Open cskinfill opened 2 years ago
I like this idea, but I think it needs some more agreement on the actual syntax (and semantics) of resources it targets.
@jannfis I'm interested in investigating more about this. I will take a closer look at the rbac implementation
Any update if it is being actively pursued.
is there any implementation or related workaround to achieve this ?
Hoping for this implementation as well. This would save a considerable amount of time and make our RBAC CM more manageable.
That would be a blessing
+1 It would be very handy
+1
I would love to see this implemented!
Summary
Support scoping RBAC controls based on labels defined in argocd Application resource.
Motivation
Adding labels to Applications allows for attaching additional metadata about the Application, and in this case allowing someone to specify that a label (for instance
service_owner
) should be used for RBAC decisions allows this label to be used to centralized the concept of ownership.Proposal
Provide some way to configure ArgoCD RBAC to not only use the current CSV file to map a role to an application name along with the permissions, but also allow for something like
and then anyone with the role
frontend-dev
will be allowed sync any Application with the labelservice_owner=frontend
.