github.com/argoproj/argo-cd@v1.8.7/server/certificate/certificate.go

github.com/argoproj/argo-cd@v1.8.7/server/certificate/certificate.go (about)

     1  package certificate
     2  
     3  import (
     4  	"golang.org/x/net/context"
     5  
     6  	certificatepkg "github.com/argoproj/argo-cd/pkg/apiclient/certificate"
     7  	appsv1 "github.com/argoproj/argo-cd/pkg/apis/application/v1alpha1"
     8  	"github.com/argoproj/argo-cd/reposerver/apiclient"
     9  	"github.com/argoproj/argo-cd/server/rbacpolicy"
    10  	"github.com/argoproj/argo-cd/util/db"
    11  	"github.com/argoproj/argo-cd/util/rbac"
    12  )
    13  
    14  // Server provides a Certificate service
    15  type Server struct {
    16  	db            db.ArgoDB
    17  	repoClientset apiclient.Clientset
    18  	enf           *rbac.Enforcer
    19  }
    20  
    21  // NewServer returns a new instance of the Certificate service
    22  func NewServer(
    23  	repoClientset apiclient.Clientset,
    24  	db db.ArgoDB,
    25  	enf *rbac.Enforcer,
    26  ) *Server {
    27  	return &Server{
    28  		db:            db,
    29  		repoClientset: repoClientset,
    30  		enf:           enf,
    31  	}
    32  }
    33  
    34  // TODO: RBAC policies are currently an all-or-nothing approach, so there is no
    35  // fine grained control for certificate manipulation. Either a user has access
    36  // to a given certificate operation (get/create/delete), or it doesn't.
    37  
    38  // Returns a list of configured certificates that match the query
    39  func (s *Server) ListCertificates(ctx context.Context, q *certificatepkg.RepositoryCertificateQuery) (*appsv1.RepositoryCertificateList, error) {
    40  	if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceCertificates, rbacpolicy.ActionGet, ""); err != nil {
    41  		return nil, err
    42  	}
    43  	certList, err := s.db.ListRepoCertificates(ctx, &db.CertificateListSelector{
    44  		HostNamePattern: q.GetHostNamePattern(),
    45  		CertType:        q.GetCertType(),
    46  		CertSubType:     q.GetCertSubType(),
    47  	})
    48  	if err != nil {
    49  		return nil, err
    50  	}
    51  	return certList, nil
    52  }
    53  
    54  // Batch creates certificates for verifying repositories
    55  func (s *Server) CreateCertificate(ctx context.Context, q *certificatepkg.RepositoryCertificateCreateRequest) (*appsv1.RepositoryCertificateList, error) {
    56  	if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceCertificates, rbacpolicy.ActionCreate, ""); err != nil {
    57  		return nil, err
    58  	}
    59  	certs, err := s.db.CreateRepoCertificate(ctx, q.Certificates, q.Upsert)
    60  	if err != nil {
    61  		return nil, err
    62  	}
    63  
    64  	return certs, nil
    65  }
    66  
    67  // Batch deletes a list of certificates that match the query
    68  func (s *Server) DeleteCertificate(ctx context.Context, q *certificatepkg.RepositoryCertificateQuery) (*appsv1.RepositoryCertificateList, error) {
    69  	if err := s.enf.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceCertificates, rbacpolicy.ActionDelete, ""); err != nil {
    70  		return nil, err
    71  	}
    72  	certs, err := s.db.RemoveRepoCertificates(ctx, &db.CertificateListSelector{
    73  		HostNamePattern: q.GetHostNamePattern(),
    74  		CertType:        q.GetCertType(),
    75  		CertSubType:     q.GetCertSubType(),
    76  	})
    77  	if err != nil {
    78  		return nil, err
    79  	}
    80  	return certs, nil
    81  }