Influxdata
/
influxdb
mirror of https://github.com/influxdata/influxdb.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix: don't allow creating an auth with instance resources (#23674)

pull/23723/head
Jeffrey Smith II 2022-09-02 10:35:50 -04:00 committed by Jonathan A. Sternberg
parent 11019d2aa7
commit b87deb49e5
No known key found for this signature in database
GPG Key ID: 4A0C1200CB8B9D2E
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
authorization/middleware_auth.go
View File

@ -34,6 +34,11 @@ func (s *AuthedAuthorizationService) CreateAuthorization(ctx context.Context, a
if err := authorizer.VerifyPermissions(ctx, a.Permissions); err != nil {
return err
}
for _, v := range a.Permissions {
if v.Resource.Type == influxdb.InstanceResourceType {
return fmt.Errorf("authorizations cannot be created with the instance type, it is only used during setup")
}
}
return s.s.CreateAuthorization(ctx, a)
}