2019-02-19 23:47:19 +00:00
|
|
|
package kv
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
2020-03-20 11:03:00 +00:00
|
|
|
"encoding/json"
|
2019-05-16 15:30:36 +00:00
|
|
|
"time"
|
2019-02-19 23:47:19 +00:00
|
|
|
|
2019-12-06 03:55:26 +00:00
|
|
|
"github.com/benbjohnson/clock"
|
2020-04-03 17:39:20 +00:00
|
|
|
"github.com/influxdata/influxdb/v2"
|
|
|
|
"github.com/influxdata/influxdb/v2/rand"
|
|
|
|
"github.com/influxdata/influxdb/v2/resource"
|
|
|
|
"github.com/influxdata/influxdb/v2/resource/noop"
|
|
|
|
"github.com/influxdata/influxdb/v2/snowflake"
|
2019-12-06 03:55:26 +00:00
|
|
|
"go.uber.org/zap"
|
2019-02-19 23:47:19 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
var (
|
|
|
|
_ influxdb.UserService = (*Service)(nil)
|
|
|
|
)
|
|
|
|
|
|
|
|
// OpPrefix is the prefix for kv errors.
|
|
|
|
const OpPrefix = "kv/"
|
|
|
|
|
|
|
|
// Service is the struct that influxdb services are implemented on.
|
|
|
|
type Service struct {
|
2020-02-07 16:01:37 +00:00
|
|
|
kv Store
|
|
|
|
log *zap.Logger
|
|
|
|
clock clock.Clock
|
|
|
|
Config ServiceConfig
|
|
|
|
audit resource.Logger
|
2019-09-07 23:00:26 +00:00
|
|
|
IDGenerator influxdb.IDGenerator
|
|
|
|
|
|
|
|
// special ID generator that never returns bytes with backslash,
|
|
|
|
// comma, or space. Used to support very specific encoding of org &
|
|
|
|
// bucket into the old measurement in storage.
|
|
|
|
OrgBucketIDs influxdb.IDGenerator
|
|
|
|
|
2019-02-19 23:47:19 +00:00
|
|
|
TokenGenerator influxdb.TokenGenerator
|
2019-11-07 14:46:30 +00:00
|
|
|
// TODO(desa:ariel): this should not be embedded
|
2019-04-19 19:46:58 +00:00
|
|
|
influxdb.TimeGenerator
|
|
|
|
Hash Crypt
|
2019-12-26 04:55:04 +00:00
|
|
|
|
2019-12-31 03:11:53 +00:00
|
|
|
checkStore *IndexStore
|
2019-12-27 02:15:14 +00:00
|
|
|
endpointStore *IndexStore
|
|
|
|
variableStore *IndexStore
|
2020-03-18 12:23:51 +00:00
|
|
|
|
|
|
|
Migrator *Migrator
|
2020-03-20 11:03:00 +00:00
|
|
|
|
|
|
|
urmByUserIndex *Index
|
2020-04-03 16:02:51 +00:00
|
|
|
|
|
|
|
disableAuthorizationsForMaxPermissions func(context.Context) bool
|
2019-02-19 23:47:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// NewService returns an instance of a Service.
|
2019-12-04 23:10:23 +00:00
|
|
|
func NewService(log *zap.Logger, kv Store, configs ...ServiceConfig) *Service {
|
2019-05-15 17:16:47 +00:00
|
|
|
s := &Service{
|
2019-12-04 23:10:23 +00:00
|
|
|
log: log,
|
2019-09-07 23:00:26 +00:00
|
|
|
IDGenerator: snowflake.NewIDGenerator(),
|
|
|
|
// Seed the random number generator with the current time
|
|
|
|
OrgBucketIDs: rand.NewOrgBucketID(time.Now().UnixNano()),
|
2019-02-19 23:47:19 +00:00
|
|
|
TokenGenerator: rand.NewTokenGenerator(64),
|
|
|
|
Hash: &Bcrypt{},
|
|
|
|
kv: kv,
|
2020-01-13 14:22:52 +00:00
|
|
|
audit: noop.ResourceLogger{},
|
2019-04-19 19:46:58 +00:00
|
|
|
TimeGenerator: influxdb.RealTimeGenerator{},
|
2019-12-31 03:11:53 +00:00
|
|
|
checkStore: newCheckStore(),
|
2019-12-27 02:15:14 +00:00
|
|
|
endpointStore: newEndpointStore(),
|
2019-12-31 03:11:53 +00:00
|
|
|
variableStore: newVariableStore(),
|
2020-03-18 12:23:51 +00:00
|
|
|
Migrator: NewMigrator(log),
|
2020-03-20 11:03:00 +00:00
|
|
|
urmByUserIndex: NewIndex(NewIndexMapping(
|
|
|
|
urmBucket,
|
|
|
|
urmByUserIndexBucket,
|
|
|
|
func(v []byte) ([]byte, error) {
|
|
|
|
var urm influxdb.UserResourceMapping
|
|
|
|
if err := json.Unmarshal(v, &urm); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
id, _ := urm.UserID.Encode()
|
|
|
|
return id, nil
|
|
|
|
},
|
|
|
|
)),
|
2020-04-03 16:02:51 +00:00
|
|
|
disableAuthorizationsForMaxPermissions: func(context.Context) bool {
|
|
|
|
return false
|
|
|
|
},
|
2019-02-19 23:47:19 +00:00
|
|
|
}
|
2019-05-15 17:16:47 +00:00
|
|
|
|
2020-03-18 12:23:51 +00:00
|
|
|
// kv service migrations
|
|
|
|
s.Migrator.AddMigrations(
|
|
|
|
// initial migration is the state of the world when
|
|
|
|
// the migrator was introduced.
|
|
|
|
NewAnonymousMigration(
|
|
|
|
"initial migration",
|
|
|
|
s.initializeAll,
|
|
|
|
// down is a noop
|
|
|
|
func(context.Context, Store) error {
|
|
|
|
return nil
|
|
|
|
},
|
|
|
|
),
|
2020-03-20 11:03:00 +00:00
|
|
|
// add index user resource mappings by user id
|
|
|
|
s.urmByUserIndex.Migration(),
|
2020-03-18 12:23:51 +00:00
|
|
|
// and new migrations below here (and move this comment down):
|
|
|
|
)
|
|
|
|
|
2019-05-15 17:16:47 +00:00
|
|
|
if len(configs) > 0 {
|
|
|
|
s.Config = configs[0]
|
2020-04-01 20:02:22 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if s.Config.SessionLength == 0 {
|
2019-05-15 17:16:47 +00:00
|
|
|
s.Config.SessionLength = influxdb.DefaultSessionLength
|
|
|
|
}
|
|
|
|
|
2019-12-06 03:55:26 +00:00
|
|
|
s.clock = s.Config.Clock
|
|
|
|
if s.clock == nil {
|
|
|
|
s.clock = clock.New()
|
|
|
|
}
|
|
|
|
|
2020-03-20 11:03:00 +00:00
|
|
|
if s.Config.URMByUserIndexReadPathEnabled {
|
|
|
|
WithIndexReadPathEnabled(s.urmByUserIndex)
|
|
|
|
}
|
|
|
|
|
2019-05-15 17:16:47 +00:00
|
|
|
return s
|
|
|
|
}
|
|
|
|
|
|
|
|
// ServiceConfig allows us to configure Services
|
|
|
|
type ServiceConfig struct {
|
2020-03-20 11:03:00 +00:00
|
|
|
SessionLength time.Duration
|
|
|
|
Clock clock.Clock
|
|
|
|
URMByUserIndexReadPathEnabled bool
|
2019-02-19 23:47:19 +00:00
|
|
|
}
|
|
|
|
|
2020-03-18 12:23:51 +00:00
|
|
|
// AutoMigrationStore is a Store which also describes whether or not
|
|
|
|
// migrations can be applied automatically.
|
|
|
|
// Given the AutoMigrate method is defined and it returns a non-nil kv.Store
|
|
|
|
// implementation, then it will automatically invoke migrator.Up(store)
|
|
|
|
// on the returned kv.Store during Service.Initialize(...).
|
|
|
|
type AutoMigrationStore interface {
|
|
|
|
Store
|
|
|
|
AutoMigrate() Store
|
|
|
|
}
|
|
|
|
|
2019-02-19 23:47:19 +00:00
|
|
|
// Initialize creates Buckets needed.
|
|
|
|
func (s *Service) Initialize(ctx context.Context) error {
|
2020-03-18 12:23:51 +00:00
|
|
|
if err := s.Migrator.Initialize(ctx, s.kv); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
// if store implements auto migrate and the resulting Store from
|
|
|
|
// AutoMigrate() is non-nil, apply migrator.Up() to the resulting store.
|
|
|
|
if store, ok := s.kv.(AutoMigrationStore); ok {
|
|
|
|
if migrateStore := store.AutoMigrate(); migrateStore != nil {
|
|
|
|
return s.Migrator.Up(ctx, migrateStore)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Service) initializeAll(ctx context.Context, store Store) error {
|
|
|
|
// please do not initialize anymore buckets here
|
|
|
|
// add them as a new migration to the list of migrations
|
|
|
|
// defined in NewService.
|
|
|
|
if err := store.Update(ctx, func(tx Tx) error {
|
2019-02-19 23:47:19 +00:00
|
|
|
if err := s.initializeAuths(ctx, tx); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2019-03-04 17:41:24 +00:00
|
|
|
if err := s.initializeDocuments(ctx, tx); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2019-02-19 23:47:19 +00:00
|
|
|
if err := s.initializeBuckets(ctx, tx); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := s.initializeDashboards(ctx, tx); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := s.initializeKVLog(ctx, tx); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := s.initializeLabels(ctx, tx); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := s.initializeOnboarding(ctx, tx); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := s.initializeOrgs(ctx, tx); err != nil {
|
|
|
|
return err
|
2019-04-09 22:52:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if err := s.initializeTasks(ctx, tx); err != nil {
|
|
|
|
return err
|
2019-02-19 23:47:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if err := s.initializePasswords(ctx, tx); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := s.initializeScraperTargets(ctx, tx); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := s.initializeSecrets(ctx, tx); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := s.initializeSessions(ctx, tx); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := s.initializeSources(ctx, tx); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := s.initializeTelegraf(ctx, tx); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := s.initializeURMs(ctx, tx); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2019-12-27 02:15:14 +00:00
|
|
|
if err := s.variableStore.Init(ctx, tx); err != nil {
|
2019-02-19 23:47:19 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2019-12-31 18:28:26 +00:00
|
|
|
if err := s.initializeVariablesOrgIndex(tx); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2019-12-31 03:11:53 +00:00
|
|
|
if err := s.checkStore.Init(ctx, tx); err != nil {
|
2019-07-19 17:43:29 +00:00
|
|
|
return err
|
2019-12-31 03:11:53 +00:00
|
|
|
|
2019-07-19 17:43:29 +00:00
|
|
|
}
|
|
|
|
|
2019-07-24 02:46:42 +00:00
|
|
|
if err := s.initializeNotificationRule(ctx, tx); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2019-12-27 02:15:14 +00:00
|
|
|
if err := s.endpointStore.Init(ctx, tx); err != nil {
|
2019-08-09 15:25:07 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2019-02-19 23:47:19 +00:00
|
|
|
return s.initializeUsers(ctx, tx)
|
2020-03-18 12:23:51 +00:00
|
|
|
}); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2020-02-07 16:01:37 +00:00
|
|
|
|
2020-03-18 12:23:51 +00:00
|
|
|
return nil
|
2020-02-07 16:01:37 +00:00
|
|
|
}
|
|
|
|
|
2020-01-13 14:22:52 +00:00
|
|
|
// WithResourceLogger sets the resource audit logger for the service.
|
|
|
|
func (s *Service) WithResourceLogger(audit resource.Logger) {
|
|
|
|
s.audit = audit
|
|
|
|
}
|
|
|
|
|
2019-02-19 23:47:19 +00:00
|
|
|
// WithStore sets kv store for the service.
|
|
|
|
// Should only be used in tests for mocking.
|
|
|
|
func (s *Service) WithStore(store Store) {
|
|
|
|
s.kv = store
|
|
|
|
}
|
2019-09-07 23:00:26 +00:00
|
|
|
|
|
|
|
// WithSpecialOrgBucketIDs sets the generator for the org
|
|
|
|
// and bucket ids.
|
|
|
|
//
|
|
|
|
// Should only be used in tests for mocking.
|
|
|
|
func (s *Service) WithSpecialOrgBucketIDs(gen influxdb.IDGenerator) {
|
|
|
|
s.OrgBucketIDs = gen
|
|
|
|
}
|
2020-04-03 16:02:51 +00:00
|
|
|
|
|
|
|
// WithMaxPermissionFunc sets the useAuthorizationsForMaxPermissions function
|
|
|
|
// which can trigger whether or not max permissions uses the users authorizations
|
|
|
|
// to derive maximum permissions.
|
|
|
|
func (s *Service) WithMaxPermissionFunc(fn func(context.Context) bool) {
|
|
|
|
s.disableAuthorizationsForMaxPermissions = fn
|
|
|
|
}
|