diff --git a/cmd/influx/setup.go b/cmd/influx/setup.go index 47671ceacc..e762a4eca7 100644 --- a/cmd/influx/setup.go +++ b/cmd/influx/setup.go @@ -47,82 +47,9 @@ func cmdSetup(f *globalFlags, opt genericCLIOpts) *cobra.Command { cmd.Flags().BoolVarP(&setupFlags.force, "force", "f", false, "skip confirmation prompt") registerPrintOptions(opt.viper, cmd, &setupFlags.hideHeaders, &setupFlags.json) - cmd.AddCommand( - cmdSetupUser(f, opt), - ) return cmd } -func cmdSetupUser(f *globalFlags, opt genericCLIOpts) *cobra.Command { - cmd := opt.newCmd("user", nil, true) - cmd.RunE = setupUserF - cmd.Short = "Setup instance with user, org, bucket [DEPRECATED]" - cmd.Long = `***************************************** WARNING ***************************************** -*** 'setup user' is not intended for public use, and will be removed in InfluxDB 2.1.0. *** -*** Please migrate to using the 'bucket', 'org', and 'user' commands. *** -*******************************************************************************************` - cmd.Hidden = true - - f.registerFlags(opt.viper, cmd, "token") - cmd.Flags().StringVarP(&setupFlags.username, "username", "u", "", "primary username") - cmd.Flags().StringVarP(&setupFlags.password, "password", "p", "", "password for username") - cmd.Flags().StringVarP(&setupFlags.token, "token", "t", "", "token for username, else auto-generated") - cmd.Flags().StringVarP(&setupFlags.org, "org", "o", "", "primary organization name") - cmd.Flags().StringVarP(&setupFlags.bucket, "bucket", "b", "", "primary bucket name") - cmd.Flags().StringVarP(&setupFlags.name, "name", "n", "", "config name, only required if you already have existing configs") - cmd.Flags().StringVarP(&setupFlags.retention, "retention", "r", "", "Duration bucket will retain data. 0 is infinite. Default is 0.") - cmd.Flags().BoolVarP(&setupFlags.force, "force", "f", false, "skip confirmation prompt") - registerPrintOptions(opt.viper, cmd, &setupFlags.hideHeaders, &setupFlags.json) - - return cmd -} - -func setupUserF(cmd *cobra.Command, args []string) error { - _, _ = fmt.Fprintln(cmd.ErrOrStderr(), cmd.Long) - - client, err := newHTTPClient() - if err != nil { - return err - } - s := tenant.OnboardClientService{ - Client: client, - } - - ui := input.UI{Reader: cmd.InOrStdin(), Writer: cmd.OutOrStdout()} - req, err := onboardingRequest(&ui) - if err != nil { - return fmt.Errorf("failed to retrieve data to setup instance: %v", err) - } - - result, err := s.OnboardUser(context.Background(), req) - if err != nil { - return fmt.Errorf("failed to setup instance: %v", err) - } - - w := ui.Writer - if setupFlags.json { - return writeJSON(w, map[string]interface{}{ - "user": result.User.Name, - "organization": result.Org.Name, - "bucket": result.Bucket.Name, - }) - } - - tabW := internal.NewTabWriter(w) - defer tabW.Flush() - - tabW.HideHeaders(setupFlags.hideHeaders) - - tabW.WriteHeaders("User", "Organization", "Bucket") - tabW.Write(map[string]interface{}{ - "User": result.User.Name, - "Organization": result.Org.Name, - "Bucket": result.Bucket.Name, - }) - - return nil -} - func setupF(cmd *cobra.Command, args []string) error { dPath, dir := flags.filepath, filepath.Dir(flags.filepath) if dPath == "" || dir == "" { diff --git a/mock/onboarding_service.go b/mock/onboarding_service.go index c0197ab406..9124433424 100644 --- a/mock/onboarding_service.go +++ b/mock/onboarding_service.go @@ -43,8 +43,3 @@ func (s *OnboardingService) IsOnboarding(ctx context.Context) (bool, error) { func (s *OnboardingService) OnboardInitialUser(ctx context.Context, req *platform.OnboardingRequest) (*platform.OnboardingResults, error) { return s.OnboardInitialUserFn(ctx, req) } - -// OnboardUser OnboardingResults. -func (s *OnboardingService) OnboardUser(ctx context.Context, req *platform.OnboardingRequest) (*platform.OnboardingResults, error) { - return s.OnboardUserFn(ctx, req) -} diff --git a/onboarding.go b/onboarding.go index 4b265d3661..a8a1332cc9 100644 --- a/onboarding.go +++ b/onboarding.go @@ -12,11 +12,8 @@ type OnboardingService interface { // IsOnboarding determine if onboarding request is allowed. IsOnboarding(ctx context.Context) (bool, error) - // OnboardInitialUser OnboardingResults. + // OnboardInitialUser creates the initial org/user/bucket in the DB. OnboardInitialUser(ctx context.Context, req *OnboardingRequest) (*OnboardingResults, error) - - // OnboardUser creates a new user/org/buckets - OnboardUser(ctx context.Context, req *OnboardingRequest) (*OnboardingResults, error) } // OnboardingResults is a group of elements required for first run. diff --git a/tenant/http_client_onboarding.go b/tenant/http_client_onboarding.go index 1ae9e0f982..623fa9e28c 100644 --- a/tenant/http_client_onboarding.go +++ b/tenant/http_client_onboarding.go @@ -2,7 +2,6 @@ package tenant import ( "context" - "path" "github.com/influxdata/influxdb/v2" "github.com/influxdata/influxdb/v2/pkg/httpc" @@ -47,23 +46,3 @@ func (s *OnboardClientService) OnboardInitialUser(ctx context.Context, or *influ Bucket: res.Bucket.toInfluxDB(), }, nil } - -func (s *OnboardClientService) OnboardUser(ctx context.Context, or *influxdb.OnboardingRequest) (*influxdb.OnboardingResults, error) { - res := &onboardingResponse{} - - err := s.Client. - PostJSON(or, path.Join(prefixOnboard, "user")). - DecodeJSON(res). - Do(ctx) - - if err != nil { - return nil, err - } - - return &influxdb.OnboardingResults{ - Org: &res.Organization.Organization, - User: &res.User.User, - Auth: res.Auth.toPlatform(), - Bucket: res.Bucket.toInfluxDB(), - }, nil -} diff --git a/tenant/http_server_onboarding.go b/tenant/http_server_onboarding.go index 022e83b5a5..ba8db11122 100644 --- a/tenant/http_server_onboarding.go +++ b/tenant/http_server_onboarding.go @@ -1,7 +1,6 @@ package tenant import ( - "context" "encoding/json" "fmt" "net/http" @@ -44,7 +43,6 @@ func NewHTTPOnboardHandler(log *zap.Logger, onboardSvc influxdb.OnboardingServic r.Route("/", func(r chi.Router) { r.Post("/", svr.handleInitialOnboardRequest) r.Get("/", svr.handleIsOnboarding) - r.Post("/user", svr.handleOnboardRequest) }) @@ -76,8 +74,8 @@ func (h *OnboardHandler) handleIsOnboarding(w http.ResponseWriter, r *http.Reque // handleInitialOnboardRequest is the HTTP handler for the GET /api/v2/setup route. func (h *OnboardHandler) handleInitialOnboardRequest(w http.ResponseWriter, r *http.Request) { ctx := r.Context() - req, err := decodeOnboardRequest(ctx, r) - if err != nil { + req := &influxdb.OnboardingRequest{} + if err := json.NewDecoder(r.Body).Decode(req); err != nil { h.api.Err(w, r, err) return } @@ -91,24 +89,6 @@ func (h *OnboardHandler) handleInitialOnboardRequest(w http.ResponseWriter, r *h h.api.Respond(w, r, http.StatusCreated, NewOnboardingResponse(results)) } -// isOnboarding is the HTTP handler for the POST /api/v2/setup route. -func (h *OnboardHandler) handleOnboardRequest(w http.ResponseWriter, r *http.Request) { - ctx := r.Context() - req, err := decodeOnboardRequest(ctx, r) - if err != nil { - h.api.Err(w, r, err) - return - } - results, err := h.onboardingSvc.OnboardUser(ctx, req) - if err != nil { - h.api.Err(w, r, err) - return - } - h.log.Debug("Onboarding setup completed", zap.String("results", fmt.Sprint(results))) - - h.api.Respond(w, r, http.StatusCreated, NewOnboardingResponse(results)) -} - type onboardingResponse struct { User *UserResponse `json:"user"` Bucket *bucketResponse `json:"bucket"` @@ -125,15 +105,6 @@ func NewOnboardingResponse(results *influxdb.OnboardingResults) *onboardingRespo } } -func decodeOnboardRequest(ctx context.Context, r *http.Request) (*influxdb.OnboardingRequest, error) { - req := &influxdb.OnboardingRequest{} - if err := json.NewDecoder(r.Body).Decode(req); err != nil { - return nil, err - } - - return req, nil -} - type authResponse struct { influxdb.Authorization Links map[string]string `json:"links"` diff --git a/tenant/middleware_onboarding_auth.go b/tenant/middleware_onboarding_auth.go index 48e6fe15c5..bbe2c3677d 100644 --- a/tenant/middleware_onboarding_auth.go +++ b/tenant/middleware_onboarding_auth.go @@ -4,7 +4,6 @@ import ( "context" "github.com/influxdata/influxdb/v2" - "github.com/influxdata/influxdb/v2/authorizer" ) var _ influxdb.OnboardingService = (*AuthedOnboardSvc)(nil) @@ -33,17 +32,3 @@ func (s *AuthedOnboardSvc) IsOnboarding(ctx context.Context) (bool, error) { func (s *AuthedOnboardSvc) OnboardInitialUser(ctx context.Context, req *influxdb.OnboardingRequest) (*influxdb.OnboardingResults, error) { return s.s.OnboardInitialUser(ctx, req) } - -// OnboardUser needs to confirm this user has access to do global create for multiple resources -func (s *AuthedOnboardSvc) OnboardUser(ctx context.Context, req *influxdb.OnboardingRequest) (*influxdb.OnboardingResults, error) { - if _, _, err := authorizer.AuthorizeWriteGlobal(ctx, influxdb.OrgsResourceType); err != nil { - return nil, err - } - if _, _, err := authorizer.AuthorizeWriteGlobal(ctx, influxdb.UsersResourceType); err != nil { - return nil, err - } - if _, _, err := authorizer.AuthorizeWriteGlobal(ctx, influxdb.BucketsResourceType); err != nil { - return nil, err - } - return s.s.OnboardUser(ctx, req) -} diff --git a/tenant/middleware_onboarding_logging.go b/tenant/middleware_onboarding_logging.go index e2cb438ac4..8c2826ef21 100644 --- a/tenant/middleware_onboarding_logging.go +++ b/tenant/middleware_onboarding_logging.go @@ -48,16 +48,3 @@ func (l *OnboardingLogger) OnboardInitialUser(ctx context.Context, req *influxdb }(time.Now()) return l.onboardingService.OnboardInitialUser(ctx, req) } - -func (l *OnboardingLogger) OnboardUser(ctx context.Context, req *influxdb.OnboardingRequest) (res *influxdb.OnboardingResults, err error) { - defer func(start time.Time) { - dur := zap.Duration("took", time.Since(start)) - if err != nil { - msg := fmt.Sprintf("failed to onboard user %s", req.User) - l.logger.Error(msg, zap.Error(err), dur) - return - } - l.logger.Debug("onboard user", dur) - }(time.Now()) - return l.onboardingService.OnboardUser(ctx, req) -} diff --git a/tenant/middleware_onboarding_metrics.go b/tenant/middleware_onboarding_metrics.go index 603005cd02..e60a9fa177 100644 --- a/tenant/middleware_onboarding_metrics.go +++ b/tenant/middleware_onboarding_metrics.go @@ -37,8 +37,3 @@ func (m *OnboardingMetrics) OnboardInitialUser(ctx context.Context, req *influxd res, err := m.onboardingService.OnboardInitialUser(ctx, req) return res, rec(err) } -func (m *OnboardingMetrics) OnboardUser(ctx context.Context, req *influxdb.OnboardingRequest) (*influxdb.OnboardingResults, error) { - rec := m.rec.Record("onboard_user") - res, err := m.onboardingService.OnboardUser(ctx, req) - return res, rec(err) -} diff --git a/tenant/service_onboarding.go b/tenant/service_onboarding.go index 139ba71a7d..09acf1b806 100644 --- a/tenant/service_onboarding.go +++ b/tenant/service_onboarding.go @@ -83,13 +83,6 @@ func (s *OnboardService) OnboardInitialUser(ctx context.Context, req *influxdb.O return s.onboardUser(ctx, req, func(platform.ID, platform.ID) []influxdb.Permission { return influxdb.OperPermissions() }) } -// OnboardUser allows us to onboard a new user if is onboarding is allowed -func (s *OnboardService) OnboardUser(ctx context.Context, req *influxdb.OnboardingRequest) (*influxdb.OnboardingResults, error) { - return s.onboardUser(ctx, req, func(orgID, userID platform.ID) []influxdb.Permission { - return append(influxdb.OwnerPermissions(orgID), influxdb.MePermissions(userID)...) - }) -} - // onboardUser allows us to onboard new users. func (s *OnboardService) onboardUser(ctx context.Context, req *influxdb.OnboardingRequest, permFn func(orgID, userID platform.ID) []influxdb.Permission) (*influxdb.OnboardingResults, error) { if req == nil || req.User == "" || req.Org == "" || req.Bucket == "" { diff --git a/tenant/service_onboarding_test.go b/tenant/service_onboarding_test.go index 6c993fda0d..5238b91189 100644 --- a/tenant/service_onboarding_test.go +++ b/tenant/service_onboarding_test.go @@ -74,7 +74,7 @@ func TestOnboardURM(t *testing.T) { UserID: 123, }) - onboard, err := svc.OnboardUser(ctx, &influxdb.OnboardingRequest{ + onboard, err := svc.OnboardInitialUser(ctx, &influxdb.OnboardingRequest{ User: "name", Org: "name", Bucket: "name", @@ -112,7 +112,7 @@ func TestOnboardAuth(t *testing.T) { UserID: 123, }) - onboard, err := svc.OnboardUser(ctx, &influxdb.OnboardingRequest{ + onboard, err := svc.OnboardInitialUser(ctx, &influxdb.OnboardingRequest{ User: "name", Org: "name", Bucket: "name", @@ -124,48 +124,46 @@ func TestOnboardAuth(t *testing.T) { auth := onboard.Auth expectedPerm := []influxdb.Permission{ - {Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.AuthorizationsResourceType}}, - {Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.AuthorizationsResourceType}}, - {Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.BucketsResourceType}}, - {Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.BucketsResourceType}}, - {Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.DashboardsResourceType}}, - {Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.DashboardsResourceType}}, - {Action: influxdb.ReadAction, Resource: influxdb.Resource{ID: &onboard.Org.ID, Type: influxdb.OrgsResourceType}}, - {Action: influxdb.WriteAction, Resource: influxdb.Resource{ID: &onboard.Org.ID, Type: influxdb.OrgsResourceType}}, - {Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.SourcesResourceType}}, - {Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.SourcesResourceType}}, - {Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.TasksResourceType}}, - {Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.TasksResourceType}}, - {Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.TelegrafsResourceType}}, - {Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.TelegrafsResourceType}}, - {Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.UsersResourceType}}, - {Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.UsersResourceType}}, - {Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.VariablesResourceType}}, - {Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.VariablesResourceType}}, - {Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.ScraperResourceType}}, - {Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.ScraperResourceType}}, - {Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.SecretsResourceType}}, - {Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.SecretsResourceType}}, - {Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.LabelsResourceType}}, - {Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.LabelsResourceType}}, - {Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.ViewsResourceType}}, - {Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.ViewsResourceType}}, - {Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.DocumentsResourceType}}, - {Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.DocumentsResourceType}}, - {Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.NotificationRuleResourceType}}, - {Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.NotificationRuleResourceType}}, - {Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.NotificationEndpointResourceType}}, - {Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.NotificationEndpointResourceType}}, - {Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.ChecksResourceType}}, - {Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.ChecksResourceType}}, - {Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.DBRPResourceType}}, - {Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.DBRPResourceType}}, - {Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.NotebooksResourceType}}, - {Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.NotebooksResourceType}}, - {Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.AnnotationsResourceType}}, - {Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.AnnotationsResourceType}}, - {Action: influxdb.ReadAction, Resource: influxdb.Resource{ID: &onboard.User.ID, Type: influxdb.UsersResourceType}}, - {Action: influxdb.WriteAction, Resource: influxdb.Resource{ID: &onboard.User.ID, Type: influxdb.UsersResourceType}}, + {Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.AuthorizationsResourceType}}, + {Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.AuthorizationsResourceType}}, + {Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.BucketsResourceType}}, + {Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.BucketsResourceType}}, + {Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.DashboardsResourceType}}, + {Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.DashboardsResourceType}}, + {Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.OrgsResourceType}}, + {Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.OrgsResourceType}}, + {Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.SourcesResourceType}}, + {Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.SourcesResourceType}}, + {Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.TasksResourceType}}, + {Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.TasksResourceType}}, + {Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.TelegrafsResourceType}}, + {Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.TelegrafsResourceType}}, + {Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.UsersResourceType}}, + {Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.UsersResourceType}}, + {Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.VariablesResourceType}}, + {Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.VariablesResourceType}}, + {Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.ScraperResourceType}}, + {Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.ScraperResourceType}}, + {Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.SecretsResourceType}}, + {Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.SecretsResourceType}}, + {Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.LabelsResourceType}}, + {Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.LabelsResourceType}}, + {Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.ViewsResourceType}}, + {Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.ViewsResourceType}}, + {Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.DocumentsResourceType}}, + {Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.DocumentsResourceType}}, + {Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.NotificationRuleResourceType}}, + {Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.NotificationRuleResourceType}}, + {Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.NotificationEndpointResourceType}}, + {Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.NotificationEndpointResourceType}}, + {Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.ChecksResourceType}}, + {Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.ChecksResourceType}}, + {Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.DBRPResourceType}}, + {Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.DBRPResourceType}}, + {Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.NotebooksResourceType}}, + {Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.NotebooksResourceType}}, + {Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.AnnotationsResourceType}}, + {Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.AnnotationsResourceType}}, } if !cmp.Equal(auth.Permissions, expectedPerm) { t.Fatalf("unequal permissions: \n %+v", cmp.Diff(auth.Permissions, expectedPerm))