Influxdata
/
influxdb
mirror of https://github.com/influxdata/influxdb.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

feat(auth): allow authorizations to be enabled/disabled

pull/10616/head
Chris Goller 2018-08-27 14:18:11 -05:00
parent a8018532b2
commit 8fa72fa35b
15 changed files with 286 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
auth.go
View File

@ -9,6 +9,7 @@ import (
type Authorization struct { type Authorization struct {
ID ID `json:"id"` ID ID `json:"id"`
Token string `json:"token"` Token string `json:"token"`
Disabled bool `json:"disabled"`
User string `json:"user,omitempty"` User string `json:"user,omitempty"`
UserID ID `json:"userID,omitempty"` UserID ID `json:"userID,omitempty"`
Permissions []Permission `json:"permissions"` Permissions []Permission `json:"permissions"`
@ -29,6 +30,12 @@ type AuthorizationService interface {
// Creates a new authorization and sets a.Token and a.UserID with the new identifier. // Creates a new authorization and sets a.Token and a.UserID with the new identifier.
CreateAuthorization(ctx context.Context, a *Authorization) error CreateAuthorization(ctx context.Context, a *Authorization) error
// DisableAuthorization updates the token to be disabled.
DisableAuthorization(ctx context.Context, id ID) error
// EnableAuthorization updates the token to be enabled.
EnableAuthorization(ctx context.Context, id ID) error
// Removes a authorization by token. // Removes a authorization by token.
DeleteAuthorization(ctx context.Context, id ID) error DeleteAuthorization(ctx context.Context, id ID) error
} }
@ -85,19 +92,19 @@ func (p Permission) String() string {
} }
var ( var (
// CreateUser is a permission for creating users. // CreateUserPermission is a permission for creating users.
CreateUserPermission = Permission{ CreateUserPermission = Permission{
Action: CreateAction, Action: CreateAction,
Resource: UserResource, Resource: UserResource,
} }
// DeleteUser is a permission for deleting users. // DeleteUserPermission is a permission for deleting users.
DeleteUserPermission = Permission{ DeleteUserPermission = Permission{
Action: DeleteAction, Action: DeleteAction,
Resource: UserResource, Resource: UserResource,
} }
) )
// ReadBucket constructs a permission for reading a bucket. // ReadBucketPermission constructs a permission for reading a bucket.
func ReadBucketPermission(id ID) Permission { func ReadBucketPermission(id ID) Permission {
return Permission{ return Permission{
Action: ReadAction, Action: ReadAction,
@ -105,7 +112,7 @@ func ReadBucketPermission(id ID) Permission {
} }
} }
// WriteBucket constructs a permission for writing to a bucket. // WriteBucketPermission constructs a permission for writing to a bucket.
func WriteBucketPermission(id ID) Permission { func WriteBucketPermission(id ID) Permission {
return Permission{ return Permission{
Action: WriteAction, Action: WriteAction,
@ -113,9 +120,14 @@ func WriteBucketPermission(id ID) Permission {
} }
} }
// Allowed returns true if the permission exists in a list of permissions. // Allowed returns true if the authorization is enabled and requested permission level
func Allowed(req Permission, ps []Permission) bool { // exists in the authorization's list of permissions.
for _, p := range ps { func Allowed(req Permission, auth *Authorization) bool {
if auth.Disabled {
return false
}
for _, p := range auth.Permissions {
if p.Action == req.Action && p.Resource == req.Resource { if p.Action == req.Action && p.Resource == req.Resource {
return true return true
} }

31
bolt/authorization.go
View File

@ -281,3 +281,34 @@ func (c *Client) deleteAuthorization(ctx context.Context, tx *bolt.Tx, id platfo
} }
return tx.Bucket(authorizationBucket).Delete(id) return tx.Bucket(authorizationBucket).Delete(id)
} }
// DisableAuthorization disables the authorization by setting the disabled field to true.
func (c *Client) DisableAuthorization(ctx context.Context, id platform.ID) error {
return c.db.Update(func(tx *bolt.Tx) error {
isDisabled := true
return c.updateAuthorization(ctx, tx, id, isDisabled)
})
}
// EnableAuthorization enables the authorization by setting the disabled field to false.
func (c *Client) EnableAuthorization(ctx context.Context, id platform.ID) error {
return c.db.Update(func(tx *bolt.Tx) error {
isDisabled := false
return c.updateAuthorization(ctx, tx, id, isDisabled)
})
}
func (c *Client) updateAuthorization(ctx context.Context, tx *bolt.Tx, id platform.ID, isDisabled bool) error {
a, err := c.findAuthorizationByID(ctx, tx, id)
if err != nil {
return err
}
a.Disabled = isDisabled
b, err := json.Marshal(a)
if err != nil {
return err
}
return tx.Bucket(authorizationBucket).Put(a.ID, b)
}

135
http/auth_service.go
View File

@ -32,6 +32,7 @@ func NewAuthorizationHandler() *AuthorizationHandler {
h.HandlerFunc("POST", "/v1/authorizations", h.handlePostAuthorization) h.HandlerFunc("POST", "/v1/authorizations", h.handlePostAuthorization)
h.HandlerFunc("GET", "/v1/authorizations", h.handleGetAuthorizations) h.HandlerFunc("GET", "/v1/authorizations", h.handleGetAuthorizations)
h.HandlerFunc("GET", "/v1/authorizations/:id", h.handleGetAuthorization) h.HandlerFunc("GET", "/v1/authorizations/:id", h.handleGetAuthorization)
h.HandlerFunc("PATCH", "/v1/authorizations/:id", h.handleEnableDisableAuthorization)
h.HandlerFunc("DELETE", "/v1/authorizations/:id", h.handleDeleteAuthorization) h.HandlerFunc("DELETE", "/v1/authorizations/:id", h.handleDeleteAuthorization)
return h return h
} }
@ -181,6 +182,79 @@ func decodeGetAuthorizationRequest(ctx context.Context, r *http.Request) (*getAu
}, nil }, nil
} }
// handleEnableDisableAuthorization is the HTTP handler for the PATCH /v1/authorizations/:id route.
func (h *AuthorizationHandler) handleEnableDisableAuthorization(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
req, err := decodeUpdateAuthorizationRequest(ctx, r)
if err != nil {
h.Logger.Info("failed to decode request", zap.String("handler", "updateAuthorization"), zap.Error(err))
EncodeError(ctx, err, w)
return
}
a, err := h.AuthorizationService.FindAuthorizationByID(ctx, req.ID)
if err != nil {
EncodeError(ctx, err, w)
return
}
if req.Disabled == a.Disabled {
if err := encodeResponse(ctx, w, http.StatusOK, a); err != nil {
h.Logger.Info("failed to encode response", zap.String("handler", "updateAuthorization"), zap.Error(err))
EncodeError(ctx, err, w)
return
}
return
}
if req.Disabled {
if err := h.AuthorizationService.DisableAuthorization(ctx, req.ID); err != nil {
EncodeError(ctx, err, w)
return
}
} else {
if err := h.AuthorizationService.EnableAuthorization(ctx, req.ID); err != nil {
EncodeError(ctx, err, w)
return
}
}
if err := encodeResponse(ctx, w, http.StatusOK, a); err != nil {
h.Logger.Info("failed to encode response", zap.String("handler", "updateAuthorization"), zap.Error(err))
EncodeError(ctx, err, w)
return
}
}
type updateAuthorizationRequest struct {
ID platform.ID
Disabled bool
}
func decodeUpdateAuthorizationRequest(ctx context.Context, r *http.Request) (*updateAuthorizationRequest, error) {
params := httprouter.ParamsFromContext(ctx)
id := params.ByName("id")
if id == "" {
return nil, kerrors.InvalidDataf("url missing id")
}
var i platform.ID
if err := i.DecodeFromString(id); err != nil {
return nil, err
}
a := &platform.Authorization{}
if err := json.NewDecoder(r.Body).Decode(a); err != nil {
return nil, err
}
return &updateAuthorizationRequest{
ID: i,
Disabled: a.Disabled,
}, nil
}
// handleDeleteAuthorization is the HTTP handler for the DELETE /v1/authorizations/:id route. // handleDeleteAuthorization is the HTTP handler for the DELETE /v1/authorizations/:id route.
func (h *AuthorizationHandler) handleDeleteAuthorization(w http.ResponseWriter, r *http.Request) { func (h *AuthorizationHandler) handleDeleteAuthorization(w http.ResponseWriter, r *http.Request) {
ctx := r.Context() ctx := r.Context()
@ -231,6 +305,7 @@ type AuthorizationService struct {
var _ platform.AuthorizationService = (*AuthorizationService)(nil) var _ platform.AuthorizationService = (*AuthorizationService)(nil)
// FindAuthorizationByID finds the authorization against a remote influx server.
func (s *AuthorizationService) FindAuthorizationByID(ctx context.Context, id platform.ID) (*platform.Authorization, error) { func (s *AuthorizationService) FindAuthorizationByID(ctx context.Context, id platform.ID) (*platform.Authorization, error) {
u, err := newURL(s.Addr, authorizationIDPath(id)) u, err := newURL(s.Addr, authorizationIDPath(id))
if err != nil { if err != nil {
@ -241,7 +316,7 @@ func (s *AuthorizationService) FindAuthorizationByID(ctx context.Context, id pla
if err != nil { if err != nil {
return nil, err return nil, err
} }
req.Header.Set("Authorization", s.Token) SetToken(s.Token, req)
hc := newClient(u.Scheme, s.InsecureSkipVerify) hc := newClient(u.Scheme, s.InsecureSkipVerify)
resp, err := hc.Do(req) resp, err := hc.Do(req)
@ -295,7 +370,7 @@ func (s *AuthorizationService) FindAuthorizations(ctx context.Context, filter pl
} }
req.URL.RawQuery = query.Encode() req.URL.RawQuery = query.Encode()
req.Header.Set("Authorization", s.Token) SetToken(s.Token, req)
hc := newClient(u.Scheme, s.InsecureSkipVerify) hc := newClient(u.Scheme, s.InsecureSkipVerify)
resp, err := hc.Do(req) resp, err := hc.Do(req)
@ -338,7 +413,7 @@ func (s *AuthorizationService) CreateAuthorization(ctx context.Context, a *platf
} }
req.Header.Set("Content-Type", "application/json") req.Header.Set("Content-Type", "application/json")
req.Header.Set("Authorization", s.Token) SetToken(s.Token, req)
hc := newClient(u.Scheme, s.InsecureSkipVerify) hc := newClient(u.Scheme, s.InsecureSkipVerify)
@ -359,6 +434,58 @@ func (s *AuthorizationService) CreateAuthorization(ctx context.Context, a *platf
return nil return nil
} }
type enableDisableAuthorizationRequest struct {
Disabled bool `json:"disabled"`
}
// updateAuthorization enables or disables authorization.
func (s *AuthorizationService) updateAuthorization(ctx context.Context, id platform.ID, disabled bool) error {
u, err := newURL(s.Addr, authorizationIDPath(id))
if err != nil {
return err
}
b, err := json.Marshal(enableDisableAuthorizationRequest{
Disabled: disabled,
})
if err != nil {
return err
}
req, err := http.NewRequest("PATCH", u.String(), bytes.NewReader(b))
if err != nil {
return err
}
req.Header.Set("Content-Type", "application/json")
SetToken(s.Token, req)
hc := newClient(u.Scheme, s.InsecureSkipVerify)
resp, err := hc.Do(req)
if err != nil {
return err
}
if err := CheckError(resp); err != nil {
return err
}
return nil
}
// EnableAuthorization enables a disabled authorization.
func (s *AuthorizationService) EnableAuthorization(ctx context.Context, id platform.ID) error {
isDisabled := false
return s.updateAuthorization(ctx, id, isDisabled)
}
// DisableAuthorization disables an enabled authorization.
func (s *AuthorizationService) DisableAuthorization(ctx context.Context, id platform.ID) error {
isDisabled := true
return s.updateAuthorization(ctx, id, isDisabled)
}
// DeleteAuthorization removes a authorization by id. // DeleteAuthorization removes a authorization by id.
func (s *AuthorizationService) DeleteAuthorization(ctx context.Context, id platform.ID) error { func (s *AuthorizationService) DeleteAuthorization(ctx context.Context, id platform.ID) error {
u, err := newURL(s.Addr, authorizationIDPath(id)) u, err := newURL(s.Addr, authorizationIDPath(id))
@ -370,7 +497,7 @@ func (s *AuthorizationService) DeleteAuthorization(ctx context.Context, id platf
if err != nil { if err != nil {
return err return err
} }
req.Header.Set("Authorization", s.Token) SetToken(s.Token, req)
hc := newClient(u.Scheme, s.InsecureSkipVerify) hc := newClient(u.Scheme, s.InsecureSkipVerify)
resp, err := hc.Do(req) resp, err := hc.Do(req)

10
http/bucket_service.go
View File

@ -281,7 +281,7 @@ func (s *BucketService) FindBucketByID(ctx context.Context, id platform.ID) (*pl
if err != nil { if err != nil {
return nil, err return nil, err
} }
req.Header.Set("Authorization", s.Token) SetToken(s.Token, req)
hc := newClient(u.Scheme, s.InsecureSkipVerify) hc := newClient(u.Scheme, s.InsecureSkipVerify)
resp, err := hc.Do(req) resp, err := hc.Do(req)
@ -344,7 +344,7 @@ func (s *BucketService) FindBuckets(ctx context.Context, filter platform.BucketF
} }
req.URL.RawQuery = query.Encode() req.URL.RawQuery = query.Encode()
req.Header.Set("Authorization", s.Token) SetToken(s.Token, req)
hc := newClient(u.Scheme, s.InsecureSkipVerify) hc := newClient(u.Scheme, s.InsecureSkipVerify)
resp, err := hc.Do(req) resp, err := hc.Do(req)
@ -383,7 +383,7 @@ func (s *BucketService) CreateBucket(ctx context.Context, b *platform.Bucket) er
} }
req.Header.Set("Content-Type", "application/json") req.Header.Set("Content-Type", "application/json")
req.Header.Set("Authorization", s.Token) SetToken(s.Token, req)
hc := newClient(u.Scheme, s.InsecureSkipVerify) hc := newClient(u.Scheme, s.InsecureSkipVerify)
@ -423,7 +423,7 @@ func (s *BucketService) UpdateBucket(ctx context.Context, id platform.ID, upd pl
} }
req.Header.Set("Content-Type", "application/json") req.Header.Set("Content-Type", "application/json")
req.Header.Set("Authorization", s.Token) SetToken(s.Token, req)
hc := newClient(u.Scheme, s.InsecureSkipVerify) hc := newClient(u.Scheme, s.InsecureSkipVerify)
@ -456,7 +456,7 @@ func (s *BucketService) DeleteBucket(ctx context.Context, id platform.ID) error
if err != nil { if err != nil {
return err return err
} }
req.Header.Set("Authorization", s.Token) SetToken(s.Token, req)
hc := newClient(u.Scheme, s.InsecureSkipVerify) hc := newClient(u.Scheme, s.InsecureSkipVerify)
resp, err := hc.Do(req) resp, err := hc.Do(req)

8
http/org_service.go
View File

@ -298,7 +298,7 @@ func (s *OrganizationService) FindOrganizations(ctx context.Context, filter plat
return nil, 0, err return nil, 0, err
} }
req.Header.Set("Authorization", s.Token) SetToken(s.Token, req)
hc := newClient(url.Scheme, s.InsecureSkipVerify) hc := newClient(url.Scheme, s.InsecureSkipVerify)
resp, err := hc.Do(req) resp, err := hc.Do(req)
@ -341,7 +341,7 @@ func (s *OrganizationService) CreateOrganization(ctx context.Context, o *platfor
} }
req.Header.Set("Content-Type", "application/json") req.Header.Set("Content-Type", "application/json")
req.Header.Set("Authorization", s.Token) SetToken(s.Token, req)
hc := newClient(url.Scheme, s.InsecureSkipVerify) hc := newClient(url.Scheme, s.InsecureSkipVerify)
@ -379,7 +379,7 @@ func (s *OrganizationService) UpdateOrganization(ctx context.Context, id platfor
} }
req.Header.Set("Content-Type", "application/json") req.Header.Set("Content-Type", "application/json")
req.Header.Set("Authorization", s.Token) SetToken(s.Token, req)
hc := newClient(u.Scheme, s.InsecureSkipVerify) hc := newClient(u.Scheme, s.InsecureSkipVerify)
@ -411,7 +411,7 @@ func (s *OrganizationService) DeleteOrganization(ctx context.Context, id platfor
if err != nil { if err != nil {
return err return err
} }
req.Header.Set("Authorization", s.Token) SetToken(s.Token, req)
hc := newClient(u.Scheme, s.InsecureSkipVerify) hc := newClient(u.Scheme, s.InsecureSkipVerify)
resp, err := hc.Do(req) resp, err := hc.Do(req)

2
http/platform_handler.go
View File

@ -143,7 +143,7 @@ func (h *PlatformHandler) PrometheusCollectors() []prometheus.Collector {
} }
func extractAuthorization(ctx context.Context, r *nethttp.Request) (context.Context, error) { func extractAuthorization(ctx context.Context, r *nethttp.Request) (context.Context, error) {
t, err := ParseAuthHeaderToken(r) t, err := GetToken(r)
if err != nil { if err != nil {
return ctx, err return ctx, err
} }

2
http/proxy_query_service.go
View File

@ -103,7 +103,7 @@ func (s *ProxyQueryService) Query(ctx context.Context, w io.Writer, req *query.P
if err != nil { if err != nil {
return 0, err return 0, err
} }
hreq.Header.Set("Authorization", s.Token) SetToken(s.Token, hreq)
hreq = hreq.WithContext(ctx) hreq = hreq.WithContext(ctx)
hc := newClient(u.Scheme, s.InsecureSkipVerify) hc := newClient(u.Scheme, s.InsecureSkipVerify)

2
http/query_service.go
View File

@ -139,7 +139,7 @@ func (s *QueryService) Query(ctx context.Context, req *query.Request) (query.Res
if err != nil { if err != nil {
return nil, err return nil, err
} }
hreq.Header.Set("Authorization", s.Token) SetToken(s.Token, hreq)
hreq = hreq.WithContext(ctx) hreq = hreq.WithContext(ctx)
hc := newClient(u.Scheme, s.InsecureSkipVerify) hc := newClient(u.Scheme, s.InsecureSkipVerify)

10
http/source_service.go
View File

@ -467,7 +467,7 @@ func (s *SourceService) FindSourceByID(ctx context.Context, id platform.ID) (*pl
if err != nil { if err != nil {
return nil, err return nil, err
} }
req.Header.Set("Authorization", s.Token) SetToken(s.Token, req)
hc := newClient(u.Scheme, s.InsecureSkipVerify) hc := newClient(u.Scheme, s.InsecureSkipVerify)
resp, err := hc.Do(req) resp, err := hc.Do(req)
@ -501,7 +501,7 @@ func (s *SourceService) FindSources(ctx context.Context, opt platform.FindOption
return nil, 0, err return nil, 0, err
} }
req.Header.Set("Authorization", s.Token) SetToken(s.Token, req)
hc := newClient(u.Scheme, s.InsecureSkipVerify) hc := newClient(u.Scheme, s.InsecureSkipVerify)
resp, err := hc.Do(req) resp, err := hc.Do(req)
@ -540,7 +540,7 @@ func (s *SourceService) CreateSource(ctx context.Context, b *platform.Source) er
} }
req.Header.Set("Content-Type", "application/json") req.Header.Set("Content-Type", "application/json")
req.Header.Set("Authorization", s.Token) SetToken(s.Token, req)
hc := newClient(u.Scheme, s.InsecureSkipVerify) hc := newClient(u.Scheme, s.InsecureSkipVerify)
@ -580,7 +580,7 @@ func (s *SourceService) UpdateSource(ctx context.Context, id platform.ID, upd pl
} }
req.Header.Set("Content-Type", "application/json") req.Header.Set("Content-Type", "application/json")
req.Header.Set("Authorization", s.Token) SetToken(s.Token, req)
hc := newClient(u.Scheme, s.InsecureSkipVerify) hc := newClient(u.Scheme, s.InsecureSkipVerify)
@ -613,7 +613,7 @@ func (s *SourceService) DeleteSource(ctx context.Context, id platform.ID) error
if err != nil { if err != nil {
return err return err
} }
req.Header.Set("Authorization", s.Token) SetToken(s.Token, req)
hc := newClient(u.Scheme, s.InsecureSkipVerify) hc := newClient(u.Scheme, s.InsecureSkipVerify)
resp, err := hc.Do(req) resp, err := hc.Do(req)

14
http/token_parser.go → http/tokens.go
View File

@ -2,20 +2,21 @@ package http
import ( import (
"errors" "errors"
"fmt"
"net/http" "net/http"
"strings" "strings"
) )
const tokenScheme = "Token " const tokenScheme = "Token " // TODO(goller): I'd like this to be Bearer
// errors // errors
var ( var (
ErrAuthHeaderMissing = errors.New("Authorization Header is missing") ErrAuthHeaderMissing = errors.New("Authorization Header is missing")
ErrAuthBadScheme = errors.New("Authorization Header Scheme has to Token") ErrAuthBadScheme = errors.New("Authorization Header Scheme is invalid")
) )
// ParseAuthHeaderToken will parse the token from http Authorization Header. // GetToken will parse the token from http Authorization Header.
func ParseAuthHeaderToken(r *http.Request) (string, error) { func GetToken(r *http.Request) (string, error) {
header := r.Header.Get("Authorization") header := r.Header.Get("Authorization")
if header == "" { if header == "" {
return "", ErrAuthHeaderMissing return "", ErrAuthHeaderMissing
@ -25,3 +26,8 @@ func ParseAuthHeaderToken(r *http.Request) (string, error) {
} }
return header[len(tokenScheme):], nil return header[len(tokenScheme):], nil
} }
// SetToken adds the token to the request.
func SetToken(token string, req *http.Request) {
req.Header.Set("Authorization", fmt.Sprintf("%s%s", tokenScheme, token))
}

37
http/token_parse_test.go → http/tokens_test.go
View File

@ -2,10 +2,19 @@ package http
import ( import (
"net/http" "net/http"
"net/http/httptest"
"testing" "testing"
) )
func TestParseAuthHeader(t *testing.T) { func tokenRequest(token string) *http.Request {
req := httptest.NewRequest("GET", "/", nil)
if token != "" {
SetToken(token, req)
}
return req
}
func TestGetToken(t *testing.T) {
type args struct { type args struct {
header string header string
} }
@ -62,7 +71,7 @@ func TestParseAuthHeader(t *testing.T) {
Header: make(http.Header), Header: make(http.Header),
} }
req.Header.Set("Authorization", tt.args.header) req.Header.Set("Authorization", tt.args.header)
result, err := ParseAuthHeaderToken(req) result, err := GetToken(req)
if err != tt.wants.err { if err != tt.wants.err {
t.Errorf("err incorrect want %v, got %v", tt.wants.err, err) t.Errorf("err incorrect want %v, got %v", tt.wants.err, err)
return return
@ -74,3 +83,27 @@ func TestParseAuthHeader(t *testing.T) {
} }
} }
func TestSetToken(t *testing.T) {
tests := []struct {
name string
token string
req *http.Request
want string
}{
{
name: "adding token to Authorization header",
token: "1234",
req: httptest.NewRequest("GET", "/", nil),
want: "Token 1234",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
SetToken(tt.token, tt.req)
if got := tt.req.Header.Get("Authorization"); got != tt.want {
t.Errorf("SetToken() want %s, got %s", tt.want, got)
}
})
}
}

10
http/user_service.go
View File

@ -265,7 +265,7 @@ func (s *UserService) FindUserByID(ctx context.Context, id platform.ID) (*platfo
if err != nil { if err != nil {
return nil, err return nil, err
} }
req.Header.Set("Authorization", s.Token) SetToken(s.Token, req)
hc := newClient(url.Scheme, s.InsecureSkipVerify) hc := newClient(url.Scheme, s.InsecureSkipVerify)
resp, err := hc.Do(req) resp, err := hc.Do(req)
@ -322,7 +322,7 @@ func (s *UserService) FindUsers(ctx context.Context, filter platform.UserFilter,
} }
req.URL.RawQuery = query.Encode() req.URL.RawQuery = query.Encode()
req.Header.Set("Authorization", s.Token) SetToken(s.Token, req)
hc := newClient(url.Scheme, s.InsecureSkipVerify) hc := newClient(url.Scheme, s.InsecureSkipVerify)
resp, err := hc.Do(req) resp, err := hc.Do(req)
@ -364,7 +364,7 @@ func (s *UserService) CreateUser(ctx context.Context, u *platform.User) error {
} }
req.Header.Set("Content-Type", "application/json") req.Header.Set("Content-Type", "application/json")
req.Header.Set("Authorization", s.Token) SetToken(s.Token, req)
hc := newClient(url.Scheme, s.InsecureSkipVerify) hc := newClient(url.Scheme, s.InsecureSkipVerify)
@ -404,7 +404,7 @@ func (s *UserService) UpdateUser(ctx context.Context, id platform.ID, upd platfo
} }
req.Header.Set("Content-Type", "application/json") req.Header.Set("Content-Type", "application/json")
req.Header.Set("Authorization", s.Token) SetToken(s.Token, req)
hc := newClient(url.Scheme, s.InsecureSkipVerify) hc := newClient(url.Scheme, s.InsecureSkipVerify)
@ -437,7 +437,7 @@ func (s *UserService) DeleteUser(ctx context.Context, id platform.ID) error {
if err != nil { if err != nil {
return err return err
} }
req.Header.Set("Authorization", s.Token) SetToken(s.Token, req)
hc := newClient(url.Scheme, s.InsecureSkipVerify) hc := newClient(url.Scheme, s.InsecureSkipVerify)
resp, err := hc.Do(req) resp, err := hc.Do(req)

29
prometheus/auth_service.go
View File

@ -109,6 +109,35 @@ func (s *AuthorizationService) DeleteAuthorization(ctx context.Context, id platf
return s.AuthorizationService.DeleteAuthorization(ctx, id) return s.AuthorizationService.DeleteAuthorization(ctx, id)
} }
// DisableAuthorization disables an authorization, records function call latency, and counts function calls.
func (s *AuthorizationService) DisableAuthorization(ctx context.Context, id platform.ID) (err error) {
defer func(start time.Time) {
labels := prometheus.Labels{
"method": "DisableAuthorization",
"error": fmt.Sprint(err != nil),
}
s.requestCount.With(labels).Add(1)
s.requestDuration.With(labels).Observe(time.Since(start).Seconds())
}(time.Now())
return s.AuthorizationService.DisableAuthorization(ctx, id)
}
// EnableAuthorization enables an authorization, records function call latency, and counts function calls.
func (s *AuthorizationService) EnableAuthorization(ctx context.Context, id platform.ID) (err error) {
defer func(start time.Time) {
labels := prometheus.Labels{
"method": "EnableAuthorization",
"error": fmt.Sprint(err != nil),
}
s.requestCount.With(labels).Add(1)
s.requestDuration.With(labels).Observe(time.Since(start).Seconds())
}(time.Now())
return s.AuthorizationService.EnableAuthorization(ctx, id)
}
// PrometheusCollectors returns all authorization service prometheus collectors.
func (s *AuthorizationService) PrometheusCollectors() []prometheus.Collector { func (s *AuthorizationService) PrometheusCollectors() []prometheus.Collector {
return []prometheus.Collector{ return []prometheus.Collector{
s.requestCount, s.requestCount,

8
prometheus/auth_service_test.go
View File

@ -38,6 +38,14 @@ func (a *authzSvc) DeleteAuthorization(context.Context, platform.ID) error {
return a.Err return a.Err
} }
func (a *authzSvc) DisableAuthorization(context.Context, platform.ID) error {
return a.Err
}
func (a *authzSvc) EnableAuthorization(context.Context, platform.ID) error {
return a.Err
}
func TestAuthorizationService_Metrics(t *testing.T) { func TestAuthorizationService_Metrics(t *testing.T) {
a := new(authzSvc) a := new(authzSvc)

2
task/validator.go
View File

@ -47,7 +47,7 @@ func validatePermission(ctx context.Context, perm platform.Permission) error {
return err return err
} }
if !platform.Allowed(perm, auth.Permissions) { if !platform.Allowed(perm, auth) {
return authError{error: ErrFailedPermission, perm: perm, auth: auth} return authError{error: ErrFailedPermission, perm: perm, auth: auth}
} }