Influxdata
/
influxdb
mirror of https://github.com/influxdata/influxdb.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix(influxdb): authorizing system buckets

pull/15241/head
Brandon Farmer 2019-10-21 10:23:56 -07:00
parent ea82dc3470
commit bad4751709
3 changed files with 14 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
bucket.go
View File

@ -17,8 +17,10 @@ const (
BucketTypeUser = BucketType(0)
// BucketTypeSystem is an internally created bucket that cannot be deleted/renamed.
BucketTypeSystem = BucketType(1)
// SystemBucketRetention is the time we should retain system bucket information
SystemBucketRetention = time.Hour * 24 * 7
// MonitoringSystemBucketRetention is the time we should retain monitoring system bucket information
MonitoringSystemBucketRetention = time.Hour * 24 * 7
// TasksSystemBucketRetention is the time we should retain task system bucket information
TasksSystemBucketRetention = time.Hour * 24 * 3
)
// Bucket names constants
@ -162,7 +164,7 @@ func FindSystemBucket(ctx context.Context, bs BucketService, orgID ID, name stri
ID: TasksSystemBucketID,
Type: BucketTypeSystem,
Name: TasksSystemBucketName,
RetentionPeriod: SystemBucketRetention,
RetentionPeriod: TasksSystemBucketRetention,
Description: "System bucket for task logs",
}, nil
case MonitoringSystemBucketName:
@ -170,7 +172,7 @@ func FindSystemBucket(ctx context.Context, bs BucketService, orgID ID, name stri
ID: MonitoringSystemBucketID,
Type: BucketTypeSystem,
Name: MonitoringSystemBucketName,
RetentionPeriod: SystemBucketRetention,
RetentionPeriod: MonitoringSystemBucketRetention,
Description: "System bucket for monitoring logs",
}, nil
default:

8
kv/bucket.go
View File

@ -139,7 +139,7 @@ func (s *Service) createSystemBuckets(ctx context.Context, tx Tx, o *influxdb.Or
OrgID: o.ID,
Type: influxdb.BucketTypeSystem,
Name: influxdb.TasksSystemBucketName,
RetentionPeriod: influxdb.SystemBucketRetention,
RetentionPeriod: influxdb.TasksSystemBucketRetention,
Description: "System bucket for task logs",
}
@ -151,7 +151,7 @@ func (s *Service) createSystemBuckets(ctx context.Context, tx Tx, o *influxdb.Or
OrgID: o.ID,
Type: influxdb.BucketTypeSystem,
Name: influxdb.MonitoringSystemBucketName,
RetentionPeriod: influxdb.SystemBucketRetention,
RetentionPeriod: influxdb.MonitoringSystemBucketRetention,
Description: "System bucket for monitoring logs",
}
@ -337,7 +337,7 @@ func (s *Service) FindBuckets(ctx context.Context, filter influxdb.BucketFilter,
ID: influxdb.TasksSystemBucketID,
Type: influxdb.BucketTypeSystem,
Name: influxdb.TasksSystemBucketName,
RetentionPeriod: influxdb.SystemBucketRetention,
RetentionPeriod: influxdb.TasksSystemBucketRetention,
Description: "System bucket for task logs",
}
@ -347,7 +347,7 @@ func (s *Service) FindBuckets(ctx context.Context, filter influxdb.BucketFilter,
ID: influxdb.MonitoringSystemBucketID,
Type: influxdb.BucketTypeSystem,
Name: influxdb.MonitoringSystemBucketName,
RetentionPeriod: influxdb.SystemBucketRetention,
RetentionPeriod: influxdb.MonitoringSystemBucketRetention,
Description: "System bucket for monitoring logs",
}

7
task/backend/analytical_storage.go
View File

@ -247,7 +247,7 @@ func (as *AnalyticalStorage) FindRunByID(ctx context.Context, taskID, runID infl
return run, err
}
sb, err := influxdb.FindSystemBucket(ctx, as.BucketService, task.OrganizationID, "_tasks")
sb, err := influxdb.FindSystemBucket(ctx, as.BucketService, task.OrganizationID, influxdb.TasksSystemBucketName)
if err != nil {
return run, err
}
@ -266,8 +266,9 @@ func (as *AnalyticalStorage) FindRunByID(ctx context.Context, taskID, runID infl
// so we are faking a read only permission to the org's system bucket
runSystemBucketID := sb.ID
runAuth := &influxdb.Authorization{
ID: sb.ID,
OrgID: task.OrganizationID,
ID: sb.ID,
Status: influxdb.Active,
OrgID: task.OrganizationID,
Permissions: []influxdb.Permission{
influxdb.Permission{
Action: influxdb.ReadAction,