Add a listing of all possible permissions for OSS and Enterprise

chronograf.go

@@ -54,6 +54,8 @@ type TimeSeries interface {
 	Connect(context.Context, *Source) error
 	// UsersStore represents the user accounts within the TimeSeries database
 	Users(context.Context) UsersStore
+	// Allowances returns all valid names permissions in this database
+	Allowances(context.Context) Allowances
 }
 
 // Range represents an upper and lower bound for data

enterprise/enterprise.go

@@ -99,10 +99,36 @@ func (c *Client) Query(ctx context.Context, q chronograf.Query) (chronograf.Resp
 	return c.nextDataNode().Query(ctx, q)
 }
 
+// Users is the interface to the users within Influx Enterprise
 func (c *Client) Users(context.Context) chronograf.UsersStore {
 	return c
 }
 
+// Allowances returns all Influx Enterprise permission strings
+func (c *Client) Allowances(context.Context) chronograf.Allowances {
+	return chronograf.Allowances{
+		"NoPermissions",
+		"ViewAdmin",
+		"ViewChronograf",
+		"CreateDatabase",
+		"CreateUserAndRole",
+		"AddRemoveNode",
+		"DropDatabase",
+		"DropData",
+		"ReadData",
+		"WriteData",
+		"Rebalance",
+		"ManageShard",
+		"ManageContinuousQuery",
+		"ManageQuery",
+		"ManageSubscription",
+		"Monitor",
+		"CopyShard",
+		"KapacitorAPI",
+		"KapacitorConfigAPI",
+	}
+}
+
 // nextDataNode retrieves the next available data node
 func (c *Client) nextDataNode() chronograf.TimeSeries {
 	c.dataNodes = c.dataNodes.Next()

enterprise/meta_client.go

@@ -13,12 +13,14 @@ import (
 	"github.com/influxdata/chronograf"
 )
 
+// MetaClient represents a Meta node in an Influx Enterprise cluster
 type MetaClient struct {
 	MetaHostPort string
 	Username     string
 	Password     string
 }
 
+// ShowCluster returns the cluster configuration (not health)
 func (t *MetaClient) ShowCluster(ctx context.Context) (*Cluster, error) {
 	res, err := t.Do(ctx, "GET", "/show-cluster", nil, nil)
 	if err != nil {
@@ -56,6 +58,7 @@ func (t *MetaClient) Users(ctx context.Context, name *string) (*Users, error) {
 	return users, nil
 }
 
+// User returns a single Influx Enterprise user
 func (t *MetaClient) User(ctx context.Context, name string) (*User, error) {
 	users, err := t.Users(ctx, &name)
 	if err != nil {
@@ -67,14 +70,17 @@ func (t *MetaClient) User(ctx context.Context, name string) (*User, error) {
 	return nil, fmt.Errorf("No user found")
 }
 
+// CreateUser adds a user to Influx Enterprise
 func (t *MetaClient) CreateUser(ctx context.Context, name, passwd string) error {
 	return t.CreateUpdateUser(ctx, "create", name, passwd)
 }
 
+// ChangePassword updates a user's password in Influx Enterprise
 func (t *MetaClient) ChangePassword(ctx context.Context, name, passwd string) error {
 	return t.CreateUpdateUser(ctx, "change-password", name, passwd)
 }
 
+// CreateUpdateUser is a helper function to POST to the /user Influx Enterprise endpoint
 func (t *MetaClient) CreateUpdateUser(ctx context.Context, action, name, passwd string) error {
 	a := &UserAction{
 		Action: action,
@@ -86,6 +92,7 @@ func (t *MetaClient) CreateUpdateUser(ctx context.Context, action, name, passwd
 	return t.Post(ctx, "/user", a, nil)
 }
 
+// DeleteUser removes a user from Influx Enterprise
 func (t *MetaClient) DeleteUser(ctx context.Context, name string) error {
 	a := &UserAction{
 		Action: "delete",
@@ -97,6 +104,7 @@ func (t *MetaClient) DeleteUser(ctx context.Context, name string) error {
 	return t.Post(ctx, "/user", a, nil)
 }
 
+// RemoveAllUserPerms revokes all permissions for a user in Influx Enterprise
 func (t *MetaClient) RemoveAllUserPerms(ctx context.Context, name string) error {
 	user, err := t.User(ctx, name)
 	if err != nil {
@@ -137,7 +145,7 @@ func (t *MetaClient) SetUserPerms(ctx context.Context, name string, perms Permis
 	return t.Post(ctx, "/user", a, nil)
 }
 
-// Users gets all the roles.  If name is not nil it filters for a single role
+// Roles gets all the roles.  If name is not nil it filters for a single role
 func (t *MetaClient) Roles(ctx context.Context, name *string) (*Roles, error) {
 	params := map[string]string{}
 	if name != nil {
@@ -158,6 +166,7 @@ func (t *MetaClient) Roles(ctx context.Context, name *string) (*Roles, error) {
 	return roles, nil
 }
 
+// Role returns a single named role
 func (t *MetaClient) Role(ctx context.Context, name string) (*Role, error) {
 	roles, err := t.Roles(ctx, &name)
 	if err != nil {
@@ -169,6 +178,7 @@ func (t *MetaClient) Role(ctx context.Context, name string) (*Role, error) {
 	return nil, fmt.Errorf("No role found")
 }
 
+// CreateRole adds a role to Influx Enterprise
 func (t *MetaClient) CreateRole(ctx context.Context, name string) error {
 	a := &RoleAction{
 		Action: "create",
@@ -178,6 +188,8 @@ func (t *MetaClient) CreateRole(ctx context.Context, name string) error {
 	}
 	return t.Post(ctx, "/role", a, nil)
 }
+
+// DeleteRole removes a role from Influx Enterprise
 func (t *MetaClient) DeleteRole(ctx context.Context, name string) error {
 	a := &RoleAction{
 		Action: "delete",
@@ -188,6 +200,7 @@ func (t *MetaClient) DeleteRole(ctx context.Context, name string) error {
 	return t.Post(ctx, "/role", a, nil)
 }
 
+// RemoveAllRolePerms removes all permissions from a role
 func (t *MetaClient) RemoveAllRolePerms(ctx context.Context, name string) error {
 	role, err := t.Role(ctx, name)
 	if err != nil {
@@ -228,6 +241,7 @@ func (t *MetaClient) SetRolePerms(ctx context.Context, name string, perms Permis
 	return t.Post(ctx, "/role", a, nil)
 }
 
+// RemoveAllRoleUsers removes all users from a role
 func (t *MetaClient) RemoveAllRoleUsers(ctx context.Context, name string) error {
 	role, err := t.Role(ctx, name)
 	if err != nil {
@@ -268,6 +282,7 @@ func (t *MetaClient) SetRoleUsers(ctx context.Context, name string, users []stri
 	return t.Post(ctx, "/role", a, nil)
 }
 
+// Post is a helper function to POST to Influx Enterprise
 func (t *MetaClient) Post(ctx context.Context, path string, action interface{}, params map[string]string) error {
 	b, err := json.Marshal(action)
 	if err != nil {
@@ -281,6 +296,7 @@ func (t *MetaClient) Post(ctx context.Context, path string, action interface{},
 	return nil
 }
 
+// do is a helper function to interface with Influx Enterprise's Meta API
 func (t *MetaClient) do(method, path string, params map[string]string, body io.Reader) (*http.Response, error) {
 	p := url.Values{}
 	p.Add("u", t.Username)
@@ -323,6 +339,7 @@ func (t *MetaClient) do(method, path string, params map[string]string, body io.R
 
 }
 
+// Do is a cancelable function to interface with Influx Enterprise's Meta API
 func (t *MetaClient) Do(ctx context.Context, method, path string, params map[string]string, body io.Reader) (*http.Response, error) {
 	type result struct {
 		Response *http.Response

enterprise/mocks_test.go

@@ -86,6 +86,10 @@ func (ts *TimeSeries) Users(ctx context.Context) chronograf.UsersStore {
 	return nil
 }
 
+func (ts *TimeSeries) Allowances(ctx context.Context) chronograf.Allowances {
+	return chronograf.Allowances{}
+}
+
 func NewMockTimeSeries(urls ...string) *TimeSeries {
 	return &TimeSeries{
 		URLs:     urls,

enterprise/types.go

@@ -7,6 +7,7 @@ type Cluster struct {
 	MetaNodes []Node     `json:"meta"`
 }
 
+// DataNode represents a data node in an Influx Enterprise Cluster
 type DataNode struct {
 	ID         uint64 `json:"id"`               // Meta store ID.
 	TCPAddr    string `json:"tcpAddr"`          // RPC addr, e.g., host:8088.
@@ -15,6 +16,7 @@ type DataNode struct {
 	Status     string `json:"status,omitempty"` // The cluster status of the node.
 }
 
+// Node represent any meta or data node in an Influx Enterprise cluster
 type Node struct {
 	ID         uint64 `json:"id"`
 	Addr       string `json:"addr"`
@@ -33,6 +35,7 @@ type User struct {
 	Permissions Permissions `json:"permissions,omitempty"`
 }
 
+// Users represents a set of enterprise users.
 type Users struct {
 	Users []User `json:"users,omitempty"`
 }
@@ -43,6 +46,7 @@ type UserAction struct {
 	User   *User  `json:"user"`
 }
 
+// Role is a restricted set of permissions assigned to a set of users.
 type Role struct {
 	Name        string      `json:"name"`
 	NewName     string      `json:"newName,omitempty"`
@@ -50,6 +54,7 @@ type Role struct {
 	Users       []string    `json:"users,omitempty"`
 }
 
+// Roles is a set of roles
 type Roles struct {
 	Roles []Role `json:"roles,omitempty"`
 }
@@ -60,6 +65,7 @@ type RoleAction struct {
 	Role   *Role  `json:"role"`
 }
 
+// Error is JSON error message return by Influx Enterprise's meta API.
 type Error struct {
 	Error string `json:"error"`
 }

enterprise/users.go

@@ -6,7 +6,7 @@ import (
 	"github.com/influxdata/chronograf"
 )
 
-// Create a new User in Influx Enterprise
+// Add creates a new User in Influx Enterprise
 func (c *Client) Add(ctx context.Context, u *chronograf.User) (*chronograf.User, error) {
 	if err := c.Ctrl.CreateUser(ctx, u.Name, u.Passwd); err != nil {
 		return nil, err

influx/permissions.go

@@ -1,6 +1,7 @@
 package influx
 
 import (
+	"context"
 	"fmt"
 
 	"github.com/influxdata/chronograf"
@@ -25,6 +26,11 @@ var (
 	Write = "WRITE"
 )
 
+// Allowances return just READ and WRITE for OSS Influx
+func (c *Client) Allowances(context.Context) chronograf.Allowances {
+	return chronograf.Allowances{"READ", "WRITE"}
+}
+
 // showResults is used to deserialize InfluxQL SHOW commands
 type showResults []struct {
 	Series []struct {