add rbac scopes support (#85)

2019-07-23 01:11:28 +07:00 · 2019-07-23 01:11:28 +07:00 · c7b415b634
parent 6e108f3aae
commit c7b415b634
2 changed files with 5 additions and 0 deletions
--- a/charts/argo-cd/templates/argocd-rbac-cm.yaml
+++ b/charts/argo-cd/templates/argocd-rbac-cm.yaml
@ -16,3 +16,6 @@ data:
  policy.csv:
 {{- toYaml .Values.rbac.policyCsv | indent 4 }}
 {{- end }}
+{{- if .Values.rbac.scopes }}
+  scopes: {{ .Values.rbac.scopes }}
+{{- end }}
--- a/charts/argo-cd/values.yaml
+++ b/charts/argo-cd/values.yaml
@ -157,6 +157,8 @@ rbac:
  #   g, your-github-org:your-team, role:org-admin
  # The default role Argo CD will fall back to, when authorizing API requests
  policyDefault: #role:readonly
+  # Scopes controls which OIDC scopes to examine during rbac enforcement (in addition to `sub` scope).
+  scopes: #[groups]

 redis:
  image: