rbacpolicy

package
v2.14.0-rc3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 18, 2024 License: Apache-2.0 Imports: 7 Imported by: 4

Documentation

Index

Constants

View Source 
const (
	// please add new items to Resources
	ResourceClusters          = "clusters"
	ResourceProjects          = "projects"
	ResourceApplications      = "applications"
	ResourceApplicationSets   = "applicationsets"
	ResourceRepositories      = "repositories"
	ResourceWriteRepositories = "write-repositories"
	ResourceCertificates      = "certificates"
	ResourceAccounts          = "accounts"
	ResourceGPGKeys           = "gpgkeys"
	ResourceLogs              = "logs"
	ResourceExec              = "exec"
	ResourceExtensions        = "extensions"

	// please add new items to Actions
	ActionGet      = "get"
	ActionCreate   = "create"
	ActionUpdate   = "update"
	ActionDelete   = "delete"
	ActionSync     = "sync"
	ActionOverride = "override"
	ActionAction   = "action"
	ActionInvoke   = "invoke"
)

Variables

View Source 
var (
	Resources = []string{
		ResourceClusters,
		ResourceProjects,
		ResourceApplications,
		ResourceApplicationSets,
		ResourceRepositories,
		ResourceWriteRepositories,
		ResourceCertificates,
		ResourceAccounts,
		ResourceGPGKeys,
		ResourceLogs,
		ResourceExec,
		ResourceExtensions,
	}
	Actions = []string{
		ActionGet,
		ActionCreate,
		ActionUpdate,
		ActionDelete,
		ActionSync,
		ActionOverride,
		ActionAction,
		ActionInvoke,
	}
)

Functions

func GetProjectRoleFromSubject 

func GetProjectRoleFromSubject(subject string) (string, string, bool)

func IsProjectSubject 

func IsProjectSubject(subject string) bool

Types

type RBACPolicyEnforcer 

type RBACPolicyEnforcer struct {
	// contains filtered or unexported fields
}

RBACPolicyEnforcer provides an RBAC Claims Enforcer which additionally consults AppProject roles, jwt tokens, and groups. It is backed by a AppProject informer/lister cache and does not make any API calls during enforcement.

func NewRBACPolicyEnforcer 

func NewRBACPolicyEnforcer(enf *rbac.Enforcer, projLister applister.AppProjectNamespaceLister) *RBACPolicyEnforcer

NewRBACPolicyEnforcer returns a new RBAC Enforcer for the Argo CD API Server

func (*RBACPolicyEnforcer) EnforceClaims 

func (p *RBACPolicyEnforcer) EnforceClaims(claims jwt.Claims, rvals ...interface{}) bool

EnforceClaims is an RBAC claims enforcer specific to the Argo CD API server

func (*RBACPolicyEnforcer) GetScopes 

func (p *RBACPolicyEnforcer) GetScopes() []string

func (*RBACPolicyEnforcer) SetScopes 

func (p *RBACPolicyEnforcer) SetScopes(scopes []string)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.