-
Notifications
You must be signed in to change notification settings - Fork 4.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
acl: demonstrate new authz interface #12169
Conversation
3785314
to
8ace474
Compare
e5eda83
to
0eaa784
Compare
@@ -1132,6 +1133,27 @@ func (a ACLResolveResult) AccessorID() string { | |||
return a.ACLIdentity.ID() | |||
} | |||
|
|||
type ACLKVResourceID interface { | |||
KVResourceID() string |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure if we want a separate interface for each resource type, or a small number of interfaces (one for resources with identifiers+entMeta, one for just identifiers, and one for just entMeta).
e4d0b9f
to
343b6de
Compare
0eaa784
to
18767b4
Compare
This pull request has been automatically flagged for inactivity because it has not been acted upon in the last 60 days. It will be closed if no new activity occurs in the next 30 days. Please feel free to re-open to resurrect the change if you feel this has happened by mistake. Thank you for your contributions. |
Closing due to inactivity. If you feel this was a mistake or you wish to re-open at any time in the future, please leave a comment and it will be re-surfaced for the maintainers to review. |
Branched from #12167, demonstrates the authorization interface proposed in #11690.
This PR also demonstrates how we can used a typed error, built in a centralized place, to provide better error messages when permission is denied.
TODO:
Cause
field fromPermissionDeniedError
ACLResolveResult
and the types used in its method signatures to a new package underacl/
maybeacl/aclauthz
or something like that.