Skip to content

feat(appProjectRBAC)[#36]: add support for managing AppProject RBAC #37

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Jun 9, 2025
Merged

feat(appProjectRBAC)[#36]: add support for managing AppProject RBAC #37

merged 9 commits into from
Jun 9, 2025

Conversation

@ggkhrmv
Copy link
Collaborator

@ggkhrmv ggkhrmv commented May 25, 2025
edited
Loading

What type of PR is this?

/kind enhancement

What does this PR do / why we need it:
see #36 for more context.

This PR adds support for AppProject-scoped RBAC management utilizing k8s' native CRDs.

It adds two new CRDs + Controllers:

  1. ArgoCDProjectRole: Defines the policies to be added to AppProject's RBAC
  2. ArgoCDProjectRoleBinding: Binds a specified role to a single or multiple AppProjects + defines Groups the role should be applied to

Example usage can be seen in updated README.md.

Have you updated the necessary documentation?

  • Documentation update is required by this PR.
  • Documentation has been updated.

Which issue(s) this PR fixes:

Fixes #36

@ggkhrmv ggkhrmv self-assigned this May 25, 2025
@ggkhrmv ggkhrmv added the enhancement New feature or request label May 25, 2025
@ggkhrmv ggkhrmv marked this pull request as draft May 25, 2025 22:06
@ggkhrmv ggkhrmv force-pushed the feat/#36-add_AppProject_RBAC_support branch from b325b1a to 6c0fead Compare June 1, 2025 20:22
@ggkhrmv ggkhrmv requested a review from Copilot June 8, 2025 02:18

This comment was marked as outdated.

Sign in to view

@ggkhrmv ggkhrmv requested a review from Copilot June 8, 2025 02:28

This comment was marked as outdated.

Sign in to view

@ggkhrmv ggkhrmv marked this pull request as ready for review June 8, 2025 02:32
@ggkhrmv ggkhrmv requested a review from Copilot June 9, 2025 13:00
Copilot AI reviewed Jun 9, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Adds support for AppProject-scoped RBAC by introducing new CRDs, controllers, and documentation updates.

  • Defines ArgoCDProjectRole and ArgoCDProjectRoleBinding CRDs and base YAMLs
  • Registers and wires up two new controllers in main.go and bumps operator version
  • Expands README with AppProject-scoped usage examples and bumps release tags

Reviewed Changes

Copilot reviewed 57 out of 57 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
config/crd/bases/rbac-operator.argoproj-labs.io_argocdprojectroles.yaml New CRD for AppProject-scoped Role
config/crd/bases/rbac-operator.argoproj-labs.io_argocdprojectrolebindings.yaml New CRD for AppProject-scoped RoleBinding
cmd/main.go Imported and registered project role and binding reconcilers
api/v1alpha1/argocdprojectrolebinding_types.go Go types for ArgoCDProjectRoleBinding
README.md Documentation added for AppProject-scoped RBAC usage
Makefile & config/manager/kustomization.yaml Version bump to v0.2.0 and kustomize update
Comments suppressed due to low confidence (3)

api/v1alpha1/argocdprojectrolebinding_types.go:2

  • Update the copyright year to 2025 to reflect the current release date.
Copyright 2024.

cmd/main.go:28

  • [nitpick] Consider renaming the import alias to something more descriptive (e.g. applicationv1alpha1) to clarify that this is the Argo CD application API group.
argocdv1alpha "github.com/argoproj/argo-cd/v3/pkg/apis/application/v1alpha1"

api/v1alpha1/argocdrole_types.go:25

  • [nitpick] For consistency and clarity, hyphenate “global-scoped” to “global-scoped Role” or reword to “globally scoped Role”.
// ArgoCDRoleSpec defines the desired state of global scoped Role (written to argocd-rbac-cm ConfigMap)

@ggkhrmv ggkhrmv merged commit 7fff5f6 into main Jun 9, 2025
4 checks passed
@ggkhrmv ggkhrmv deleted the feat/#36-add_AppProject_RBAC_support branch June 9, 2025 13:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@ggkhrmv ggkhrmv

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add a way to manage AppProject RBAC with the Operator

2 participants

@ggkhrmv