github.com/argoproj/argo-cd/v3@v3.2.1/server/certificate/certificate.go

github.com/argoproj/argo-cd/v3@v3.2.1/server/certificate/certificate.go (about)

     1  package certificate
     2  
     3  import (
     4  	"context"
     5  
     6  	certificatepkg "github.com/argoproj/argo-cd/v3/pkg/apiclient/certificate"
     7  	appsv1 "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"
     8  	"github.com/argoproj/argo-cd/v3/util/db"
     9  	"github.com/argoproj/argo-cd/v3/util/rbac"
    10  )
    11  
    12  // Server provides a Certificate service
    13  type Server struct {
    14  	db  db.ArgoDB
    15  	enf *rbac.Enforcer
    16  }
    17  
    18  // NewServer returns a new instance of the Certificate service
    19  func NewServer(db db.ArgoDB, enf *rbac.Enforcer) *Server {
    20  	return &Server{
    21  		db:  db,
    22  		enf: enf,
    23  	}
    24  }
    25  
    26  // TODO: RBAC policies are currently an all-or-nothing approach, so there is no
    27  // fine grained control for certificate manipulation. Either a user has access
    28  // to a given certificate operation (get/create/delete), or it doesn't.
    29  
    30  // Returns a list of configured certificates that match the query
    31  func (s *Server) ListCertificates(ctx context.Context, q *certificatepkg.RepositoryCertificateQuery) (*appsv1.RepositoryCertificateList, error) {
    32  	if err := s.enf.EnforceErr(ctx.Value("claims"), rbac.ResourceCertificates, rbac.ActionGet, ""); err != nil {
    33  		return nil, err
    34  	}
    35  	certList, err := s.db.ListRepoCertificates(ctx, &db.CertificateListSelector{
    36  		HostNamePattern: q.GetHostNamePattern(),
    37  		CertType:        q.GetCertType(),
    38  		CertSubType:     q.GetCertSubType(),
    39  	})
    40  	if err != nil {
    41  		return nil, err
    42  	}
    43  	return certList, nil
    44  }
    45  
    46  // Batch creates certificates for verifying repositories
    47  func (s *Server) CreateCertificate(ctx context.Context, q *certificatepkg.RepositoryCertificateCreateRequest) (*appsv1.RepositoryCertificateList, error) {
    48  	if err := s.enf.EnforceErr(ctx.Value("claims"), rbac.ResourceCertificates, rbac.ActionCreate, ""); err != nil {
    49  		return nil, err
    50  	}
    51  	certs, err := s.db.CreateRepoCertificate(ctx, q.Certificates, q.Upsert)
    52  	if err != nil {
    53  		return nil, err
    54  	}
    55  
    56  	return certs, nil
    57  }
    58  
    59  // Batch deletes a list of certificates that match the query
    60  func (s *Server) DeleteCertificate(ctx context.Context, q *certificatepkg.RepositoryCertificateQuery) (*appsv1.RepositoryCertificateList, error) {
    61  	if err := s.enf.EnforceErr(ctx.Value("claims"), rbac.ResourceCertificates, rbac.ActionDelete, ""); err != nil {
    62  		return nil, err
    63  	}
    64  	certs, err := s.db.RemoveRepoCertificates(ctx, &db.CertificateListSelector{
    65  		HostNamePattern: q.GetHostNamePattern(),
    66  		CertType:        q.GetCertType(),
    67  		CertSubType:     q.GetCertSubType(),
    68  	})
    69  	if err != nil {
    70  		return nil, err
    71  	}
    72  	return certs, nil
    73  }