Elgato_dark/argo-cd
1
0
Fork 0
mirror of https://github.com/argoproj/argo-cd synced 2026-04-21 17:07:16 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 22

fix: issue with project scoped resources (#8048)

Browse source 
fix: issue with project scoped resources (#8048)

Signed-off-by: pashavictorovich <pavel@codefresh.io>
This commit is contained in:
pasha-codefresh 2021-12-30 19:09:57 +02:00 committed by GitHub
parent 62f29865e7
commit cb1f06c72a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 21 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
pkg/apis/application/v1alpha1/types.go
View file

@ -1578,8 +1578,8 @@ func validatePolicy(proj string, role string, policy string) error {
}
// resource
resource := strings.Trim(policyComponents[2], " ")
if resource != "applications" {
return status.Errorf(codes.InvalidArgument, "invalid policy rule '%s': project resource must be: 'applications', not '%s'", policy, resource)
if resource != "applications" && resource != "repositories" && resource != "clusters" {
return status.Errorf(codes.InvalidArgument, "invalid policy rule '%s': project resource must be: 'applications', 'repositories' or 'clusters', not '%s'", policy, resource)
}
// action
action := strings.Trim(policyComponents[3], " ")

7
pkg/apis/application/v1alpha1/types_test.go
View file

@ -2580,3 +2580,10 @@ func Test_validatePolicy_projIsNotRegex(t *testing.T) {
err = validatePolicy("some-project", "org-admin", "p, proj:some-project:org-admin, applications, *, some-project/*, allow")
assert.NoError(t, err)
}
func Test_validatePolicy_ValidResource(t *testing.T) {
err := validatePolicy("some-project", "org-admin", "p, proj:some-project:org-admin, repositories, *, some-project/*, allow")
assert.NoError(t, err)
err = validatePolicy("some-project", "org-admin", "p, proj:some-project:org-admin, clusters, *, some-project/*, allow")
assert.NoError(t, err)
}

4
server/rbacpolicy/rbacpolicy.go
View file

@ -167,8 +167,8 @@ func (p *RBACPolicyEnforcer) getProjectFromRequest(rvals ...interface{}) *v1alph
if res, ok := rvals[1].(string); ok {
if obj, ok := rvals[3].(string); ok {
switch res {
case ResourceApplications:
if objSplit := strings.Split(obj, "/"); len(objSplit) == 2 {
case ResourceApplications, ResourceRepositories, ResourceClusters:
if objSplit := strings.Split(obj, "/"); len(objSplit) >= 2 {
return getProjectByName(objSplit[0])
}
case ResourceProjects:

10
server/rbacpolicy/rbacpolicy_test.go
View file

@ -149,3 +149,13 @@ func TestGetScopes_CustomScopes(t *testing.T) {
scopes := rbacEnforcer.GetScopes()
assert.Equal(t, scopes, customScopes)
}
func Test_getProjectFromRequest(t *testing.T) {
fp := newFakeProj()
projLister := test.NewFakeProjLister(fp)
rbacEnforcer := NewRBACPolicyEnforcer(nil, projLister)
project := rbacEnforcer.getProjectFromRequest("", "repositories", "create", fp.Name+"/https://github.com/argoproj/argocd-example-apps")
assert.Equal(t, project.Name, fp.Name)
}