2d8d2dcee7
Implement basic bolt OrganizationsStore
2017-10-20 11:13:13 -04:00
2447185071
Add bolt implementation of OrganizationsStore
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-20 09:17:00 -05:00
08cf76ea2b
Define Organization and OrganizationsStore
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-20 10:10:38 -04:00
4b445b10d1
Merge pull request #2132 from influxdata/multitenancy_authorize_role
...
Role based authorization
2017-10-19 14:55:01 -05:00
4454d8c7b8
Add clarifying comment for InfluxDB UID being Name
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-19 14:42:34 -05:00
bed327b999
Add test coverage for Get with empty User
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-19 14:39:06 -05:00
c261ffadde
Update route authorization by Role
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-19 14:33:08 -05:00
c994e8c5ac
Set Scheme to be OAuth2 explicitly for all users
...
Add Provider to Users authenticated via /me
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-19 14:32:33 -05:00
c1b56f241d
Fix formating of server/auth.go
2017-10-19 12:54:06 -04:00
c69925558d
Add tests for retrieving user by name and provider
...
Fix incorrect error message
Cleanup old Get user test
2017-10-19 12:52:46 -04:00
34414df016
Fix wrong authorization level on selected routes
...
Fix leaking of username on failed authorization
Add comment to chronograf.UserQuery
Fix logic in hasPrivilege method
2017-10-18 15:45:06 -04:00
4687ecf794
Use new chonograf.UserStore Get method when needed
...
Refactor tests that were dependent of old implementation of UsersStore
2017-10-18 14:45:33 -04:00
0d235f646d
Generalize chronograf.UsersStore Get method
...
The `Get` method on the UsersStore was generalize by changing the second
parameter to a struct. This allows the Store to retrieve users by more
than simply their name.
-Get(ctx context.Context, name string) (*User, error)
+Get(ctx context.Context, q UserQuery) (*User, error)
2017-10-18 14:17:42 -04:00
e0f4ac74d1
Add comment to AuthorizedUser
2017-10-18 12:45:58 -04:00
fb6d91df9f
Wrap routes with Authorization middleware
2017-10-18 12:40:17 -04:00
28fac10baa
Add AuthorizedUser middleware
2017-10-18 12:35:40 -04:00
f0f5bc071b
Extract logic for getting user by name & provider
2017-10-18 12:34:23 -04:00
b86164e710
Modify /me to match User via UsersStore.All & principal's Issuer
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-16 19:58:02 -05:00
d27be61b8b
Rename getEmail func & email var to getUsername & username
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-16 19:58:02 -05:00
b85ba866ab
Merge pull request #2113 from influxdata/multitenancy_rename_role_sourcerole
...
MULTITENANCY: Rename Role CRUD methods & structs w Source prefix
2017-10-16 19:51:38 -05:00
48fc9ac404
Merge pull request #2114 from influxdata/multitenancy_set_role
...
MULTITENANCY: Set the role of a user
2017-10-16 19:50:15 -05:00
5d4ac3c167
Lowercase string consts for role names
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-16 19:42:57 -05:00
7a45bba4f7
Place user role consts and vars in server package
...
This also decouples the bolt tests from the server package.
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-16 18:43:56 -05:00
8e298437c5
Replace string slices of role names with slices of chronograf.Role
...
This effectively reinstants rolly polly as king.
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-16 18:26:08 -05:00
00004a33da
Use cmp.Diff for user equality comparison
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-16 16:46:20 -05:00
3cdc6df215
Vendor github.com/google/go-cmp/cmp/cmpopts
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-16 16:35:40 -05:00
2f1e128c61
Suggest valid options in Invalid Role error message
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-16 15:56:43 -05:00
1b6f8e8ad9
Add comments for role types
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-16 15:33:29 -05:00
8fe197b02f
Clean up redundant error checks
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-16 14:33:47 -05:00
d2f5706acb
Add test coverage for userRequest validation
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-16 14:28:15 -05:00
351f762ed2
Remove unnecessary logic in ValidRoles guard
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-16 13:58:16 -05:00
2281adb33d
Modify chronograf user roles to only use role name
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-16 14:44:34 -04:00
af0b8419b7
Remove explicit chronograf user permisions
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-16 14:19:42 -04:00
84be5f7128
Modify User req & res to receive & give Role names only
...
Role members are fully explicated for CRUD operations.
Also adds validation for Roles on requests.
Also returns an empty array in JSON when a User has no roles.
2017-10-16 14:18:34 -04:00
25faaa02df
Add Roles to Users CRUD
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-12 17:42:30 -07:00
255541ee0a
Add name to bolt UsersStore test
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-12 20:01:35 -04:00
71ca669283
Make chronograf user roles explicit vars
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-12 19:58:45 -04:00
250eb9b730
Factor out code in common bolt UsersStore tests
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-12 19:52:34 -04:00
e25ac2045c
Use numberic style ID in UsersStore Get test
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-12 19:37:51 -04:00
7b8e424f03
Regenerate protoc to remove formatting changes
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-12 19:33:46 -04:00
ac9984c799
Remove unused concept of RolesStore
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-12 19:33:31 -04:00
924c890862
Refactor bolt UsersStore to use ID instead of name
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-12 19:33:16 -04:00
f1a496b449
Add tests for updating user in boltdb
...
Adds tests for updating roles, provider, and scheme
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-12 19:32:54 -04:00
4761f4454c
Set ID on retrieved user from boltdb
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-12 19:32:35 -04:00
7f4af358ae
Add roles to boltdb UsersStore
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-12 19:31:44 -04:00
5947427e3f
Update bolt UsersStore for updated chronograf User
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-12 19:31:26 -04:00
334a3c5d34
Refactor bolt.RolesStore to use bolt.UsersStore
...
Add definitions for user roles and permissions in chronograf package
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-12 19:31:15 -04:00
c4eedd8c47
Remove old bolt implementation of RoleStore
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-12 19:31:06 -04:00
385a534ae2
Refactor Roles & Protobuf to be part of User msg
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-12 19:30:50 -04:00
b7e7aa9c5d
WIP: Add BoltDB implementation of RolesStore
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-12 19:30:34 -04:00
Michael Desa
Jared Scheib
Jared Scheib