rbacpolicy

package
v2.13.0-rc2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 20, 2024 License: Apache-2.0 Imports: 7 Imported by: 4

Documentation

Index

Constants

View Source
const (
	// please add new items to Resources
	ResourceClusters        = "clusters"
	ResourceProjects        = "projects"
	ResourceApplications    = "applications"
	ResourceApplicationSets = "applicationsets"
	ResourceRepositories    = "repositories"
	ResourceCertificates    = "certificates"
	ResourceAccounts        = "accounts"
	ResourceGPGKeys         = "gpgkeys"
	ResourceLogs            = "logs"
	ResourceExec            = "exec"
	ResourceExtensions      = "extensions"

	// please add new items to Actions
	ActionGet      = "get"
	ActionCreate   = "create"
	ActionUpdate   = "update"
	ActionDelete   = "delete"
	ActionSync     = "sync"
	ActionOverride = "override"
	ActionAction   = "action"
	ActionInvoke   = "invoke"
)

Variables

Functions

func GetProjectRoleFromSubject

func GetProjectRoleFromSubject(subject string) (string, string, bool)

func IsProjectSubject

func IsProjectSubject(subject string) bool

Types

type RBACPolicyEnforcer

type RBACPolicyEnforcer struct {
	// contains filtered or unexported fields
}

RBACPolicyEnforcer provides an RBAC Claims Enforcer which additionally consults AppProject roles, jwt tokens, and groups. It is backed by a AppProject informer/lister cache and does not make any API calls during enforcement.

func NewRBACPolicyEnforcer

func NewRBACPolicyEnforcer(enf *rbac.Enforcer, projLister applister.AppProjectNamespaceLister) *RBACPolicyEnforcer

NewRBACPolicyEnforcer returns a new RBAC Enforcer for the Argo CD API Server

func (*RBACPolicyEnforcer) EnforceClaims

func (p *RBACPolicyEnforcer) EnforceClaims(claims jwt.Claims, rvals ...interface{}) bool

EnforceClaims is an RBAC claims enforcer specific to the Argo CD API server

func (*RBACPolicyEnforcer) GetScopes

func (p *RBACPolicyEnforcer) GetScopes() []string

func (*RBACPolicyEnforcer) SetScopes

func (p *RBACPolicyEnforcer) SetScopes(scopes []string)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL