Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

define argocd user policies for role:readonly #40

Open
3 of 4 tasks
tim-tschiersch opened this issue Nov 22, 2022 · 1 comment
Open
3 of 4 tasks

define argocd user policies for role:readonly #40

tim-tschiersch opened this issue Nov 22, 2022 · 1 comment
Assignees
@tim-tschiersch
Labels
enhancement New feature or request question Further information is requested

Comments

@tim-tschiersch
Copy link
Collaborator

tim-tschiersch commented Nov 22, 2022
edited
Loading

Those Policies have to be defined inside the argocd helm-chart main.tf or we create a new kubectl_manifest for that policies.

Helm Chart Documentation -> https://github.com/argoproj/argo-helm/blob/main/charts/argo-cd/values.yaml
Possible Builtin-Policy -> https://github.com/argoproj/argo-cd/blob/master/assets/builtin-policy.csv
ArgoCD Documentation regarding RBAC Configuration -> https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/

  • New policies have been set
  • New policies have been tested inside the staging-cluster
  • Branch has been merged into main
  • pods can be deleted via iam user and not only admin
@tim-tschiersch tim-tschiersch added the enhancement New feature or request label Nov 22, 2022
@tim-tschiersch tim-tschiersch self-assigned this Nov 22, 2022
tim-tschiersch added a commit that referenced this issue Nov 22, 2022
@tim-tschiersch
added new policy csv's for readyonly role (#40)
1ce983e
tim-tschiersch added a commit that referenced this issue Nov 22, 2022
@tim-tschiersch
Merge pull request #41 from adorsys/argocd-user-right-settings
abc0f9e 
added new policy csv's for readyonly role (#40)
@tim-tschiersch
Copy link
Collaborator Author

tim-tschiersch commented Nov 22, 2022
edited
Loading

Conclusion

We wont use the override csv for applications, because we don't like the override any application via argocd.
p, role:readonly, applications, override, */*, allow

Sync & Action activated


configs:
  rbac:
    policy.default: "role:readonly"
    policy.csv: |
      p, role:readonly, applications, sync, */*, allow
      p, role:readonly, applications, action/*, */*, allow

@tim-tschiersch tim-tschiersch added the question Further information is requested label Nov 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tim-tschiersch tim-tschiersch

Labels
enhancement New feature or request question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tim-tschiersch