Project
In the 'project.go' file, change the struct and constructor to:
type projectService struct {
txProvider database.TxProvider
repo repositories.ProjectRepo
cerberusClient cerberus.CerberusClient
}
func NewProjectService(
txProvider database.TxProvider,
repo repositories.ProjectRepo,
cerberusClient cerberus.CerberusClient) ProjectService {
return &projectService{
txProvider: txProvider,
repo: repo,
cerberusClient: cerberusClient,
}
}
And the 'Create' function:
.
.
.
err = s.cerberusClient.ExecuteWithCtx(ctx, s.cerberusClient.CreateResourceCmd(project.Id, accountId, common.Project_RT))
if err != nil {
if rbe := tx.Rollback(); rbe != nil {
err = fmt.Errorf("rollback error (%v) after %w", rbe, err)
}
return repositories.Project{}, err
}
return project, tx.Commit()
This simply creates a corresponding Project resource on Cerberus every time a project is created.
Because of the way we've set up our policies, new resources under an account will already be included in the account permissions, so you don't have to create default permissions here.
However, you might choose to not have transitive permissions, and thus would be required to create default permissions for every resource created, otherwise it would be inaccessible if you also have controller checks in place.
Last updated