Allow downstream builds to stage create admissions#475
Draft
ilackarms wants to merge 1 commit into
Draft
Conversation
Create approval needs a production-neutral interception point: downstream enterprise code must be able to validate a create, persist it outside the v1alpha1 tables, and report a staged apply result without running post-upsert hooks. This adds a create-stager hook, staged apply status, and resolver wrapper plumbing while keeping the default OSS path unchanged. The wrapper lets downstream builds decide whether non-production references should validate before CRUD and batch apply handlers capture the shared resolver. Constraint: Enterprise approval rows must not create deployment side effects before admin approval. Rejected: Stage after production upsert | would create runtime deployments before admission approval. Rejected: Enterprise-only fork of /v0/apply | would drift from the shared resource pipeline. Confidence: high Scope-risk: moderate Directive: Keep deployment reconciliation behind production upsert/post-upsert; staged creates must not run PostUpsert hooks. Tested: rtk go test ./... Tested: go test ./internal/registry/api/router Not-tested: Live enterprise docker approval e2e in OSS repo; covered by enterprise e2e compile and integration tests.
ilackarms
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Adds a small OSS extension seam that lets downstream builds stage create attempts before production upsert. The shared resource apply path now accepts a create-staging hook, returns a staged apply result, and exposes finalized resource-route context so downstream code can reuse the same stores, validators, post hooks, and authorization wiring as normal v1alpha1 resources.
This keeps OSS behavior unchanged by default while giving downstream approval flows a narrow integration point instead of duplicating the generic resource pipeline.
Change Type
/kind feature
Changelog
Additional Notes
Validation run locally:
go test ./...git diff --check origin/main...HEADThis PR is the OSS prerequisite for the downstream approval-flow PR.