update guide to reflect tenancy and scope (#18687)

* update guide to reflect tenancy and scope

* Apply suggestions from code review

Co-authored-by: Semir Patel <semir.patel@hashicorp.com>

* update ACLHooks signature

* Update docs/resources/guide.md

Co-authored-by: Semir Patel <semir.patel@hashicorp.com>

---------

Co-authored-by: Semir Patel <semir.patel@hashicorp.com>
pull/18692/head
Dhia Ayachi 1 year ago committed by GitHub
parent 60b0485497
commit ec507fe4a8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -56,10 +56,14 @@ var BarV1Alpha1Type = &pbresource.Type{
func RegisterTypes(r resource.Registry) { func RegisterTypes(r resource.Registry) {
r.Register(resource.Registration{ r.Register(resource.Registration{
Type: BarV1Alpha1Type, Type: BarV1Alpha1Type,
Scope: resource.ScopePartition,
Proto: &pbv1alpha1.Bar{}, Proto: &pbv1alpha1.Bar{},
}) })
} }
``` ```
Note that Scope reference the scope of the new resource, `resource.ScopePartition`
mean that resource will be at the partition level and have no namespace, while `resource.ScopeNamespace` mean it will have both a namespace
and a partition.
Update the `NewTypeRegistry` method in [`type_registry.go`] to call your Update the `NewTypeRegistry` method in [`type_registry.go`] to call your
package's type registration method: package's type registration method:
@ -141,6 +145,7 @@ func RegisterTypes(r resource.Registry) {
r.Register(resource.Registration{ r.Register(resource.Registration{
Type: BarV1Alpha1Type, Type: BarV1Alpha1Type,
Proto: &pbv1alpha1.Bar{}, Proto: &pbv1alpha1.Bar{},
Scope: resource.ScopeNamespace,
Validate: validateBar, Validate: validateBar,
}) })
} }
@ -173,6 +178,7 @@ func RegisterTypes(r resource.Registry) {
r.Register(resource.Registration{ r.Register(resource.Registration{
Type: BarV1Alpha1Type, Type: BarV1Alpha1Type,
Proto: &pbv1alpha1.Bar{}, Proto: &pbv1alpha1.Bar{},
Scope: resource.ScopeNamespace,
ACLs: &resource.ACLHooks{, ACLs: &resource.ACLHooks{,
Read: authzReadBar, Read: authzReadBar,
Write: authzWriteBar, Write: authzWriteBar,
@ -181,19 +187,19 @@ func RegisterTypes(r resource.Registry) {
}) })
} }
func authzReadBar(authz acl.Authorizer, id *pbresource.ID) error { func authzReadBar(authz acl.Authorizer, authzContext *acl.AuthorizerContext, id *pbresource.ID) error {
return authz.ToAllowAuthorizer(). return authz.ToAllowAuthorizer().
BarReadAllowed(id.Name, resource.AuthorizerContext(id.Tenancy)) BarReadAllowed(id.Name, authzContext)
} }
func authzWriteBar(authz acl.Authorizer, id *pbresource.ID) error { func authzWriteBar(authz acl.Authorizer, authzContext *acl.AuthorizerContext, res *pbresource.Resource) error {
return authz.ToAllowAuthorizer(). return authz.ToAllowAuthorizer().
BarWriteAllowed(id.Name, resource.AuthorizerContext(id.Tenancy)) BarWriteAllowed(res.ID().Name, authzContext)
} }
func authzListBar(authz acl.Authorizer, ten *pbresource.Tenancy) error { func authzListBar(authz acl.Authorizer, authzContext *acl.AuthorizerContext) error {
return authz.ToAllowAuthorizer(). return authz.ToAllowAuthorizer().
BarListAllowed(resource.AuthorizerContext(ten)) BarListAllowed(authzContext)
} }
``` ```
@ -211,6 +217,7 @@ func RegisterTypes(r resource.Registry) {
r.Register(resource.Registration{ r.Register(resource.Registration{
Type: BarV1Alpha1Type, Type: BarV1Alpha1Type,
Proto: &pbv1alpha1.Bar{}, Proto: &pbv1alpha1.Bar{},
Scope: resource.ScopeNamespace,
Mutate: mutateBar, Mutate: mutateBar,
}) })
} }

Loading…
Cancel
Save