marcel/argo-cd
1
0
Fork 0
mirror of https://github.com/argoproj/argo-cd.git synced 2026-02-20 01:28:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat: allow limiting clusterResourceWhitelist by resource name (#12208) (#24674)

Browse Source 
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
This commit is contained in:
Michael Crenshaw
2025-12-03 15:55:28 -05:00
committed by GitHub
parent c43088265e
commit e77acec858
42 changed files with 2909 additions and 1042 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
server/application/application.go
View File

@@ -2739,7 +2739,7 @@ func (s *Server) patchResource(ctx context.Context, config *rest.Config, liveObj
}
func (s *Server) verifyResourcePermitted(destCluster *v1alpha1.Cluster, proj *v1alpha1.AppProject, obj *unstructured.Unstructured) error {
permitted, err := proj.IsResourcePermitted(schema.GroupKind{Group: obj.GroupVersionKind().Group, Kind: obj.GroupVersionKind().Kind}, obj.GetNamespace(), destCluster, func(project string) ([]*v1alpha1.Cluster, error) {
permitted, err := proj.IsResourcePermitted(schema.GroupKind{Group: obj.GroupVersionKind().Group, Kind: obj.GroupVersionKind().Kind}, obj.GetName(), obj.GetNamespace(), destCluster, func(project string) ([]*v1alpha1.Cluster, error) {
clusters, err := s.db.GetProjectClusters(context.TODO(), project)
if err != nil {
return nil, fmt.Errorf("failed to get project clusters: %w", err)

2
server/project/project_test.go
View File

@@ -174,7 +174,7 @@ func TestProjectServer(t *testing.T) {
projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(&existingProj, &existingApp), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB, testEnableEventList)
updatedProj := existingProj.DeepCopy()
updatedProj.Spec.ClusterResourceWhitelist = []metav1.GroupKind{{}}
updatedProj.Spec.ClusterResourceWhitelist = []v1alpha1.ClusterResourceRestrictionItem{{}}
_, err := projectServer.Update(t.Context(), &project.ProjectUpdateRequest{Project: updatedProj})

2
server/server.go
View File

@@ -284,7 +284,7 @@ func initializeDefaultProject(opts ArgoCDServerOpts) error {
Spec: v1alpha1.AppProjectSpec{
SourceRepos: []string{"*"},
Destinations: []v1alpha1.ApplicationDestination{{Server: "*", Namespace: "*"}},
ClusterResourceWhitelist: []metav1.GroupKind{{Group: "*", Kind: "*"}},
ClusterResourceWhitelist: []v1alpha1.ClusterResourceRestrictionItem{{Group: "*", Kind: "*"}},
},
}

2
server/server_test.go
View File

@@ -1224,7 +1224,7 @@ func TestInitializeDefaultProject_ProjectDoesNotExist(t *testing.T) {
assert.Equal(t, v1alpha1.AppProjectSpec{
SourceRepos: []string{"*"},
Destinations: []v1alpha1.ApplicationDestination{{Server: "*", Namespace: "*"}},
ClusterResourceWhitelist: []metav1.GroupKind{{Group: "*", Kind: "*"}},
ClusterResourceWhitelist: []v1alpha1.ClusterResourceRestrictionItem{{Group: "*", Kind: "*"}},
}, proj.Spec)
}