From f8cea4cf836ef50a3ec3cb0ff0bfd365fdaa8ce8 Mon Sep 17 00:00:00 2001
From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com>
Date: Thu, 29 Jan 2026 17:22:11 +0100
Subject: [PATCH] chore(argocd): Expose Authentik groups

---
 k8s-peterg/argocd/patches/configmap.yaml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/k8s-peterg/argocd/patches/configmap.yaml b/k8s-peterg/argocd/patches/configmap.yaml
index 29171e5..14f3a3c 100644
--- a/k8s-peterg/argocd/patches/configmap.yaml
+++ b/k8s-peterg/argocd/patches/configmap.yaml
@@ -22,6 +22,7 @@ data:
           - openid
           - profile
           - email
+          - groups
 ---
 apiVersion: v1
 kind: ConfigMap
@@ -32,4 +33,13 @@ metadata:
 data:
   policy.default: role:readonly
   policy.csv: |
+    p, role:org-admin, applications, *, */*, allow
+    p, role:org-admin, clusters, get, *, allow
+    p, role:org-admin, repositories, get, *, allow
+    p, role:org-admin, repositories, create, *, allow
+    p, role:org-admin, repositories, update, *, allow
+    p, role:org-admin, repositories, delete, *, allow
+    p, role:org-admin, logs, get, */*, allow
+    p, role:org-admin, exec, create, */*, allow
+
     g, ArgoCD Admins, role:admin