fix(jwt): allow jwt's to be used in query proxy calls (#16010)

2019-11-22 02:12:36 -07:00 · 2019-11-22 02:12:36 -07:00 · c8de76eaf9
parent 4d0e0ba1a4
commit c8de76eaf9
2 changed files with 13 additions and 0 deletions
--- a/http/query.go
+++ b/http/query.go
@ -21,6 +21,7 @@ import (
 	"github.com/influxdata/flux/parser"
 	"github.com/influxdata/flux/repl"
 	"github.com/influxdata/influxdb"
+	"github.com/influxdata/influxdb/jsonweb"
 	"github.com/influxdata/influxdb/query"
 	"github.com/influxdata/influxql"
 )
@ -368,6 +369,8 @@ func decodeProxyQueryRequest(ctx context.Context, r *http.Request, auth influxdb
 		token = a
 	case *influxdb.Session:
 		token = a.EphemeralAuth(req.Org.ID)
+	case *jsonweb.Token:
+		token = a.EphemeralAuth(req.Org.ID)
 	default:
 		return pr, n, influxdb.ErrAuthorizerNotSupported
 	}
--- a/jsonweb/token.go
+++ b/jsonweb/token.go
@ -124,3 +124,13 @@ func (t *Token) GetUserID() influxdb.ID {
 func (t *Token) Kind() string {
 	return kind
 }
+
+// EphemeralAuth creates a influxdb Auth form a jwt token
+func (t *Token) EphemeralAuth(orgID influxdb.ID) *influxdb.Authorization {
+	return &influxdb.Authorization{
+		ID:          t.Identifier(),
+		OrgID:       orgID,
+		Status:      influxdb.Active,
+		Permissions: t.Permissions,
+	}
+}