Commit Graph

38 Commits (e0543e6e3ada0a8efced9d1eef06d9c07cec0c71)

Author SHA1 Message Date
Gavin Cabbage 6bbb2a18f2
fix(auth): use init to read envvar once (#19314)
* chore: remove logging

* fix(auth): use init to read envvar once

* chore: re-add logging
2020-08-12 16:51:31 -04:00
Gavin Cabbage 2c8b5f5bd4
chore(auth): new match behavior (#19306)
* fix(8166): match permission orgIDs if specified

* chore(auth): log old match behavior

* fix(auth): log format

Co-authored-by: greg linton <greg@influxdata.com>
2020-08-12 14:54:38 -04:00
Bucky Schwarz 88cdf43db1 revert: feat(pkger): add Stack resource type to global list
This reverts commit 99eabf8a44.

A backend change was needed to make this work in Cloud envs, that change is blocked.
2020-07-22 12:48:53 -07:00
Johnny Steenbergen 99eabf8a44 feat(pkger): add Stack resource type to global list
now that Stacks have landed, the resource type can now be included for
any all access tokens, not just the token from setup
2020-07-21 11:16:00 -07:00
Gianluca Arbezzano 1cf64fd721
feat: dbrp service
Signed-off-by: Lorenzo Affetti <lorenzo.affetti@gmail.com>
Co-Authored-By: Gianluca Arbezzano <gianarb92@gmail.com>
Co-Authored-By: George MacRorie <gmacrorie@influxdata.com>
Co-Authored-By: Alirie Gray <alirie.gray@gmail.com>
2020-05-15 12:05:38 +02:00
George f646653b1b
refactor!: replace authorizer.Allowed method with PermissionSet (#17959)
* refactor!: replace Allow method with PermissionSet

* chore(changelog): update changelog to reflect changes to authorizer
2020-05-13 12:27:46 +01:00
Deniz Kusefoglu 1e73ef5534
feat(sampledata): Return bucket resources that user has member access to (#17362)
* feat(sampledata): Return bucket resources that user has member access to

* feat(sampledata): Add tests
2020-03-25 18:50:37 -07:00
Lorenzo Affetti 40999629ee
refactor(authorizer): auth micro framework 2020-03-19 09:43:20 +01:00
Jacob Marble b836ab9c17
feat(storage): implement backup and restore (#16504)
* feat(backup): `influx backup` creates data backup

* feat(backup): initial restore work

* feat(restore): initial restore impl

Adds a restore tool which does offline restore of data and metadata.

* fix(restore): pr cleanup

* fix(restore): fix data dir creation

* fix(restore): pr cleanup

* chore: amend CHANGELOG

* fix: restore to empty dir fails differently

* feat(backup): backup and restore credentials

Saves the credentials file to backups and restores it from backups.

Additionally adds some logging for errors when fetching backup files.

* fix(restore): add missed commit

* fix(restore): pr cleanup

* fix(restore): fix default credentials restore path

* fix(backup): actually copy the credentials file for the backup

* fix: dirs get 0777, files get 0666

* fix: small review feedback

Co-authored-by: tmgordeeva <tanya@influxdata.com>
2020-01-21 14:22:45 -08:00
Johnny Steenbergen 1db3256980 feat(pkger): add check dry run functionality 2019-12-18 12:15:08 -08:00
Jade McGough ec9ecf23a1 feat(influxdb): add check struct 2019-07-31 18:52:13 -04:00
Kelvin Wang c4c6a32225 feat(notification): add notification structs 2019-07-25 15:15:35 -04:00
Mark Rushakoff 92a52e90fa fix(swagger): synchronize permission enum with code 2019-03-18 20:22:19 -07:00
Chris Goller 1e48a940b1 fix(authz): revert https://github.com/influxdata/influxdb/pull/11441
This will disallow web users from creating organizations until
we figure out how.
2019-03-06 19:20:24 -06:00
Michael Desa 2687b7fd61
feat(influxdb): add support for templates
feat(influxdb): add generic store for documents

feat(influxdb): support authorizations in document store

feat(influxdb): support orgs in user resource mapping

feat(influxdb): add read-only included field on documents

feat(influxdb): add labels support to documents service

fix(influxdb): rename data field to content on documents

feat(influxdb): add with org id options for document store

feat(http): add templates swagger

feat(influxdb): add documentation to document options

doc(kv): add documentation for kv document store

test(kv): pull document tests in to the testing package

fix(http): fix swagger specification of templates endpoints
2019-03-06 13:18:31 -08:00
kelwang 4244e44c79
Revert "feat(influxdb): add billing resource type" 2019-02-20 09:40:00 -05:00
Kelvin Wang a1bae49144 feat(influxdb): add billing resource type 2019-02-20 09:20:38 -05:00
Alirie Gray 5f524eb92d Rename all occurences of Macro to Variable 2019-02-14 13:21:57 -08:00
Leonardo Di Donato e6bb9e6b97 feat(http): view backend for view http handler
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
2019-02-06 19:18:23 +01:00
Leonardo Di Donato 5d85bff7ce feat: add labels resource type 2019-01-25 11:17:36 +01:00
Michael Desa 6dbcafef22 fix(influxdb): grant user privileges to create orgs 2019-01-22 14:54:16 -08:00
Leonardo Di Donato 65622b4289 chore(authorizer): refactor order of checks
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
2019-01-22 19:23:23 +01:00
Leonardo Di Donato eae9d44fb3 feat(influxdb): secrets resource type 2019-01-22 19:23:23 +01:00
Chris Goller 49782c3be4 feat(bolt): add metrics for resources stored in boltdb 2019-01-18 17:45:45 -06:00
Kelvin Wang 3bebc1bdc7 feat(influxdb): add authorizer 2019-01-18 10:01:50 -05:00
Michael Desa 01983553c4 feat(influxdb): add authorization for user actions 2019-01-17 16:05:24 -05:00
Leonardo Di Donato efe2508b1e feat(influxdb): add macro resource type 2019-01-17 14:50:18 +01:00
Michael Desa ffdba45242 fix(influxdb): special case the orgs resource when generating permissions 2019-01-16 15:26:40 -05:00
Michael Desa c60031a6b7 fix(influxdb): change resource to resource type 2019-01-15 12:57:57 -05:00
Michael Desa 944de4157a fix(influxdb): add org id to permissions
filter out resources that have mission IDs

fix(influxdb): simplify auth check in PermissionAllowed

review(platform): update as noted in review

fix(influxdb): ensure permission has valid org id
2019-01-11 12:23:28 -05:00
Mark Rushakoff d73d73c0d4 chore: rename imports from platform to influxdb
I did this with a dumb editor macro, so some comments changed too.

Also rename root package from platform to influxdb.

In interest of minimizing risk, anyone importing the root package has
now aliased it to "platform" so that no changes beyond imports were
necessary in those files.

Lastly, replace the old platform module to local path /dev/null so that
nobody can accidentally reintroduce a platform dependency while
migrating platform code to influxdb.
2019-01-09 20:51:47 -08:00
Michael Desa bef148ffd2 fix(platform): check for matching ids when permission matching 2019-01-09 11:16:02 -05:00
Michael Desa 6f0d55d19e feat(platform): add constructor for org member and admin permssions 2019-01-09 10:35:21 -05:00
Andrew Watkins 3429e8d0c6
feat(auth): rewrite authorization service (#2157)
* feat(view-token-overlay): add view token overlay

* test(tokens): update tests

* chore(auths): rename mock data file

* feat(token-view): clicking on description opens token view modal

* feat(token-view): add ability to close overlay

* feat(token-view): display token permissions with updated permissions shape

* feat(token-view): wip update authorization and permission shapes

* feat(auth): wip refactor auth permissions

* fix(auth): generate permissions via functions

* fix(auth): make Id ID

* chore(types): update generated client

* feat(auth): wip add user and org names to auth

* fix(user): didnt save rebase

* feat(auth): WIP refactor auth

* feat(auth): check for user existence during auth creation

* feat(auth): org must exist during auth creation

* fix(auth): pluralize telegrafs resource type

* docs(http): update swagger definition for the Authorization

* test(auth): fix broken tests

* docs(swagger): update cur_swagger Authrorizations

* fix(api): remove trace from cur_swag

* test(ui/token): update components with new generated type definitions

* feat(http): add lookup service adding names for permissions

* fix(http): remove debugging panics

* chore: go tidy

* fix: unsaved rebase

* test(idpe): add ids to Authorizations for log tests
2018-12-28 15:02:19 -08:00
Michael Desa 81d1520dc6 fix(platform): keep authorization struct on proxy query request
As a result of pr https://github.com/influxdata/platform/pull/1494, idpe
broke. This PR undoes some of the work done from that PR, but fixes the
underlying issue with #1494.
2018-11-20 15:20:51 -08:00
Kelvin Wang 74ef984e53 add http for telegraf 2018-10-30 14:00:10 -04:00
Michael Desa 42ba7ffe11 feat(http): add authentication handler middleware 2018-10-02 14:11:44 -04:00
Michael Desa 1a0c29ad34 feat(platform): add authorizer interface
This iterface is supposed to be something that both sessions and
authorizations can share so that other components can authorize requests
as they see fit.
2018-10-02 14:11:44 -04:00