client cert's key data TLSClientCertKeySecret *apiv1.SecretKeySelector `json:"tlsClientCertKeySecret,omitempty"` // Github App Private Key PEM data GithubAppPrivateKeySecret *apiv1.SecretKeySelector `json:"githubAppPrivateKeySecret,omitempty"` // Github App ID of the app used to access the repo GithubAppId int64 `json:"githubAppID,omitempty"` // Github App Installation ID of the installed GitHub App GithubAppInstallationId int64 `json:"githubAppInstallationID,omitempty"` // Github App Enterprise base url if empty will default to https://api.github.com GithubAppEnterpriseBaseURL string `json:"githubAppEnterpriseBaseUrl,omitempty"` // EnableOCI specifies whether helm-oci support should be enabled for this repo EnableOCI bool `json:"enableOCI,omitempty"` // the type of the repositoryCredentials, "git" or "helm", assumed to be "git" if empty or absent Type string `json:"type,omitempty"` }
Credential template for accessing repositories
type ResourcesFilter ¶
type ResourcesFilter struct { // ResourceExclusions holds the api groups, kinds per cluster to exclude from Argo CD's watch ResourceExclusions []FilteredResource // ResourceInclusions holds the only api groups, kinds per cluster that Argo CD will watch ResourceInclusions []FilteredResource }
func (*ResourcesFilter) IsExcludedResource ¶
func (rf *ResourcesFilter) IsExcludedResource(apiGroup, kind, cluster string) bool
Behavior of this function is as follows: +-------------+-------------+-------------+ | Inclusions | Exclusions | Result | +-------------+-------------+-------------+ | Empty | Empty | Allowed | +-------------+-------------+-------------+ | Present | Empty | Allowed | +-------------+-------------+-------------+ | Not Present | Empty | Not Allowed | +-------------+-------------+-------------+ | Empty | Present | Not Allowed | +-------------+-------------+-------------+ | Empty | Not Present | Allowed | +-------------+-------------+-------------+ | Present | Not Present | Allowed | +-------------+-------------+-------------+ | Not Present | Present | Not Allowed | +-------------+-------------+-------------+ | Not Present | Not Present | Not Allowed | +-------------+-------------+-------------+ | Present | Present | Not Allowed | +-------------+-------------+-------------+
type SettingsManager ¶
type SettingsManager struct {
// contains filtered or unexported fields
}
SettingsManager holds config info for a new manager with which to access Kubernetes ConfigMaps.
func NewSettingsManager ¶
func NewSettingsManager(ctx context.Context, clientset kubernetes.Interface, namespace string) *SettingsManager
NewSettingsManager generates a new SettingsManager pointer and returns it
func (*SettingsManager) AddAccount ¶
func (mgr *SettingsManager) AddAccount(name string, account Account) error
AddAccount save an account with the given name and properties.
func (*SettingsManager) GetAccount ¶
func (mgr *SettingsManager) GetAccount(name string) (*Account, error)
GetAccount return an account info by the specified name.
func (*SettingsManager) GetAccounts ¶
func (mgr *SettingsManager) GetAccounts() (map[string]Account, error)
GetAccounts returns list of configured accounts
func (*SettingsManager) GetAppInstanceLabelKey ¶
func (mgr *SettingsManager) GetAppInstanceLabelKey() (string, error)
func (*SettingsManager) GetConfigManagementPlugins ¶
func (mgr *SettingsManager) GetConfigManagementPlugins() ([]v1alpha1.ConfigManagementPlugin, error)
func (*SettingsManager) GetConfigMapByName ¶
func (mgr *SettingsManager) GetConfigMapByName(configMapName string) (*apiv1.ConfigMap, error)
Returns the ConfigMap with the given name from the cluster. The ConfigMap must be labeled with "app.kubernetes.io/part-of: argocd" in order to be retrievable.
func (*SettingsManager) GetGlobalProjectsSettings ¶
func (mgr *SettingsManager) GetGlobalProjectsSettings() ([]GlobalProjectSettings, error)
GetGlobalProjectsSettings loads the global project settings from argocd-cm ConfigMap
func (*SettingsManager) GetGoogleAnalytics ¶
func (mgr *SettingsManager) GetGoogleAnalytics() (*GoogleAnalytics, error)
func (*SettingsManager) GetHelmRepositories ¶
func (mgr *SettingsManager) GetHelmRepositories() ([]HelmRepoCredentials, error)
DEPRECATED. Helm repository credentials are now managed using RepoCredentials
func (*SettingsManager) GetHelp ¶
func (mgr *SettingsManager) GetHelp() (*Help, error)
func (*SettingsManager) GetKustomizeSettings ¶
func (mgr *SettingsManager) GetKustomizeSettings() (*KustomizeSettings, error)
GetKustomizeSettings loads the kustomize settings from argocd-cm ConfigMap
func (*SettingsManager) GetPasswordPattern ¶ added in v2.1.1
func (mgr *SettingsManager) GetPasswordPattern() (string, error)
func (*SettingsManager) GetRepositories ¶
func (mgr *SettingsManager) GetRepositories() ([]Repository, error)
func (*SettingsManager) GetRepositoryCredentials ¶
func (mgr *SettingsManager) GetRepositoryCredentials() ([]RepositoryCredentials, error)
func (*SettingsManager) GetResourceCompareOptions ¶
func (mgr *SettingsManager) GetResourceCompareOptions() (ArgoCDDiffOptions, error)
GetResourceCompareOptions loads the resource compare options settings from the ConfigMap
func (*SettingsManager) GetResourceOverrides ¶
func (mgr *SettingsManager) GetResourceOverrides() (map[string]v1alpha1.ResourceOverride, error)
GetResourceOverrides loads Resource Overrides from argocd-cm ConfigMap
func (*SettingsManager) GetResourcesFilter ¶
func (mgr *SettingsManager) GetResourcesFilter() (*ResourcesFilter, error)
func (*SettingsManager) GetSecretsLister ¶
func (mgr *SettingsManager) GetSecretsLister() (v1listers.SecretLister, error)
func (*SettingsManager) GetSettings ¶
func (mgr *SettingsManager) GetSettings() (*ArgoCDSettings, error)
GetSettings retrieves settings from the ArgoCDConfigMap and secret.
func (*SettingsManager) InitializeSettings ¶
func (mgr *SettingsManager) InitializeSettings(insecureModeEnabled bool) (*ArgoCDSettings, error)
InitializeSettings is used to initialize empty admin password, signature, certificate etc if missing
func (*SettingsManager) ResyncInformers ¶
func (mgr *SettingsManager) ResyncInformers() error
func (*SettingsManager) SaveGPGPublicKeyData ¶
func (*SettingsManager) SaveRepositories ¶
func (mgr *SettingsManager) SaveRepositories(repos []Repository) error
func (*SettingsManager) SaveRepositoryCredentials ¶
func (mgr *SettingsManager) SaveRepositoryCredentials(creds []RepositoryCredentials) error
func (*SettingsManager) SaveSSHKnownHostsData ¶
func (mgr *SettingsManager) SaveSSHKnownHostsData(ctx context.Context, knownHostsList []string) error
Save the SSH known host data into the corresponding ConfigMap
func (*SettingsManager) SaveSettings ¶
func (mgr *SettingsManager) SaveSettings(settings *ArgoCDSettings) error
SaveSettings serializes ArgoCDSettings and upserts it into K8s secret/configmap
func (*SettingsManager) SaveTLSCertificateData ¶
func (*SettingsManager) Subscribe ¶
func (mgr *SettingsManager) Subscribe(subCh chan<- *ArgoCDSettings)
Subscribe registers a channel in which to subscribe to settings updates
func (*SettingsManager) Unsubscribe ¶
func (mgr *SettingsManager) Unsubscribe(subCh chan<- *ArgoCDSettings)
Unsubscribe unregisters a channel from receiving of settings updates
func (*SettingsManager) UpdateAccount ¶
func (mgr *SettingsManager) UpdateAccount(name string, callback func(account *Account) error) error
UpdateAccount runs the callback function against an account that matches to the specified name and persist changes applied by the callback.