Commit Graph

58 Commits (9cbb62cee57162155ba560b433d5cc0ac990ca30)

Author SHA1 Message Date
Kelvin Wang 5072e207ee feat(authorizer): add check 2019-07-31 19:00:26 -04:00
George b2fe0d1d63
fix(tasks): surface flux errors on pre-auth check (#14492) 2019-07-31 11:46:28 +02:00
zhulongcheng ce4d5a9852 feat(http): patch notification rule 2019-07-28 22:08:23 +08:00
Alirie Gray c04f3a2b30 chore(tasks): remove old auth code and allow only token auth 2019-07-26 09:51:32 -07:00
George a481d4ab5d
fix: enforce bucket authentication on task update (#14480) 2019-07-26 17:37:45 +02:00
Kelvin Wang c438155a1e feat(authorizer): add notification rule authorizer 2019-07-25 15:15:35 -04:00
Alirie Gray 479dc3ffd3 fix(tasks): adds check for inactive task in ForceRun and Retry 2019-06-05 11:44:16 -07:00
Kelvin Wang 18a0f3f542 fix(influxdb): rename telegraf orgID 2019-06-03 16:20:53 -04:00
zhulongcheng ad5053c7a9 check write bucket permission when creating a scraper 2019-05-15 21:44:23 +08:00
Kelvin Wang 717fcc44b3 feat(influxdb): add scraper filter 2019-04-25 11:33:34 -04:00
Alirie Gray 9f39ddfbef refactor(tasks): move validator to authorizer package 2019-04-24 11:36:54 -07:00
Kelvin Wang 7a72c363f2 remove org from bucket 2019-04-22 18:39:05 -04:00
Todd Persen cd64ec8718 Fix typos in miscellaneous packages 2019-04-17 13:30:22 -07:00
Jade McGough 7914a04f0b organizationID -> orgID 2019-04-12 01:29:42 -07:00
Kelvin Wang 712010d013 if(influxdb): updated auth shall return 2019-04-01 12:56:29 -04:00
Kelvin Wang a2c0bdbe77 feat(kv): add new update 2019-03-28 11:46:41 -04:00
Kelvin Wang 50d5a2cc45 fix(authorization): ignore the labels 2019-03-19 22:53:35 -04:00
Jade McGough 10736a3e69 fix tests 2019-03-19 11:21:27 -07:00
Jade McGough 3cb07a8701 score authorizer on orgID 2019-03-19 11:07:36 -07:00
Jade McGough 9306fb3f7c pass tests 2019-03-19 07:00:43 -07:00
Jade McGough f488428a32 fix(authorizer): labels can be created if the user has read access to the specified org 2019-03-19 01:56:55 -07:00
Jacob Marble 603a1f26e0 use tracing.StartSpanFromContext 2019-03-07 12:12:31 -07:00
Jacob Marble 9541e861a3 goimports -w -local github.com/influxdata/influxdb 2019-03-07 12:12:31 -07:00
Jacob Marble 92fa813c45 add spans to multiple services 2019-03-07 12:12:31 -07:00
Jacob Marble b9c7ec439e
feat(influxd): Tracing refactor (#12318)
* feat(launcher): Tracing to log disabled by default

* remove traceLogger and use opentracing directly

* add Jaeger tracing

* go vet && go fmt
2019-03-04 11:48:11 -08:00
Michael Desa 6a8a1fce32 feat(kv): implemented key/value store with end-to-end integration tests
* feat(kv:inmem:bolt): implement user service in a kv

* refactor(kv): use consistent func receiver name

* feat(kv): add initial basic auth service

* refactor(passwords): move auth interface into own file

* refactor(passwords): rename basic auth files to passwords

* refactor(passwords): rename from BasicAuth to Passwords

* refactor(kv): copy bolt user test into kv

Co-authored-by: Michael Desa <mjdesa@gmail.com>

* feat(kv): add inmem testing to kv store

* fix(kv): remove extra user index initialization

* feat(kv): attempt at making errors nice

* fix(http): return not found error if filter is invalid

* fix(http): s/platform/influxdb/ for user service

* fix(http): s/platform/influxdb/ for user service

* feat(kv): initial port of telegraf configs to kv

* feat(kv): first pass at migrating bolt org service to kv

* feat(kv): first pass at bucket service

* feat(kv): first pass at migrating kvlog to kv package

* feat(kv): add resource op logs

* feat(kv): first pass at user resource mapping migration

* feat(kv): add urm usage to bucket and org services

* feat(kv): first pass at kv authz service

* feat(kv): add cascading auth delete for users

* feat(kv): first pass d authorizer.OrganizationService in kv

* feat(cmd/influxd/launcher): user kv services where appropriate

* fix(kv): initialize authorizations

* fix(influxdb): use same buckets while slowly migrating stuff

* fix(kv): make staticcheck pass

* feat(kv): add dashboards to kv

review: make suggestions from pr review

fix: use common bucket names for bolt/kv stores

* test(kv): add complete password test coverage

* chore(kv): fixes for staticcheck

* feat(kv): implement labels generically on kv

* feat(kv): implement macro service

* feat(kv): add source service

* feat(kv): add session service

* feat(kv): add kv secret service

* refactor(kv): update telegraf and urm with error messages

* feat(kv): add lookup service

* feat(kv): add kv onboarding service

* refactor(kv): update telegraf to avoid repetition

* feat(cmd/influxd): use kv lookup service

* feat(kv): add telegraf to lookup service

* feat(cmd/influxd): use kv telegraf service

* feat(kv): initial port of scrapers in bolt to kv

* feat(kv): update scraper error messaging

* feat(cmd/influxd): add kv scraper

* feat(kv): add inmem backend tests

* refactor(kv): copy paste errors

* refactor(kv): add code to password errors

* fix(testing): update error messages for incorrect passwords

* feat(kv:inmem:bolt): implement user service in a kv

* refactor(kv): use consistent func receiver name

* refactor(kv): copy bolt user test into kv

Co-authored-by: Michael Desa <mjdesa@gmail.com>

* feat(kv): add inmem testing to kv store

* fix(kv): remove extra user index initialization

* feat(kv): attempt at making errors nice

* fix(http): return not found error if filter is invalid

* fix(http): s/platform/influxdb/ for user service

* feat(kv): first pass at migrating bolt org service to kv

* feat(kv): first pass at bucket service

* feat(kv): first pass at migrating kvlog to kv package

* feat(kv): add resource op logs

* feat(kv): first pass at user resource mapping migration

* feat(kv): add urm usage to bucket and org services

* feat(kv): first pass at kv authz service

* feat(kv): add cascading auth delete for users

* feat(kv): first pass d authorizer.OrganizationService in kv

* feat(cmd/influxd/launcher): user kv services where appropriate

* feat(kv): add initial basic auth service

* refactor(passwords): move auth interface into own file

* refactor(passwords): rename basic auth files to passwords

* fix(http): s/platform/influxdb/ for user service

* fix(kv): initialize authorizations

* fix(influxdb): use same buckets while slowly migrating stuff

* fix(kv): make staticcheck pass

* feat(kv): add dashboards to kv

review: make suggestions from pr review

fix: use common bucket names for bolt/kv stores

* feat(kv): implement labels generically on kv

* refactor(passwords): rename from BasicAuth to Passwords

* test(kv): add complete password test coverage

* chore(kv): fixes for staticcheck

* feat(kv): implement macro service

* feat(kv): add source service

* feat(kv): add session service

* feat(kv): initial port of telegraf configs to kv

* feat(kv): initial port of scrapers in bolt to kv

* feat(kv): add kv secret service

* refactor(kv): update telegraf and urm with error messages

* feat(kv): add lookup service

* feat(kv): add kv onboarding service

* refactor(kv): update telegraf to avoid repetition

* feat(cmd/influxd): use kv lookup service

* feat(kv): add telegraf to lookup service

* feat(cmd/influxd): use kv telegraf service

* feat(kv): update scraper error messaging

* feat(cmd/influxd): add kv scraper

* feat(kv): add inmem backend tests

* refactor(kv): copy paste errors

* refactor(kv): add code to password errors

* fix(testing): update error messages for incorrect passwords

* feat(http): initial support for flushing all key/values from kv store

* feat(kv): rename macro to variable

* feat(cmd/influxd/launcher): user kv services where appropriate

* refactor(passwords): rename from BasicAuth to Passwords

* feat(kv): implement macro service

* test(ui): introduce cypress

* test(ui): introduce first typescript test

* test(ui/e2e): add ci job

* chore: update gitignore to ignore test outputs

* feat(inmem): in memory influxdb

* test(e2e): adding pinger that checks if influxdb is alive

* hackathon

* hack

* hack

* hack

* hack

* Revert "feat(inmem): in memory influxdb"

This reverts commit 30ddf032003e704643b07ce80df61c3299ea7295.

* hack

* hack

* hack

* hack

* hack

* hack

* hack

* hack

* hack

* hack

* hack

* hack

* hack

* chore: lint ignore node_modules

* hack

* hack

* hack

* add user and flush

* hack

* remove unused vars

* hack

* hack

* ci(circle): prefix e2e artifacts

* change test to testid

* update cypress

* moar testid

* fix npm warnings

* remove absolte path

* chore(ci): remove /home/circleci proto mkdir hack

* wip: crud resources e2e

* fix(inmem): use inmem kv store services

* test(dashboard): add first dashboard crud tests

* hack

* undo hack

* fix: use response from setup for orgID

* chore: wip

* add convenience getByTitle function

* test(e2e): ui can create orgs

* test(e2e): add test for org deletion and update

* test(e2e): introduce task creation test

* test(e2e): create and update of buckets on org view

* chore: move types to declaration file

* chore: use route fixture in dashboard tests

* chore(ci): hack back

* test(ui): update snapshots

* chore: package-lock

* chore: remove macros

* fix: launcher rebase issues

* fix: compile errors

* fix: compile errors

* feat(cmd/influxdb): add explicit testing, asset-path, and store flags

Co-authored-by: Andrew Watkins <watts@influxdb.com>

* fix(cmd/influxd): set default HTTP handler and flags

Co-authored-by: Andrew Watkins <watts@influxdb.com>

* build(Makefile): add run-e2e and PHONY

* feat(kv:inmem:bolt): implement user service in a kv

* refactor(kv): use consistent func receiver name

* feat(kv): add initial basic auth service

* refactor(passwords): move auth interface into own file

* refactor(passwords): rename basic auth files to passwords

* refactor(passwords): rename from BasicAuth to Passwords

* refactor(kv): copy bolt user test into kv

Co-authored-by: Michael Desa <mjdesa@gmail.com>

* feat(kv): add inmem testing to kv store

* fix(kv): remove extra user index initialization

* feat(kv): attempt at making errors nice

* fix(http): return not found error if filter is invalid

* fix(http): s/platform/influxdb/ for user service

* fix(http): s/platform/influxdb/ for user service

* feat(kv): initial port of telegraf configs to kv

* feat(kv): initial port of scrapers in bolt to kv

* feat(kv): first pass at migrating bolt org service to kv

* feat(kv): first pass at bucket service

* feat(kv): first pass at migrating kvlog to kv package

* feat(kv): add resource op logs

* feat(kv): first pass at user resource mapping migration

* feat(kv): add urm usage to bucket and org services

* feat(kv): first pass at kv authz service

* feat(kv): add cascading auth delete for users

* feat(kv): first pass d authorizer.OrganizationService in kv

* feat(cmd/influxd/launcher): user kv services where appropriate

* fix(kv): initialize authorizations

* fix(influxdb): use same buckets while slowly migrating stuff

* fix(kv): make staticcheck pass

* feat(kv): add dashboards to kv

review: make suggestions from pr review

fix: use common bucket names for bolt/kv stores

* test(kv): add complete password test coverage

* chore(kv): fixes for staticcheck

* feat(kv): implement labels generically on kv

* feat(kv): implement macro service

* feat(kv): add source service

* feat(kv): add session service

* feat(kv): add kv secret service

* refactor(kv): update telegraf and urm with error messages

* feat(kv): add lookup service

* feat(kv): add kv onboarding service

* refactor(kv): update telegraf to avoid repetition

* feat(cmd/influxd): use kv lookup service

* feat(kv): add telegraf to lookup service

* feat(cmd/influxd): use kv telegraf service

* feat(kv): update scraper error messaging

* feat(cmd/influxd): add kv scraper

* feat(kv): add inmem backend tests

* refactor(kv): copy paste errors

* refactor(kv): add code to password errors

* fix(testing): update error messages for incorrect passwords

* feat(kv): rename macro to variable

* refactor(kv): auth/bucket/org/user unique checks return errors now

* feat(inmem): add way to get all bucket names from store

* feat(inmem): Buckets to return slice of bytes rather than strings

* feat(inmem): add locks around Buckets to avoid races

* feat(cmd/influx): check for unauthorized error in wrapCheckSetup

* chore(e2e): add video and screenshot artifcats to gitignore

* docs(ci): add build instructions for e2e tests

* feat(kv): add id lookup for authorized resources
2019-02-19 17:47:19 -06:00
Mark Rushakoff 0977a651df fix(task): create authorization when using token to create task 2019-02-15 12:11:55 -08:00
Michael Desa 8caaff5865
feat(authorizer): add method to verify integrity of permissions 2019-02-15 12:57:57 -05:00
Alirie Gray 5f524eb92d Rename all occurences of Macro to Variable 2019-02-14 13:21:57 -08:00
Leonardo Di Donato bd8bb5cb52 feat(authorizer): authorize the look up of labels by resource 2019-01-25 11:17:36 +01:00
Leonardo Di Donato ddac968127 feat(authorizer): authorization for deletion of label mappings
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
2019-01-25 11:17:36 +01:00
Leonardo Di Donato d8d23a0f77 feat(authorizer): test the authorization of label mappings creation 2019-01-25 11:17:36 +01:00
Leonardo Di Donato 605fa99ba8 feat(authorizer): authorization of label mappings creation 2019-01-25 11:17:36 +01:00
Leonardo Di Donato ead0cb3dcf feat(authorizer): test labels permissions on create, find, delete, and update operations
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
2019-01-25 11:17:36 +01:00
Leonardo Di Donato a2a1f8641f feat(authorizer): initial (incomplete) auth for labels v2 2019-01-25 11:17:36 +01:00
Kelvin Wang 6e3e4503c2 feat(influxdb): add urm for scraper 2019-01-23 08:46:32 -08:00
Leonardo Di Donato 65622b4289 chore(authorizer): refactor order of checks
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
2019-01-22 19:23:23 +01:00
Leonardo Di Donato 83e321366e feat(authorizer): test secrets write permissions 2019-01-22 19:23:23 +01:00
Leonardo Di Donato a2b2a6d471 feat(authorizer): test secrets read permissions
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
2019-01-22 19:23:23 +01:00
Leonardo Di Donato d973bdd661 feat(authorizer): secrets auth 2019-01-22 19:23:23 +01:00
Michael Desa cdc9146b78 feat(influxdb): add authorized user resource mappings
feat(bolt): add function to find a resources organization id

rename platform to influxdb

Co-authored-by: Leonardo Di Donato <leodidonato@gmail.com>
Co-authored-by: Michael Desa <mjdesa@gmail.com>

fix(bolt): rename FindResoureOrganization to FindResoureOrganizationID

feat(authorizer): add authorized user resource mapping service

Co-authored-by: Leonardo Di Donato <leodidonato@gmail.com>
Co-authored-by: Michael Desa <mjdesa@gmail.com>

feat(influxdb): wire up authorized user resource mapping

Co-authored-by: Leonardo Di Donato <leodidonato@gmail.com>
Co-authored-by: Michael Desa <mjdesa@gmail.com>

fix(authorizer): remove unused field from tests

Co-authored-by: Leonardo Di Donato <leodidonato@gmail.com>
Co-authored-by: Michael Desa <mjdesa@gmail.com>
2019-01-18 14:22:08 -05:00
Michael Desa bd52ed3659 fix(authorizer): allow default source orgID to be in the sources list 2019-01-18 13:14:43 -05:00
Leonardo Di Donato 04e541bf06 fix(authorizer): do not nead read action while writing to scrapers
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
2019-01-18 10:01:52 -05:00
Kelvin Wang f0838e4c71 feat(authorizer): add scraper authorizer 2019-01-18 10:01:51 -05:00
Leonardo Di Donato 0650aacdf9 fix(authorizer): do not require read action in order to perform a write 2019-01-18 14:05:36 +01:00
Leonardo Di Donato de5cc5a2c1 feat(authorizer): source authorizer 2019-01-18 14:05:36 +01:00
Michael Desa 24e10a4594
Merge pull request #11261 from influxdata/feat/authorize-auths
add authorized authorization service
2019-01-18 07:55:28 -05:00
Michael Desa c9f2a597a4
Merge pull request #11207 from influxdata/feat/authorize-dashboards
add dashboard authorization
2019-01-18 07:55:15 -05:00
Michael Desa 7c7e25d4b7 test(authorizer): add authorized authorization service 2019-01-17 19:03:13 -05:00
Michael Desa 98f67156eb feat(authorizer): add authorization service 2019-01-17 18:11:59 -05:00