github.com/argoproj/argo-cd@v1.8.7/docs/operator-manual/argocd-rbac-cm.yaml

github.com/argoproj/argo-cd@v1.8.7/docs/operator-manual/argocd-rbac-cm.yaml (about)

     1  apiVersion: v1
     2  kind: ConfigMap
     3  metadata:
     4    name: argocd-rbac-cm
     5    namespace: argocd
     6    labels:
     7      app.kubernetes.io/name: argocd-rbac-cm
     8      app.kubernetes.io/part-of: argocd
     9  data:
    10    # policy.csv is an file containing user-defined RBAC policies and role definitions (optional).
    11    # Policy rules are in the form:
    12    #   p, subject, resource, action, object, effect
    13    # Role definitions and bindings are in the form:
    14    #   g, subject, inherited-subject
    15    # See https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md for additional information.
    16    policy.csv: |
    17      # Grant all members of the group 'my-org:team-alpha; the ability to sync apps in 'my-project'
    18      p, my-org:team-alpha, applications, sync, my-project/*, allow
    19      # Grant all members of 'my-org:team-beta' admins
    20      g, my-org:team-beta, role:admin
    21  
    22    # policy.default is the name of the default role which Argo CD will falls back to, when
    23    # authorizing API requests (optional). If omitted or empty, users may be still be able to login,
    24    # but will see no apps, projects, etc...
    25    policy.default: role:readonly
    26  
    27    # scopes controls which OIDC scopes to examine during rbac enforcement (in addition to `sub` scope).
    28    # If omitted, defaults to: '[groups]'. The scope value can be a string, or a list of strings.
    29    scopes: '[cognito:groups, email]'
    30