Skip to content

Commit

Permalink
Address review concerns, re-factor and improve code quality
Browse files Browse the repository at this point in the history
Signed-off-by: Bailin He <[email protected]>
  • Loading branch information
bailinhe committed Mar 20, 2024
1 parent c5fd68b commit 0080dfb
Show file tree
Hide file tree
Showing 6 changed files with 317 additions and 258 deletions.
4 changes: 2 additions & 2 deletions cmd/schema.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ var (
schemaCmd = &cobra.Command{
Use: "schema",
Short: "write the schema into SpiceDB",
Run: func(cmd *cobra.Command, args []string) {
Run: func(cmd *cobra.Command, _ []string) {
writeSchema(cmd.Context(), dryRun, globalCfg)
},
}
Expand All @@ -43,7 +43,7 @@ func init() {
}
}

func writeSchema(ctx context.Context, dryRun bool, cfg *config.AppConfig) {
func writeSchema(_ context.Context, dryRun bool, cfg *config.AppConfig) {
var (
err error
policy iapl.Policy
Expand Down
6 changes: 2 additions & 4 deletions docs/rbac.md
Original file line number Diff line number Diff line change
Expand Up @@ -36,12 +36,10 @@ In the IAPL, a new `rbac` directive is introduced to define the RBAC configurati
property | yaml | type | description
-|-|-|-
RoleResource |`rbac.roleresource`| string | name of the resource type that represents a role.
RoleRelationshipSubject |`rbac.rolerelationshipsubject`| string | name of the relationship that connects a role to a subject.
RoleOwners |`rbac.roleowners`| []string | names of the resource types that can own a role.
RoleSubjectTypes |`rbac.rolesubjecttypes`| string | a list of subject types that the relationships in a role resource will contain.
RoleOwners |`rbac.roleowners`| []string | the list of resource types that can own a role. These resources should be (but not limited to) organizational resources like tenant, organization, project, group, etc When a role is owned by an entity, say a group, that means this role will be available to perform role-bindings for resources that are owned by this group and its subgroups. The RoleOwners relationship is particularly useful to limit access to custom roles.
RoleBindingResource |`rbac.rolebindingresource`| string | name of the resource type that represents a role binding.
RoleBindingSubjects |`rbac.rolebindingsubjects`| []string | names of the resource types that can be subjects in a role binding.
RolebindingPermissionsPrefix |`rbac.rolebindingpermissionsprefix`| string | generates the permissions sets to manage role bindings,
GrantRelationship |`rbac.grantrelationship`| string | name of the relationship that connects a role binding to a resource. e.g. rolebinding_create, rolebinding_list, rolebinding_delete, etc.

For example, consider the following spicedb schema:

Expand Down
Loading

0 comments on commit 0080dfb

Please sign in to comment.