influxdb/tenant/service_onboarding.go

package tenant

import (
	"context"
	"fmt"
	"time"

	"github.com/influxdata/influxdb/v2"
	"github.com/influxdata/influxdb/v2/kv"
)

type OnboardService struct {
	service     *Service
	authSvc     influxdb.AuthorizationService
	alwaysAllow bool
}

type OnboardServiceOptionFn func(*OnboardService)

// WithAlwaysAllowInitialUser configures the OnboardService to
// always return true for IsOnboarding to allow multiple
// initial onboard requests.
func WithAlwaysAllowInitialUser() OnboardServiceOptionFn {
	return func(s *OnboardService) {
		s.alwaysAllow = true
	}
}

func NewOnboardService(svc *Service, as influxdb.AuthorizationService, opts ...OnboardServiceOptionFn) influxdb.OnboardingService {
	s := &OnboardService{
		service: svc,
		authSvc: as,
	}

	for _, opt := range opts {
		opt(s)
	}

	return s
}

// IsOnboarding determine if onboarding request is allowed.
func (s *OnboardService) IsOnboarding(ctx context.Context) (bool, error) {
	if s.alwaysAllow {
		return true, nil
	}

	allowed := false
	err := s.service.store.View(ctx, func(tx kv.Tx) error {
		// we are allowed to onboard a user if we have no users or orgs
		users, _ := s.service.store.ListUsers(ctx, tx, influxdb.FindOptions{Limit: 1})
		orgs, _ := s.service.store.ListOrgs(ctx, tx, influxdb.FindOptions{Limit: 1})
		if len(users) == 0 && len(orgs) == 0 {
			allowed = true
		}
		return nil
	})
	return allowed, err
}

// OnboardInitialUser allows us to onboard a new user if is onboarding is allowd
func (s *OnboardService) OnboardInitialUser(ctx context.Context, req *influxdb.OnboardingRequest) (*influxdb.OnboardingResults, error) {
	allowed, err := s.IsOnboarding(ctx)
	if err != nil {
		return nil, err
	}

	if !allowed {
		return nil, ErrOnboardingNotAllowed
	}

	return s.onboardUser(ctx, req, func(influxdb.ID) []influxdb.Permission { return influxdb.OperPermissions() })
}

// OnboardUser allows us to onboard a new user if is onboarding is allowed
func (s *OnboardService) OnboardUser(ctx context.Context, req *influxdb.OnboardingRequest) (*influxdb.OnboardingResults, error) {
	return s.onboardUser(ctx, req, influxdb.OwnerPermissions)
}

// onboardUser allows us to onboard new users.
func (s *OnboardService) onboardUser(ctx context.Context, req *influxdb.OnboardingRequest, permFn func(orgID influxdb.ID) []influxdb.Permission) (*influxdb.OnboardingResults, error) {
	if req == nil || req.User == "" || req.Org == "" || req.Bucket == "" {
		return nil, ErrOnboardInvalid
	}

	result := &influxdb.OnboardingResults{}

	// create a user
	user := &influxdb.User{
		Name:   req.User,
		Status: influxdb.Active,
	}

	if err := s.service.CreateUser(ctx, user); err != nil {
		return nil, err
	}

	// create users password
	if req.Password != "" {
		s.service.SetPassword(ctx, user.ID, req.Password)
	}

	// create users org
	org := &influxdb.Organization{
		Name: req.Org,
	}

	if err := s.service.CreateOrganization(ctx, org); err != nil {
		return nil, err
	}

	// create urm
	err := s.service.CreateUserResourceMapping(ctx, &influxdb.UserResourceMapping{
		UserID:       user.ID,
		UserType:     influxdb.Owner,
		MappingType:  influxdb.UserMappingType,
		ResourceType: influxdb.OrgsResourceType,
		ResourceID:   org.ID,
	})

	if err != nil {
		return nil, err
	}

	// create orgs buckets
	ub := &influxdb.Bucket{
		OrgID:           org.ID,
		Name:            req.Bucket,
		Type:            influxdb.BucketTypeUser,
		RetentionPeriod: time.Duration(req.RetentionPeriod) * time.Hour,
	}

	if err := s.service.CreateBucket(ctx, ub); err != nil {
		return nil, err
	}

	result.User = user
	result.Org = org
	result.Bucket = ub

	// bolt doesn't lock per collection or record so we have to close our transaction
	// before we can reach out to the auth service.
	result.Auth = &influxdb.Authorization{
		Description: fmt.Sprintf("%s's Token", req.User),
		Permissions: permFn(result.Org.ID),
		Token:       req.Token,
		UserID:      result.User.ID,
		OrgID:       result.Org.ID,
	}

	return result, s.authSvc.CreateAuthorization(ctx, result.Auth)
}
feat(tenant): Build out the onboarding system in tenant and integrate it into launcher (#17558) We are adding in a setup/user route this is not in swagger at the moment but will be added once we feel it is stable. 2020-04-06 21:58:15 +00:00			`package tenant`

			`import (`
			`"context"`
			`"fmt"`
			`"time"`

			`"github.com/influxdata/influxdb/v2"`
			`"github.com/influxdata/influxdb/v2/kv"`
			`)`

			`type OnboardService struct {`
fix(launcher): Fix launcher tests 2020-08-03 22:17:37 +00:00			`service *Service`
			`authSvc influxdb.AuthorizationService`
			`alwaysAllow bool`
feat(tenant): Build out the onboarding system in tenant and integrate it into launcher (#17558) We are adding in a setup/user route this is not in swagger at the moment but will be added once we feel it is stable. 2020-04-06 21:58:15 +00:00			`}`

fix(launcher): Fix launcher tests 2020-08-03 22:17:37 +00:00			`type OnboardServiceOptionFn func(*OnboardService)`

			`// WithAlwaysAllowInitialUser configures the OnboardService to`
			`// always return true for IsOnboarding to allow multiple`
			`// initial onboard requests.`
			`func WithAlwaysAllowInitialUser() OnboardServiceOptionFn {`
			`return func(s *OnboardService) {`
			`s.alwaysAllow = true`
			`}`
			`}`

			`func NewOnboardService(svc *Service, as influxdb.AuthorizationService, opts ...OnboardServiceOptionFn) influxdb.OnboardingService {`
			`s := &OnboardService{`
chore: update task tests to use the tenant service (#19169) * chore: update task tests to use the tenant service After the introduction of the tenant system we need to switch the testing frameworks to use it instead of the old kv system * chore: update onboarding to allow injected middleware 2020-08-03 15:33:46 +00:00			`service: svc,`
feat(tenant): Build out the onboarding system in tenant and integrate it into launcher (#17558) We are adding in a setup/user route this is not in swagger at the moment but will be added once we feel it is stable. 2020-04-06 21:58:15 +00:00			`authSvc: as,`
			`}`
fix(launcher): Fix launcher tests 2020-08-03 22:17:37 +00:00
			`for _, opt := range opts {`
			`opt(s)`
			`}`

			`return s`
feat(tenant): Build out the onboarding system in tenant and integrate it into launcher (#17558) We are adding in a setup/user route this is not in swagger at the moment but will be added once we feel it is stable. 2020-04-06 21:58:15 +00:00			`}`

			`// IsOnboarding determine if onboarding request is allowed.`
			`func (s *OnboardService) IsOnboarding(ctx context.Context) (bool, error) {`
fix(launcher): Fix launcher tests 2020-08-03 22:17:37 +00:00			`if s.alwaysAllow {`
			`return true, nil`
			`}`
fix: go fmt to satisfy go linter 2020-08-26 17:28:35 +00:00
feat(tenant): Build out the onboarding system in tenant and integrate it into launcher (#17558) We are adding in a setup/user route this is not in swagger at the moment but will be added once we feel it is stable. 2020-04-06 21:58:15 +00:00			`allowed := false`
chore: update task tests to use the tenant service (#19169) * chore: update task tests to use the tenant service After the introduction of the tenant system we need to switch the testing frameworks to use it instead of the old kv system * chore: update onboarding to allow injected middleware 2020-08-03 15:33:46 +00:00			`err := s.service.store.View(ctx, func(tx kv.Tx) error {`
feat(tenant): Build out the onboarding system in tenant and integrate it into launcher (#17558) We are adding in a setup/user route this is not in swagger at the moment but will be added once we feel it is stable. 2020-04-06 21:58:15 +00:00			`// we are allowed to onboard a user if we have no users or orgs`
chore: update task tests to use the tenant service (#19169) * chore: update task tests to use the tenant service After the introduction of the tenant system we need to switch the testing frameworks to use it instead of the old kv system * chore: update onboarding to allow injected middleware 2020-08-03 15:33:46 +00:00			`users, _ := s.service.store.ListUsers(ctx, tx, influxdb.FindOptions{Limit: 1})`
			`orgs, _ := s.service.store.ListOrgs(ctx, tx, influxdb.FindOptions{Limit: 1})`
feat(tenant): Build out the onboarding system in tenant and integrate it into launcher (#17558) We are adding in a setup/user route this is not in swagger at the moment but will be added once we feel it is stable. 2020-04-06 21:58:15 +00:00			`if len(users) == 0 && len(orgs) == 0 {`
			`allowed = true`
			`}`
			`return nil`
			`})`
			`return allowed, err`
			`}`

			`// OnboardInitialUser allows us to onboard a new user if is onboarding is allowd`
			`func (s OnboardService) OnboardInitialUser(ctx context.Context, req influxdb.OnboardingRequest) (*influxdb.OnboardingResults, error) {`
			`allowed, err := s.IsOnboarding(ctx)`
			`if err != nil {`
			`return nil, err`
			`}`

			`if !allowed {`
			`return nil, ErrOnboardingNotAllowed`
			`}`

			`return s.onboardUser(ctx, req, func(influxdb.ID) []influxdb.Permission { return influxdb.OperPermissions() })`
			`}`

fix: password length (#18041) * fix: password length * chore: go mod tidy * chore: switch err message * chore: remove backend validation 2020-05-12 17:14:09 +00:00			`// OnboardUser allows us to onboard a new user if is onboarding is allowed`
feat(tenant): Build out the onboarding system in tenant and integrate it into launcher (#17558) We are adding in a setup/user route this is not in swagger at the moment but will be added once we feel it is stable. 2020-04-06 21:58:15 +00:00			`func (s OnboardService) OnboardUser(ctx context.Context, req influxdb.OnboardingRequest) (*influxdb.OnboardingResults, error) {`
			`return s.onboardUser(ctx, req, influxdb.OwnerPermissions)`
			`}`

			`// onboardUser allows us to onboard new users.`
			`func (s OnboardService) onboardUser(ctx context.Context, req influxdb.OnboardingRequest, permFn func(orgID influxdb.ID) []influxdb.Permission) (*influxdb.OnboardingResults, error) {`
feat(onboard): allow optional password (#19225) * feat(onboard): allow optional password We can now allow passwords as an optional arguement. This facilitates api only users. 2020-08-05 18:42:17 +00:00			`if req == nil \|\| req.User == "" \|\| req.Org == "" \|\| req.Bucket == "" {`
feat(tenant): Build out the onboarding system in tenant and integrate it into launcher (#17558) We are adding in a setup/user route this is not in swagger at the moment but will be added once we feel it is stable. 2020-04-06 21:58:15 +00:00			`return nil, ErrOnboardInvalid`
			`}`

			`result := &influxdb.OnboardingResults{}`

chore: update task tests to use the tenant service (#19169) * chore: update task tests to use the tenant service After the introduction of the tenant system we need to switch the testing frameworks to use it instead of the old kv system * chore: update onboarding to allow injected middleware 2020-08-03 15:33:46 +00:00			`// create a user`
			`user := &influxdb.User{`
			`Name: req.User,`
			`Status: influxdb.Active,`
			`}`
feat(tenant): Build out the onboarding system in tenant and integrate it into launcher (#17558) We are adding in a setup/user route this is not in swagger at the moment but will be added once we feel it is stable. 2020-04-06 21:58:15 +00:00
chore: update task tests to use the tenant service (#19169) * chore: update task tests to use the tenant service After the introduction of the tenant system we need to switch the testing frameworks to use it instead of the old kv system * chore: update onboarding to allow injected middleware 2020-08-03 15:33:46 +00:00			`if err := s.service.CreateUser(ctx, user); err != nil {`
			`return nil, err`
			`}`
feat(tenant): Build out the onboarding system in tenant and integrate it into launcher (#17558) We are adding in a setup/user route this is not in swagger at the moment but will be added once we feel it is stable. 2020-04-06 21:58:15 +00:00
chore: update task tests to use the tenant service (#19169) * chore: update task tests to use the tenant service After the introduction of the tenant system we need to switch the testing frameworks to use it instead of the old kv system * chore: update onboarding to allow injected middleware 2020-08-03 15:33:46 +00:00			`// create users password`
			`if req.Password != "" {`
			`s.service.SetPassword(ctx, user.ID, req.Password)`
			`}`
feat(tenant): Build out the onboarding system in tenant and integrate it into launcher (#17558) We are adding in a setup/user route this is not in swagger at the moment but will be added once we feel it is stable. 2020-04-06 21:58:15 +00:00
chore: update task tests to use the tenant service (#19169) * chore: update task tests to use the tenant service After the introduction of the tenant system we need to switch the testing frameworks to use it instead of the old kv system * chore: update onboarding to allow injected middleware 2020-08-03 15:33:46 +00:00			`// create users org`
			`org := &influxdb.Organization{`
			`Name: req.Org,`
			`}`
feat(tenant): Build out the onboarding system in tenant and integrate it into launcher (#17558) We are adding in a setup/user route this is not in swagger at the moment but will be added once we feel it is stable. 2020-04-06 21:58:15 +00:00
chore: update task tests to use the tenant service (#19169) * chore: update task tests to use the tenant service After the introduction of the tenant system we need to switch the testing frameworks to use it instead of the old kv system * chore: update onboarding to allow injected middleware 2020-08-03 15:33:46 +00:00			`if err := s.service.CreateOrganization(ctx, org); err != nil {`
			`return nil, err`
			`}`
feat(tenant): Build out the onboarding system in tenant and integrate it into launcher (#17558) We are adding in a setup/user route this is not in swagger at the moment but will be added once we feel it is stable. 2020-04-06 21:58:15 +00:00
chore: update task tests to use the tenant service (#19169) * chore: update task tests to use the tenant service After the introduction of the tenant system we need to switch the testing frameworks to use it instead of the old kv system * chore: update onboarding to allow injected middleware 2020-08-03 15:33:46 +00:00			`// create urm`
			`err := s.service.CreateUserResourceMapping(ctx, &influxdb.UserResourceMapping{`
			`UserID: user.ID,`
			`UserType: influxdb.Owner,`
			`MappingType: influxdb.UserMappingType,`
			`ResourceType: influxdb.OrgsResourceType,`
			`ResourceID: org.ID,`
feat(tenant): Build out the onboarding system in tenant and integrate it into launcher (#17558) We are adding in a setup/user route this is not in swagger at the moment but will be added once we feel it is stable. 2020-04-06 21:58:15 +00:00			`})`

			`if err != nil {`
chore: update task tests to use the tenant service (#19169) * chore: update task tests to use the tenant service After the introduction of the tenant system we need to switch the testing frameworks to use it instead of the old kv system * chore: update onboarding to allow injected middleware 2020-08-03 15:33:46 +00:00			`return nil, err`
			`}`

			`// create orgs buckets`
			`ub := &influxdb.Bucket{`
			`OrgID: org.ID,`
			`Name: req.Bucket,`
			`Type: influxdb.BucketTypeUser,`
			`RetentionPeriod: time.Duration(req.RetentionPeriod) * time.Hour,`
feat(tenant): Build out the onboarding system in tenant and integrate it into launcher (#17558) We are adding in a setup/user route this is not in swagger at the moment but will be added once we feel it is stable. 2020-04-06 21:58:15 +00:00			`}`

chore: update task tests to use the tenant service (#19169) * chore: update task tests to use the tenant service After the introduction of the tenant system we need to switch the testing frameworks to use it instead of the old kv system * chore: update onboarding to allow injected middleware 2020-08-03 15:33:46 +00:00			`if err := s.service.CreateBucket(ctx, ub); err != nil {`
			`return nil, err`
			`}`

			`result.User = user`
			`result.Org = org`
			`result.Bucket = ub`

feat(tenant): Build out the onboarding system in tenant and integrate it into launcher (#17558) We are adding in a setup/user route this is not in swagger at the moment but will be added once we feel it is stable. 2020-04-06 21:58:15 +00:00			`// bolt doesn't lock per collection or record so we have to close our transaction`
			`// before we can reach out to the auth service.`
			`result.Auth = &influxdb.Authorization{`
			`Description: fmt.Sprintf("%s's Token", req.User),`
			`Permissions: permFn(result.Org.ID),`
			`Token: req.Token,`
			`UserID: result.User.ID,`
			`OrgID: result.Org.ID,`
			`}`

			`return result, s.authSvc.CreateAuthorization(ctx, result.Auth)`
			`}`