Documentation ¶
Index ¶
- Constants
- Variables
- func ReplaceMapSecrets(obj map[string]interface{}, secretValues map[string]string) map[string]interface{}
- func ReplaceStringSecret(val string, secretValues map[string]string) string
- func UnmarshalDexConfig(config string) (map[string]interface{}, error)
- func ValidateOIDCConfig(configStr string) error
- type Account
- type AccountCapability
- type ArgoCDDiffOptions
- type ArgoCDSettings
- func (a *ArgoCDSettings) ArgoURLForRequest(r *http.Request) (string, error)
- func (a *ArgoCDSettings) DexOAuth2ClientSecret() string
- func (a *ArgoCDSettings) DexRedirectURL() (string, error)
- func (a *ArgoCDSettings) GetServerEncryptionKey() ([]byte, error)
- func (a *ArgoCDSettings) IsDexConfigured() bool
- func (a *ArgoCDSettings) IsSSOConfigured() bool
- func (a *ArgoCDSettings) IssuerURL() string
- func (a *ArgoCDSettings) OAuth2AllowedAudiences() []string
- func (a *ArgoCDSettings) OAuth2ClientID() string
- func (a *ArgoCDSettings) OAuth2ClientSecret() string
- func (a *ArgoCDSettings) OIDCConfig() *OIDCConfig
- func (a *ArgoCDSettings) OIDCTLSConfig() *tls.Config
- func (a *ArgoCDSettings) RedirectAdditionalURLs() ([]string, error)
- func (a *ArgoCDSettings) RedirectURL() (string, error)
- func (a *ArgoCDSettings) RedirectURLForRequest(r *http.Request) (string, error)
- func (a *ArgoCDSettings) SkipAudienceCheckWhenTokenHasNoAudience() bool
- func (a *ArgoCDSettings) TLSConfig() *tls.Config
- func (a *ArgoCDSettings) UserInfoCacheExpiration() time.Duration
- func (a *ArgoCDSettings) UserInfoGroupsEnabled() bool
- func (a *ArgoCDSettings) UserInfoPath() string
- type DeepLink
- type FilteredResource
- type GlobalProjectSettings
- type GoogleAnalytics
- type HelmRepoCredentials
- type Help
- type IgnoreStatus
- type KustomizeSettings
- type KustomizeVersion
- type OIDCConfig
- type Repository
- type RepositoryCredentials
- type ResourcesFilter
- type SettingsManager
- func (mgr *SettingsManager) AddAccount(name string, account Account) error
- func (mgr *SettingsManager) GetAccount(name string) (*Account, error)
- func (mgr *SettingsManager) GetAccounts() (map[string]Account, error)
- func (mgr *SettingsManager) GetAppInstanceLabelKey() (string, error)
- func (mgr *SettingsManager) GetConfigMapByName(configMapName string) (*apiv1.ConfigMap, error)
- func (mgr *SettingsManager) GetDeepLinks(deeplinkType string) ([]DeepLink, error)
- func (mgr *SettingsManager) GetEnabledSourceTypes() (map[string]bool, error)
- func (mgr *SettingsManager) GetExcludeEventLabelKeys() []string
- func (mgr *SettingsManager) GetGlobalProjectsSettings() ([]GlobalProjectSettings, error)
- func (mgr *SettingsManager) GetGoogleAnalytics() (*GoogleAnalytics, error)
- func (mgr *SettingsManager) GetHelmRepositories() ([]HelmRepoCredentials, error)
- func (mgr *SettingsManager) GetHelmSettings() (*v1alpha1.HelmOptions, error)
- func (mgr *SettingsManager) GetHelp() (*Help, error)
- func (mgr *SettingsManager) GetIgnoreResourceUpdatesOverrides() (map[string]v1alpha1.ResourceOverride, error)
- func (mgr *SettingsManager) GetIncludeEventLabelKeys() []string
- func (mgr *SettingsManager) GetIsIgnoreResourceUpdatesEnabled() (bool, error)
- func (mgr *SettingsManager) GetKustomizeSettings() (*KustomizeSettings, error)
- func (mgr *SettingsManager) GetMaxPodLogsToRender() (int64, error)
- func (mgr *SettingsManager) GetMaxWebhookPayloadSize() int64
- func (mgr *SettingsManager) GetNamespace() string
- func (mgr *SettingsManager) GetPasswordPattern() (string, error)
- func (mgr *SettingsManager) GetRepositories() ([]Repository, error)
- func (mgr *SettingsManager) GetRepositoryCredentials() ([]RepositoryCredentials, error)
- func (mgr *SettingsManager) GetResourceCompareOptions() (ArgoCDDiffOptions, error)
- func (mgr *SettingsManager) GetResourceCustomLabels() ([]string, error)
- func (mgr *SettingsManager) GetResourceOverrides() (map[string]v1alpha1.ResourceOverride, error)
- func (mgr *SettingsManager) GetResourcesFilter() (*ResourcesFilter, error)
- func (mgr *SettingsManager) GetSecretsInformer() (cache.SharedIndexInformer, error)
- func (mgr *SettingsManager) GetSecretsLister() (v1listers.SecretLister, error)
- func (mgr *SettingsManager) GetServerRBACLogEnforceEnable() (bool, error)
- func (mgr *SettingsManager) GetSettings() (*ArgoCDSettings, error)
- func (mgr *SettingsManager) GetTrackingMethod() (string, error)
- func (mgr *SettingsManager) InitializeSettings(insecureModeEnabled bool) (*ArgoCDSettings, error)
- func (mgr *SettingsManager) IsImpersonationEnabled() (bool, error)
- func (mgr *SettingsManager) RespectRBAC() (int, error)
- func (mgr *SettingsManager) ResyncInformers() error
- func (mgr *SettingsManager) SaveGPGPublicKeyData(ctx context.Context, gpgPublicKeys map[string]string) error
- func (mgr *SettingsManager) SaveRepositories(repos []Repository) error
- func (mgr *SettingsManager) SaveRepositoryCredentials(creds []RepositoryCredentials) error
- func (mgr *SettingsManager) SaveSSHKnownHostsData(ctx context.Context, knownHostsList []string) error
- func (mgr *SettingsManager) SaveSettings(settings *ArgoCDSettings) error
- func (mgr *SettingsManager) SaveTLSCertificateData(ctx context.Context, tlsCertificates map[string]string) error
- func (mgr *SettingsManager) Subscribe(subCh chan<- *ArgoCDSettings)
- func (mgr *SettingsManager) Unsubscribe(subCh chan<- *ArgoCDSettings)
- func (mgr *SettingsManager) UpdateAccount(name string, callback func(account *Account) error) error
- type SettingsManagerOpts
- type Token
Constants ¶
const ( // ApplicationDeepLinks is the application deep link key ApplicationDeepLinks = "application.links" // ProjectDeepLinks is the project deep link key ProjectDeepLinks = "project.links" // ResourceDeepLinks is the resource deep link key ResourceDeepLinks = "resource.links" // RespectRBAC is the key to configure argocd to respect rbac while watching for resources RespectRBAC = "resource.respectRBAC" RespectRBACValueStrict = "strict" RespectRBACValueNormal = "normal" )
Variables ¶
var ( ByClusterURLIndexer = "byClusterURL" ByClusterNameIndexer = "byClusterName" ByProjectClusterIndexer = "byProjectCluster" ByProjectRepoIndexer = "byProjectRepo" )
Functions ¶
func ReplaceMapSecrets ¶ added in v2.8.0
func ReplaceMapSecrets(obj map[string]interface{}, secretValues map[string]string) map[string]interface{}
ReplaceMapSecrets takes a json object and recursively looks for any secret key references in the object and replaces the value with the secret value
func ReplaceStringSecret ¶
ReplaceStringSecret checks if given string is a secret key reference ( starts with $ ) and returns corresponding value from provided map
func UnmarshalDexConfig ¶
func ValidateOIDCConfig ¶ added in v2.3.14
Types ¶
type Account ¶
type Account struct { PasswordHash string PasswordMtime *time.Time Enabled bool Capabilities []AccountCapability Tokens []Token }
Account holds local account information
func (*Account) FormatCapabilities ¶
FormatCapabilities returns comma separate list of user capabilities.
func (*Account) FormatPasswordMtime ¶
FormatPasswordMtime return the formatted password modify time or empty string of password modify time is nil.
func (*Account) HasCapability ¶
func (a *Account) HasCapability(capability AccountCapability) bool
HasCapability return true if the account has the specified capability.
func (*Account) TokenIndex ¶
TokenIndex return an index of a token with the given identifier or -1 if token not found.
type AccountCapability ¶
type AccountCapability string
const ( // AccountCapabilityLogin represents capability to create UI session tokens. AccountCapabilityLogin AccountCapability = "login" // AccountCapabilityLogin represents capability to generate API auth tokens. AccountCapabilityApiKey AccountCapability = "apiKey" )
type ArgoCDDiffOptions ¶
type ArgoCDDiffOptions struct { IgnoreAggregatedRoles bool `json:"ignoreAggregatedRoles,omitempty"` // If set to true then differences caused by status are ignored. IgnoreResourceStatusField IgnoreStatus `json:"ignoreResourceStatusField,omitempty"` // If set to true then ignoreDifferences are applied to ignore application refresh on resource updates. IgnoreDifferencesOnResourceUpdates bool `json:"ignoreDifferencesOnResourceUpdates,omitempty"` }
func GetDefaultDiffOptions ¶
func GetDefaultDiffOptions() ArgoCDDiffOptions
type ArgoCDSettings ¶
type ArgoCDSettings struct { // URL is the externally facing URL users will visit to reach Argo CD. // The value here is used when configuring SSO. Omitting this value will disable SSO. URL string `json:"url,omitempty"` // URLs is a list of externally facing URLs users will visit to reach Argo CD. // The value here is used when configuring SSO reachable from multiple domains. AdditionalURLs []string `json:"additionalUrls,omitempty"` // Indicates if status badge is enabled or not. StatusBadgeEnabled bool `json:"statusBadgeEnable"` // Indicates if status badge custom root URL should be used. StatusBadgeRootUrl string `json:"statusBadgeRootUrl,omitempty"` // DexConfig contains portions of a dex config yaml DexConfig string `json:"dexConfig,omitempty"` // OIDCConfigRAW holds OIDC configuration as a raw string OIDCConfigRAW string `json:"oidcConfig,omitempty"` // ServerSignature holds the key used to generate JWT tokens. ServerSignature []byte `json:"serverSignature,omitempty"` // Certificate holds the certificate/private key for the Argo CD API server. // If nil, will run insecure without TLS. Certificate *tls.Certificate `json:"-"` // CertificateIsExternal indicates whether Certificate was loaded from external secret CertificateIsExternal bool `json:"-"` // WebhookGitLabSecret holds the shared secret for authenticating GitHub webhook events WebhookGitHubSecret string `json:"webhookGitHubSecret,omitempty"` // WebhookGitLabSecret holds the shared secret for authenticating GitLab webhook events WebhookGitLabSecret string `json:"webhookGitLabSecret,omitempty"` // WebhookBitbucketUUID holds the UUID for authenticating Bitbucket webhook events WebhookBitbucketUUID string `json:"webhookBitbucketUUID,omitempty"` // WebhookBitbucketServerSecret holds the shared secret for authenticating BitbucketServer webhook events WebhookBitbucketServerSecret string `json:"webhookBitbucketServerSecret,omitempty"` // WebhookGogsSecret holds the shared secret for authenticating Gogs webhook events WebhookGogsSecret string `json:"webhookGogsSecret,omitempty"` // WebhookAzureDevOpsUsername holds the username for authenticating Azure DevOps webhook events WebhookAzureDevOpsUsername string `json:"webhookAzureDevOpsUsername,omitempty"` // WebhookAzureDevOpsPassword holds the password for authenticating Azure DevOps webhook events WebhookAzureDevOpsPassword string `json:"webhookAzureDevOpsPassword,omitempty"` // Secrets holds all secrets in argocd-secret as a map[string]string Secrets map[string]string `json:"secrets,omitempty"` // KustomizeBuildOptions is a string of kustomize build parameters KustomizeBuildOptions string `json:"kustomizeBuildOptions,omitempty"` // Indicates if anonymous user is enabled or not AnonymousUserEnabled bool `json:"anonymousUserEnabled,omitempty"` // Specifies token expiration duration UserSessionDuration time.Duration `json:"userSessionDuration,omitempty"` // UiCssURL local or remote path to user-defined CSS to customize ArgoCD UI UiCssURL string `json:"uiCssURL,omitempty"` // Content of UI Banner UiBannerContent string `json:"uiBannerContent,omitempty"` // URL for UI Banner UiBannerURL string `json:"uiBannerURL,omitempty"` // Make Banner permanent and not closeable UiBannerPermanent bool `json:"uiBannerPermanent,omitempty"` // Position of UI Banner UiBannerPosition string `json:"uiBannerPosition,omitempty"` // PasswordPattern for password regular expression PasswordPattern string `json:"passwordPattern,omitempty"` // BinaryUrls contains the URLs for downloading argocd binaries BinaryUrls map[string]string `json:"binaryUrls,omitempty"` // InClusterEnabled indicates whether to allow in-cluster server address InClusterEnabled bool `json:"inClusterEnabled"` // ServerRBACLogEnforceEnable temporary var indicates whether rbac will be enforced on logs ServerRBACLogEnforceEnable bool `json:"serverRBACLogEnforceEnable"` // MaxPodLogsToRender the maximum number of pod logs to render MaxPodLogsToRender int64 `json:"maxPodLogsToRender"` // ExecEnabled indicates whether the UI exec feature is enabled ExecEnabled bool `json:"execEnabled"` // ExecShells restricts which shells are allowed for `exec` and in which order they are tried ExecShells []string `json:"execShells"` // TrackingMethod defines the resource tracking method to be used TrackingMethod string `json:"application.resourceTrackingMethod,omitempty"` // OIDCTLSInsecureSkipVerify determines whether certificate verification is skipped when verifying tokens with the // configured OIDC provider (either external or the bundled Dex instance). Setting this to `true` will cause JWT // token verification to pass despite the OIDC provider having an invalid certificate. Only set to `true` if you // understand the risks. OIDCTLSInsecureSkipVerify bool `json:"oidcTLSInsecureSkipVerify"` // AppsInAnyNamespaceEnabled indicates whether applications are allowed to be created in any namespace AppsInAnyNamespaceEnabled bool `json:"appsInAnyNamespaceEnabled"` // ExtensionConfig configurations related to ArgoCD proxy extensions. The value // is a yaml string defined in extension.ExtensionConfigs struct. ExtensionConfig string `json:"extensionConfig,omitempty"` // ImpersonationEnabled indicates whether Application sync privileges can be decoupled from control plane // privileges using impersonation ImpersonationEnabled bool `json:"impersonationEnabled"` }
ArgoCDSettings holds in-memory runtime configuration options.
func (*ArgoCDSettings) ArgoURLForRequest ¶ added in v2.13.0
func (a *ArgoCDSettings) ArgoURLForRequest(r *http.Request) (string, error)
func (*ArgoCDSettings) DexOAuth2ClientSecret ¶
func (a *ArgoCDSettings) DexOAuth2ClientSecret() string
DexOAuth2ClientSecret calculates an arbitrary, but predictable OAuth2 client secret string derived from the server secret. This is called by the dex startup wrapper (argocd-dex rundex), as well as the API server, such that they both independently come to the same conclusion of what the OAuth2 shared client secret should be.
func (*ArgoCDSettings) DexRedirectURL ¶
func (a *ArgoCDSettings) DexRedirectURL() (string, error)
func (*ArgoCDSettings) GetServerEncryptionKey ¶ added in v2.3.0
func (a *ArgoCDSettings) GetServerEncryptionKey() ([]byte, error)
GetServerEncryptionKey generates a new server encryption key using the server signature as a passphrase
func (*ArgoCDSettings) IsDexConfigured ¶
func (a *ArgoCDSettings) IsDexConfigured() bool
func (*ArgoCDSettings) IsSSOConfigured ¶
func (a *ArgoCDSettings) IsSSOConfigured() bool
IsSSOConfigured returns whether or not single-sign-on is configured
func (*ArgoCDSettings) IssuerURL ¶
func (a *ArgoCDSettings) IssuerURL() string
func (*ArgoCDSettings) OAuth2AllowedAudiences ¶ added in v2.3.14
func (a *ArgoCDSettings) OAuth2AllowedAudiences() []string
OAuth2AllowedAudiences returns a list of audiences that are allowed for the OAuth2 client. If the user has not explicitly configured the list of audiences (or has configured an empty list), then the OAuth2 client ID is returned as the only allowed audience. When using the bundled Dex, that client ID is always "argo-cd".
func (*ArgoCDSettings) OAuth2ClientID ¶
func (a *ArgoCDSettings) OAuth2ClientID() string
func (*ArgoCDSettings) OAuth2ClientSecret ¶
func (a *ArgoCDSettings) OAuth2ClientSecret() string
func (*ArgoCDSettings) OIDCConfig ¶
func (a *ArgoCDSettings) OIDCConfig() *OIDCConfig
func (*ArgoCDSettings) OIDCTLSConfig ¶ added in v2.2.11
func (a *ArgoCDSettings) OIDCTLSConfig() *tls.Config
OIDCTLSConfig returns the TLS config for the OIDC provider. If an external provider is configured, returns a TLS config using the root CAs (if any) specified in the OIDC config. If an external OIDC provider is not configured, returns the API server TLS config, because the API server proxies requests to Dex.
func (*ArgoCDSettings) RedirectAdditionalURLs ¶ added in v2.13.0
func (a *ArgoCDSettings) RedirectAdditionalURLs() ([]string, error)
func (*ArgoCDSettings) RedirectURL ¶
func (a *ArgoCDSettings) RedirectURL() (string, error)
func (*ArgoCDSettings) RedirectURLForRequest ¶ added in v2.13.0
func (a *ArgoCDSettings) RedirectURLForRequest(r *http.Request) (string, error)
func (*ArgoCDSettings) SkipAudienceCheckWhenTokenHasNoAudience ¶ added in v2.3.14
func (a *ArgoCDSettings) SkipAudienceCheckWhenTokenHasNoAudience() bool
func (*ArgoCDSettings) TLSConfig ¶
func (a *ArgoCDSettings) TLSConfig() *tls.Config
TLSConfig returns a tls.Config with the configured certificates
func (*ArgoCDSettings) UserInfoCacheExpiration ¶ added in v2.10.0
func (a *ArgoCDSettings) UserInfoCacheExpiration() time.Duration
UserInfoCacheExpiration returns the expiry time of the UserInfo cache
func (*ArgoCDSettings) UserInfoGroupsEnabled ¶ added in v2.10.0
func (a *ArgoCDSettings) UserInfoGroupsEnabled() bool
UserInfoGroupsEnabled returns whether group claims should be fetch from UserInfo endpoint
func (*ArgoCDSettings) UserInfoPath ¶ added in v2.10.0
func (a *ArgoCDSettings) UserInfoPath() string
UserInfoPath returns the sub-path on which the IDP exposes the UserInfo endpoint
type DeepLink ¶ added in v2.6.0
type DeepLink struct { // URL that the deep link will redirect to URL string `json:"url"` // Title that will be displayed in the UI corresponding to that link Title string `json:"title"` // Description (optional) a description for what the deep link is about Description *string `json:"description,omitempty"` // IconClass (optional) a font-awesome icon class to be used when displaying the links in dropdown menus. IconClass *string `json:"icon.class,omitempty"` // Condition (optional) a conditional statement depending on which the deep link shall be rendered Condition *string `json:"if,omitempty"` }
DeepLink structure
type FilteredResource ¶
type FilteredResource struct { APIGroups []string `json:"apiGroups,omitempty"` Kinds []string `json:"kinds,omitempty"` Clusters []string `json:"clusters,omitempty"` }
func (FilteredResource) Match ¶
func (r FilteredResource) Match(apiGroup, kind, cluster string) bool
func (FilteredResource) MatchCluster ¶
func (r FilteredResource) MatchCluster(cluster string) bool
type GlobalProjectSettings ¶
type GlobalProjectSettings struct { ProjectName string `json:"projectName,omitempty"` LabelSelector metav1.LabelSelector `json:"labelSelector,omitempty"` }
type GoogleAnalytics ¶
type HelmRepoCredentials ¶
type HelmRepoCredentials struct { URL string `json:"url,omitempty"` Name string `json:"name,omitempty"` UsernameSecret *apiv1.SecretKeySelector `json:"usernameSecret,omitempty"` PasswordSecret *apiv1.SecretKeySelector `json:"passwordSecret,omitempty"` CertSecret *apiv1.SecretKeySelector `json:"certSecret,omitempty"` KeySecret *apiv1.SecretKeySelector `json:"keySecret,omitempty"` }
DEPRECATED. Helm repository credentials are now managed using RepoCredentials
type Help ¶
type Help struct { // the URL for getting chat help, this will typically be your Slack channel for support ChatURL string `json:"chatUrl,omitempty"` // the text for getting chat help, defaults to "Chat now!" ChatText string `json:"chatText,omitempty"` // the URLs for downloading argocd binaries BinaryURLs map[string]string `json:"binaryUrl,omitempty"` }
Help settings
type IgnoreStatus ¶
type IgnoreStatus string
const ( // IgnoreResourceStatusInCRD ignores status changes for all CRDs IgnoreResourceStatusInCRD IgnoreStatus = "crd" // IgnoreResourceStatusInAll ignores status changes for all resources IgnoreResourceStatusInAll IgnoreStatus = "all" // IgnoreResourceStatusInNone ignores status changes for no resources IgnoreResourceStatusInNone IgnoreStatus = "off" )
type KustomizeSettings ¶
type KustomizeSettings struct { BuildOptions string Versions []KustomizeVersion }
KustomizeSettings holds kustomize settings
func (*KustomizeSettings) GetOptions ¶
func (ks *KustomizeSettings) GetOptions(source v1alpha1.ApplicationSource) (*v1alpha1.KustomizeOptions, error)
type KustomizeVersion ¶
type KustomizeVersion struct { // Name holds Kustomize version name Name string // Path holds corresponding binary path Path string // BuildOptions that are specific to Kustomize version BuildOptions string }
KustomizeVersion holds information about additional Kustomize version
type OIDCConfig ¶
type OIDCConfig struct { Name string `json:"name,omitempty"` Issuer string `json:"issuer,omitempty"` ClientID string `json:"clientID,omitempty"` ClientSecret string `json:"clientSecret,omitempty"` CLIClientID string `json:"cliClientID,omitempty"` EnableUserInfoGroups bool `json:"enableUserInfoGroups,omitempty"` UserInfoPath string `json:"userInfoPath,omitempty"` UserInfoCacheExpiration string `json:"userInfoCacheExpiration,omitempty"` RequestedScopes []string `json:"requestedScopes,omitempty"` RequestedIDTokenClaims map[string]*oidc.Claim `json:"requestedIDTokenClaims,omitempty"` LogoutURL string `json:"logoutURL,omitempty"` RootCA string `json:"rootCA,omitempty"` EnablePKCEAuthentication bool `json:"enablePKCEAuthentication,omitempty"` DomainHint string `json:"domainHint,omitempty"` }
type Repository ¶
type Repository struct { // The URL to the repository URL string `json:"url,omitempty"` // the type of the repo, "git" or "helm", assumed to be "git" if empty or absent Type string `json:"type,omitempty"` // helm only Name string `json:"name,omitempty"` // Name of the secret storing the username used to access the repo UsernameSecret *apiv1.SecretKeySelector `json:"usernameSecret,omitempty"` // Name of the secret storing the password used to access the repo PasswordSecret *apiv1.SecretKeySelector `json:"passwordSecret,omitempty"` // Name of the secret storing the SSH private key used to access the repo. Git only SSHPrivateKeySecret *apiv1.SecretKeySelector `json:"sshPrivateKeySecret,omitempty"` // Whether to connect the repository in an insecure way (deprecated) InsecureIgnoreHostKey bool `json:"insecureIgnoreHostKey,omitempty"` // Whether to connect the repository in an insecure way Insecure bool `json:"insecure,omitempty"` // Whether the repo is git-lfs enabled. Git only. EnableLFS bool `json:"enableLfs,omitempty"` // Name of the secret storing the TLS client cert data TLSClientCertDataSecret *apiv1.SecretKeySelector `json:"tlsClientCertDataSecret,omitempty"` // Name of the secret storing the TLS client cert's key data TLSClientCertKeySecret *apiv1.SecretKeySelector `json:"tlsClientCertKeySecret,omitempty"` // Whether the repo is helm-oci enabled. Git only. EnableOci bool `json:"enableOci,omitempty"` // Github App Private Key PEM data GithubAppPrivateKeySecret *apiv1.SecretKeySelector `json:"githubAppPrivateKeySecret,omitempty"` // Github App ID of the app used to access the repo GithubAppId int64 `json:"githubAppID,omitempty"` // Github App Installation ID of the installed GitHub App GithubAppInstallationId int64 `json:"githubAppInstallationID,omitempty"` // Github App Enterprise base url if empty will default to https://api.github.com GithubAppEnterpriseBaseURL string `json:"githubAppEnterpriseBaseUrl,omitempty"` // Proxy specifies the HTTP/HTTPS proxy used to access the repo Proxy string `json:"proxy,omitempty"` // NoProxy specifies a list of targets where the proxy isn't used, applies only in cases where the proxy is applied NoProxy string `json:"noProxy,omitempty"` // GCPServiceAccountKey specifies the service account key in JSON format to be used for getting credentials to Google Cloud Source repos GCPServiceAccountKey *apiv1.SecretKeySelector `json:"gcpServiceAccountKey,omitempty"` // ForceHttpBasicAuth determines whether Argo CD should force use of basic auth for HTTP connected repositories ForceHttpBasicAuth bool `json:"forceHttpBasicAuth,omitempty"` }
Credentials for accessing a Git repository
type RepositoryCredentials ¶
type RepositoryCredentials struct { // The URL pattern the repository URL has to match URL string `json:"url,omitempty"` // Name of the secret storing the username used to access the repo UsernameSecret *apiv1.SecretKeySelector `json:"usernameSecret,omitempty"` // Name of the secret storing the password used to access the repo PasswordSecret *apiv1.SecretKeySelector `json:"passwordSecret,omitempty"` // Name of the secret storing the SSH private key used to access the repo. Git only SSHPrivateKeySecret *apiv1.SecretKeySelector `json:"sshPrivateKeySecret,omitempty"` // Name of the secret storing the TLS client cert data TLSClientCertDataSecret *apiv1.SecretKeySelector `json:"tlsClientCertDataSecret,omitempty"` // Name of the secret storing the TLS client cert's key data TLSClientCertKeySecret *apiv1.SecretKeySelector `json:"tlsClientCertKeySecret,omitempty"` // Github App Private Key PEM data GithubAppPrivateKeySecret *apiv1.SecretKeySelector `json:"githubAppPrivateKeySecret,omitempty"` // Github App ID of the app used to access the repo GithubAppId int64 `json:"githubAppID,omitempty"` // Github App Installation ID of the installed GitHub App GithubAppInstallationId int64 `json:"githubAppInstallationID,omitempty"` // Github App Enterprise base url if empty will default to https://api.github.com GithubAppEnterpriseBaseURL string `json:"githubAppEnterpriseBaseUrl,omitempty"` // EnableOCI specifies whether helm-oci support should be enabled for this repo EnableOCI bool `json:"enableOCI,omitempty"` // the type of the repositoryCredentials, "git" or "helm", assumed to be "git" if empty or absent Type string `json:"type,omitempty"` // GCPServiceAccountKey specifies the service account key in JSON format to be used for getting credentials to Google Cloud Source repos GCPServiceAccountKey *apiv1.SecretKeySelector `json:"gcpServiceAccountKey,omitempty"` // ForceHttpBasicAuth determines whether Argo CD should force use of basic auth for HTTP connected repositories ForceHttpBasicAuth bool `json:"forceHttpBasicAuth,omitempty"` }
Credential template for accessing repositories
type ResourcesFilter ¶
type ResourcesFilter struct { // ResourceExclusions holds the api groups, kinds per cluster to exclude from Argo CD's watch ResourceExclusions []FilteredResource // ResourceInclusions holds the only api groups, kinds per cluster that Argo CD will watch ResourceInclusions []FilteredResource }
func (*ResourcesFilter) IsExcludedResource ¶
func (rf *ResourcesFilter) IsExcludedResource(apiGroup, kind, cluster string) bool
Behavior of this function is as follows: +-------------+-------------+-------------+ | Inclusions | Exclusions | Result | +-------------+-------------+-------------+ | Empty | Empty | Allowed | +-------------+-------------+-------------+ | Present | Empty | Allowed | +-------------+-------------+-------------+ | Not Present | Empty | Not Allowed | +-------------+-------------+-------------+ | Empty | Present | Not Allowed | +-------------+-------------+-------------+ | Empty | Not Present | Allowed | +-------------+-------------+-------------+ | Present | Not Present | Allowed | +-------------+-------------+-------------+ | Not Present | Present | Not Allowed | +-------------+-------------+-------------+ | Not Present | Not Present | Not Allowed | +-------------+-------------+-------------+ | Present | Present | Not Allowed | +-------------+-------------+-------------+
type SettingsManager ¶
type SettingsManager struct {
// contains filtered or unexported fields
}
SettingsManager holds config info for a new manager with which to access Kubernetes ConfigMaps.
func NewSettingsManager ¶
func NewSettingsManager(ctx context.Context, clientset kubernetes.Interface, namespace string, opts ...SettingsManagerOpts) *SettingsManager
NewSettingsManager generates a new SettingsManager pointer and returns it
func (*SettingsManager) AddAccount ¶
func (mgr *SettingsManager) AddAccount(name string, account Account) error
AddAccount save an account with the given name and properties.
func (*SettingsManager) GetAccount ¶
func (mgr *SettingsManager) GetAccount(name string) (*Account, error)
GetAccount return an account info by the specified name.
func (*SettingsManager) GetAccounts ¶
func (mgr *SettingsManager) GetAccounts() (map[string]Account, error)
GetAccounts returns list of configured accounts
func (*SettingsManager) GetAppInstanceLabelKey ¶
func (mgr *SettingsManager) GetAppInstanceLabelKey() (string, error)
func (*SettingsManager) GetConfigMapByName ¶
func (mgr *SettingsManager) GetConfigMapByName(configMapName string) (*apiv1.ConfigMap, error)
Returns the ConfigMap with the given name from the cluster. The ConfigMap must be labeled with "app.kubernetes.io/part-of: argocd" in order to be retrievable.
func (*SettingsManager) GetDeepLinks ¶ added in v2.6.0
func (mgr *SettingsManager) GetDeepLinks(deeplinkType string) ([]DeepLink, error)
func (*SettingsManager) GetEnabledSourceTypes ¶ added in v2.3.0
func (mgr *SettingsManager) GetEnabledSourceTypes() (map[string]bool, error)
func (*SettingsManager) GetExcludeEventLabelKeys ¶ added in v2.12.0
func (mgr *SettingsManager) GetExcludeEventLabelKeys() []string
func (*SettingsManager) GetGlobalProjectsSettings ¶
func (mgr *SettingsManager) GetGlobalProjectsSettings() ([]GlobalProjectSettings, error)
GetGlobalProjectsSettings loads the global project settings from argocd-cm ConfigMap
func (*SettingsManager) GetGoogleAnalytics ¶
func (mgr *SettingsManager) GetGoogleAnalytics() (*GoogleAnalytics, error)
func (*SettingsManager) GetHelmRepositories ¶
func (mgr *SettingsManager) GetHelmRepositories() ([]HelmRepoCredentials, error)
DEPRECATED. Helm repository credentials are now managed using RepoCredentials
func (*SettingsManager) GetHelmSettings ¶ added in v2.1.11
func (mgr *SettingsManager) GetHelmSettings() (*v1alpha1.HelmOptions, error)
GetHelmSettings returns helm settings
func (*SettingsManager) GetHelp ¶
func (mgr *SettingsManager) GetHelp() (*Help, error)
func (*SettingsManager) GetIgnoreResourceUpdatesOverrides ¶ added in v2.8.0
func (mgr *SettingsManager) GetIgnoreResourceUpdatesOverrides() (map[string]v1alpha1.ResourceOverride, error)
func (*SettingsManager) GetIncludeEventLabelKeys ¶ added in v2.12.0
func (mgr *SettingsManager) GetIncludeEventLabelKeys() []string
func (*SettingsManager) GetIsIgnoreResourceUpdatesEnabled ¶ added in v2.8.0
func (mgr *SettingsManager) GetIsIgnoreResourceUpdatesEnabled() (bool, error)
func (*SettingsManager) GetKustomizeSettings ¶
func (mgr *SettingsManager) GetKustomizeSettings() (*KustomizeSettings, error)
GetKustomizeSettings loads the kustomize settings from argocd-cm ConfigMap
func (*SettingsManager) GetMaxPodLogsToRender ¶ added in v2.11.0
func (mgr *SettingsManager) GetMaxPodLogsToRender() (int64, error)
func (*SettingsManager) GetMaxWebhookPayloadSize ¶ added in v2.9.20
func (mgr *SettingsManager) GetMaxWebhookPayloadSize() int64
func (*SettingsManager) GetNamespace ¶ added in v2.5.0
func (mgr *SettingsManager) GetNamespace() string
func (*SettingsManager) GetPasswordPattern ¶ added in v2.1.1
func (mgr *SettingsManager) GetPasswordPattern() (string, error)
func (*SettingsManager) GetRepositories ¶
func (mgr *SettingsManager) GetRepositories() ([]Repository, error)
func (*SettingsManager) GetRepositoryCredentials ¶
func (mgr *SettingsManager) GetRepositoryCredentials() ([]RepositoryCredentials, error)
func (*SettingsManager) GetResourceCompareOptions ¶
func (mgr *SettingsManager) GetResourceCompareOptions() (ArgoCDDiffOptions, error)
GetResourceCompareOptions loads the resource compare options settings from the ConfigMap
func (*SettingsManager) GetResourceCustomLabels ¶ added in v2.6.0
func (mgr *SettingsManager) GetResourceCustomLabels() ([]string, error)
func (*SettingsManager) GetResourceOverrides ¶
func (mgr *SettingsManager) GetResourceOverrides() (map[string]v1alpha1.ResourceOverride, error)
GetResourceOverrides loads Resource Overrides from argocd-cm ConfigMap
func (*SettingsManager) GetResourcesFilter ¶
func (mgr *SettingsManager) GetResourcesFilter() (*ResourcesFilter, error)
func (*SettingsManager) GetSecretsInformer ¶ added in v2.2.0
func (mgr *SettingsManager) GetSecretsInformer() (cache.SharedIndexInformer, error)
func (*SettingsManager) GetSecretsLister ¶
func (mgr *SettingsManager) GetSecretsLister() (v1listers.SecretLister, error)
func (*SettingsManager) GetServerRBACLogEnforceEnable ¶ added in v2.4.0
func (mgr *SettingsManager) GetServerRBACLogEnforceEnable() (bool, error)
func (*SettingsManager) GetSettings ¶
func (mgr *SettingsManager) GetSettings() (*ArgoCDSettings, error)
GetSettings retrieves settings from the ArgoCDConfigMap and secret.
func (*SettingsManager) GetTrackingMethod ¶ added in v2.2.0
func (mgr *SettingsManager) GetTrackingMethod() (string, error)
func (*SettingsManager) InitializeSettings ¶
func (mgr *SettingsManager) InitializeSettings(insecureModeEnabled bool) (*ArgoCDSettings, error)
InitializeSettings is used to initialize empty admin password, signature, certificate etc if missing
func (*SettingsManager) IsImpersonationEnabled ¶ added in v2.13.0
func (mgr *SettingsManager) IsImpersonationEnabled() (bool, error)
IsImpersonationEnabled returns true if application sync with impersonation feature is enabled in argocd-cm configmap
func (*SettingsManager) RespectRBAC ¶ added in v2.9.0
func (mgr *SettingsManager) RespectRBAC() (int, error)
func (*SettingsManager) ResyncInformers ¶
func (mgr *SettingsManager) ResyncInformers() error
func (*SettingsManager) SaveGPGPublicKeyData ¶
func (*SettingsManager) SaveRepositories ¶
func (mgr *SettingsManager) SaveRepositories(repos []Repository) error
func (*SettingsManager) SaveRepositoryCredentials ¶
func (mgr *SettingsManager) SaveRepositoryCredentials(creds []RepositoryCredentials) error
func (*SettingsManager) SaveSSHKnownHostsData ¶
func (mgr *SettingsManager) SaveSSHKnownHostsData(ctx context.Context, knownHostsList []string) error
Save the SSH known host data into the corresponding ConfigMap
func (*SettingsManager) SaveSettings ¶
func (mgr *SettingsManager) SaveSettings(settings *ArgoCDSettings) error
SaveSettings serializes ArgoCDSettings and upserts it into K8s secret/configmap
func (*SettingsManager) SaveTLSCertificateData ¶
func (*SettingsManager) Subscribe ¶
func (mgr *SettingsManager) Subscribe(subCh chan<- *ArgoCDSettings)
Subscribe registers a channel in which to subscribe to settings updates
func (*SettingsManager) Unsubscribe ¶
func (mgr *SettingsManager) Unsubscribe(subCh chan<- *ArgoCDSettings)
Unsubscribe unregisters a channel from receiving of settings updates
func (*SettingsManager) UpdateAccount ¶
func (mgr *SettingsManager) UpdateAccount(name string, callback func(account *Account) error) error
UpdateAccount runs the callback function against an account that matches to the specified name and persist changes applied by the callback.
type SettingsManagerOpts ¶ added in v2.2.0
type SettingsManagerOpts func(mgs *SettingsManager)
func WithRepoOrClusterChangedHandler ¶ added in v2.2.0
func WithRepoOrClusterChangedHandler(handler func()) SettingsManagerOpts