fix: properly set the AccessRequest type on creation (#46)

Signed-off-by: Leonardo Luz Almeida <[email protected]>
argoproj-labs · Oct 24, 2024 · e80938e · e80938e
1 parent 03583fa
commit e80938e
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 2 deletions.
diff --git a/config/samples/ephemeral-access_v1alpha1_accessbinding.yaml b/config/samples/ephemeral-access_v1alpha1_accessbinding.yaml
@@ -0,0 +1,15 @@
+apiVersion: ephemeral-access.argoproj-labs.io/v1alpha1
+kind: AccessBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: argocd-ephemeral-access
+    app.kubernetes.io/managed-by: kustomize
+  name: some-access-binding
+spec:
+  roleTemplateRef:
+    name: devops
+  subjects: 
+    - group1
+  if: "true"
+  ordinal: 1
+  friendlyName: "Devops (AB)"
diff --git a/config/samples/ephemeral-access_v1alpha1_roletemplate.yaml b/config/samples/ephemeral-access_v1alpha1_roletemplate.yaml
@@ -4,6 +4,13 @@ metadata:
   labels:
     app.kubernetes.io/name: argocd-ephemeral-access
     app.kubernetes.io/managed-by: kustomize
-  name: roletemplate-sample
+  name: devops
 spec:
-  # TODO(user): Add fields here
+  description: write permission in application {{.Application}}
+  name: "DevOps (Write)"
+  policies:
+  - p, {{.Role}}, applications, sync, {{.Project}}/{{.Application}}, allow
+  - p, {{.Role}}, applications, get, {{.Project}}/{{.Application}}, deny
+  - p, {{.Role}}, applications, action/*, {{.Project}}/{{.Application}}, allow
+  - p, {{.Role}}, applications, delete/*/Pod/*, {{.Project}}/{{.Application}}, allow
+  - p, {{.Role}}, logs, get, {{.Project}}/{{.Namespace}}/{{.Application}}, allow
diff --git a/internal/backend/service.go b/internal/backend/service.go
@@ -164,6 +164,10 @@ func (s *DefaultService) matchSubject(subjects, groups []string) bool {
 func (s *DefaultService) CreateAccessRequest(ctx context.Context, key *AccessRequestKey, binding *api.AccessBinding) (*api.AccessRequest, error) {
 	roleName := binding.Spec.RoleTemplateRef.Name
 	ar := &api.AccessRequest{
+		TypeMeta: metav1.TypeMeta{
+			Kind:       "AccessRequest",
+			APIVersion: "v1alpha1",
+		},
 		ObjectMeta: metav1.ObjectMeta{
 			Namespace:    key.Namespace,
 			GenerateName: getAccessRequestPrefix(key.Username, roleName),
@@ -213,6 +217,7 @@ func getAccessRequestPrefix(username, roleName string) string {
 }
 
 func (s *DefaultService) GetApplication(ctx context.Context, name string, namespace string) (*unstructured.Unstructured, error) {
+	s.logger.Debug(fmt.Sprintf("Getting application %s/%s", namespace, name))
 	app, err := s.k8s.GetApplication(ctx, name, namespace)
 	if err != nil {
 		if apierrors.IsNotFound(err) {