influxdb/chronograf/influx/users.go

package influx

import (
	"context"
	"encoding/json"
	"fmt"

	"github.com/influxdata/influxdb/chronograf"
)

// Add a new User in InfluxDB
func (c *Client) Add(ctx context.Context, u *chronograf.User) (*chronograf.User, error) {
	_, err := c.Query(ctx, chronograf.Query{
		Command: fmt.Sprintf(`CREATE USER "%s" WITH PASSWORD '%s'`, u.Name, u.Passwd),
	})
	if err != nil {
		return nil, err
	}
	for _, p := range u.Permissions {
		if err := c.grantPermission(ctx, u.Name, p); err != nil {
			return nil, err
		}
	}
	return c.Get(ctx, chronograf.UserQuery{Name: &u.Name})
}

// Delete the User from InfluxDB
func (c *Client) Delete(ctx context.Context, u *chronograf.User) error {
	res, err := c.Query(ctx, chronograf.Query{
		Command: fmt.Sprintf(`DROP USER "%s"`, u.Name),
	})
	if err != nil {
		return err
	}
	// The DROP USER statement puts the error within the results itself
	// So, we have to crack open the results to see what happens
	octets, err := res.MarshalJSON()
	if err != nil {
		return err
	}

	results := make([]struct{ Error string }, 0)
	if err := json.Unmarshal(octets, &results); err != nil {
		return err
	}

	// At last, we can check if there are any error strings
	for _, r := range results {
		if r.Error != "" {
			return fmt.Errorf(r.Error)
		}
	}
	return nil
}

// Get retrieves a user if name exists.
func (c *Client) Get(ctx context.Context, q chronograf.UserQuery) (*chronograf.User, error) {
	if q.Name == nil {
		return nil, fmt.Errorf("query must specify name")
	}

	users, err := c.showUsers(ctx)
	if err != nil {
		return nil, err
	}

	for _, user := range users {
		if user.Name == *q.Name {
			perms, err := c.userPermissions(ctx, user.Name)
			if err != nil {
				return nil, err
			}
			user.Permissions = append(user.Permissions, perms...)
			return &user, nil
		}
	}

	return nil, fmt.Errorf("user not found")
}

// Update the user's permissions or roles
func (c *Client) Update(ctx context.Context, u *chronograf.User) error {
	// Only allow one type of change at a time. If it is a password
	// change then do it and return without any changes to permissions
	if u.Passwd != "" {
		return c.updatePassword(ctx, u.Name, u.Passwd)
	}

	user, err := c.Get(ctx, chronograf.UserQuery{Name: &u.Name})
	if err != nil {
		return err
	}

	revoke, add := Difference(u.Permissions, user.Permissions)
	for _, a := range add {
		if err := c.grantPermission(ctx, u.Name, a); err != nil {
			return err
		}
	}

	for _, r := range revoke {
		if err := c.revokePermission(ctx, u.Name, r); err != nil {
			return err
		}
	}
	return nil
}

// All users in influx
func (c *Client) All(ctx context.Context) ([]chronograf.User, error) {
	users, err := c.showUsers(ctx)
	if err != nil {
		return nil, err
	}

	// For all users we need to look up permissions to add to the user.
	for i, user := range users {
		perms, err := c.userPermissions(ctx, user.Name)
		if err != nil {
			return nil, err
		}

		user.Permissions = append(user.Permissions, perms...)
		users[i] = user
	}
	return users, nil
}

// Num is the number of users in DB
func (c *Client) Num(ctx context.Context) (int, error) {
	all, err := c.All(ctx)
	if err != nil {
		return 0, err
	}

	return len(all), nil
}

// showUsers runs SHOW USERS InfluxQL command and returns chronograf users.
func (c *Client) showUsers(ctx context.Context) ([]chronograf.User, error) {
	res, err := c.Query(ctx, chronograf.Query{
		Command: `SHOW USERS`,
	})
	if err != nil {
		return nil, err
	}
	octets, err := res.MarshalJSON()
	if err != nil {
		return nil, err
	}

	results := showResults{}
	if err := json.Unmarshal(octets, &results); err != nil {
		return nil, err
	}

	return results.Users(), nil
}

func (c *Client) grantPermission(ctx context.Context, username string, perm chronograf.Permission) error {
	query := ToGrant(username, perm)
	if query == "" {
		return nil
	}

	_, err := c.Query(ctx, chronograf.Query{
		Command: query,
	})
	return err
}

func (c *Client) revokePermission(ctx context.Context, username string, perm chronograf.Permission) error {
	query := ToRevoke(username, perm)
	if query == "" {
		return nil
	}

	_, err := c.Query(ctx, chronograf.Query{
		Command: query,
	})
	return err
}

func (c *Client) userPermissions(ctx context.Context, name string) (chronograf.Permissions, error) {
	res, err := c.Query(ctx, chronograf.Query{
		Command: fmt.Sprintf(`SHOW GRANTS FOR "%s"`, name),
	})
	if err != nil {
		return nil, err
	}

	octets, err := res.MarshalJSON()
	if err != nil {
		return nil, err
	}

	results := showResults{}
	if err := json.Unmarshal(octets, &results); err != nil {
		return nil, err
	}
	return results.Permissions(), nil
}

func (c *Client) updatePassword(ctx context.Context, name, passwd string) error {
	res, err := c.Query(ctx, chronograf.Query{
		Command: fmt.Sprintf(`SET PASSWORD for "%s" = '%s'`, name, passwd),
	})
	if err != nil {
		return err
	}
	// The SET PASSWORD statements puts the error within the results itself
	// So, we have to crack open the results to see what happens
	octets, err := res.MarshalJSON()
	if err != nil {
		return err
	}

	results := make([]struct{ Error string }, 0)
	if err := json.Unmarshal(octets, &results); err != nil {
		return err
	}

	// At last, we can check if there are any error strings
	for _, r := range results {
		if r.Error != "" {
			return fmt.Errorf(r.Error)
		}
	}
	return nil
}
Refactor users and add client usersstore 2017-02-17 19:37:00 +00:00			`package influx`

			`import (`
			`"context"`
Add Influx OSS implementation of users 2017-02-18 01:58:39 +00:00			`"encoding/json"`
			`"fmt"`
Refactor users and add client usersstore 2017-02-17 19:37:00 +00:00
chore: rename imports from platform to influxdb I did this with a dumb editor macro, so some comments changed too. Also rename root package from platform to influxdb. In interest of minimizing risk, anyone importing the root package has now aliased it to "platform" so that no changes beyond imports were necessary in those files. Lastly, replace the old platform module to local path /dev/null so that nobody can accidentally reintroduce a platform dependency while migrating platform code to influxdb. 2019-01-08 00:37:16 +00:00			`"github.com/influxdata/influxdb/chronograf"`
Refactor users and add client usersstore 2017-02-17 19:37:00 +00:00			`)`

Refactor Influx OSS users 2017-02-19 06:54:52 +00:00			`// Add a new User in InfluxDB`
Add Influx OSS implementation of users 2017-02-18 01:58:39 +00:00			`func (c Client) Add(ctx context.Context, u chronograf.User) (*chronograf.User, error) {`
			`_, err := c.Query(ctx, chronograf.Query{`
Refactor Influx OSS users 2017-02-19 06:54:52 +00:00			Command: fmt.Sprintf(`CREATE USER "%s" WITH PASSWORD '%s'`, u.Name, u.Passwd),
Add Influx OSS implementation of users 2017-02-18 01:58:39 +00:00			`})`
			`if err != nil {`
			`return nil, err`
			`}`
Fix updating of OSS user permissions 2017-03-10 20:53:30 +00:00			`for _, p := range u.Permissions {`
			`if err := c.grantPermission(ctx, u.Name, p); err != nil {`
			`return nil, err`
			`}`
			`}`
Generalize chronograf.UsersStore Get method The `Get` method on the UsersStore was generalize by changing the second parameter to a struct. This allows the Store to retrieve users by more than simply their name. -Get(ctx context.Context, name string) (User, error) +Get(ctx context.Context, q UserQuery) (User, error) 2017-10-18 18:17:42 +00:00			`return c.Get(ctx, chronograf.UserQuery{Name: &u.Name})`
Add Influx OSS implementation of users 2017-02-18 01:58:39 +00:00			`}`
Refactor users and add client usersstore 2017-02-17 19:37:00 +00:00
Add get of all users for a data source 2017-02-17 21:13:51 +00:00			`// Delete the User from InfluxDB`
Add Influx OSS implementation of users 2017-02-18 01:58:39 +00:00			`func (c Client) Delete(ctx context.Context, u chronograf.User) error {`
			`res, err := c.Query(ctx, chronograf.Query{`
Refactor Influx OSS users 2017-02-19 06:54:52 +00:00			Command: fmt.Sprintf(`DROP USER "%s"`, u.Name),
Add Influx OSS implementation of users 2017-02-18 01:58:39 +00:00			`})`
			`if err != nil {`
			`return err`
			`}`
			`// The DROP USER statement puts the error within the results itself`
			`// So, we have to crack open the results to see what happens`
			`octets, err := res.MarshalJSON()`
			`if err != nil {`
			`return err`
			`}`

			`results := make([]struct{ Error string }, 0)`
Refactor Influx OSS users 2017-02-19 06:54:52 +00:00			`if err := json.Unmarshal(octets, &results); err != nil {`
Add Influx OSS implementation of users 2017-02-18 01:58:39 +00:00			`return err`
			`}`

			`// At last, we can check if there are any error strings`
			`for _, r := range results {`
			`if r.Error != "" {`
			`return fmt.Errorf(r.Error)`
			`}`
			`}`
			`return nil`
			`}`
Refactor users and add client usersstore 2017-02-17 19:37:00 +00:00
			`// Get retrieves a user if name exists.`
Generalize chronograf.UsersStore Get method The `Get` method on the UsersStore was generalize by changing the second parameter to a struct. This allows the Store to retrieve users by more than simply their name. -Get(ctx context.Context, name string) (User, error) +Get(ctx context.Context, q UserQuery) (User, error) 2017-10-18 18:17:42 +00:00			`func (c Client) Get(ctx context.Context, q chronograf.UserQuery) (chronograf.User, error) {`
			`if q.Name == nil {`
			`return nil, fmt.Errorf("query must specify name")`
			`}`

Refactor Influx OSS users 2017-02-19 06:54:52 +00:00			`users, err := c.showUsers(ctx)`
Add Influx OSS implementation of users 2017-02-18 01:58:39 +00:00			`if err != nil {`
			`return nil, err`
			`}`

			`for _, user := range users {`
Generalize chronograf.UsersStore Get method The `Get` method on the UsersStore was generalize by changing the second parameter to a struct. This allows the Store to retrieve users by more than simply their name. -Get(ctx context.Context, name string) (User, error) +Get(ctx context.Context, q UserQuery) (User, error) 2017-10-18 18:17:42 +00:00			`if user.Name == *q.Name {`
Refactor Influx OSS users 2017-02-19 06:54:52 +00:00			`perms, err := c.userPermissions(ctx, user.Name)`
			`if err != nil {`
			`return nil, err`
			`}`
			`user.Permissions = append(user.Permissions, perms...)`
Add Influx OSS implementation of users 2017-02-18 01:58:39 +00:00			`return &user, nil`
			`}`
			`}`

			`return nil, fmt.Errorf("user not found")`
Refactor users and add client usersstore 2017-02-17 19:37:00 +00:00			`}`

			`// Update the user's permissions or roles`
Refactor Influx OSS users 2017-02-19 06:54:52 +00:00			`func (c Client) Update(ctx context.Context, u chronograf.User) error {`
Add password changing for OSS users 2017-02-22 06:36:28 +00:00			`// Only allow one type of change at a time. If it is a password`
			`// change then do it and return without any changes to permissions`
			`if u.Passwd != "" {`
			`return c.updatePassword(ctx, u.Name, u.Passwd)`
			`}`

Generalize chronograf.UsersStore Get method The `Get` method on the UsersStore was generalize by changing the second parameter to a struct. This allows the Store to retrieve users by more than simply their name. -Get(ctx context.Context, name string) (User, error) +Get(ctx context.Context, q UserQuery) (User, error) 2017-10-18 18:17:42 +00:00			`user, err := c.Get(ctx, chronograf.UserQuery{Name: &u.Name})`
Add Influx OSS implementation of users 2017-02-18 01:58:39 +00:00			`if err != nil {`
Refactor Influx OSS users 2017-02-19 06:54:52 +00:00			`return err`
Add Influx OSS implementation of users 2017-02-18 01:58:39 +00:00			`}`
Refactor Influx OSS users 2017-02-19 06:54:52 +00:00
			`revoke, add := Difference(u.Permissions, user.Permissions)`
			`for _, a := range add {`
			`if err := c.grantPermission(ctx, u.Name, a); err != nil {`
			`return err`
			`}`
Add Influx OSS implementation of users 2017-02-18 01:58:39 +00:00			`}`

Refactor Influx OSS users 2017-02-19 06:54:52 +00:00			`for _, r := range revoke {`
			`if err := c.revokePermission(ctx, u.Name, r); err != nil {`
			`return err`
			`}`
			`}`
			`return nil`
			`}`

			`// All users in influx`
			`func (c *Client) All(ctx context.Context) ([]chronograf.User, error) {`
			`users, err := c.showUsers(ctx)`
			`if err != nil {`
Add Influx OSS implementation of users 2017-02-18 01:58:39 +00:00			`return nil, err`
			`}`

Refactor Influx OSS users 2017-02-19 06:54:52 +00:00			`// For all users we need to look up permissions to add to the user.`
Add Influx OSS implementation of users 2017-02-18 01:58:39 +00:00			`for i, user := range users {`
			`perms, err := c.userPermissions(ctx, user.Name)`
			`if err != nil {`
			`return nil, err`
			`}`

			`user.Permissions = append(user.Permissions, perms...)`
			`users[i] = user`
			`}`
			`return users, nil`
			`}`

WIP Add annotation store to influxdb 2018-01-09 23:15:12 +00:00			`// Num is the number of users in DB`
Add Num to UsersStore interface 2017-11-30 17:55:59 +00:00			`func (c *Client) Num(ctx context.Context) (int, error) {`
			`all, err := c.All(ctx)`
			`if err != nil {`
			`return 0, err`
			`}`

			`return len(all), nil`
			`}`

Refactor Influx OSS users 2017-02-19 06:54:52 +00:00			`// showUsers runs SHOW USERS InfluxQL command and returns chronograf users.`
			`func (c *Client) showUsers(ctx context.Context) ([]chronograf.User, error) {`
Add Influx OSS implementation of users 2017-02-18 01:58:39 +00:00			`res, err := c.Query(ctx, chronograf.Query{`
Refactor Influx OSS users 2017-02-19 06:54:52 +00:00			Command: `SHOW USERS`,
Add Influx OSS implementation of users 2017-02-18 01:58:39 +00:00			`})`
			`if err != nil {`
			`return nil, err`
			`}`
			`octets, err := res.MarshalJSON()`
			`if err != nil {`
			`return nil, err`
			`}`

			`results := showResults{}`
			`if err := json.Unmarshal(octets, &results); err != nil {`
			`return nil, err`
			`}`

Refactor Influx OSS users 2017-02-19 06:54:52 +00:00			`return results.Users(), nil`
Add Influx OSS implementation of users 2017-02-18 01:58:39 +00:00			`}`

Refactor Influx OSS users 2017-02-19 06:54:52 +00:00			`func (c *Client) grantPermission(ctx context.Context, username string, perm chronograf.Permission) error {`
			`query := ToGrant(username, perm)`
			`if query == "" {`
			`return nil`
Add Influx OSS implementation of users 2017-02-18 01:58:39 +00:00			`}`
Refactor Influx OSS users 2017-02-19 06:54:52 +00:00
			`_, err := c.Query(ctx, chronograf.Query{`
			`Command: query,`
			`})`
			`return err`
Add Influx OSS implementation of users 2017-02-18 01:58:39 +00:00			`}`

Refactor Influx OSS users 2017-02-19 06:54:52 +00:00			`func (c *Client) revokePermission(ctx context.Context, username string, perm chronograf.Permission) error {`
			`query := ToRevoke(username, perm)`
			`if query == "" {`
			`return nil`
Add Influx OSS implementation of users 2017-02-18 01:58:39 +00:00			`}`
Refactor Influx OSS users 2017-02-19 06:54:52 +00:00
			`_, err := c.Query(ctx, chronograf.Query{`
			`Command: query,`
			`})`
			`return err`
Add Influx OSS implementation of users 2017-02-18 01:58:39 +00:00			`}`

Refactor Influx OSS users 2017-02-19 06:54:52 +00:00			`func (c *Client) userPermissions(ctx context.Context, name string) (chronograf.Permissions, error) {`
			`res, err := c.Query(ctx, chronograf.Query{`
			Command: fmt.Sprintf(`SHOW GRANTS FOR "%s"`, name),
			`})`
			`if err != nil {`
			`return nil, err`
			`}`

			`octets, err := res.MarshalJSON()`
			`if err != nil {`
			`return nil, err`
Add Influx OSS implementation of users 2017-02-18 01:58:39 +00:00			`}`
Refactor Influx OSS users 2017-02-19 06:54:52 +00:00
			`results := showResults{}`
			`if err := json.Unmarshal(octets, &results); err != nil {`
			`return nil, err`
			`}`
			`return results.Permissions(), nil`
Add Influx OSS implementation of users 2017-02-18 01:58:39 +00:00			`}`
Add password changing for OSS users 2017-02-22 06:36:28 +00:00
			`func (c *Client) updatePassword(ctx context.Context, name, passwd string) error {`
			`res, err := c.Query(ctx, chronograf.Query{`
			Command: fmt.Sprintf(`SET PASSWORD for "%s" = '%s'`, name, passwd),
			`})`
			`if err != nil {`
			`return err`
			`}`
			`// The SET PASSWORD statements puts the error within the results itself`
			`// So, we have to crack open the results to see what happens`
			`octets, err := res.MarshalJSON()`
			`if err != nil {`
			`return err`
			`}`

			`results := make([]struct{ Error string }, 0)`
			`if err := json.Unmarshal(octets, &results); err != nil {`
			`return err`
			`}`

			`// At last, we can check if there are any error strings`
			`for _, r := range results {`
			`if r.Error != "" {`
			`return fmt.Errorf(r.Error)`
			`}`
			`}`
			`return nil`
			`}`