rbacpolicy

package
v2.4.21 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 27, 2023 License: Apache-2.0 Imports: 7 Imported by: 4

Documentation

Index

Constants

View Source
const (
	// please add new items to Resources
	ResourceClusters     = "clusters"
	ResourceProjects     = "projects"
	ResourceApplications = "applications"
	ResourceRepositories = "repositories"
	ResourceCertificates = "certificates"
	ResourceAccounts     = "accounts"
	ResourceGPGKeys      = "gpgkeys"
	ResourceLogs         = "logs"
	ResourceExec         = "exec"

	// please add new items to Actions
	ActionGet      = "get"
	ActionCreate   = "create"
	ActionUpdate   = "update"
	ActionDelete   = "delete"
	ActionSync     = "sync"
	ActionOverride = "override"
	ActionAction   = "action"
)

Variables

Functions

func GetProjectRoleFromSubject

func GetProjectRoleFromSubject(subject string) (string, string, bool)

func IsProjectSubject

func IsProjectSubject(subject string) bool

Types

type RBACPolicyEnforcer

type RBACPolicyEnforcer struct {
	// contains filtered or unexported fields
}

RBACPolicyEnforcer provides an RBAC Claims Enforcer which additionally consults AppProject roles, jwt tokens, and groups. It is backed by a AppProject informer/lister cache and does not make any API calls during enforcement.

func NewRBACPolicyEnforcer

func NewRBACPolicyEnforcer(enf *rbac.Enforcer, projLister applister.AppProjectNamespaceLister) *RBACPolicyEnforcer

NewRBACPolicyEnforcer returns a new RBAC Enforcer for the Argo CD API Server

func (*RBACPolicyEnforcer) EnforceClaims

func (p *RBACPolicyEnforcer) EnforceClaims(claims jwt.Claims, rvals ...interface{}) bool

EnforceClaims is an RBAC claims enforcer specific to the Argo CD API server

func (*RBACPolicyEnforcer) GetScopes

func (p *RBACPolicyEnforcer) GetScopes() []string

func (*RBACPolicyEnforcer) SetScopes

func (p *RBACPolicyEnforcer) SetScopes(scopes []string)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL