2019-01-17 18:57:01 +00:00
|
|
|
package authorizer
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
|
2020-04-03 17:39:20 +00:00
|
|
|
"github.com/influxdata/influxdb/v2"
|
2019-01-17 18:57:01 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
var _ influxdb.ScraperTargetStoreService = (*ScraperTargetStoreService)(nil)
|
|
|
|
|
|
|
|
// ScraperTargetStoreService wraps a influxdb.ScraperTargetStoreService and authorizes actions
|
|
|
|
// against it appropriately.
|
|
|
|
type ScraperTargetStoreService struct {
|
2019-01-18 20:46:37 +00:00
|
|
|
influxdb.UserResourceMappingService
|
2019-04-12 16:45:48 +00:00
|
|
|
influxdb.OrganizationService
|
2019-01-17 18:57:01 +00:00
|
|
|
s influxdb.ScraperTargetStoreService
|
|
|
|
}
|
|
|
|
|
|
|
|
// NewScraperTargetStoreService constructs an instance of an authorizing scraper target store serivce.
|
2019-04-12 16:45:48 +00:00
|
|
|
func NewScraperTargetStoreService(s influxdb.ScraperTargetStoreService,
|
|
|
|
urm influxdb.UserResourceMappingService,
|
|
|
|
org influxdb.OrganizationService,
|
|
|
|
) *ScraperTargetStoreService {
|
2019-01-17 18:57:01 +00:00
|
|
|
return &ScraperTargetStoreService{
|
2019-01-18 20:46:37 +00:00
|
|
|
UserResourceMappingService: urm,
|
|
|
|
s: s,
|
2019-01-17 18:57:01 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// GetTargetByID checks to see if the authorizer on context has read access to the id provided.
|
|
|
|
func (s *ScraperTargetStoreService) GetTargetByID(ctx context.Context, id influxdb.ID) (*influxdb.ScraperTarget, error) {
|
|
|
|
st, err := s.s.GetTargetByID(ctx, id)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2020-03-16 14:29:17 +00:00
|
|
|
if _, _, err := AuthorizeRead(ctx, influxdb.ScraperResourceType, id, st.OrgID); err != nil {
|
2019-01-17 18:57:01 +00:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return st, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// ListTargets retrieves all scraper targets that match the provided filter and then filters the list down to only the resources that are authorized.
|
2019-04-12 16:45:48 +00:00
|
|
|
func (s *ScraperTargetStoreService) ListTargets(ctx context.Context, filter influxdb.ScraperTargetFilter) ([]influxdb.ScraperTarget, error) {
|
2019-01-17 18:57:01 +00:00
|
|
|
// TODO: we'll likely want to push this operation into the database eventually since fetching the whole list of data
|
|
|
|
// will likely be expensive.
|
2019-04-12 16:45:48 +00:00
|
|
|
ss, err := s.s.ListTargets(ctx, filter)
|
2019-01-17 18:57:01 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2020-03-16 14:29:17 +00:00
|
|
|
ss, _, err = AuthorizeFindScrapers(ctx, ss)
|
|
|
|
return ss, err
|
2019-01-17 18:57:01 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// AddTarget checks to see if the authorizer on context has write access to the global scraper target resource.
|
2019-01-18 20:46:37 +00:00
|
|
|
func (s *ScraperTargetStoreService) AddTarget(ctx context.Context, st *influxdb.ScraperTarget, userID influxdb.ID) error {
|
2020-03-16 14:29:17 +00:00
|
|
|
if _, _, err := AuthorizeCreate(ctx, influxdb.ScraperResourceType, st.OrgID); err != nil {
|
2019-01-17 18:57:01 +00:00
|
|
|
return err
|
|
|
|
}
|
2020-03-16 14:29:17 +00:00
|
|
|
if _, _, err := AuthorizeWrite(ctx, influxdb.BucketsResourceType, st.BucketID, st.OrgID); err != nil {
|
2019-01-17 18:57:01 +00:00
|
|
|
return err
|
|
|
|
}
|
2019-01-18 20:46:37 +00:00
|
|
|
return s.s.AddTarget(ctx, st, userID)
|
2019-01-17 18:57:01 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// UpdateTarget checks to see if the authorizer on context has write access to the scraper target provided.
|
2019-01-18 20:46:37 +00:00
|
|
|
func (s *ScraperTargetStoreService) UpdateTarget(ctx context.Context, upd *influxdb.ScraperTarget, userID influxdb.ID) (*influxdb.ScraperTarget, error) {
|
2019-01-18 13:10:37 +00:00
|
|
|
st, err := s.s.GetTargetByID(ctx, upd.ID)
|
2019-01-17 18:57:01 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2020-03-16 14:29:17 +00:00
|
|
|
if _, _, err := AuthorizeWrite(ctx, influxdb.ScraperResourceType, upd.ID, st.OrgID); err != nil {
|
2019-01-17 18:57:01 +00:00
|
|
|
return nil, err
|
|
|
|
}
|
2020-03-16 14:29:17 +00:00
|
|
|
if _, _, err := AuthorizeWrite(ctx, influxdb.BucketsResourceType, st.BucketID, st.OrgID); err != nil {
|
2019-05-15 10:20:08 +00:00
|
|
|
return nil, err
|
|
|
|
}
|
2019-01-18 20:46:37 +00:00
|
|
|
return s.s.UpdateTarget(ctx, upd, userID)
|
2019-01-17 18:57:01 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// RemoveTarget checks to see if the authorizer on context has write access to the scraper target provided.
|
|
|
|
func (s *ScraperTargetStoreService) RemoveTarget(ctx context.Context, id influxdb.ID) error {
|
2019-01-18 13:10:37 +00:00
|
|
|
st, err := s.s.GetTargetByID(ctx, id)
|
2019-01-17 18:57:01 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2020-03-16 14:29:17 +00:00
|
|
|
if _, _, err := AuthorizeWrite(ctx, influxdb.ScraperResourceType, st.ID, st.OrgID); err != nil {
|
2019-01-17 18:57:01 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
return s.s.RemoveTarget(ctx, id)
|
|
|
|
}
|