Influxdata
/
influxdb
mirror of https://github.com/influxdata/influxdb.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
influxdb/user_resource_mapping.go

182 lines
4.2 KiB
Go
Raw Normal View History

chore: rename imports from platform to influxdb I did this with a dumb editor macro, so some comments changed too. Also rename root package from platform to influxdb. In interest of minimizing risk, anyone importing the root package has now aliased it to "platform" so that no changes beyond imports were necessary in those files. Lastly, replace the old platform module to local path /dev/null so that nobody can accidentally reintroduce a platform dependency while migrating platform code to influxdb.
2019-01-08 00:37:16 +00:00
package influxdb
owner mapping -> user resource mapping
2018-07-30 21:46:30 +00:00
import (
"context"
feat(influxdb): add support for templates feat(influxdb): add generic store for documents feat(influxdb): support authorizations in document store feat(influxdb): support orgs in user resource mapping feat(influxdb): add read-only included field on documents feat(influxdb): add labels support to documents service fix(influxdb): rename data field to content on documents feat(influxdb): add with org id options for document store feat(http): add templates swagger feat(influxdb): add documentation to document options doc(kv): add documentation for kv document store test(kv): pull document tests in to the testing package fix(http): fix swagger specification of templates endpoints
2019-03-04 17:41:24 +00:00
"encoding/json"
owner mapping -> user resource mapping
2018-07-30 21:46:30 +00:00
"errors"
)
feat(auth): rewrite authorization service (#2157) * feat(view-token-overlay): add view token overlay * test(tokens): update tests * chore(auths): rename mock data file * feat(token-view): clicking on description opens token view modal * feat(token-view): add ability to close overlay * feat(token-view): display token permissions with updated permissions shape * feat(token-view): wip update authorization and permission shapes * feat(auth): wip refactor auth permissions * fix(auth): generate permissions via functions * fix(auth): make Id ID * chore(types): update generated client * feat(auth): wip add user and org names to auth * fix(user): didnt save rebase * feat(auth): WIP refactor auth * feat(auth): check for user existence during auth creation * feat(auth): org must exist during auth creation * fix(auth): pluralize telegrafs resource type * docs(http): update swagger definition for the Authorization * test(auth): fix broken tests * docs(swagger): update cur_swagger Authrorizations * fix(api): remove trace from cur_swag * test(ui/token): update components with new generated type definitions * feat(http): add lookup service adding names for permissions * fix(http): remove debugging panics * chore: go tidy * fix: unsaved rebase * test(idpe): add ids to Authorizations for log tests
2018-12-28 23:02:19 +00:00
var (
// ErrInvalidUserType notes that the provided UserType is invalid
ErrInvalidUserType = errors.New("unknown user type")
feat(influxdb): add support for templates feat(influxdb): add generic store for documents feat(influxdb): support authorizations in document store feat(influxdb): support orgs in user resource mapping feat(influxdb): add read-only included field on documents feat(influxdb): add labels support to documents service fix(influxdb): rename data field to content on documents feat(influxdb): add with org id options for document store feat(http): add templates swagger feat(influxdb): add documentation to document options doc(kv): add documentation for kv document store test(kv): pull document tests in to the testing package fix(http): fix swagger specification of templates endpoints
2019-03-04 17:41:24 +00:00
// ErrInvalidMappingType notes that the provided MappingType is invalid
ErrInvalidMappingType = errors.New("unknown mapping type")
feat(auth): rewrite authorization service (#2157) * feat(view-token-overlay): add view token overlay * test(tokens): update tests * chore(auths): rename mock data file * feat(token-view): clicking on description opens token view modal * feat(token-view): add ability to close overlay * feat(token-view): display token permissions with updated permissions shape * feat(token-view): wip update authorization and permission shapes * feat(auth): wip refactor auth permissions * fix(auth): generate permissions via functions * fix(auth): make Id ID * chore(types): update generated client * feat(auth): wip add user and org names to auth * fix(user): didnt save rebase * feat(auth): WIP refactor auth * feat(auth): check for user existence during auth creation * feat(auth): org must exist during auth creation * fix(auth): pluralize telegrafs resource type * docs(http): update swagger definition for the Authorization * test(auth): fix broken tests * docs(swagger): update cur_swagger Authrorizations * fix(api): remove trace from cur_swag * test(ui/token): update components with new generated type definitions * feat(http): add lookup service adding names for permissions * fix(http): remove debugging panics * chore: go tidy * fix: unsaved rebase * test(idpe): add ids to Authorizations for log tests
2018-12-28 23:02:19 +00:00
// ErrUserIDRequired notes that the ID was not provided
ErrUserIDRequired = errors.New("user id is required")
// ErrResourceIDRequired notes that the provided ID was not provided
ErrResourceIDRequired = errors.New("resource id is required")
)
// UserType can either be owner or member.
owner mapping -> user resource mapping
2018-07-30 21:46:30 +00:00
type UserType string
const (
feat(auth): rewrite authorization service (#2157) * feat(view-token-overlay): add view token overlay * test(tokens): update tests * chore(auths): rename mock data file * feat(token-view): clicking on description opens token view modal * feat(token-view): add ability to close overlay * feat(token-view): display token permissions with updated permissions shape * feat(token-view): wip update authorization and permission shapes * feat(auth): wip refactor auth permissions * fix(auth): generate permissions via functions * fix(auth): make Id ID * chore(types): update generated client * feat(auth): wip add user and org names to auth * fix(user): didnt save rebase * feat(auth): WIP refactor auth * feat(auth): check for user existence during auth creation * feat(auth): org must exist during auth creation * fix(auth): pluralize telegrafs resource type * docs(http): update swagger definition for the Authorization * test(auth): fix broken tests * docs(swagger): update cur_swagger Authrorizations * fix(api): remove trace from cur_swag * test(ui/token): update components with new generated type definitions * feat(http): add lookup service adding names for permissions * fix(http): remove debugging panics * chore: go tidy * fix: unsaved rebase * test(idpe): add ids to Authorizations for log tests
2018-12-28 23:02:19 +00:00
// Owner can read and write to a resource
Owner UserType = "owner" // 1
// Member can read from a resource.
Member UserType = "member" // 2
owner mapping -> user resource mapping
2018-07-30 21:46:30 +00:00
)
feat(auth): rewrite authorization service (#2157) * feat(view-token-overlay): add view token overlay * test(tokens): update tests * chore(auths): rename mock data file * feat(token-view): clicking on description opens token view modal * feat(token-view): add ability to close overlay * feat(token-view): display token permissions with updated permissions shape * feat(token-view): wip update authorization and permission shapes * feat(auth): wip refactor auth permissions * fix(auth): generate permissions via functions * fix(auth): make Id ID * chore(types): update generated client * feat(auth): wip add user and org names to auth * fix(user): didnt save rebase * feat(auth): WIP refactor auth * feat(auth): check for user existence during auth creation * feat(auth): org must exist during auth creation * fix(auth): pluralize telegrafs resource type * docs(http): update swagger definition for the Authorization * test(auth): fix broken tests * docs(swagger): update cur_swagger Authrorizations * fix(api): remove trace from cur_swag * test(ui/token): update components with new generated type definitions * feat(http): add lookup service adding names for permissions * fix(http): remove debugging panics * chore: go tidy * fix: unsaved rebase * test(idpe): add ids to Authorizations for log tests
2018-12-28 23:02:19 +00:00
// Valid checks if the UserType is a member of the UserType enum
func (ut UserType) Valid() (err error) {
switch ut {
case Owner: // 1
case Member: // 2
default:
err = ErrInvalidUserType
}
return err
}
feat(influxdb): add support for templates feat(influxdb): add generic store for documents feat(influxdb): support authorizations in document store feat(influxdb): support orgs in user resource mapping feat(influxdb): add read-only included field on documents feat(influxdb): add labels support to documents service fix(influxdb): rename data field to content on documents feat(influxdb): add with org id options for document store feat(http): add templates swagger feat(influxdb): add documentation to document options doc(kv): add documentation for kv document store test(kv): pull document tests in to the testing package fix(http): fix swagger specification of templates endpoints
2019-03-04 17:41:24 +00:00
type MappingType uint8
const (
UserMappingType = 0
OrgMappingType = 1
)
func (mt MappingType) Valid() error {
switch mt {
case UserMappingType, OrgMappingType:
return nil
}
return ErrInvalidMappingType
}
func (mt MappingType) String() string {
switch mt {
case UserMappingType:
return "user"
case OrgMappingType:
return "org"
}
return "unknown"
}
func (mt MappingType) MarshalJSON() ([]byte, error) {
return json.Marshal(mt.String())
}
func (mt *MappingType) UnmarshalJSON(b []byte) error {
var s string
if err := json.Unmarshal(b, &s); err != nil {
return err
}
switch s {
case "user":
*mt = UserMappingType
return nil
case "org":
*mt = OrgMappingType
return nil
}
return ErrInvalidMappingType
}
feat(auth): rewrite authorization service (#2157) * feat(view-token-overlay): add view token overlay * test(tokens): update tests * chore(auths): rename mock data file * feat(token-view): clicking on description opens token view modal * feat(token-view): add ability to close overlay * feat(token-view): display token permissions with updated permissions shape * feat(token-view): wip update authorization and permission shapes * feat(auth): wip refactor auth permissions * fix(auth): generate permissions via functions * fix(auth): make Id ID * chore(types): update generated client * feat(auth): wip add user and org names to auth * fix(user): didnt save rebase * feat(auth): WIP refactor auth * feat(auth): check for user existence during auth creation * feat(auth): org must exist during auth creation * fix(auth): pluralize telegrafs resource type * docs(http): update swagger definition for the Authorization * test(auth): fix broken tests * docs(swagger): update cur_swagger Authrorizations * fix(api): remove trace from cur_swag * test(ui/token): update components with new generated type definitions * feat(http): add lookup service adding names for permissions * fix(http): remove debugging panics * chore: go tidy * fix: unsaved rebase * test(idpe): add ids to Authorizations for log tests
2018-12-28 23:02:19 +00:00
// UserResourceMappingService maps the relationships between users and resources.
owner mapping -> user resource mapping
2018-07-30 21:46:30 +00:00
type UserResourceMappingService interface {
add org member endpoints (#846) add org member endpoints
2018-09-24 17:17:54 +00:00
// FindUserResourceMappings returns a list of UserResourceMappings that match filter and the total count of matching mappings.
FindUserResourceMappings(ctx context.Context, filter UserResourceMappingFilter, opt ...FindOptions) ([]*UserResourceMapping, int, error)
feat(auth): rewrite authorization service (#2157) * feat(view-token-overlay): add view token overlay * test(tokens): update tests * chore(auths): rename mock data file * feat(token-view): clicking on description opens token view modal * feat(token-view): add ability to close overlay * feat(token-view): display token permissions with updated permissions shape * feat(token-view): wip update authorization and permission shapes * feat(auth): wip refactor auth permissions * fix(auth): generate permissions via functions * fix(auth): make Id ID * chore(types): update generated client * feat(auth): wip add user and org names to auth * fix(user): didnt save rebase * feat(auth): WIP refactor auth * feat(auth): check for user existence during auth creation * feat(auth): org must exist during auth creation * fix(auth): pluralize telegrafs resource type * docs(http): update swagger definition for the Authorization * test(auth): fix broken tests * docs(swagger): update cur_swagger Authrorizations * fix(api): remove trace from cur_swag * test(ui/token): update components with new generated type definitions * feat(http): add lookup service adding names for permissions * fix(http): remove debugging panics * chore: go tidy * fix: unsaved rebase * test(idpe): add ids to Authorizations for log tests
2018-12-28 23:02:19 +00:00
// CreateUserResourceMapping creates a user resource mapping.
owner mapping -> user resource mapping
2018-07-30 21:46:30 +00:00
CreateUserResourceMapping(ctx context.Context, m *UserResourceMapping) error
add org member endpoints (#846) add org member endpoints
2018-09-24 17:17:54 +00:00
feat(auth): rewrite authorization service (#2157) * feat(view-token-overlay): add view token overlay * test(tokens): update tests * chore(auths): rename mock data file * feat(token-view): clicking on description opens token view modal * feat(token-view): add ability to close overlay * feat(token-view): display token permissions with updated permissions shape * feat(token-view): wip update authorization and permission shapes * feat(auth): wip refactor auth permissions * fix(auth): generate permissions via functions * fix(auth): make Id ID * chore(types): update generated client * feat(auth): wip add user and org names to auth * fix(user): didnt save rebase * feat(auth): WIP refactor auth * feat(auth): check for user existence during auth creation * feat(auth): org must exist during auth creation * fix(auth): pluralize telegrafs resource type * docs(http): update swagger definition for the Authorization * test(auth): fix broken tests * docs(swagger): update cur_swagger Authrorizations * fix(api): remove trace from cur_swag * test(ui/token): update components with new generated type definitions * feat(http): add lookup service adding names for permissions * fix(http): remove debugging panics * chore: go tidy * fix: unsaved rebase * test(idpe): add ids to Authorizations for log tests
2018-12-28 23:02:19 +00:00
// DeleteUserResourceMapping deletes a user resource mapping.
feat(kv): implemented key/value store with end-to-end integration tests * feat(kv:inmem:bolt): implement user service in a kv * refactor(kv): use consistent func receiver name * feat(kv): add initial basic auth service * refactor(passwords): move auth interface into own file * refactor(passwords): rename basic auth files to passwords * refactor(passwords): rename from BasicAuth to Passwords * refactor(kv): copy bolt user test into kv Co-authored-by: Michael Desa <mjdesa@gmail.com> * feat(kv): add inmem testing to kv store * fix(kv): remove extra user index initialization * feat(kv): attempt at making errors nice * fix(http): return not found error if filter is invalid * fix(http): s/platform/influxdb/ for user service * fix(http): s/platform/influxdb/ for user service * feat(kv): initial port of telegraf configs to kv * feat(kv): first pass at migrating bolt org service to kv * feat(kv): first pass at bucket service * feat(kv): first pass at migrating kvlog to kv package * feat(kv): add resource op logs * feat(kv): first pass at user resource mapping migration * feat(kv): add urm usage to bucket and org services * feat(kv): first pass at kv authz service * feat(kv): add cascading auth delete for users * feat(kv): first pass d authorizer.OrganizationService in kv * feat(cmd/influxd/launcher): user kv services where appropriate * fix(kv): initialize authorizations * fix(influxdb): use same buckets while slowly migrating stuff * fix(kv): make staticcheck pass * feat(kv): add dashboards to kv review: make suggestions from pr review fix: use common bucket names for bolt/kv stores * test(kv): add complete password test coverage * chore(kv): fixes for staticcheck * feat(kv): implement labels generically on kv * feat(kv): implement macro service * feat(kv): add source service * feat(kv): add session service * feat(kv): add kv secret service * refactor(kv): update telegraf and urm with error messages * feat(kv): add lookup service * feat(kv): add kv onboarding service * refactor(kv): update telegraf to avoid repetition * feat(cmd/influxd): use kv lookup service * feat(kv): add telegraf to lookup service * feat(cmd/influxd): use kv telegraf service * feat(kv): initial port of scrapers in bolt to kv * feat(kv): update scraper error messaging * feat(cmd/influxd): add kv scraper * feat(kv): add inmem backend tests * refactor(kv): copy paste errors * refactor(kv): add code to password errors * fix(testing): update error messages for incorrect passwords * feat(kv:inmem:bolt): implement user service in a kv * refactor(kv): use consistent func receiver name * refactor(kv): copy bolt user test into kv Co-authored-by: Michael Desa <mjdesa@gmail.com> * feat(kv): add inmem testing to kv store * fix(kv): remove extra user index initialization * feat(kv): attempt at making errors nice * fix(http): return not found error if filter is invalid * fix(http): s/platform/influxdb/ for user service * feat(kv): first pass at migrating bolt org service to kv * feat(kv): first pass at bucket service * feat(kv): first pass at migrating kvlog to kv package * feat(kv): add resource op logs * feat(kv): first pass at user resource mapping migration * feat(kv): add urm usage to bucket and org services * feat(kv): first pass at kv authz service * feat(kv): add cascading auth delete for users * feat(kv): first pass d authorizer.OrganizationService in kv * feat(cmd/influxd/launcher): user kv services where appropriate * feat(kv): add initial basic auth service * refactor(passwords): move auth interface into own file * refactor(passwords): rename basic auth files to passwords * fix(http): s/platform/influxdb/ for user service * fix(kv): initialize authorizations * fix(influxdb): use same buckets while slowly migrating stuff * fix(kv): make staticcheck pass * feat(kv): add dashboards to kv review: make suggestions from pr review fix: use common bucket names for bolt/kv stores * feat(kv): implement labels generically on kv * refactor(passwords): rename from BasicAuth to Passwords * test(kv): add complete password test coverage * chore(kv): fixes for staticcheck * feat(kv): implement macro service * feat(kv): add source service * feat(kv): add session service * feat(kv): initial port of telegraf configs to kv * feat(kv): initial port of scrapers in bolt to kv * feat(kv): add kv secret service * refactor(kv): update telegraf and urm with error messages * feat(kv): add lookup service * feat(kv): add kv onboarding service * refactor(kv): update telegraf to avoid repetition * feat(cmd/influxd): use kv lookup service * feat(kv): add telegraf to lookup service * feat(cmd/influxd): use kv telegraf service * feat(kv): update scraper error messaging * feat(cmd/influxd): add kv scraper * feat(kv): add inmem backend tests * refactor(kv): copy paste errors * refactor(kv): add code to password errors * fix(testing): update error messages for incorrect passwords * feat(http): initial support for flushing all key/values from kv store * feat(kv): rename macro to variable * feat(cmd/influxd/launcher): user kv services where appropriate * refactor(passwords): rename from BasicAuth to Passwords * feat(kv): implement macro service * test(ui): introduce cypress * test(ui): introduce first typescript test * test(ui/e2e): add ci job * chore: update gitignore to ignore test outputs * feat(inmem): in memory influxdb * test(e2e): adding pinger that checks if influxdb is alive * hackathon * hack * hack * hack * hack * Revert "feat(inmem): in memory influxdb" This reverts commit 30ddf032003e704643b07ce80df61c3299ea7295. * hack * hack * hack * hack * hack * hack * hack * hack * hack * hack * hack * hack * hack * chore: lint ignore node_modules * hack * hack * hack * add user and flush * hack * remove unused vars * hack * hack * ci(circle): prefix e2e artifacts * change test to testid * update cypress * moar testid * fix npm warnings * remove absolte path * chore(ci): remove /home/circleci proto mkdir hack * wip: crud resources e2e * fix(inmem): use inmem kv store services * test(dashboard): add first dashboard crud tests * hack * undo hack * fix: use response from setup for orgID * chore: wip * add convenience getByTitle function * test(e2e): ui can create orgs * test(e2e): add test for org deletion and update * test(e2e): introduce task creation test * test(e2e): create and update of buckets on org view * chore: move types to declaration file * chore: use route fixture in dashboard tests * chore(ci): hack back * test(ui): update snapshots * chore: package-lock * chore: remove macros * fix: launcher rebase issues * fix: compile errors * fix: compile errors * feat(cmd/influxdb): add explicit testing, asset-path, and store flags Co-authored-by: Andrew Watkins <watts@influxdb.com> * fix(cmd/influxd): set default HTTP handler and flags Co-authored-by: Andrew Watkins <watts@influxdb.com> * build(Makefile): add run-e2e and PHONY * feat(kv:inmem:bolt): implement user service in a kv * refactor(kv): use consistent func receiver name * feat(kv): add initial basic auth service * refactor(passwords): move auth interface into own file * refactor(passwords): rename basic auth files to passwords * refactor(passwords): rename from BasicAuth to Passwords * refactor(kv): copy bolt user test into kv Co-authored-by: Michael Desa <mjdesa@gmail.com> * feat(kv): add inmem testing to kv store * fix(kv): remove extra user index initialization * feat(kv): attempt at making errors nice * fix(http): return not found error if filter is invalid * fix(http): s/platform/influxdb/ for user service * fix(http): s/platform/influxdb/ for user service * feat(kv): initial port of telegraf configs to kv * feat(kv): initial port of scrapers in bolt to kv * feat(kv): first pass at migrating bolt org service to kv * feat(kv): first pass at bucket service * feat(kv): first pass at migrating kvlog to kv package * feat(kv): add resource op logs * feat(kv): first pass at user resource mapping migration * feat(kv): add urm usage to bucket and org services * feat(kv): first pass at kv authz service * feat(kv): add cascading auth delete for users * feat(kv): first pass d authorizer.OrganizationService in kv * feat(cmd/influxd/launcher): user kv services where appropriate * fix(kv): initialize authorizations * fix(influxdb): use same buckets while slowly migrating stuff * fix(kv): make staticcheck pass * feat(kv): add dashboards to kv review: make suggestions from pr review fix: use common bucket names for bolt/kv stores * test(kv): add complete password test coverage * chore(kv): fixes for staticcheck * feat(kv): implement labels generically on kv * feat(kv): implement macro service * feat(kv): add source service * feat(kv): add session service * feat(kv): add kv secret service * refactor(kv): update telegraf and urm with error messages * feat(kv): add lookup service * feat(kv): add kv onboarding service * refactor(kv): update telegraf to avoid repetition * feat(cmd/influxd): use kv lookup service * feat(kv): add telegraf to lookup service * feat(cmd/influxd): use kv telegraf service * feat(kv): update scraper error messaging * feat(cmd/influxd): add kv scraper * feat(kv): add inmem backend tests * refactor(kv): copy paste errors * refactor(kv): add code to password errors * fix(testing): update error messages for incorrect passwords * feat(kv): rename macro to variable * refactor(kv): auth/bucket/org/user unique checks return errors now * feat(inmem): add way to get all bucket names from store * feat(inmem): Buckets to return slice of bytes rather than strings * feat(inmem): add locks around Buckets to avoid races * feat(cmd/influx): check for unauthorized error in wrapCheckSetup * chore(e2e): add video and screenshot artifcats to gitignore * docs(ci): add build instructions for e2e tests * feat(kv): add id lookup for authorized resources
2019-02-19 23:47:19 +00:00
DeleteUserResourceMapping(ctx context.Context, resourceID, userID ID) error
owner mapping -> user resource mapping
2018-07-30 21:46:30 +00:00
}
feat(auth): rewrite authorization service (#2157) * feat(view-token-overlay): add view token overlay * test(tokens): update tests * chore(auths): rename mock data file * feat(token-view): clicking on description opens token view modal * feat(token-view): add ability to close overlay * feat(token-view): display token permissions with updated permissions shape * feat(token-view): wip update authorization and permission shapes * feat(auth): wip refactor auth permissions * fix(auth): generate permissions via functions * fix(auth): make Id ID * chore(types): update generated client * feat(auth): wip add user and org names to auth * fix(user): didnt save rebase * feat(auth): WIP refactor auth * feat(auth): check for user existence during auth creation * feat(auth): org must exist during auth creation * fix(auth): pluralize telegrafs resource type * docs(http): update swagger definition for the Authorization * test(auth): fix broken tests * docs(swagger): update cur_swagger Authrorizations * fix(api): remove trace from cur_swag * test(ui/token): update components with new generated type definitions * feat(http): add lookup service adding names for permissions * fix(http): remove debugging panics * chore: go tidy * fix: unsaved rebase * test(idpe): add ids to Authorizations for log tests
2018-12-28 23:02:19 +00:00
// UserResourceMapping represents a mapping of a resource to its user.
owner mapping -> user resource mapping
2018-07-30 21:46:30 +00:00
type UserResourceMapping struct {
fix(influxdb): change resource to resource type
2019-01-15 16:09:58 +00:00
UserID ID `json:"userID"`
UserType UserType `json:"userType"`
feat(influxdb): add support for templates feat(influxdb): add generic store for documents feat(influxdb): support authorizations in document store feat(influxdb): support orgs in user resource mapping feat(influxdb): add read-only included field on documents feat(influxdb): add labels support to documents service fix(influxdb): rename data field to content on documents feat(influxdb): add with org id options for document store feat(http): add templates swagger feat(influxdb): add documentation to document options doc(kv): add documentation for kv document store test(kv): pull document tests in to the testing package fix(http): fix swagger specification of templates endpoints
2019-03-04 17:41:24 +00:00
MappingType MappingType `json:"mappingType"`
fix(influxdb): change resource to resource type
2019-01-15 16:09:58 +00:00
ResourceType ResourceType `json:"resourceType"`
ResourceID ID `json:"resourceID"`
owner mapping -> user resource mapping
2018-07-30 21:46:30 +00:00
}
// Validate reports any validation errors for the mapping.
func (m UserResourceMapping) Validate() error {
fix(platform_test): refactor platform tests to support uint64 platform.IDs Co-Authored-By: Lorenzo Fontana <lo@linux.com> Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
2018-09-12 11:25:17 +00:00
if !m.ResourceID.Valid() {
feat(auth): rewrite authorization service (#2157) * feat(view-token-overlay): add view token overlay * test(tokens): update tests * chore(auths): rename mock data file * feat(token-view): clicking on description opens token view modal * feat(token-view): add ability to close overlay * feat(token-view): display token permissions with updated permissions shape * feat(token-view): wip update authorization and permission shapes * feat(auth): wip refactor auth permissions * fix(auth): generate permissions via functions * fix(auth): make Id ID * chore(types): update generated client * feat(auth): wip add user and org names to auth * fix(user): didnt save rebase * feat(auth): WIP refactor auth * feat(auth): check for user existence during auth creation * feat(auth): org must exist during auth creation * fix(auth): pluralize telegrafs resource type * docs(http): update swagger definition for the Authorization * test(auth): fix broken tests * docs(swagger): update cur_swagger Authrorizations * fix(api): remove trace from cur_swag * test(ui/token): update components with new generated type definitions * feat(http): add lookup service adding names for permissions * fix(http): remove debugging panics * chore: go tidy * fix: unsaved rebase * test(idpe): add ids to Authorizations for log tests
2018-12-28 23:02:19 +00:00
return ErrResourceIDRequired
owner mapping -> user resource mapping
2018-07-30 21:46:30 +00:00
}
feat(auth): rewrite authorization service (#2157) * feat(view-token-overlay): add view token overlay * test(tokens): update tests * chore(auths): rename mock data file * feat(token-view): clicking on description opens token view modal * feat(token-view): add ability to close overlay * feat(token-view): display token permissions with updated permissions shape * feat(token-view): wip update authorization and permission shapes * feat(auth): wip refactor auth permissions * fix(auth): generate permissions via functions * fix(auth): make Id ID * chore(types): update generated client * feat(auth): wip add user and org names to auth * fix(user): didnt save rebase * feat(auth): WIP refactor auth * feat(auth): check for user existence during auth creation * feat(auth): org must exist during auth creation * fix(auth): pluralize telegrafs resource type * docs(http): update swagger definition for the Authorization * test(auth): fix broken tests * docs(swagger): update cur_swagger Authrorizations * fix(api): remove trace from cur_swag * test(ui/token): update components with new generated type definitions * feat(http): add lookup service adding names for permissions * fix(http): remove debugging panics * chore: go tidy * fix: unsaved rebase * test(idpe): add ids to Authorizations for log tests
2018-12-28 23:02:19 +00:00
fix(platform_test): refactor platform tests to support uint64 platform.IDs Co-Authored-By: Lorenzo Fontana <lo@linux.com> Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
2018-09-12 11:25:17 +00:00
if !m.UserID.Valid() {
feat(auth): rewrite authorization service (#2157) * feat(view-token-overlay): add view token overlay * test(tokens): update tests * chore(auths): rename mock data file * feat(token-view): clicking on description opens token view modal * feat(token-view): add ability to close overlay * feat(token-view): display token permissions with updated permissions shape * feat(token-view): wip update authorization and permission shapes * feat(auth): wip refactor auth permissions * fix(auth): generate permissions via functions * fix(auth): make Id ID * chore(types): update generated client * feat(auth): wip add user and org names to auth * fix(user): didnt save rebase * feat(auth): WIP refactor auth * feat(auth): check for user existence during auth creation * feat(auth): org must exist during auth creation * fix(auth): pluralize telegrafs resource type * docs(http): update swagger definition for the Authorization * test(auth): fix broken tests * docs(swagger): update cur_swagger Authrorizations * fix(api): remove trace from cur_swag * test(ui/token): update components with new generated type definitions * feat(http): add lookup service adding names for permissions * fix(http): remove debugging panics * chore: go tidy * fix: unsaved rebase * test(idpe): add ids to Authorizations for log tests
2018-12-28 23:02:19 +00:00
return ErrUserIDRequired
owner mapping -> user resource mapping
2018-07-30 21:46:30 +00:00
}
feat(auth): rewrite authorization service (#2157) * feat(view-token-overlay): add view token overlay * test(tokens): update tests * chore(auths): rename mock data file * feat(token-view): clicking on description opens token view modal * feat(token-view): add ability to close overlay * feat(token-view): display token permissions with updated permissions shape * feat(token-view): wip update authorization and permission shapes * feat(auth): wip refactor auth permissions * fix(auth): generate permissions via functions * fix(auth): make Id ID * chore(types): update generated client * feat(auth): wip add user and org names to auth * fix(user): didnt save rebase * feat(auth): WIP refactor auth * feat(auth): check for user existence during auth creation * feat(auth): org must exist during auth creation * fix(auth): pluralize telegrafs resource type * docs(http): update swagger definition for the Authorization * test(auth): fix broken tests * docs(swagger): update cur_swagger Authrorizations * fix(api): remove trace from cur_swag * test(ui/token): update components with new generated type definitions * feat(http): add lookup service adding names for permissions * fix(http): remove debugging panics * chore: go tidy * fix: unsaved rebase * test(idpe): add ids to Authorizations for log tests
2018-12-28 23:02:19 +00:00
if err := m.UserType.Valid(); err != nil {
return err
owner mapping -> user resource mapping
2018-07-30 21:46:30 +00:00
}
feat(auth): rewrite authorization service (#2157) * feat(view-token-overlay): add view token overlay * test(tokens): update tests * chore(auths): rename mock data file * feat(token-view): clicking on description opens token view modal * feat(token-view): add ability to close overlay * feat(token-view): display token permissions with updated permissions shape * feat(token-view): wip update authorization and permission shapes * feat(auth): wip refactor auth permissions * fix(auth): generate permissions via functions * fix(auth): make Id ID * chore(types): update generated client * feat(auth): wip add user and org names to auth * fix(user): didnt save rebase * feat(auth): WIP refactor auth * feat(auth): check for user existence during auth creation * feat(auth): org must exist during auth creation * fix(auth): pluralize telegrafs resource type * docs(http): update swagger definition for the Authorization * test(auth): fix broken tests * docs(swagger): update cur_swagger Authrorizations * fix(api): remove trace from cur_swag * test(ui/token): update components with new generated type definitions * feat(http): add lookup service adding names for permissions * fix(http): remove debugging panics * chore: go tidy * fix: unsaved rebase * test(idpe): add ids to Authorizations for log tests
2018-12-28 23:02:19 +00:00
feat(influxdb): add support for templates feat(influxdb): add generic store for documents feat(influxdb): support authorizations in document store feat(influxdb): support orgs in user resource mapping feat(influxdb): add read-only included field on documents feat(influxdb): add labels support to documents service fix(influxdb): rename data field to content on documents feat(influxdb): add with org id options for document store feat(http): add templates swagger feat(influxdb): add documentation to document options doc(kv): add documentation for kv document store test(kv): pull document tests in to the testing package fix(http): fix swagger specification of templates endpoints
2019-03-04 17:41:24 +00:00
if err := m.MappingType.Valid(); err != nil {
return err
}
fix(influxdb): change resource to resource type
2019-01-15 16:09:58 +00:00
if err := m.ResourceType.Valid(); err != nil {
feat(auth): rewrite authorization service (#2157) * feat(view-token-overlay): add view token overlay * test(tokens): update tests * chore(auths): rename mock data file * feat(token-view): clicking on description opens token view modal * feat(token-view): add ability to close overlay * feat(token-view): display token permissions with updated permissions shape * feat(token-view): wip update authorization and permission shapes * feat(auth): wip refactor auth permissions * fix(auth): generate permissions via functions * fix(auth): make Id ID * chore(types): update generated client * feat(auth): wip add user and org names to auth * fix(user): didnt save rebase * feat(auth): WIP refactor auth * feat(auth): check for user existence during auth creation * feat(auth): org must exist during auth creation * fix(auth): pluralize telegrafs resource type * docs(http): update swagger definition for the Authorization * test(auth): fix broken tests * docs(swagger): update cur_swagger Authrorizations * fix(api): remove trace from cur_swag * test(ui/token): update components with new generated type definitions * feat(http): add lookup service adding names for permissions * fix(http): remove debugging panics * chore: go tidy * fix: unsaved rebase * test(idpe): add ids to Authorizations for log tests
2018-12-28 23:02:19 +00:00
return err
validate resource type on u/r mapping
2018-10-04 21:37:37 +00:00
}
feat(auth): rewrite authorization service (#2157) * feat(view-token-overlay): add view token overlay * test(tokens): update tests * chore(auths): rename mock data file * feat(token-view): clicking on description opens token view modal * feat(token-view): add ability to close overlay * feat(token-view): display token permissions with updated permissions shape * feat(token-view): wip update authorization and permission shapes * feat(auth): wip refactor auth permissions * fix(auth): generate permissions via functions * fix(auth): make Id ID * chore(types): update generated client * feat(auth): wip add user and org names to auth * fix(user): didnt save rebase * feat(auth): WIP refactor auth * feat(auth): check for user existence during auth creation * feat(auth): org must exist during auth creation * fix(auth): pluralize telegrafs resource type * docs(http): update swagger definition for the Authorization * test(auth): fix broken tests * docs(swagger): update cur_swagger Authrorizations * fix(api): remove trace from cur_swag * test(ui/token): update components with new generated type definitions * feat(http): add lookup service adding names for permissions * fix(http): remove debugging panics * chore: go tidy * fix: unsaved rebase * test(idpe): add ids to Authorizations for log tests
2018-12-28 23:02:19 +00:00
owner mapping -> user resource mapping
2018-07-30 21:46:30 +00:00
return nil
}
feat(auth): rewrite authorization service (#2157) * feat(view-token-overlay): add view token overlay * test(tokens): update tests * chore(auths): rename mock data file * feat(token-view): clicking on description opens token view modal * feat(token-view): add ability to close overlay * feat(token-view): display token permissions with updated permissions shape * feat(token-view): wip update authorization and permission shapes * feat(auth): wip refactor auth permissions * fix(auth): generate permissions via functions * fix(auth): make Id ID * chore(types): update generated client * feat(auth): wip add user and org names to auth * fix(user): didnt save rebase * feat(auth): WIP refactor auth * feat(auth): check for user existence during auth creation * feat(auth): org must exist during auth creation * fix(auth): pluralize telegrafs resource type * docs(http): update swagger definition for the Authorization * test(auth): fix broken tests * docs(swagger): update cur_swagger Authrorizations * fix(api): remove trace from cur_swag * test(ui/token): update components with new generated type definitions * feat(http): add lookup service adding names for permissions * fix(http): remove debugging panics * chore: go tidy * fix: unsaved rebase * test(idpe): add ids to Authorizations for log tests
2018-12-28 23:02:19 +00:00
// UserResourceMappingFilter represents a set of filters that restrict the returned results.
owner mapping -> user resource mapping
2018-07-30 21:46:30 +00:00
type UserResourceMappingFilter struct {
fix(influxdb): change resource to resource type
2019-01-15 16:09:58 +00:00
ResourceID ID
ResourceType ResourceType
UserID ID
UserType UserType
owner mapping -> user resource mapping
2018-07-30 21:46:30 +00:00
}
fix(platform): use authorizer instead of authorizion for endpoints feat(platform): add ToPermissions method to user resource mapping The ToPermissions method returns a set of permissions that is granted via a user resource mapping. feat(bolt): resolve sessions permissions on lookup feat(http): use authorizer instead of authorization service for write api feat(bolt): create user resource mappings for org users in bucket create feat(bolt): create user resource mapping for first org/user fix(platform): use authorizer for query endpoint instead of authorization test(http): use cmp instead of reflect for decode test
2018-11-20 18:56:58 +00:00
feat(auth): rewrite authorization service (#2157) * feat(view-token-overlay): add view token overlay * test(tokens): update tests * chore(auths): rename mock data file * feat(token-view): clicking on description opens token view modal * feat(token-view): add ability to close overlay * feat(token-view): display token permissions with updated permissions shape * feat(token-view): wip update authorization and permission shapes * feat(auth): wip refactor auth permissions * fix(auth): generate permissions via functions * fix(auth): make Id ID * chore(types): update generated client * feat(auth): wip add user and org names to auth * fix(user): didnt save rebase * feat(auth): WIP refactor auth * feat(auth): check for user existence during auth creation * feat(auth): org must exist during auth creation * fix(auth): pluralize telegrafs resource type * docs(http): update swagger definition for the Authorization * test(auth): fix broken tests * docs(swagger): update cur_swagger Authrorizations * fix(api): remove trace from cur_swag * test(ui/token): update components with new generated type definitions * feat(http): add lookup service adding names for permissions * fix(http): remove debugging panics * chore: go tidy * fix: unsaved rebase * test(idpe): add ids to Authorizations for log tests
2018-12-28 23:02:19 +00:00
func (m *UserResourceMapping) ownerPerms() ([]Permission, error) {
fix(influxdb): add org id to permissions filter out resources that have mission IDs fix(influxdb): simplify auth check in PermissionAllowed review(platform): update as noted in review fix(influxdb): ensure permission has valid org id
2019-01-10 21:21:59 +00:00
ps := []Permission{}
// TODO(desa): how to grant access to specific resources.
feat(platform): add constructor for org member and admin permssions
2019-01-09 15:35:21 +00:00
fix(influxdb): change resource to resource type
2019-01-15 16:09:58 +00:00
if m.ResourceType == OrgsResourceType {
ps = append(ps, OwnerPermissions(m.ResourceID)...)
fix(platform): use authorizer instead of authorizion for endpoints feat(platform): add ToPermissions method to user resource mapping The ToPermissions method returns a set of permissions that is granted via a user resource mapping. feat(bolt): resolve sessions permissions on lookup feat(http): use authorizer instead of authorization service for write api feat(bolt): create user resource mappings for org users in bucket create feat(bolt): create user resource mapping for first org/user fix(platform): use authorizer for query endpoint instead of authorization test(http): use cmp instead of reflect for decode test
2018-11-20 18:56:58 +00:00
}
feat(auth): rewrite authorization service (#2157) * feat(view-token-overlay): add view token overlay * test(tokens): update tests * chore(auths): rename mock data file * feat(token-view): clicking on description opens token view modal * feat(token-view): add ability to close overlay * feat(token-view): display token permissions with updated permissions shape * feat(token-view): wip update authorization and permission shapes * feat(auth): wip refactor auth permissions * fix(auth): generate permissions via functions * fix(auth): make Id ID * chore(types): update generated client * feat(auth): wip add user and org names to auth * fix(user): didnt save rebase * feat(auth): WIP refactor auth * feat(auth): check for user existence during auth creation * feat(auth): org must exist during auth creation * fix(auth): pluralize telegrafs resource type * docs(http): update swagger definition for the Authorization * test(auth): fix broken tests * docs(swagger): update cur_swagger Authrorizations * fix(api): remove trace from cur_swag * test(ui/token): update components with new generated type definitions * feat(http): add lookup service adding names for permissions * fix(http): remove debugging panics * chore: go tidy * fix: unsaved rebase * test(idpe): add ids to Authorizations for log tests
2018-12-28 23:02:19 +00:00
return ps, nil
}
func (m *UserResourceMapping) memberPerms() ([]Permission, error) {
fix(influxdb): add org id to permissions filter out resources that have mission IDs fix(influxdb): simplify auth check in PermissionAllowed review(platform): update as noted in review fix(influxdb): ensure permission has valid org id
2019-01-10 21:21:59 +00:00
ps := []Permission{}
// TODO(desa): how to grant access to specific resources.
fix(influxdb): change resource to resource type
2019-01-15 16:09:58 +00:00
if m.ResourceType == OrgsResourceType {
fix(influxdb): add org id to permissions filter out resources that have mission IDs fix(influxdb): simplify auth check in PermissionAllowed review(platform): update as noted in review fix(influxdb): ensure permission has valid org id
2019-01-10 21:21:59 +00:00
ps = append(ps, MemberPermissions(m.ResourceID)...)
fix(platform): use authorizer instead of authorizion for endpoints feat(platform): add ToPermissions method to user resource mapping The ToPermissions method returns a set of permissions that is granted via a user resource mapping. feat(bolt): resolve sessions permissions on lookup feat(http): use authorizer instead of authorization service for write api feat(bolt): create user resource mappings for org users in bucket create feat(bolt): create user resource mapping for first org/user fix(platform): use authorizer for query endpoint instead of authorization test(http): use cmp instead of reflect for decode test
2018-11-20 18:56:58 +00:00
}
feat(sampledata): Return bucket resources that user has member access to (#17362) * feat(sampledata): Return bucket resources that user has member access to * feat(sampledata): Add tests
2020-03-26 01:50:37 +00:00
if m.ResourceType == BucketsResourceType {
ps = append(ps, MemberBucketPermission(m.ResourceID))
}
feat(auth): rewrite authorization service (#2157) * feat(view-token-overlay): add view token overlay * test(tokens): update tests * chore(auths): rename mock data file * feat(token-view): clicking on description opens token view modal * feat(token-view): add ability to close overlay * feat(token-view): display token permissions with updated permissions shape * feat(token-view): wip update authorization and permission shapes * feat(auth): wip refactor auth permissions * fix(auth): generate permissions via functions * fix(auth): make Id ID * chore(types): update generated client * feat(auth): wip add user and org names to auth * fix(user): didnt save rebase * feat(auth): WIP refactor auth * feat(auth): check for user existence during auth creation * feat(auth): org must exist during auth creation * fix(auth): pluralize telegrafs resource type * docs(http): update swagger definition for the Authorization * test(auth): fix broken tests * docs(swagger): update cur_swagger Authrorizations * fix(api): remove trace from cur_swag * test(ui/token): update components with new generated type definitions * feat(http): add lookup service adding names for permissions * fix(http): remove debugging panics * chore: go tidy * fix: unsaved rebase * test(idpe): add ids to Authorizations for log tests
2018-12-28 23:02:19 +00:00
return ps, nil
}
// ToPermissions converts a user resource mapping into a set of permissions.
func (m *UserResourceMapping) ToPermissions() ([]Permission, error) {
switch m.UserType {
case Owner:
return m.ownerPerms()
case Member:
return m.memberPerms()
default:
return nil, ErrInvalidUserType
}
fix(platform): use authorizer instead of authorizion for endpoints feat(platform): add ToPermissions method to user resource mapping The ToPermissions method returns a set of permissions that is granted via a user resource mapping. feat(bolt): resolve sessions permissions on lookup feat(http): use authorizer instead of authorization service for write api feat(bolt): create user resource mappings for org users in bucket create feat(bolt): create user resource mapping for first org/user fix(platform): use authorizer for query endpoint instead of authorization test(http): use cmp instead of reflect for decode test
2018-11-20 18:56:58 +00:00
}