Influxdata
/
influxdb
mirror of https://github.com/influxdata/influxdb.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Refactor bolt.RolesStore to use bolt.UsersStore 

Add definitions for user roles and permissions in chronograf package

Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
pull/10616/head
Michael Desa 2017-10-12 15:47:41 -04:00 committed by Michael de Sa
parent 3e3ca4d1a2
commit fd50f2fc7e
4 changed files with 133 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
bolt/client.go
View File

@ -30,7 +30,7 @@ func NewClient() *Client {
c.SourcesStore = &SourcesStore{client: c} c.SourcesStore = &SourcesStore{client: c}
c.ServersStore = &ServersStore{client: c} c.ServersStore = &ServersStore{client: c}
c.UsersStore = &UsersStore{client: c} c.UsersStore = &UsersStore{client: c}
c.RolesStore = &RolesStore{client: c} c.RolesStore = newRolesStore(c.UsersStore)
c.LayoutStore = &LayoutStore{ c.LayoutStore = &LayoutStore{
client: c, client: c,
IDs: &uuid.V4{}, IDs: &uuid.V4{},
@ -72,10 +72,6 @@ func (c *Client) Open(ctx context.Context) error {
if _, err := tx.CreateBucketIfNotExists(UsersBucket); err != nil { if _, err := tx.CreateBucketIfNotExists(UsersBucket); err != nil {
return err return err
} }
// Always create Roles bucket.
if _, err := tx.CreateBucketIfNotExists(RolesBucket); err != nil {
return err
}
return nil return nil
}); err != nil { }); err != nil {
return err return err

42
bolt/roles.go
View File

@ -1,6 +1,8 @@
package bolt package bolt
import ( import (
"context"
"fmt"
"sync" "sync"
"github.com/influxdata/chronograf" "github.com/influxdata/chronograf"
@ -15,3 +17,43 @@ type RolesStore struct {
roles map[string]chronograf.Role roles map[string]chronograf.Role
usersStore *UsersStore usersStore *UsersStore
} }
// NewRolesStore returns a *RolesStore populated with the
// default Chonograf User Roles
func newRolesStore(u *UsersStore) *RolesStore {
s := &RolesStore{
usersStore: u,
roles: map[string]chronograf.Role{},
}
for _, role := range chronograf.DefaultUserRoles {
s.roles[role.Name] = role
}
return s
}
// All returns all roles and all users associated with each role.
func (s *RolesStore) All(context.Context) ([]chronograf.Role, error) {
panic("not implemented")
}
// Add returns an error and a nil users. It is not intended to be used currently.
func (s *RolesStore) Add(context.Context, *chronograf.Role) (*chronograf.Role, error) {
return nil, fmt.Errorf("Add not supported for boltdb roles store")
}
// Delete returns an error. It is not intended to be used currently.
func (s *RolesStore) Delete(context.Context, *chronograf.Role) error {
return fmt.Errorf("Delete not supported for boltdb roles store")
}
// Get retrieves a role and all users associated with it.
func (s *RolesStore) Get(ctx context.Context, name string) (*chronograf.Role, error) {
panic("not implemented")
}
// Update returns an error. It is not intended to be used currently.
func (s *RolesStore) Update(context.Context, *chronograf.Role) error {
return fmt.Errorf("Update not supported for boltdb roles store")
}

51
bolt/roles_test.go
View File

@ -1,51 +0,0 @@
package bolt_test
import (
"context"
"testing"
"github.com/google/go-cmp/cmp"
"github.com/influxdata/chronograf"
)
func TestRolesStore_Get(t *testing.T) {
type args struct {
ctx context.Context
name string
}
tests := []struct {
name string
args args
want *chronograf.Role
wantErr bool
}{
{
name: "Role not found",
args: args{
ctx: context.Background(),
name: "unknown",
},
wantErr: true,
},
}
for _, tt := range tests {
client, err := NewTestClient()
if err != nil {
t.Fatal(err)
}
if err := client.Open(context.TODO()); err != nil {
t.Fatal(err)
}
defer client.Close()
s := client.RolesStore
got, err := s.Get(tt.args.ctx, tt.args.name)
if (err != nil) != tt.wantErr {
t.Errorf("%q. RolesStore.Get() error = %v, wantErr %v", tt.name, err, tt.wantErr)
continue
}
if !cmp.Equal(got, tt.want) {
t.Errorf("%q. RolesStore.Get() = %v, want %v", tt.name, got, tt.want)
}
}
}

90
chronograf.go
View File

@ -18,6 +18,96 @@ import (
"github.com/influxdata/influxdb/influxql" "github.com/influxdata/influxdb/influxql"
) )
// Chronograf User Roles
const (
ViewerRole = "Viewer"
EditorRole = "Editor"
AdminRole = "Admin"
)
// Chronograf User Permissions
var (
// Read Permissions
ReadDashboardsPermission = Permission{
Scope: "dashboards",
Name: "Read Dashboards",
Allowed: Allowances{"read"},
}
ReadSourcesPermission = Permission{
Scope: "sources",
Name: "Read Sources",
Allowed: Allowances{"read"},
}
ReadRulesPermission = Permission{
Scope: "rules",
Name: "Read Rules",
Allowed: Allowances{"read"},
}
ReadUsersPermission = Permission{
Scope: "users",
Name: "Read Users",
Allowed: Allowances{"read"},
}
// Write Permissions
WriteDashboardsPermission = Permission{
Scope: "dashboards",
Name: "Write Dashboards",
Allowed: Allowances{"write"},
}
WriteSourcesPermission = Permission{
Scope: "sources",
Name: "Write Sources",
Allowed: Allowances{"write"},
}
WriteRulesPermission = Permission{
Scope: "rules",
Name: "Write Rules",
Allowed: Allowances{"write"},
}
WriteUsersPermission = Permission{
Scope: "users",
Name: "Write Users",
Allowed: Allowances{"write"},
}
)
// Default roles for chronograf Users
var DefaultUserRoles = [5]Role{
{
Name: ViewerRole,
Permissions: Permissions{
ReadDashboardsPermission,
ReadSourcesPermission,
ReadRulesPermission,
},
},
{
Name: EditorRole,
Permissions: Permissions{
ReadDashboardsPermission,
ReadSourcesPermission,
ReadRulesPermission,
WriteDashboardsPermission,
WriteSourcesPermission,
WriteRulesPermission,
},
},
{
Name: AdminRole,
Permissions: Permissions{
ReadDashboardsPermission,
ReadSourcesPermission,
ReadRulesPermission,
ReadUsersPermission,
WriteDashboardsPermission,
WriteSourcesPermission,
WriteRulesPermission,
WriteUsersPermission,
},
},
}
// General errors. // General errors.
const ( const (
ErrUpstreamTimeout = Error("request to backend timed out") ErrUpstreamTimeout = Error("request to backend timed out")