2018-06-06 04:44:14 +00:00
|
|
|
# Built-in policy which defines two roles: role:readonly and role:admin,
|
|
|
|
|
# and additionally assigns the admin user to the role:admin role.
|
2018-07-16 22:00:14 +00:00
|
|
|
# There are two policy formats:
|
2024-07-22 21:11:52 +00:00
|
|
|
# 1. Applications, applicationsets, logs, and exec (which belong to a project):
|
|
|
|
|
# p, <role/user/group>, <resource>, <action>, <project>/<object>, <allow/deny>
|
2018-07-16 22:00:14 +00:00
|
|
|
# 2. All other resources:
|
2024-07-22 21:11:52 +00:00
|
|
|
# p, <role/user/group>, <resource>, <action>, <object>, <allow/deny>
|
2018-06-06 04:44:14 +00:00
|
|
|
|
2018-08-08 16:33:44 +00:00
|
|
|
p, role:readonly, applications, get, */*, allow
|
2025-08-29 15:03:13 +00:00
|
|
|
p, role:readonly, applicationsets, get, */*, allow
|
2019-07-11 23:00:47 +00:00
|
|
|
p, role:readonly, certificates, get, *, allow
|
2018-08-08 16:33:44 +00:00
|
|
|
p, role:readonly, clusters, get, *, allow
|
|
|
|
|
p, role:readonly, repositories, get, *, allow
|
2024-12-16 21:59:09 +00:00
|
|
|
p, role:readonly, write-repositories, get, *, allow
|
2018-08-08 16:33:44 +00:00
|
|
|
p, role:readonly, projects, get, *, allow
|
2020-03-17 22:31:37 +00:00
|
|
|
p, role:readonly, accounts, get, *, allow
|
2020-06-22 16:21:53 +00:00
|
|
|
p, role:readonly, gpgkeys, get, *, allow
|
feat: Introduce RBAC based approach to pod logs #7211 (#8353)
* initial changes in settings, app, account, admin, rbac, doc and tests
Signed-off-by: reggie-k <reginakagan@gmail.com>
* rbac.md docs and better comments in account and app
Signed-off-by: reggie-k <reginakagan@gmail.com>
* initial changes in settings, app, account, admin, rbac, doc and tests
Signed-off-by: reggie-k <reginakagan@gmail.com>
* rbac.md docs and better comments in account and app
Signed-off-by: reggie-k <reginakagan@gmail.com>
* initial changes in settings, app, account, admin, rbac, doc and tests
Signed-off-by: reggie-k <reginakagan@gmail.com>
* rbac.md docs and better comments in account and app
Signed-off-by: reggie-k <reginakagan@gmail.com>
* rebase fix
Signed-off-by: reggie-k <reginakagan@gmail.com>
* updated docs for argocd-cm.yaml
Signed-off-by: reggie-k <reginakagan@gmail.com>
2022-03-18 18:40:48 +00:00
|
|
|
p, role:readonly, logs, get, */*, allow
|
2018-06-06 04:44:14 +00:00
|
|
|
|
2018-08-08 16:33:44 +00:00
|
|
|
p, role:admin, applications, create, */*, allow
|
|
|
|
|
p, role:admin, applications, update, */*, allow
|
2025-01-17 20:20:40 +00:00
|
|
|
p, role:admin, applications, update/*, */*, allow
|
2018-08-08 16:33:44 +00:00
|
|
|
p, role:admin, applications, delete, */*, allow
|
2025-01-17 20:20:40 +00:00
|
|
|
p, role:admin, applications, delete/*, */*, allow
|
2018-08-08 16:33:44 +00:00
|
|
|
p, role:admin, applications, sync, */*, allow
|
2019-06-18 02:09:43 +00:00
|
|
|
p, role:admin, applications, override, */*, allow
|
2019-10-04 00:11:42 +00:00
|
|
|
p, role:admin, applications, action/*, */*, allow
|
2022-10-11 21:00:53 +00:00
|
|
|
p, role:admin, applicationsets, get, */*, allow
|
|
|
|
|
p, role:admin, applicationsets, create, */*, allow
|
|
|
|
|
p, role:admin, applicationsets, update, */*, allow
|
|
|
|
|
p, role:admin, applicationsets, delete, */*, allow
|
2019-07-11 23:00:47 +00:00
|
|
|
p, role:admin, certificates, create, *, allow
|
|
|
|
|
p, role:admin, certificates, update, *, allow
|
|
|
|
|
p, role:admin, certificates, delete, *, allow
|
2018-08-08 16:33:44 +00:00
|
|
|
p, role:admin, clusters, create, *, allow
|
|
|
|
|
p, role:admin, clusters, update, *, allow
|
|
|
|
|
p, role:admin, clusters, delete, *, allow
|
|
|
|
|
p, role:admin, repositories, create, *, allow
|
|
|
|
|
p, role:admin, repositories, update, *, allow
|
|
|
|
|
p, role:admin, repositories, delete, *, allow
|
2024-12-16 21:59:09 +00:00
|
|
|
p, role:admin, write-repositories, create, *, allow
|
|
|
|
|
p, role:admin, write-repositories, update, *, allow
|
|
|
|
|
p, role:admin, write-repositories, delete, *, allow
|
2018-08-08 16:33:44 +00:00
|
|
|
p, role:admin, projects, create, *, allow
|
|
|
|
|
p, role:admin, projects, update, *, allow
|
|
|
|
|
p, role:admin, projects, delete, *, allow
|
2020-03-17 22:31:37 +00:00
|
|
|
p, role:admin, accounts, update, *, allow
|
2020-06-22 16:21:53 +00:00
|
|
|
p, role:admin, gpgkeys, create, *, allow
|
|
|
|
|
p, role:admin, gpgkeys, delete, *, allow
|
2022-05-06 17:25:03 +00:00
|
|
|
p, role:admin, exec, create, */*, allow
|
2018-06-06 04:44:14 +00:00
|
|
|
|
|
|
|
|
g, role:admin, role:readonly
|
2025-01-17 20:20:40 +00:00
|
|
|
g, admin, role:admin
|
