rbacpolicy

package
v1.5.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 6, 2020 License: Apache-2.0 Imports: 7 Imported by: 65

Documentation

Index

Constants

View Source
const (
	// please add new items to Resources
	ResourceClusters     = "clusters"
	ResourceProjects     = "projects"
	ResourceApplications = "applications"
	ResourceRepositories = "repositories"
	ResourceCertificates = "certificates"
	ResourceAccounts     = "accounts"

	// please add new items to Actions
	ActionGet      = "get"
	ActionCreate   = "create"
	ActionUpdate   = "update"
	ActionDelete   = "delete"
	ActionSync     = "sync"
	ActionOverride = "override"
	ActionAction   = "action"
)

Variables

Functions

func IsProjectSubject added in v1.5.0

func IsProjectSubject(subject string) bool

Types

type RBACPolicyEnforcer

type RBACPolicyEnforcer struct {
	// contains filtered or unexported fields
}

RBACPolicyEnforcer provides an RBAC Claims Enforcer which additionally consults AppProject roles, jwt tokens, and groups. It is backed by a AppProject informer/lister cache and does not make any API calls during enforcement.

func NewRBACPolicyEnforcer

func NewRBACPolicyEnforcer(enf *rbac.Enforcer, projLister applister.AppProjectNamespaceLister) *RBACPolicyEnforcer

NewRBACPolicyEnforcer returns a new RBAC Enforcer for the Argo CD API Server

func (*RBACPolicyEnforcer) EnforceClaims

func (p *RBACPolicyEnforcer) EnforceClaims(claims jwt.Claims, rvals ...interface{}) bool

EnforceClaims is an RBAC claims enforcer specific to the Argo CD API server

func (*RBACPolicyEnforcer) SetScopes added in v1.0.0

func (p *RBACPolicyEnforcer) SetScopes(scopes []string)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL