status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

update guide to reflect tenancy and scope (#18687) 

* update guide to reflect tenancy and scope

* Apply suggestions from code review

Co-authored-by: Semir Patel <semir.patel@hashicorp.com>

* update ACLHooks signature

* Update docs/resources/guide.md

Co-authored-by: Semir Patel <semir.patel@hashicorp.com>

---------

Co-authored-by: Semir Patel <semir.patel@hashicorp.com>
This commit is contained in:
Dhia Ayachi 2023-09-06 11:11:43 -04:00 committed by GitHub
parent 60b0485497
commit ec507fe4a8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
docs/resources/guide.md
View File

@ -55,11 +55,15 @@ var BarV1Alpha1Type = &pbresource.Type{
func RegisterTypes(r resource.Registry) {
r.Register(resource.Registration{
Type: BarV1Alpha1Type,
Type: BarV1Alpha1Type,
Scope: resource.ScopePartition,
Proto: &pbv1alpha1.Bar{},
})
}
```
Note that Scope reference the scope of the new resource, `resource.ScopePartition`
mean that resource will be at the partition level and have no namespace, while `resource.ScopeNamespace` mean it will have both a namespace
and a partition.
Update the `NewTypeRegistry` method in [`type_registry.go`] to call your
package's type registration method:
@ -140,7 +144,8 @@ using a validation hook provided in the type registration:
func RegisterTypes(r resource.Registry) {
r.Register(resource.Registration{
Type: BarV1Alpha1Type,
Proto: &pbv1alpha1.Bar{},
Proto: &pbv1alpha1.Bar{},
Scope: resource.ScopeNamespace,
Validate: validateBar,
})
}
@ -172,7 +177,8 @@ a set of ACL hooks:
func RegisterTypes(r resource.Registry) {
r.Register(resource.Registration{
Type: BarV1Alpha1Type,
Proto: &pbv1alpha1.Bar{},
Proto: &pbv1alpha1.Bar{},
Scope: resource.ScopeNamespace,
ACLs: &resource.ACLHooks{,
Read: authzReadBar,
Write: authzWriteBar,
@ -181,19 +187,19 @@ func RegisterTypes(r resource.Registry) {
})
}
func authzReadBar(authz acl.Authorizer, id *pbresource.ID) error {
func authzReadBar(authz acl.Authorizer, authzContext *acl.AuthorizerContext, id *pbresource.ID) error {
return authz.ToAllowAuthorizer().
BarReadAllowed(id.Name, resource.AuthorizerContext(id.Tenancy))
BarReadAllowed(id.Name, authzContext)
}
func authzWriteBar(authz acl.Authorizer, id *pbresource.ID) error {
func authzWriteBar(authz acl.Authorizer, authzContext *acl.AuthorizerContext, res *pbresource.Resource) error {
return authz.ToAllowAuthorizer().
BarWriteAllowed(id.Name, resource.AuthorizerContext(id.Tenancy))
BarWriteAllowed(res.ID().Name, authzContext)
}
func authzListBar(authz acl.Authorizer, ten *pbresource.Tenancy) error {
func authzListBar(authz acl.Authorizer, authzContext *acl.AuthorizerContext) error {
return authz.ToAllowAuthorizer().
BarListAllowed(resource.AuthorizerContext(ten))
BarListAllowed(authzContext)
}
```
@ -210,7 +216,8 @@ by providing a mutation hook:
func RegisterTypes(r resource.Registry) {
r.Register(resource.Registration{
Type: BarV1Alpha1Type,
Proto: &pbv1alpha1.Bar{},
Proto: &pbv1alpha1.Bar{},
Scope: resource.ScopeNamespace,
Mutate: mutateBar,
})
}