settings

package
v2.3.15 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 27, 2023 License: Apache-2.0 Imports: 39 Imported by: 25

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ByClusterURLIndexer = "byClusterURL"

	ByClusterNameIndexer = "byClusterName"

	ByProjectClusterIndexer = "byProjectCluster"
	ByProjectRepoIndexer    = "byProjectRepo"
)

Functions

func ReplaceStringSecret

func ReplaceStringSecret(val string, secretValues map[string]string) string

ReplaceStringSecret checks if given string is a secret key reference ( starts with $ ) and returns corresponding value from provided map

func UnmarshalDexConfig

func UnmarshalDexConfig(config string) (map[string]interface{}, error)

func ValidateOIDCConfig added in v2.3.14

func ValidateOIDCConfig(configStr string) error

Types

type Account

type Account struct {
	PasswordHash  string
	PasswordMtime *time.Time
	Enabled       bool
	Capabilities  []AccountCapability
	Tokens        []Token
}

Account holds local account information

func (*Account) FormatCapabilities

func (a *Account) FormatCapabilities() string

FormatCapabilities returns comma separate list of user capabilities.

func (*Account) FormatPasswordMtime

func (a *Account) FormatPasswordMtime() string

FormatPasswordMtime return the formatted password modify time or empty string of password modify time is nil.

func (*Account) HasCapability

func (a *Account) HasCapability(capability AccountCapability) bool

HasCapability return true if the account has the specified capability.

func (*Account) TokenIndex

func (a *Account) TokenIndex(id string) int

TokenIndex return an index of a token with the given identifier or -1 if token not found.

type AccountCapability

type AccountCapability string
const (
	// AccountCapabilityLogin represents capability to create UI session tokens.
	AccountCapabilityLogin AccountCapability = "login"
	// AccountCapabilityLogin represents capability to generate API auth tokens.
	AccountCapabilityApiKey AccountCapability = "apiKey"
)

type ArgoCDDiffOptions

type ArgoCDDiffOptions struct {
	IgnoreAggregatedRoles bool `json:"ignoreAggregatedRoles,omitempty"`

	// If set to true then differences caused by status are ignored.
	IgnoreResourceStatusField IgnoreStatus `json:"ignoreResourceStatusField,omitempty"`
}

func GetDefaultDiffOptions

func GetDefaultDiffOptions() ArgoCDDiffOptions

type ArgoCDSettings

type ArgoCDSettings struct {
	// URL is the externally facing URL users will visit to reach Argo CD.
	// The value here is used when configuring SSO. Omitting this value will disable SSO.
	URL string `json:"url,omitempty"`
	// Indicates if status badge is enabled or not.
	StatusBadgeEnabled bool `json:"statusBadgeEnable"`
	// DexConfig contains portions of a dex config yaml
	DexConfig string `json:"dexConfig,omitempty"`
	// OIDCConfigRAW holds OIDC configuration as a raw string
	OIDCConfigRAW string `json:"oidcConfig,omitempty"`
	// ServerSignature holds the key used to generate JWT tokens.
	ServerSignature []byte `json:"serverSignature,omitempty"`
	// Certificate holds the certificate/private key for the Argo CD API server.
	// If nil, will run insecure without TLS.
	Certificate *tls.Certificate `json:"-"`
	// CertificateIsExternal indicates whether Certificate was loaded from external secret
	CertificateIsExternal bool `json:"-"`
	// WebhookGitLabSecret holds the shared secret for authenticating GitHub webhook events
	WebhookGitHubSecret string `json:"webhookGitHubSecret,omitempty"`
	// WebhookGitLabSecret holds the shared secret for authenticating GitLab webhook events
	WebhookGitLabSecret string `json:"webhookGitLabSecret,omitempty"`
	// WebhookBitbucketUUID holds the UUID for authenticating Bitbucket webhook events
	WebhookBitbucketUUID string `json:"webhookBitbucketUUID,omitempty"`
	// WebhookBitbucketServerSecret holds the shared secret for authenticating BitbucketServer webhook events
	WebhookBitbucketServerSecret string `json:"webhookBitbucketServerSecret,omitempty"`
	// WebhookGogsSecret holds the shared secret for authenticating Gogs webhook events
	WebhookGogsSecret string `json:"webhookGogsSecret,omitempty"`
	// Secrets holds all secrets in argocd-secret as a map[string]string
	Secrets map[string]string `json:"secrets,omitempty"`
	// KustomizeBuildOptions is a string of kustomize build parameters
	KustomizeBuildOptions string `json:"kustomizeBuildOptions,omitempty"`
	// Indicates if anonymous user is enabled or not
	AnonymousUserEnabled bool `json:"anonymousUserEnabled,omitempty"`
	// Specifies token expiration duration
	UserSessionDuration time.Duration `json:"userSessionDuration,omitempty"`
	// UiCssURL local or remote path to user-defined CSS to customize ArgoCD UI
	UiCssURL string `json:"uiCssURL,omitempty"`
	// Content of UI Banner
	UiBannerContent string `json:"uiBannerContent,omitempty"`
	// URL for UI Banner
	UiBannerURL string `json:"uiBannerURL,omitempty"`
	// Make Banner permanent and not closeable
	UiBannerPermanent bool `json:"uiBannerPermanent,omitempty"`
	// Position of UI Banner
	UiBannerPosition string `json:"uiBannerPosition,omitempty"`
	// PasswordPattern for password regular expression
	PasswordPattern string `json:"passwordPattern,omitempty"`
	// BinaryUrls contains the URLs for downloading argocd binaries
	BinaryUrls map[string]string `json:"binaryUrls,omitempty"`
	// OIDCTLSInsecureSkipVerify determines whether certificate verification is skipped when verifying tokens with the
	// configured OIDC provider (either external or the bundled Dex instance). Setting this to `true` will cause JWT
	// token verification to pass despite the OIDC provider having an invalid certificate. Only set to `true` if you
	// understand the risks.
	OIDCTLSInsecureSkipVerify bool `json:"oidcTLSInsecureSkipVerify"`
}

ArgoCDSettings holds in-memory runtime configuration options.

func (*ArgoCDSettings) DexOAuth2ClientSecret

func (a *ArgoCDSettings) DexOAuth2ClientSecret() string

DexOAuth2ClientSecret calculates an arbitrary, but predictable OAuth2 client secret string derived from the server secret. This is called by the dex startup wrapper (argocd-dex rundex), as well as the API server, such that they both independently come to the same conclusion of what the OAuth2 shared client secret should be.

func (*ArgoCDSettings) DexRedirectURL

func (a *ArgoCDSettings) DexRedirectURL() (string, error)

func (*ArgoCDSettings) GetServerEncryptionKey added in v2.3.0

func (a *ArgoCDSettings) GetServerEncryptionKey() ([]byte, error)

GetServerEncryptionKey generates a new server encryption key using the server signature as a passphrase

func (*ArgoCDSettings) IsDexConfigured

func (a *ArgoCDSettings) IsDexConfigured() bool

func (*ArgoCDSettings) IsSSOConfigured

func (a *ArgoCDSettings) IsSSOConfigured() bool

IsSSOConfigured returns whether or not single-sign-on is configured

func (*ArgoCDSettings) IssuerURL

func (a *ArgoCDSettings) IssuerURL() string

func (*ArgoCDSettings) OAuth2AllowedAudiences added in v2.3.14

func (a *ArgoCDSettings) OAuth2AllowedAudiences() []string

OAuth2AllowedAudiences returns a list of audiences that are allowed for the OAuth2 client. If the user has not explicitly configured the list of audiences (or has configured an empty list), then the OAuth2 client ID is returned as the only allowed audience. When using the bundled Dex, that client ID is always "argo-cd".

func (*ArgoCDSettings) OAuth2ClientID

func (a *ArgoCDSettings) OAuth2ClientID() string

func (*ArgoCDSettings) OAuth2ClientSecret

func (a *ArgoCDSettings) OAuth2ClientSecret() string

func (*ArgoCDSettings) OIDCConfig

func (a *ArgoCDSettings) OIDCConfig() *OIDCConfig

func (*ArgoCDSettings) OIDCTLSConfig added in v2.2.11

func (a *ArgoCDSettings) OIDCTLSConfig() *tls.Config

OIDCTLSConfig returns the TLS config for the OIDC provider. If an external provider is configured, returns a TLS config using the root CAs (if any) specified in the OIDC config. If an external OIDC provider is not configured, returns the API server TLS config, because the API server proxies requests to Dex.

func (*ArgoCDSettings) RedirectURL

func (a *ArgoCDSettings) RedirectURL() (string, error)

func (*ArgoCDSettings) SkipAudienceCheckWhenTokenHasNoAudience added in v2.3.14

func (a *ArgoCDSettings) SkipAudienceCheckWhenTokenHasNoAudience() bool

func (*ArgoCDSettings) TLSConfig

func (a *ArgoCDSettings) TLSConfig() *tls.Config

TLSConfig returns a tls.Config with the configured certificates

type FilteredResource

type FilteredResource struct {
	APIGroups []string `json:"apiGroups,omitempty"`
	Kinds     []string `json:"kinds,omitempty"`
	Clusters  []string `json:"clusters,omitempty"`
}

func (FilteredResource) Match

func (r FilteredResource) Match(apiGroup, kind, cluster string) bool

func (FilteredResource) MatchCluster

func (r FilteredResource) MatchCluster(cluster string) bool

type GlobalProjectSettings

type GlobalProjectSettings struct {
	ProjectName   string               `json:"projectName,omitempty"`
	LabelSelector metav1.LabelSelector `json:"labelSelector,omitempty"`
}

type GoogleAnalytics

type GoogleAnalytics struct {
	TrackingID     string `json:"trackingID,omitempty"`
	AnonymizeUsers bool   `json:"anonymizeUsers,omitempty"`
}

type HelmRepoCredentials

type HelmRepoCredentials struct {
	URL            string                   `json:"url,omitempty"`
	Name           string                   `json:"name,omitempty"`
	UsernameSecret *apiv1.SecretKeySelector `json:"usernameSecret,omitempty"`
	PasswordSecret *apiv1.SecretKeySelector `json:"passwordSecret,omitempty"`
	CertSecret     *apiv1.SecretKeySelector `json:"certSecret,omitempty"`
	KeySecret      *apiv1.SecretKeySelector `json:"keySecret,omitempty"`
}

DEPRECATED. Helm repository credentials are now managed using RepoCredentials

type Help

type Help struct {
	// the URL for getting chat help, this will typically be your Slack channel for support
	ChatURL string `json:"chatUrl,omitempty"`
	// the text for getting chat help, defaults to "Chat now!"
	ChatText string `json:"chatText,omitempty"`
	// the URLs for downloading argocd binaries
	BinaryURLs map[string]string `json:"binaryUrl,omitempty"`
}

Help settings

type IgnoreStatus

type IgnoreStatus string
const (
	// IgnoreResourceStatusInCRD ignores status changes for all CRDs
	IgnoreResourceStatusInCRD IgnoreStatus = "crd"
	// IgnoreResourceStatusInAll ignores status changes for all resources
	IgnoreResourceStatusInAll IgnoreStatus = "all"
	// IgnoreResourceStatusInNone ignores status changes for no resources
	IgnoreResourceStatusInNone IgnoreStatus = "off"
)

type KustomizeSettings

type KustomizeSettings struct {
	BuildOptions string
	Versions     []KustomizeVersion
}

KustomizeSettings holds kustomize settings

func (*KustomizeSettings) GetOptions

type KustomizeVersion

type KustomizeVersion struct {
	// Name holds Kustomize version name
	Name string
	// Path holds corresponding binary path
	Path string
	// BuildOptions that are specific to Kustomize version
	BuildOptions string
}

KustomizeVersion holds information about additional Kustomize version

type OIDCConfig

type OIDCConfig struct {
	Name                   string                 `json:"name,omitempty"`
	Issuer                 string                 `json:"issuer,omitempty"`
	ClientID               string                 `json:"clientID,omitempty"`
	ClientSecret           string                 `json:"clientSecret,omitempty"`
	CLIClientID            string                 `json:"cliClientID,omitempty"`
	RequestedScopes        []string               `json:"requestedScopes,omitempty"`
	RequestedIDTokenClaims map[string]*oidc.Claim `json:"requestedIDTokenClaims,omitempty"`
	LogoutURL              string                 `json:"logoutURL,omitempty"`
	RootCA                 string                 `json:"rootCA,omitempty"`
}

type Repository

type Repository struct {
	// The URL to the repository
	URL string `json:"url,omitempty"`
	// the type of the repo, "git" or "helm", assumed to be "git" if empty or absent
	Type string `json:"type,omitempty"`
	// helm only
	Name string `json:"name,omitempty"`
	// Name of the secret storing the username used to access the repo
	UsernameSecret *apiv1.SecretKeySelector `json:"usernameSecret,omitempty"`
	// Name of the secret storing the password used to access the repo
	PasswordSecret *apiv1.SecretKeySelector `json:"passwordSecret,omitempty"`
	// Name of the secret storing the SSH private key used to access the repo. Git only
	SSHPrivateKeySecret *apiv1.SecretKeySelector `json:"sshPrivateKeySecret,omitempty"`
	// Whether to connect the repository in an insecure way (deprecated)
	InsecureIgnoreHostKey bool `json:"insecureIgnoreHostKey,omitempty"`
	// Whether to connect the repository in an insecure way
	Insecure bool `json:"insecure,omitempty"`
	// Whether the repo is git-lfs enabled. Git only.
	EnableLFS bool `json:"enableLfs,omitempty"`
	// Name of the secret storing the TLS client cert data
	TLSClientCertDataSecret *apiv1.SecretKeySelector `json:"tlsClientCertDataSecret,omitempty"`
	// Name of the secret storing the TLS client cert's key data
	TLSClientCertKeySecret *apiv1.SecretKeySelector `json:"tlsClientCertKeySecret,omitempty"`
	// Whether the repo is helm-oci enabled. Git only.
	EnableOci bool `json:"enableOci,omitempty"`
	// Github App Private Key PEM data
	GithubAppPrivateKeySecret *apiv1.SecretKeySelector `json:"githubAppPrivateKeySecret,omitempty"`
	// Github App ID of the app used to access the repo
	GithubAppId int64 `json:"githubAppID,omitempty"`
	// Github App Installation ID of the installed GitHub App
	GithubAppInstallationId int64 `json:"githubAppInstallationID,omitempty"`
	// Github App Enterprise base url if empty will default to https://api.github.com
	GithubAppEnterpriseBaseURL string `json:"githubAppEnterpriseBaseUrl,omitempty"`
	// Proxy specifies the HTTP/HTTPS proxy used to access the repo
	Proxy string `json:"proxy,omitempty"`
}

Credentials for accessing a Git repository

type RepositoryCredentials

type RepositoryCredentials struct {
	// The URL pattern the repository URL has to match
	URL string `json:"url,omitempty"`
	// Name of the secret storing the username used to access the repo
	UsernameSecret *apiv1.SecretKeySelector `json:"usernameSecret,omitempty"`
	// Name of the secret storing the password used to access the repo
	PasswordSecret *apiv1.SecretKeySelector `json:"passwordSecret,omitempty"`
	// Name of the secret storing the SSH private key used to access the repo. Git only
	SSHPrivateKeySecret *apiv1.SecretKeySelector `json:"sshPrivateKeySecret,omitempty"`
	// Name of the secret storing the TLS client cert data
	TLSClientCertDataSecret *apiv1.SecretKeySelector `json:"tlsClientCertDataSecret,omitempty"`
	// Name of the secret storing the TLS client cert's key data
	TLSClientCertKeySecret *apiv1.SecretKeySelector `json:"tlsClientCertKeySecret,omitempty"`
	// Github App Private Key PEM data
	GithubAppPrivateKeySecret *apiv1.SecretKeySelector `json:"githubAppPrivateKeySecret,omitempty"`
	// Github App ID of the app used to access the repo
	GithubAppId int64 `json:"githubAppID,omitempty"`
	// Github App Installation ID of the installed GitHub App
	GithubAppInstallationId int64 `json:"githubAppInstallationID,omitempty"`
	// Github App Enterprise base url if empty will default to https://api.github.com
	GithubAppEnterpriseBaseURL string `json:"githubAppEnterpriseBaseUrl,omitempty"`
	// EnableOCI specifies whether helm-oci support should be enabled for this repo
	EnableOCI bool `json:"enableOCI,omitempty"`
	// the type of the repositoryCredentials, "git" or "helm", assumed to be "git" if empty or absent
	Type string `json:"type,omitempty"`
}

Credential template for accessing repositories

type ResourcesFilter

type ResourcesFilter struct {
	// ResourceExclusions holds the api groups, kinds per cluster to exclude from Argo CD's watch
	ResourceExclusions []FilteredResource
	// ResourceInclusions holds the only api groups, kinds per cluster that Argo CD will watch
	ResourceInclusions []FilteredResource
}

func (*ResourcesFilter) IsExcludedResource

func (rf *ResourcesFilter) IsExcludedResource(apiGroup, kind, cluster string) bool

Behavior of this function is as follows: +-------------+-------------+-------------+ | Inclusions | Exclusions | Result | +-------------+-------------+-------------+ | Empty | Empty | Allowed | +-------------+-------------+-------------+ | Present | Empty | Allowed | +-------------+-------------+-------------+ | Not Present | Empty | Not Allowed | +-------------+-------------+-------------+ | Empty | Present | Not Allowed | +-------------+-------------+-------------+ | Empty | Not Present | Allowed | +-------------+-------------+-------------+ | Present | Not Present | Allowed | +-------------+-------------+-------------+ | Not Present | Present | Not Allowed | +-------------+-------------+-------------+ | Not Present | Not Present | Not Allowed | +-------------+-------------+-------------+ | Present | Present | Not Allowed | +-------------+-------------+-------------+

type SettingsManager

type SettingsManager struct {
	// contains filtered or unexported fields
}

SettingsManager holds config info for a new manager with which to access Kubernetes ConfigMaps.

func NewSettingsManager

func NewSettingsManager(ctx context.Context, clientset kubernetes.Interface, namespace string, opts ...SettingsManagerOpts) *SettingsManager

NewSettingsManager generates a new SettingsManager pointer and returns it

func (*SettingsManager) AddAccount

func (mgr *SettingsManager) AddAccount(name string, account Account) error

AddAccount save an account with the given name and properties.

func (*SettingsManager) GetAccount

func (mgr *SettingsManager) GetAccount(name string) (*Account, error)

GetAccount return an account info by the specified name.

func (*SettingsManager) GetAccounts

func (mgr *SettingsManager) GetAccounts() (map[string]Account, error)

GetAccounts returns list of configured accounts

func (*SettingsManager) GetAppInstanceLabelKey

func (mgr *SettingsManager) GetAppInstanceLabelKey() (string, error)

func (*SettingsManager) GetConfigManagementPlugins

func (mgr *SettingsManager) GetConfigManagementPlugins() ([]v1alpha1.ConfigManagementPlugin, error)

func (*SettingsManager) GetConfigMapByName

func (mgr *SettingsManager) GetConfigMapByName(configMapName string) (*apiv1.ConfigMap, error)

Returns the ConfigMap with the given name from the cluster. The ConfigMap must be labeled with "app.kubernetes.io/part-of: argocd" in order to be retrievable.

func (*SettingsManager) GetEnabledSourceTypes added in v2.3.0

func (mgr *SettingsManager) GetEnabledSourceTypes() (map[string]bool, error)

func (*SettingsManager) GetGlobalProjectsSettings

func (mgr *SettingsManager) GetGlobalProjectsSettings() ([]GlobalProjectSettings, error)

GetGlobalProjectsSettings loads the global project settings from argocd-cm ConfigMap

func (*SettingsManager) GetGoogleAnalytics

func (mgr *SettingsManager) GetGoogleAnalytics() (*GoogleAnalytics, error)

func (*SettingsManager) GetHelmRepositories

func (mgr *SettingsManager) GetHelmRepositories() ([]HelmRepoCredentials, error)

DEPRECATED. Helm repository credentials are now managed using RepoCredentials

func (*SettingsManager) GetHelmSettings added in v2.1.11

func (mgr *SettingsManager) GetHelmSettings() (*v1alpha1.HelmOptions, error)

GetHelmSettings returns helm settings

func (*SettingsManager) GetHelp

func (mgr *SettingsManager) GetHelp() (*Help, error)

func (*SettingsManager) GetKustomizeSettings

func (mgr *SettingsManager) GetKustomizeSettings() (*KustomizeSettings, error)

GetKustomizeSettings loads the kustomize settings from argocd-cm ConfigMap

func (*SettingsManager) GetPasswordPattern added in v2.1.1

func (mgr *SettingsManager) GetPasswordPattern() (string, error)

func (*SettingsManager) GetRepositories

func (mgr *SettingsManager) GetRepositories() ([]Repository, error)

func (*SettingsManager) GetRepositoryCredentials

func (mgr *SettingsManager) GetRepositoryCredentials() ([]RepositoryCredentials, error)

func (*SettingsManager) GetResourceCompareOptions

func (mgr *SettingsManager) GetResourceCompareOptions() (ArgoCDDiffOptions, error)

GetResourceCompareOptions loads the resource compare options settings from the ConfigMap

func (*SettingsManager) GetResourceOverrides

func (mgr *SettingsManager) GetResourceOverrides() (map[string]v1alpha1.ResourceOverride, error)

GetResourceOverrides loads Resource Overrides from argocd-cm ConfigMap

func (*SettingsManager) GetResourcesFilter

func (mgr *SettingsManager) GetResourcesFilter() (*ResourcesFilter, error)

func (*SettingsManager) GetSecretsInformer added in v2.2.0

func (mgr *SettingsManager) GetSecretsInformer() (cache.SharedIndexInformer, error)

func (*SettingsManager) GetSecretsLister

func (mgr *SettingsManager) GetSecretsLister() (v1listers.SecretLister, error)

func (*SettingsManager) GetSettings

func (mgr *SettingsManager) GetSettings() (*ArgoCDSettings, error)

GetSettings retrieves settings from the ArgoCDConfigMap and secret.

func (*SettingsManager) GetTrackingMethod added in v2.2.0

func (mgr *SettingsManager) GetTrackingMethod() (string, error)

func (*SettingsManager) InitializeSettings

func (mgr *SettingsManager) InitializeSettings(insecureModeEnabled bool) (*ArgoCDSettings, error)

InitializeSettings is used to initialize empty admin password, signature, certificate etc if missing

func (*SettingsManager) ResyncInformers

func (mgr *SettingsManager) ResyncInformers() error

func (*SettingsManager) SaveGPGPublicKeyData

func (mgr *SettingsManager) SaveGPGPublicKeyData(ctx context.Context, gpgPublicKeys map[string]string) error

func (*SettingsManager) SaveRepositories

func (mgr *SettingsManager) SaveRepositories(repos []Repository) error

func (*SettingsManager) SaveRepositoryCredentials

func (mgr *SettingsManager) SaveRepositoryCredentials(creds []RepositoryCredentials) error

func (*SettingsManager) SaveSSHKnownHostsData

func (mgr *SettingsManager) SaveSSHKnownHostsData(ctx context.Context, knownHostsList []string) error

Save the SSH known host data into the corresponding ConfigMap

func (*SettingsManager) SaveSettings

func (mgr *SettingsManager) SaveSettings(settings *ArgoCDSettings) error

SaveSettings serializes ArgoCDSettings and upserts it into K8s secret/configmap

func (*SettingsManager) SaveTLSCertificateData

func (mgr *SettingsManager) SaveTLSCertificateData(ctx context.Context, tlsCertificates map[string]string) error

func (*SettingsManager) Subscribe

func (mgr *SettingsManager) Subscribe(subCh chan<- *ArgoCDSettings)

Subscribe registers a channel in which to subscribe to settings updates

func (*SettingsManager) Unsubscribe

func (mgr *SettingsManager) Unsubscribe(subCh chan<- *ArgoCDSettings)

Unsubscribe unregisters a channel from receiving of settings updates

func (*SettingsManager) UpdateAccount

func (mgr *SettingsManager) UpdateAccount(name string, callback func(account *Account) error) error

UpdateAccount runs the callback function against an account that matches to the specified name and persist changes applied by the callback.

type SettingsManagerOpts added in v2.2.0

type SettingsManagerOpts func(mgs *SettingsManager)

func WithRepoOrClusterChangedHandler added in v2.2.0

func WithRepoOrClusterChangedHandler(handler func()) SettingsManagerOpts

type Token

type Token struct {
	ID        string `json:"id"`
	IssuedAt  int64  `json:"iat"`
	ExpiresAt int64  `json:"exp,omitempty"`
}

Token holds the information about the generated auth token.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL