-
Notifications
You must be signed in to change notification settings - Fork 176
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
refactor: make Kargo Roles proper runtime objects (#1917)
Signed-off-by: Kent Rancourt <[email protected]>
- Loading branch information
Showing
33 changed files
with
3,826 additions
and
2,422 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| package v1alpha1 | ||
|
|
||
| const ( | ||
| // AnnotationKeyManaged is an annotation key that can be set on a | ||
| // ServiceAccount, Role, or RoleBinding to indicate that it is managed by | ||
| // Kargo. | ||
| AnnotationKeyManaged = "rbac.kargo.akuity.io/managed" | ||
|
|
||
| // AnnotationKeyOIDCEmails is an annotation key that can be set on a | ||
| // ServiceAccount to associate it with a list of email addresses. The | ||
| // annotation is used to grant permissions to the ServiceAccount based on | ||
| // the email claim from a user who authenticates using OIDC. | ||
| // The value of the annotation should be a comma-separated list. | ||
| AnnotationKeyOIDCEmails = "rbac.kargo.akuity.io/email" | ||
|
|
||
| // AnnotationKeyOIDCGroups is an annotation key that can be set on a | ||
| // ServiceAccount to associate it with a list of groups from an OIDC | ||
| // provider. The annotation is used to grant permissions to the | ||
| // ServiceAccount based on the groups claim from a user who authenticates | ||
| // using OIDC. | ||
| // The value of the annotation should be a comma-separated list. | ||
| AnnotationKeyOIDCGroups = "rbac.kargo.akuity.io/groups" | ||
|
|
||
| // AnnotationKeyOIDCSubjects is an annotation key that can be set on a | ||
| // ServiceAccount to associate it with a list of subjects from an OIDC | ||
| // provider. The annotation is used to grant permissions to the | ||
| // ServiceAccount based on the subject claim from a user who authenticates | ||
| // using OIDC. | ||
| // The value of the annotation should be a comma-separated list. | ||
| AnnotationKeyOIDCSubjects = "rbac.kargo.akuity.io/sub" | ||
|
|
||
| AnnotationValueTrue = "true" | ||
| ) |
Oops, something went wrong.