Commit Graph

5 Commits (caaff7333789fa54dd3e69952ad8812a16a4c462)

Author SHA1 Message Date
R.B. Boyer ef6f2494c7
resource: allow for the ACLs.Read hook to request the entire data payload to perform the authz check (#18925)
The ACLs.Read hook for a resource only allows for the identity of a 
resource to be passed in for use in authz consideration. For some 
resources we wish to allow for the current stored value to dictate how 
to enforce the ACLs (such as reading a list of applicable services from 
the payload and allowing service:read on any of them to control reading the enclosing resource).

This change update the interface to usually accept a *pbresource.ID, 
but if the hook decides it needs more data it returns a sentinel error 
and the resource service knows to defer the authz check until after
 fetching the data from storage.
2023-09-22 09:53:55 -05:00
Matt Keeler 53fcc5d9a5
Add protoc generator to emit resource type variables (#18957)
The annotations include a little more data than is strictly necessary because we will also have a protoc generator for openapi output.
2023-09-21 17:18:47 -04:00
Dhia Ayachi ec507fe4a8
update guide to reflect tenancy and scope (#18687)
* update guide to reflect tenancy and scope

* Apply suggestions from code review

Co-authored-by: Semir Patel <semir.patel@hashicorp.com>

* update ACLHooks signature

* Update docs/resources/guide.md

Co-authored-by: Semir Patel <semir.patel@hashicorp.com>

---------

Co-authored-by: Semir Patel <semir.patel@hashicorp.com>
2023-09-06 11:11:43 -04:00
wangxinyi7 e7194787a7
re org resource type registry (#18133) 2023-07-14 18:00:17 -07:00
Dan Upton f9d14519e8
docs: first pass at a resource/controller developer guide (#17395) 2023-05-24 15:49:32 +01:00