status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

update guide to reflect tenancy and scope (#18687) 

* update guide to reflect tenancy and scope

* Apply suggestions from code review

Co-authored-by: Semir Patel <semir.patel@hashicorp.com>

* update ACLHooks signature

* Update docs/resources/guide.md

Co-authored-by: Semir Patel <semir.patel@hashicorp.com>

---------

Co-authored-by: Semir Patel <semir.patel@hashicorp.com>
This commit is contained in:
Dhia Ayachi 2023-09-06 11:11:43 -04:00 committed by GitHub
parent 60b0485497
commit ec507fe4a8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
docs/resources/guide.md
View File

@ -55,11 +55,15 @@ var BarV1Alpha1Type = &pbresource.Type{
func RegisterTypes(r resource.Registry) { func RegisterTypes(r resource.Registry) {
r.Register(resource.Registration{ r.Register(resource.Registration{
Type: BarV1Alpha1Type, Type: BarV1Alpha1Type,
Scope: resource.ScopePartition,
Proto: &pbv1alpha1.Bar{}, Proto: &pbv1alpha1.Bar{},
}) })
} }
``` ```
Note that Scope reference the scope of the new resource, `resource.ScopePartition`
mean that resource will be at the partition level and have no namespace, while `resource.ScopeNamespace` mean it will have both a namespace
and a partition.
Update the `NewTypeRegistry` method in [`type_registry.go`] to call your Update the `NewTypeRegistry` method in [`type_registry.go`] to call your
package's type registration method: package's type registration method:
@ -140,7 +144,8 @@ using a validation hook provided in the type registration:
func RegisterTypes(r resource.Registry) { func RegisterTypes(r resource.Registry) {
r.Register(resource.Registration{ r.Register(resource.Registration{
Type: BarV1Alpha1Type, Type: BarV1Alpha1Type,
Proto: &pbv1alpha1.Bar{}, Proto: &pbv1alpha1.Bar{},
Scope: resource.ScopeNamespace,
Validate: validateBar, Validate: validateBar,
}) })
} }
@ -172,7 +177,8 @@ a set of ACL hooks:
func RegisterTypes(r resource.Registry) { func RegisterTypes(r resource.Registry) {
r.Register(resource.Registration{ r.Register(resource.Registration{
Type: BarV1Alpha1Type, Type: BarV1Alpha1Type,
Proto: &pbv1alpha1.Bar{}, Proto: &pbv1alpha1.Bar{},
Scope: resource.ScopeNamespace,
ACLs: &resource.ACLHooks{, ACLs: &resource.ACLHooks{,
Read: authzReadBar, Read: authzReadBar,
Write: authzWriteBar, Write: authzWriteBar,
@ -181,19 +187,19 @@ func RegisterTypes(r resource.Registry) {
}) })
} }
func authzReadBar(authz acl.Authorizer, id *pbresource.ID) error { func authzReadBar(authz acl.Authorizer, authzContext *acl.AuthorizerContext, id *pbresource.ID) error {
return authz.ToAllowAuthorizer(). return authz.ToAllowAuthorizer().
BarReadAllowed(id.Name, resource.AuthorizerContext(id.Tenancy)) BarReadAllowed(id.Name, authzContext)
} }
func authzWriteBar(authz acl.Authorizer, id *pbresource.ID) error { func authzWriteBar(authz acl.Authorizer, authzContext *acl.AuthorizerContext, res *pbresource.Resource) error {
return authz.ToAllowAuthorizer(). return authz.ToAllowAuthorizer().
BarWriteAllowed(id.Name, resource.AuthorizerContext(id.Tenancy)) BarWriteAllowed(res.ID().Name, authzContext)
} }
func authzListBar(authz acl.Authorizer, ten *pbresource.Tenancy) error { func authzListBar(authz acl.Authorizer, authzContext *acl.AuthorizerContext) error {
return authz.ToAllowAuthorizer(). return authz.ToAllowAuthorizer().
BarListAllowed(resource.AuthorizerContext(ten)) BarListAllowed(authzContext)
} }
``` ```
@ -210,7 +216,8 @@ by providing a mutation hook:
func RegisterTypes(r resource.Registry) { func RegisterTypes(r resource.Registry) {
r.Register(resource.Registration{ r.Register(resource.Registration{
Type: BarV1Alpha1Type, Type: BarV1Alpha1Type,
Proto: &pbv1alpha1.Bar{}, Proto: &pbv1alpha1.Bar{},
Scope: resource.ScopeNamespace,
Mutate: mutateBar, Mutate: mutateBar,
}) })
} }