From 52d27395769aefa565a32af733abede7669f5ad4 Mon Sep 17 00:00:00 2001
From: Minh Monmen <minhpq331@gmail.com>
Date: Mon, 15 Jul 2019 13:56:28 +0700
Subject: [PATCH] add rbac scopes support

---
 charts/argo-cd/templates/argocd-rbac-cm.yaml | 3 +++
 charts/argo-cd/values.yaml                   | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/charts/argo-cd/templates/argocd-rbac-cm.yaml b/charts/argo-cd/templates/argocd-rbac-cm.yaml
index fb688d03..7d3aa6ea 100755
--- a/charts/argo-cd/templates/argocd-rbac-cm.yaml
+++ b/charts/argo-cd/templates/argocd-rbac-cm.yaml
@@ -16,3 +16,6 @@ data:
   policy.csv:
 {{- toYaml .Values.rbac.policyCsv | indent 4 }}
 {{- end }}
+{{- if .Values.rbac.scopes }}
+  scopes: {{ .Values.rbac.scopes }}
+{{- end }}
diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml
index 15d909dd..c4d7c677 100644
--- a/charts/argo-cd/values.yaml
+++ b/charts/argo-cd/values.yaml
@@ -157,6 +157,8 @@ rbac:
   #   g, your-github-org:your-team, role:org-admin
   # The default role Argo CD will fall back to, when authorizing API requests
   policyDefault: #role:readonly
+  # Scopes controls which OIDC scopes to examine during rbac enforcement (in addition to `sub` scope).
+  scopes: #[groups]
 
 redis:
   image: