|
|
@ -56,10 +56,14 @@ var BarV1Alpha1Type = &pbresource.Type{
|
|
|
|
func RegisterTypes(r resource.Registry) {
|
|
|
|
func RegisterTypes(r resource.Registry) {
|
|
|
|
r.Register(resource.Registration{
|
|
|
|
r.Register(resource.Registration{
|
|
|
|
Type: BarV1Alpha1Type,
|
|
|
|
Type: BarV1Alpha1Type,
|
|
|
|
|
|
|
|
Scope: resource.ScopePartition,
|
|
|
|
Proto: &pbv1alpha1.Bar{},
|
|
|
|
Proto: &pbv1alpha1.Bar{},
|
|
|
|
})
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
```
|
|
|
|
```
|
|
|
|
|
|
|
|
Note that Scope reference the scope of the new resource, `resource.ScopePartition`
|
|
|
|
|
|
|
|
mean that resource will be at the partition level and have no namespace, while `resource.ScopeNamespace` mean it will have both a namespace
|
|
|
|
|
|
|
|
and a partition.
|
|
|
|
|
|
|
|
|
|
|
|
Update the `NewTypeRegistry` method in [`type_registry.go`] to call your
|
|
|
|
Update the `NewTypeRegistry` method in [`type_registry.go`] to call your
|
|
|
|
package's type registration method:
|
|
|
|
package's type registration method:
|
|
|
@ -141,6 +145,7 @@ func RegisterTypes(r resource.Registry) {
|
|
|
|
r.Register(resource.Registration{
|
|
|
|
r.Register(resource.Registration{
|
|
|
|
Type: BarV1Alpha1Type,
|
|
|
|
Type: BarV1Alpha1Type,
|
|
|
|
Proto: &pbv1alpha1.Bar{},
|
|
|
|
Proto: &pbv1alpha1.Bar{},
|
|
|
|
|
|
|
|
Scope: resource.ScopeNamespace,
|
|
|
|
Validate: validateBar,
|
|
|
|
Validate: validateBar,
|
|
|
|
})
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
@ -173,6 +178,7 @@ func RegisterTypes(r resource.Registry) {
|
|
|
|
r.Register(resource.Registration{
|
|
|
|
r.Register(resource.Registration{
|
|
|
|
Type: BarV1Alpha1Type,
|
|
|
|
Type: BarV1Alpha1Type,
|
|
|
|
Proto: &pbv1alpha1.Bar{},
|
|
|
|
Proto: &pbv1alpha1.Bar{},
|
|
|
|
|
|
|
|
Scope: resource.ScopeNamespace,
|
|
|
|
ACLs: &resource.ACLHooks{,
|
|
|
|
ACLs: &resource.ACLHooks{,
|
|
|
|
Read: authzReadBar,
|
|
|
|
Read: authzReadBar,
|
|
|
|
Write: authzWriteBar,
|
|
|
|
Write: authzWriteBar,
|
|
|
@ -181,19 +187,19 @@ func RegisterTypes(r resource.Registry) {
|
|
|
|
})
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
func authzReadBar(authz acl.Authorizer, id *pbresource.ID) error {
|
|
|
|
func authzReadBar(authz acl.Authorizer, authzContext *acl.AuthorizerContext, id *pbresource.ID) error {
|
|
|
|
return authz.ToAllowAuthorizer().
|
|
|
|
return authz.ToAllowAuthorizer().
|
|
|
|
BarReadAllowed(id.Name, resource.AuthorizerContext(id.Tenancy))
|
|
|
|
BarReadAllowed(id.Name, authzContext)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
func authzWriteBar(authz acl.Authorizer, id *pbresource.ID) error {
|
|
|
|
func authzWriteBar(authz acl.Authorizer, authzContext *acl.AuthorizerContext, res *pbresource.Resource) error {
|
|
|
|
return authz.ToAllowAuthorizer().
|
|
|
|
return authz.ToAllowAuthorizer().
|
|
|
|
BarWriteAllowed(id.Name, resource.AuthorizerContext(id.Tenancy))
|
|
|
|
BarWriteAllowed(res.ID().Name, authzContext)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
func authzListBar(authz acl.Authorizer, ten *pbresource.Tenancy) error {
|
|
|
|
func authzListBar(authz acl.Authorizer, authzContext *acl.AuthorizerContext) error {
|
|
|
|
return authz.ToAllowAuthorizer().
|
|
|
|
return authz.ToAllowAuthorizer().
|
|
|
|
BarListAllowed(resource.AuthorizerContext(ten))
|
|
|
|
BarListAllowed(authzContext)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
```
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
@ -211,6 +217,7 @@ func RegisterTypes(r resource.Registry) {
|
|
|
|
r.Register(resource.Registration{
|
|
|
|
r.Register(resource.Registration{
|
|
|
|
Type: BarV1Alpha1Type,
|
|
|
|
Type: BarV1Alpha1Type,
|
|
|
|
Proto: &pbv1alpha1.Bar{},
|
|
|
|
Proto: &pbv1alpha1.Bar{},
|
|
|
|
|
|
|
|
Scope: resource.ScopeNamespace,
|
|
|
|
Mutate: mutateBar,
|
|
|
|
Mutate: mutateBar,
|
|
|
|
})
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|