remove default values from the argocd rbac configmap (#152)

* remove default values from the argocd rbac configmap * Bump patch version
2019-11-05 15:38:22 -08:00 · 2019-11-05 15:38:22 -08:00 · 2ffd0d8ebf
parent 33c4adfbb6
commit 2ffd0d8ebf
3 changed files with 12 additions and 10 deletions
--- a/charts/argo-cd/Chart.yaml
+++ b/charts/argo-cd/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: "1.2.4"
 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes.
 name: argo-cd
-version: 1.0.2
+version: 1.0.3
 home: https://github.com/argoproj/argo-helm
 icon: https://raw.githubusercontent.com/argoproj/argo/master/argo.png
 keywords:
--- a/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml
+++ b/charts/argo-cd/templates/argocd-configs/argocd-rbac-cm.yaml
@ -9,5 +9,7 @@ metadata:
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    app.kubernetes.io/part-of: argocd
    app.kubernetes.io/component: {{ .Values.server.name }}
+{{- if .Values.server.rbacConfig }}
 data:
-{{- toYaml .Values.server.rbacConfig | nindent 4 }}
+{{- toYaml .Values.server.rbacConfig | nindent 4 }}
+{{- end }}
--- a/charts/argo-cd/values.yaml
+++ b/charts/argo-cd/values.yaml
@ -314,26 +314,26 @@ server:

  ## ArgoCD rbac config
  ## reference https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md
-  rbacConfig:
+  rbacConfig: {}
    # policy.csv is an file containing user-defined RBAC policies and role definitions (optional).
    # Policy rules are in the form:
    #   p, subject, resource, action, object, effect
    # Role definitions and bindings are in the form:
    #   g, subject, inherited-subject
    # See https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md for additional information.
-    policy.csv: |
-      # Grant all members of the group 'my-org:team-alpha; the ability to sync apps in 'my-project'
-      p, my-org:team-alpha, applications, sync, my-project/*, allow
-      # Grant all members of 'my-org:team-beta' admins
-      g, my-org:team-beta, role:admin
+    # policy.csv: |
+    #   # Grant all members of the group 'my-org:team-alpha; the ability to sync apps in 'my-project'
+    #   p, my-org:team-alpha, applications, sync, my-project/*, allow
+    #   # Grant all members of 'my-org:team-beta' admins
+    #   g, my-org:team-beta, role:admin
    # policy.default is the name of the default role which Argo CD will falls back to, when
    # authorizing API requests (optional). If omitted or empty, users may be still be able to login,
    # but will see no apps, projects, etc...
-    policy.default: role:readonly
+    # policy.default: role:readonly

    # scopes controls which OIDC scopes to examine during rbac enforcement (in addition to `sub` scope).
    # If omitted, defaults to: '[groups]'. The scope value can be a string, or a list of strings.
-    scopes: '[cognito:groups, email]'
+    # scopes: '[cognito:groups, email]'

  ## Not well tested and not well supported on release v1.0.0.
  ## Applications