From 6967734cdac4282f3040a010f36e0466437a2265 Mon Sep 17 00:00:00 2001 From: Lyon Hill Date: Fri, 11 Jan 2019 13:09:31 -0700 Subject: [PATCH 1/3] feat(task): Add validations for all task actions --- task/validagtor_test.go | 482 ++++++++++++++++++++++++++++++++++++++++ task/validator.go | 180 ++++++++++++++- 2 files changed, 661 insertions(+), 1 deletion(-) create mode 100644 task/validagtor_test.go diff --git a/task/validagtor_test.go b/task/validagtor_test.go new file mode 100644 index 0000000000..1b2e8507cf --- /dev/null +++ b/task/validagtor_test.go @@ -0,0 +1,482 @@ +package task_test + +import ( + "context" + "errors" + "testing" + + "github.com/influxdata/influxdb" + pctx "github.com/influxdata/influxdb/context" + "github.com/influxdata/influxdb/http" + "github.com/influxdata/influxdb/inmem" + "github.com/influxdata/influxdb/mock" + "github.com/influxdata/influxdb/task" +) + +func TestOnboardingValidation(t *testing.T) { + svc := inmem.NewService() + validator := task.NewValidator(mockTaskService(), svc) + + r, err := svc.Generate(context.Background(), &influxdb.OnboardingRequest{ + User: "dude", + Password: "secret", + Org: "thing", + Bucket: "holder", + RetentionPeriod: 1, + }) + + if err != nil { + t.Fatal(err) + } + + ctx := pctx.SetAuthorizer(context.Background(), r.Auth) + + err = validator.CreateTask(ctx, &influxdb.Task{ + Organization: r.Org.ID, + Flux: `option task = { + name: "my_task", + every: 1s, +} +from(bucket:"holder") |> range(start:-5m) |> to(bucket:"holder", org:"thing")`, + }) + if err != nil { + t.Fatal(err) + } +} + +func mockTaskService() influxdb.TaskService { + task := influxdb.Task{ + ID: influxdb.ID(2), + Organization: influxdb.ID(1), + Name: "cows", + Owner: influxdb.User{ID: influxdb.ID(3), Name: "farmer"}, + Flux: `option task = { + name: "my_task", + every: 1s, +} +from(bucket:"holder") |> range(start:-5m) |> to(bucket:"holder", org:"thing")`, + Every: "1s", + } + + log := influxdb.Log("howdy partner") + + run := influxdb.Run{ + ID: influxdb.ID(10), + TaskID: influxdb.ID(2), + Status: "completed", + ScheduledFor: "a while ago", + StartedAt: "not so long ago", + FinishedAt: "more recently", + Log: log, + } + + return &mock.TaskService{ + FindTaskByIDFn: func(context.Context, influxdb.ID) (*influxdb.Task, error) { + return &task, nil + }, + FindTasksFn: func(context.Context, influxdb.TaskFilter) ([]*influxdb.Task, int, error) { + return []*influxdb.Task{&task}, 1, nil + }, + CreateTaskFn: func(_ context.Context, t *influxdb.Task) error { + t.ID = 1 + return nil + }, + UpdateTaskFn: func(context.Context, influxdb.ID, influxdb.TaskUpdate) (*influxdb.Task, error) { + return &task, nil + }, + DeleteTaskFn: func(context.Context, influxdb.ID) error { + return nil + }, + FindLogsFn: func(context.Context, influxdb.LogFilter) ([]*influxdb.Log, int, error) { + return []*influxdb.Log{&log}, 1, nil + }, + FindRunsFn: func(context.Context, influxdb.RunFilter) ([]*influxdb.Run, int, error) { + return []*influxdb.Run{&run}, 1, nil + }, + FindRunByIDFn: func(context.Context, influxdb.ID, influxdb.ID) (*influxdb.Run, error) { + return &run, nil + }, + CancelRunFn: func(context.Context, influxdb.ID, influxdb.ID) error { + return nil + }, + RetryRunFn: func(context.Context, influxdb.ID, influxdb.ID) (*influxdb.Run, error) { + return &run, nil + }, + ForceRunFn: func(context.Context, influxdb.ID, int64) (*influxdb.Run, error) { + return &run, nil + }, + } +} + +func TestValidations(t *testing.T) { + inmem := inmem.NewService() + validTaskService := task.NewValidator(mockTaskService(), inmem) + + r, err := inmem.Generate(context.Background(), &influxdb.OnboardingRequest{ + User: "dude", + Password: "secret", + Org: "thing", + Bucket: "holder", + RetentionPeriod: 1, + }) + + orgID := influxdb.ID(1) + taskID := influxdb.ID(2) + + if err != nil { + t.Fatal(err) + } + + tests := []struct { + name string + check func(context.Context, influxdb.TaskService) error + auth *influxdb.Authorization + }{ + { + name: "create failure", + check: func(ctx context.Context, svc influxdb.TaskService) error { + err := svc.CreateTask(ctx, &influxdb.Task{ + Organization: r.Org.ID, + Name: "cows", + Owner: influxdb.User{ID: influxdb.ID(2), Name: "farmer"}, + Flux: `option task = { + name: "my_task", + every: 1s, +} +from(bucket:"holder") |> range(start:-5m) |> to(bucket:"holder", org:"thing")`, + Every: "1s", + }) + if err == nil { + return errors.New("failed to error without permission") + } + return nil + }, + auth: &influxdb.Authorization{}, + }, + { + name: "create success", + auth: r.Auth, + check: func(ctx context.Context, svc influxdb.TaskService) error { + err := svc.CreateTask(ctx, &influxdb.Task{ + Organization: r.Org.ID, + Name: "cows", + Owner: *r.User, + Flux: `option task = { + name: "my_task", + every: 1s, +} +from(bucket:"holder") |> range(start:-5m) |> to(bucket:"holder", org:"thing")`, + Every: "1s", + }) + return err + }, + }, + { + name: "create badbucket", + auth: r.Auth, + check: func(ctx context.Context, svc influxdb.TaskService) error { + err := svc.CreateTask(ctx, &influxdb.Task{ + Organization: r.Org.ID, + Name: "cows", + Owner: *r.User, + Flux: `option task = { + name: "my_task", + every: 1s, +} +from(bucket:"bad") |> range(start:-5m) |> to(bucket:"bad", org:"thing")`, + Every: "1s", + }) + if err == nil { + return errors.New("created task without bucket permission") + } + return nil + }, + }, + { + name: "FindTaskByID missing auth", + auth: &influxdb.Authorization{Permissions: []influxdb.Permission{}}, + check: func(ctx context.Context, svc influxdb.TaskService) error { + _, err := svc.FindTaskByID(ctx, taskID) + if err == nil { + return errors.New("returned without error without permission") + } + return nil + }, + }, + { + name: "FindTaskByID with auth", + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.ReadAction, influxdb.TasksResource, orgID, nil}}}, + check: func(ctx context.Context, svc influxdb.TaskService) error { + _, err := svc.FindTaskByID(ctx, taskID) + return err + }, + }, + { + name: "FindTasks with bad auth", + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.ReadAction, influxdb.OrgsResource, taskID, nil}}}, + check: func(ctx context.Context, svc influxdb.TaskService) error { + _, _, err := svc.FindTasks(ctx, influxdb.TaskFilter{ + Organization: &orgID, + }) + if err == nil { + return errors.New("returned no error with a invalid auth") + } + return nil + }, + }, + { + name: "FindTasks with auth", + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.ReadAction, influxdb.TasksResource, orgID, nil}}}, + check: func(ctx context.Context, svc influxdb.TaskService) error { + _, _, err := svc.FindTasks(ctx, influxdb.TaskFilter{ + Organization: &orgID, + }) + return err + }, + }, + { + name: "FindTasks without org", + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.ReadAction, influxdb.TasksResource, orgID, nil}}}, + check: func(ctx context.Context, svc influxdb.TaskService) error { + _, _, err := svc.FindTasks(ctx, influxdb.TaskFilter{}) + return err + }, + }, + { + name: "UpdateTask with bad auth", + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.ReadAction, influxdb.TasksResource, orgID, nil}}}, + check: func(ctx context.Context, svc influxdb.TaskService) error { + flux := `option task = { + name: "my_task", + every: 1s, +} +from(bucket:"holder") |> range(start:-5m) |> to(bucket:"holder", org:"thing")` + _, err := svc.UpdateTask(ctx, 2, influxdb.TaskUpdate{ + Flux: &flux, + }) + if err == nil { + return errors.New("returned no error with a invalid auth") + } + return nil + }, + }, + { + name: "UpdateTask with auth", + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{ + influxdb.Permission{influxdb.WriteAction, influxdb.TasksResource, orgID, nil}, + influxdb.Permission{influxdb.WriteAction, influxdb.BucketsResource, r.Org.ID, &r.Bucket.ID}, + influxdb.Permission{influxdb.ReadAction, influxdb.BucketsResource, r.Org.ID, &r.Bucket.ID}, + }}, + check: func(ctx context.Context, svc influxdb.TaskService) error { + flux := `option task = { + name: "my_task", + every: 1s, +} +from(bucket:"holder") |> range(start:-5m) |> to(bucket:"holder", org:"thing")` + _, err := svc.UpdateTask(ctx, 2, influxdb.TaskUpdate{ + Flux: &flux, + }) + return err + }, + }, + { + name: "UpdateTask with bad bucket", + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.WriteAction, influxdb.TasksResource, orgID, nil}}}, + check: func(ctx context.Context, svc influxdb.TaskService) error { + flux := `option task = { + name: "my_task", + every: 1s, +} +from(bucket:"cows") |> range(start:-5m) |> to(bucket:"cows", org:"thing")` + _, err := svc.UpdateTask(ctx, 2, influxdb.TaskUpdate{ + Flux: &flux, + }) + if err == nil { + return errors.New("returned no error with unauthorized bucket") + } + return nil + }, + }, + { + name: "DeleteTask missing auth", + auth: &influxdb.Authorization{Permissions: []influxdb.Permission{}}, + check: func(ctx context.Context, svc influxdb.TaskService) error { + err := svc.DeleteTask(ctx, taskID) + if err == nil { + return errors.New("returned without error without permission") + } + return nil + }, + }, + { + name: "DeleteTask readonly auth", + auth: &influxdb.Authorization{Permissions: []influxdb.Permission{influxdb.Permission{influxdb.ReadAction, influxdb.TasksResource, orgID, nil}}}, + check: func(ctx context.Context, svc influxdb.TaskService) error { + err := svc.DeleteTask(ctx, taskID) + if err == nil { + return errors.New("returned without error without permission") + } + return nil + }, + }, + { + name: "DeleteTask with auth", + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.WriteAction, influxdb.TasksResource, orgID, nil}}}, + check: func(ctx context.Context, svc influxdb.TaskService) error { + err := svc.DeleteTask(ctx, taskID) + return err + }, + }, + { + name: "FindLogs with bad auth", + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.ReadAction, influxdb.OrgsResource, taskID, nil}}}, + check: func(ctx context.Context, svc influxdb.TaskService) error { + _, _, err := svc.FindLogs(ctx, influxdb.LogFilter{ + Org: &orgID, + }) + if err == nil { + return errors.New("returned no error with a invalid auth") + } + return nil + }, + }, + { + name: "FindLogs with auth", + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.ReadAction, influxdb.TasksResource, orgID, nil}}}, + check: func(ctx context.Context, svc influxdb.TaskService) error { + _, _, err := svc.FindLogs(ctx, influxdb.LogFilter{ + Org: &orgID, + }) + return err + }, + }, + { + name: "FindLogs without org", + auth: &influxdb.Authorization{Status: "active"}, + check: func(ctx context.Context, svc influxdb.TaskService) error { + _, _, err := svc.FindLogs(ctx, influxdb.LogFilter{}) + return err + }, + }, + { + name: "FindRuns with bad auth", + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.ReadAction, influxdb.OrgsResource, taskID, nil}}}, + check: func(ctx context.Context, svc influxdb.TaskService) error { + _, _, err := svc.FindRuns(ctx, influxdb.RunFilter{ + Org: &orgID, + }) + if err == nil { + return errors.New("returned no error with a invalid auth") + } + return nil + }, + }, + { + name: "FindRuns with auth", + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.ReadAction, influxdb.TasksResource, orgID, nil}}}, + check: func(ctx context.Context, svc influxdb.TaskService) error { + _, _, err := svc.FindRuns(ctx, influxdb.RunFilter{ + Org: &orgID, + }) + return err + }, + }, + { + name: "FindRuns without org", + auth: &influxdb.Authorization{Status: "active"}, + check: func(ctx context.Context, svc influxdb.TaskService) error { + _, _, err := svc.FindRuns(ctx, influxdb.RunFilter{}) + return err + }, + }, + { + name: "FindRunByID missing auth", + auth: &influxdb.Authorization{Permissions: []influxdb.Permission{}}, + check: func(ctx context.Context, svc influxdb.TaskService) error { + _, err := svc.FindRunByID(ctx, taskID, 10) + if err == nil { + return errors.New("returned without error without permission") + } + return nil + }, + }, + { + name: "FindRunByID with auth", + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.ReadAction, influxdb.TasksResource, orgID, nil}}}, + check: func(ctx context.Context, svc influxdb.TaskService) error { + _, err := svc.FindRunByID(ctx, taskID, 10) + return err + }, + }, + { + name: "CancelRun with bad auth", + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.ReadAction, influxdb.OrgsResource, taskID, nil}}}, + check: func(ctx context.Context, svc influxdb.TaskService) error { + err := svc.CancelRun(ctx, 2, 10) + if err == nil { + return errors.New("returned no error with a invalid auth") + } + return nil + }, + }, + { + name: "CancelRun with auth", + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.WriteAction, influxdb.TasksResource, orgID, nil}}}, + check: func(ctx context.Context, svc influxdb.TaskService) error { + err := svc.CancelRun(ctx, 2, 10) + return err + }, + }, + { + name: "RetryRun with bad auth", + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.ReadAction, influxdb.OrgsResource, taskID, nil}}}, + check: func(ctx context.Context, svc influxdb.TaskService) error { + _, err := svc.RetryRun(ctx, 2, 10) + if err == nil { + return errors.New("returned no error with a invalid auth") + } + return nil + }, + }, + { + name: "RetryRun with auth", + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.WriteAction, influxdb.TasksResource, orgID, nil}}}, + check: func(ctx context.Context, svc influxdb.TaskService) error { + _, err := svc.RetryRun(ctx, 2, 10) + return err + }, + }, + { + name: "ForceRun with bad auth", + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.ReadAction, influxdb.OrgsResource, taskID, nil}}}, + check: func(ctx context.Context, svc influxdb.TaskService) error { + _, err := svc.ForceRun(ctx, 2, 10000) + if err == nil { + return errors.New("returned no error with a invalid auth") + } + return nil + }, + }, + { + name: "ForceRun with auth", + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.WriteAction, influxdb.TasksResource, orgID, nil}}}, + check: func(ctx context.Context, svc influxdb.TaskService) error { + _, err := svc.ForceRun(ctx, 2, 10000) + return err + }, + }, + } + + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + ctx := pctx.SetAuthorizer(context.Background(), test.auth) + if err := test.check(ctx, validTaskService); err != nil { + if aerr, ok := err.(http.AuthzError); ok { + t.Error(aerr.AuthzError()) + } + t.Error(err) + } + }) + } + +} diff --git a/task/validator.go b/task/validator.go index c13ad738d5..dfc7776883 100644 --- a/task/validator.go +++ b/task/validator.go @@ -35,6 +35,40 @@ func NewValidator(ts platform.TaskService, bs platform.BucketService) platform.T preAuth: query.NewPreAuthorizer(bs), } } +func (ts *taskServiceValidator) FindTaskByID(ctx context.Context, id platform.ID) (*platform.Task, error) { + task, err := ts.TaskService.FindTaskByID(ctx, id) + if err != nil { + return nil, err + } + + perm, err := platform.NewPermission(platform.ReadAction, platform.TasksResource, task.Organization) + if err != nil { + return nil, err + } + + if err := validatePermission(ctx, *perm); err != nil { + return nil, err + } + + return task, err +} + +func (ts *taskServiceValidator) FindTasks(ctx context.Context, filter platform.TaskFilter) ([]*platform.Task, int, error) { + if filter.Organization != nil { + perm, err := platform.NewPermission(platform.ReadAction, platform.TasksResource, *filter.Organization) + if err != nil { + return nil, -1, err + } + + if err := validatePermission(ctx, *perm); err != nil { + return nil, -1, err + } + + } + + // TODO(lyon): If the user no longer has permission to the organization we might fail or filter here? + return ts.TaskService.FindTasks(ctx, filter) +} func (ts *taskServiceValidator) CreateTask(ctx context.Context, t *platform.Task) error { p, err := platform.NewPermission(platform.WriteAction, platform.TasksResource, t.Organization) @@ -53,7 +87,151 @@ func (ts *taskServiceValidator) CreateTask(ctx context.Context, t *platform.Task return ts.TaskService.CreateTask(ctx, t) } -// TODO(lh): add permission checking for the all the platform.TaskService functions. +func (ts *taskServiceValidator) UpdateTask(ctx context.Context, id platform.ID, upd platform.TaskUpdate) (*platform.Task, error) { + task, err := ts.TaskService.FindTaskByID(ctx, id) + if err != nil { + return nil, err + } + + p, err := platform.NewPermission(platform.WriteAction, platform.TasksResource, task.Organization) + if err != nil { + return nil, err + } + + if err := validatePermission(ctx, *p); err != nil { + return nil, err + } + + if err := validateBucket(ctx, task.Flux, ts.preAuth); err != nil { + return nil, err + } + + return ts.TaskService.UpdateTask(ctx, id, upd) +} + +func (ts *taskServiceValidator) DeleteTask(ctx context.Context, id platform.ID) error { + task, err := ts.TaskService.FindTaskByID(ctx, id) + if err != nil { + return err + } + + p, err := platform.NewPermission(platform.WriteAction, platform.TasksResource, task.Organization) + if err != nil { + return err + } + + if err := validatePermission(ctx, *p); err != nil { + return err + } + + return ts.TaskService.DeleteTask(ctx, id) +} + +func (ts *taskServiceValidator) FindLogs(ctx context.Context, filter platform.LogFilter) ([]*platform.Log, int, error) { + if filter.Org != nil { + perm, err := platform.NewPermission(platform.ReadAction, platform.TasksResource, *filter.Org) + if err != nil { + return nil, -1, err + } + + if err := validatePermission(ctx, *perm); err != nil { + return nil, -1, err + } + + } + + // TODO(lyon): If the user no longer has permission to the organization we might fail or filter here? + return ts.TaskService.FindLogs(ctx, filter) +} + +func (ts *taskServiceValidator) FindRuns(ctx context.Context, filter platform.RunFilter) ([]*platform.Run, int, error) { + if filter.Org != nil { + perm, err := platform.NewPermission(platform.ReadAction, platform.TasksResource, *filter.Org) + if err != nil { + return nil, -1, err + } + + if err := validatePermission(ctx, *perm); err != nil { + return nil, -1, err + } + + } + + // TODO(lyon): If the user no longer has permission to the organization we might fail or filter here? + return ts.TaskService.FindRuns(ctx, filter) +} + +func (ts *taskServiceValidator) FindRunByID(ctx context.Context, taskID, runID platform.ID) (*platform.Run, error) { + task, err := ts.TaskService.FindTaskByID(ctx, taskID) + if err != nil { + return nil, err + } + + p, err := platform.NewPermission(platform.ReadAction, platform.TasksResource, task.Organization) + if err != nil { + return nil, err + } + + if err := validatePermission(ctx, *p); err != nil { + return nil, err + } + + return ts.TaskService.FindRunByID(ctx, taskID, runID) +} + +func (ts *taskServiceValidator) CancelRun(ctx context.Context, taskID, runID platform.ID) error { + task, err := ts.TaskService.FindTaskByID(ctx, taskID) + if err != nil { + return err + } + + p, err := platform.NewPermission(platform.WriteAction, platform.TasksResource, task.Organization) + if err != nil { + return err + } + + if err := validatePermission(ctx, *p); err != nil { + return err + } + + return ts.TaskService.CancelRun(ctx, taskID, runID) +} + +func (ts *taskServiceValidator) RetryRun(ctx context.Context, taskID, runID platform.ID) (*platform.Run, error) { + task, err := ts.TaskService.FindTaskByID(ctx, taskID) + if err != nil { + return nil, err + } + + p, err := platform.NewPermission(platform.WriteAction, platform.TasksResource, task.Organization) + if err != nil { + return nil, err + } + + if err := validatePermission(ctx, *p); err != nil { + return nil, err + } + + return ts.TaskService.RetryRun(ctx, taskID, runID) +} + +func (ts *taskServiceValidator) ForceRun(ctx context.Context, taskID platform.ID, scheduledFor int64) (*platform.Run, error) { + task, err := ts.TaskService.FindTaskByID(ctx, taskID) + if err != nil { + return nil, err + } + + p, err := platform.NewPermission(platform.WriteAction, platform.TasksResource, task.Organization) + if err != nil { + return nil, err + } + + if err := validatePermission(ctx, *p); err != nil { + return nil, err + } + + return ts.TaskService.ForceRun(ctx, taskID, scheduledFor) +} func validatePermission(ctx context.Context, perm platform.Permission) error { auth, err := platcontext.GetAuthorizer(ctx) From d1fc5dc58ce5af14c8988f5e39f905e7e83ddfb2 Mon Sep 17 00:00:00 2001 From: Lyon Hill Date: Fri, 11 Jan 2019 13:34:30 -0700 Subject: [PATCH 2/3] vet code --- task/validagtor_test.go | 44 ++++++++++++++++++++--------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/task/validagtor_test.go b/task/validagtor_test.go index 1b2e8507cf..3eed97512b 100644 --- a/task/validagtor_test.go +++ b/task/validagtor_test.go @@ -205,7 +205,7 @@ from(bucket:"bad") |> range(start:-5m) |> to(bucket:"bad", org:"thing")`, }, { name: "FindTaskByID with auth", - auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.ReadAction, influxdb.TasksResource, orgID, nil}}}, + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{Action: influxdb.ReadAction, Resource: influxdb.TasksResource, OrgID: orgID}}}, check: func(ctx context.Context, svc influxdb.TaskService) error { _, err := svc.FindTaskByID(ctx, taskID) return err @@ -213,7 +213,7 @@ from(bucket:"bad") |> range(start:-5m) |> to(bucket:"bad", org:"thing")`, }, { name: "FindTasks with bad auth", - auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.ReadAction, influxdb.OrgsResource, taskID, nil}}}, + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{Action: influxdb.ReadAction, Resource: influxdb.OrgsResource, OrgID: taskID}}}, check: func(ctx context.Context, svc influxdb.TaskService) error { _, _, err := svc.FindTasks(ctx, influxdb.TaskFilter{ Organization: &orgID, @@ -226,7 +226,7 @@ from(bucket:"bad") |> range(start:-5m) |> to(bucket:"bad", org:"thing")`, }, { name: "FindTasks with auth", - auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.ReadAction, influxdb.TasksResource, orgID, nil}}}, + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{Action: influxdb.ReadAction, Resource: influxdb.TasksResource, OrgID: orgID}}}, check: func(ctx context.Context, svc influxdb.TaskService) error { _, _, err := svc.FindTasks(ctx, influxdb.TaskFilter{ Organization: &orgID, @@ -236,7 +236,7 @@ from(bucket:"bad") |> range(start:-5m) |> to(bucket:"bad", org:"thing")`, }, { name: "FindTasks without org", - auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.ReadAction, influxdb.TasksResource, orgID, nil}}}, + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{Action: influxdb.ReadAction, Resource: influxdb.TasksResource, OrgID: orgID}}}, check: func(ctx context.Context, svc influxdb.TaskService) error { _, _, err := svc.FindTasks(ctx, influxdb.TaskFilter{}) return err @@ -244,7 +244,7 @@ from(bucket:"bad") |> range(start:-5m) |> to(bucket:"bad", org:"thing")`, }, { name: "UpdateTask with bad auth", - auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.ReadAction, influxdb.TasksResource, orgID, nil}}}, + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{Action: influxdb.ReadAction, Resource: influxdb.TasksResource, OrgID: orgID}}}, check: func(ctx context.Context, svc influxdb.TaskService) error { flux := `option task = { name: "my_task", @@ -263,9 +263,9 @@ from(bucket:"holder") |> range(start:-5m) |> to(bucket:"holder", org:"thing")` { name: "UpdateTask with auth", auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{ - influxdb.Permission{influxdb.WriteAction, influxdb.TasksResource, orgID, nil}, - influxdb.Permission{influxdb.WriteAction, influxdb.BucketsResource, r.Org.ID, &r.Bucket.ID}, - influxdb.Permission{influxdb.ReadAction, influxdb.BucketsResource, r.Org.ID, &r.Bucket.ID}, + influxdb.Permission{Action: influxdb.WriteAction, Resource: influxdb.TasksResource, OrgID: orgID}, + influxdb.Permission{Action: influxdb.WriteAction, Resource: influxdb.BucketsResource, OrgID: r.Org.ID, ID: &r.Bucket.ID}, + influxdb.Permission{Action: influxdb.ReadAction, Resource: influxdb.BucketsResource, OrgID: r.Org.ID, ID: &r.Bucket.ID}, }}, check: func(ctx context.Context, svc influxdb.TaskService) error { flux := `option task = { @@ -281,7 +281,7 @@ from(bucket:"holder") |> range(start:-5m) |> to(bucket:"holder", org:"thing")` }, { name: "UpdateTask with bad bucket", - auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.WriteAction, influxdb.TasksResource, orgID, nil}}}, + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{Action: influxdb.WriteAction, Resource: influxdb.TasksResource, OrgID: orgID}}}, check: func(ctx context.Context, svc influxdb.TaskService) error { flux := `option task = { name: "my_task", @@ -310,7 +310,7 @@ from(bucket:"cows") |> range(start:-5m) |> to(bucket:"cows", org:"thing")` }, { name: "DeleteTask readonly auth", - auth: &influxdb.Authorization{Permissions: []influxdb.Permission{influxdb.Permission{influxdb.ReadAction, influxdb.TasksResource, orgID, nil}}}, + auth: &influxdb.Authorization{Permissions: []influxdb.Permission{influxdb.Permission{Action: influxdb.ReadAction, Resource: influxdb.TasksResource, OrgID: orgID}}}, check: func(ctx context.Context, svc influxdb.TaskService) error { err := svc.DeleteTask(ctx, taskID) if err == nil { @@ -321,7 +321,7 @@ from(bucket:"cows") |> range(start:-5m) |> to(bucket:"cows", org:"thing")` }, { name: "DeleteTask with auth", - auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.WriteAction, influxdb.TasksResource, orgID, nil}}}, + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{Action: influxdb.WriteAction, Resource: influxdb.TasksResource, OrgID: orgID}}}, check: func(ctx context.Context, svc influxdb.TaskService) error { err := svc.DeleteTask(ctx, taskID) return err @@ -329,7 +329,7 @@ from(bucket:"cows") |> range(start:-5m) |> to(bucket:"cows", org:"thing")` }, { name: "FindLogs with bad auth", - auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.ReadAction, influxdb.OrgsResource, taskID, nil}}}, + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{Action: influxdb.ReadAction, Resource: influxdb.OrgsResource, OrgID: taskID}}}, check: func(ctx context.Context, svc influxdb.TaskService) error { _, _, err := svc.FindLogs(ctx, influxdb.LogFilter{ Org: &orgID, @@ -342,7 +342,7 @@ from(bucket:"cows") |> range(start:-5m) |> to(bucket:"cows", org:"thing")` }, { name: "FindLogs with auth", - auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.ReadAction, influxdb.TasksResource, orgID, nil}}}, + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{Action: influxdb.ReadAction, Resource: influxdb.TasksResource, OrgID: orgID}}}, check: func(ctx context.Context, svc influxdb.TaskService) error { _, _, err := svc.FindLogs(ctx, influxdb.LogFilter{ Org: &orgID, @@ -360,7 +360,7 @@ from(bucket:"cows") |> range(start:-5m) |> to(bucket:"cows", org:"thing")` }, { name: "FindRuns with bad auth", - auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.ReadAction, influxdb.OrgsResource, taskID, nil}}}, + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{Action: influxdb.ReadAction, Resource: influxdb.OrgsResource, OrgID: taskID}}}, check: func(ctx context.Context, svc influxdb.TaskService) error { _, _, err := svc.FindRuns(ctx, influxdb.RunFilter{ Org: &orgID, @@ -373,7 +373,7 @@ from(bucket:"cows") |> range(start:-5m) |> to(bucket:"cows", org:"thing")` }, { name: "FindRuns with auth", - auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.ReadAction, influxdb.TasksResource, orgID, nil}}}, + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{Action: influxdb.ReadAction, Resource: influxdb.TasksResource, OrgID: orgID}}}, check: func(ctx context.Context, svc influxdb.TaskService) error { _, _, err := svc.FindRuns(ctx, influxdb.RunFilter{ Org: &orgID, @@ -402,7 +402,7 @@ from(bucket:"cows") |> range(start:-5m) |> to(bucket:"cows", org:"thing")` }, { name: "FindRunByID with auth", - auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.ReadAction, influxdb.TasksResource, orgID, nil}}}, + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{Action: influxdb.ReadAction, Resource: influxdb.TasksResource, OrgID: orgID}}}, check: func(ctx context.Context, svc influxdb.TaskService) error { _, err := svc.FindRunByID(ctx, taskID, 10) return err @@ -410,7 +410,7 @@ from(bucket:"cows") |> range(start:-5m) |> to(bucket:"cows", org:"thing")` }, { name: "CancelRun with bad auth", - auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.ReadAction, influxdb.OrgsResource, taskID, nil}}}, + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{Action: influxdb.ReadAction, Resource: influxdb.OrgsResource, OrgID: taskID}}}, check: func(ctx context.Context, svc influxdb.TaskService) error { err := svc.CancelRun(ctx, 2, 10) if err == nil { @@ -421,7 +421,7 @@ from(bucket:"cows") |> range(start:-5m) |> to(bucket:"cows", org:"thing")` }, { name: "CancelRun with auth", - auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.WriteAction, influxdb.TasksResource, orgID, nil}}}, + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{Action: influxdb.WriteAction, Resource: influxdb.TasksResource, OrgID: orgID}}}, check: func(ctx context.Context, svc influxdb.TaskService) error { err := svc.CancelRun(ctx, 2, 10) return err @@ -429,7 +429,7 @@ from(bucket:"cows") |> range(start:-5m) |> to(bucket:"cows", org:"thing")` }, { name: "RetryRun with bad auth", - auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.ReadAction, influxdb.OrgsResource, taskID, nil}}}, + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{Action: influxdb.ReadAction, Resource: influxdb.OrgsResource, OrgID: taskID}}}, check: func(ctx context.Context, svc influxdb.TaskService) error { _, err := svc.RetryRun(ctx, 2, 10) if err == nil { @@ -440,7 +440,7 @@ from(bucket:"cows") |> range(start:-5m) |> to(bucket:"cows", org:"thing")` }, { name: "RetryRun with auth", - auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.WriteAction, influxdb.TasksResource, orgID, nil}}}, + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{Action: influxdb.WriteAction, Resource: influxdb.TasksResource, OrgID: orgID}}}, check: func(ctx context.Context, svc influxdb.TaskService) error { _, err := svc.RetryRun(ctx, 2, 10) return err @@ -448,7 +448,7 @@ from(bucket:"cows") |> range(start:-5m) |> to(bucket:"cows", org:"thing")` }, { name: "ForceRun with bad auth", - auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.ReadAction, influxdb.OrgsResource, taskID, nil}}}, + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{Action: influxdb.ReadAction, Resource: influxdb.OrgsResource, OrgID: taskID}}}, check: func(ctx context.Context, svc influxdb.TaskService) error { _, err := svc.ForceRun(ctx, 2, 10000) if err == nil { @@ -459,7 +459,7 @@ from(bucket:"cows") |> range(start:-5m) |> to(bucket:"cows", org:"thing")` }, { name: "ForceRun with auth", - auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{influxdb.WriteAction, influxdb.TasksResource, orgID, nil}}}, + auth: &influxdb.Authorization{Status: "active", Permissions: []influxdb.Permission{influxdb.Permission{Action: influxdb.WriteAction, Resource: influxdb.TasksResource, OrgID: orgID}}}, check: func(ctx context.Context, svc influxdb.TaskService) error { _, err := svc.ForceRun(ctx, 2, 10000) return err From bc9755ae759899c270ab079915cf7c27b3986ca8 Mon Sep 17 00:00:00 2001 From: Lyon Hill Date: Sat, 12 Jan 2019 10:02:57 -0700 Subject: [PATCH 3/3] fix a naming typo --- task/validator.go | 2 +- task/{validagtor_test.go => validator_test.go} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename task/{validagtor_test.go => validator_test.go} (100%) diff --git a/task/validator.go b/task/validator.go index dfc7776883..9c790ea0a4 100644 --- a/task/validator.go +++ b/task/validator.go @@ -50,7 +50,7 @@ func (ts *taskServiceValidator) FindTaskByID(ctx context.Context, id platform.ID return nil, err } - return task, err + return task, nil } func (ts *taskServiceValidator) FindTasks(ctx context.Context, filter platform.TaskFilter) ([]*platform.Task, int, error) { diff --git a/task/validagtor_test.go b/task/validator_test.go similarity index 100% rename from task/validagtor_test.go rename to task/validator_test.go