faac66a9bd
Nest resources under Organizations
...
For each organization, we create a set of buckets for each associated
resource (sources, servers, layouts, and dashbaords).
The bucket name is the path join of the resource bucket name and the
oranizations name. If the organizations name is empty, then the bucket
name is the resource bucket name (this is backwards compatible with how
resources are currently stored).
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-20 13:50:19 -04:00
de6ae41c60
Implement basic bolt OrganizationsStore
2017-10-20 11:13:13 -04:00
41386ca546
Add bolt implementation of OrganizationsStore
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-20 09:17:00 -05:00
30096623f9
Define Organization and OrganizationsStore
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-20 10:10:38 -04:00
67ed6c05da
Merge pull request #2132 from influxdata/multitenancy_authorize_role
...
Role based authorization
2017-10-19 14:55:01 -05:00
414ca7f0b6
Add clarifying comment for InfluxDB UID being Name
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-19 14:42:34 -05:00
5998923ab8
Add test coverage for Get with empty User
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-19 14:39:06 -05:00
f463642bae
Update route authorization by Role
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-19 14:33:08 -05:00
19369b38cc
Set Scheme to be OAuth2 explicitly for all users
...
Add Provider to Users authenticated via /me
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-19 14:32:33 -05:00
dafab1653a
Fix formating of server/auth.go
2017-10-19 12:54:06 -04:00
72640d3bd2
Add tests for retrieving user by name and provider
...
Fix incorrect error message
Cleanup old Get user test
2017-10-19 12:52:46 -04:00
8d472646cd
Fix wrong authorization level on selected routes
...
Fix leaking of username on failed authorization
Add comment to chronograf.UserQuery
Fix logic in hasPrivilege method
2017-10-18 15:45:06 -04:00
a0d300d280
Use new chonograf.UserStore Get method when needed
...
Refactor tests that were dependent of old implementation of UsersStore
2017-10-18 14:45:33 -04:00
246e65e598
Generalize chronograf.UsersStore Get method
...
The `Get` method on the UsersStore was generalize by changing the second
parameter to a struct. This allows the Store to retrieve users by more
than simply their name.
-Get(ctx context.Context, name string) (*User, error)
+Get(ctx context.Context, q UserQuery) (*User, error)
2017-10-18 14:17:42 -04:00
0517a87954
Add comment to AuthorizedUser
2017-10-18 12:45:58 -04:00
3430eeb84b
Wrap routes with Authorization middleware
2017-10-18 12:40:17 -04:00
f50a2b686f
Add AuthorizedUser middleware
2017-10-18 12:35:40 -04:00
e61ed60ae8
Extract logic for getting user by name & provider
2017-10-18 12:34:23 -04:00
84f6702edf
Modify /me to match User via UsersStore.All & principal's Issuer
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-16 19:58:02 -05:00
414eab5f7d
Rename getEmail func & email var to getUsername & username
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-16 19:58:02 -05:00
cc7e695f37
Merge pull request #2113 from influxdata/multitenancy_rename_role_sourcerole
...
MULTITENANCY: Rename Role CRUD methods & structs w Source prefix
2017-10-16 19:51:38 -05:00
725344bc04
Merge pull request #2114 from influxdata/multitenancy_set_role
...
MULTITENANCY: Set the role of a user
2017-10-16 19:50:15 -05:00
c924771fb9
Lowercase string consts for role names
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-16 19:42:57 -05:00
c390678e43
Place user role consts and vars in server package
...
This also decouples the bolt tests from the server package.
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-16 18:43:56 -05:00
de6068228b
Replace string slices of role names with slices of chronograf.Role
...
This effectively reinstants rolly polly as king.
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-16 18:26:08 -05:00
1247323176
Use cmp.Diff for user equality comparison
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-16 16:46:20 -05:00
97d9afa78a
Vendor github.com/google/go-cmp/cmp/cmpopts
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-16 16:35:40 -05:00
93e3e68272
Suggest valid options in Invalid Role error message
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-16 15:56:43 -05:00
3ae86ec2da
Add comments for role types
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-16 15:33:29 -05:00
d9bec67e65
Clean up redundant error checks
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-16 14:33:47 -05:00
b2c4d9cb94
Add test coverage for userRequest validation
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-16 14:28:15 -05:00
74b4ad2c86
Remove unnecessary logic in ValidRoles guard
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-16 13:58:16 -05:00
263ff93f9b
Modify chronograf user roles to only use role name
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-16 14:44:34 -04:00
515370dc6c
Remove explicit chronograf user permisions
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-16 14:19:42 -04:00
a928d1518c
Modify User req & res to receive & give Role names only
...
Role members are fully explicated for CRUD operations.
Also adds validation for Roles on requests.
Also returns an empty array in JSON when a User has no roles.
2017-10-16 14:18:34 -04:00
de3dcf24c0
Add Roles to Users CRUD
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-12 17:42:30 -07:00
1bb3e560aa
Add name to bolt UsersStore test
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-12 20:01:35 -04:00
506cdd0c42
Make chronograf user roles explicit vars
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-12 19:58:45 -04:00
854c5b03d4
Factor out code in common bolt UsersStore tests
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-12 19:52:34 -04:00
22d56182cc
Use numberic style ID in UsersStore Get test
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-12 19:37:51 -04:00
ecccfc0c72
Regenerate protoc to remove formatting changes
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-12 19:33:46 -04:00
09050b9c8e
Remove unused concept of RolesStore
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-12 19:33:31 -04:00
40428588f2
Refactor bolt UsersStore to use ID instead of name
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-12 19:33:16 -04:00
75b0dbd43a
Add tests for updating user in boltdb
...
Adds tests for updating roles, provider, and scheme
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-12 19:32:54 -04:00
66eab84b40
Set ID on retrieved user from boltdb
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-12 19:32:35 -04:00
f712d2204b
Add roles to boltdb UsersStore
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-12 19:31:44 -04:00
aedaafe426
Update bolt UsersStore for updated chronograf User
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-12 19:31:26 -04:00
fd50f2fc7e
Refactor bolt.RolesStore to use bolt.UsersStore
...
Add definitions for user roles and permissions in chronograf package
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-12 19:31:15 -04:00
3e3ca4d1a2
Remove old bolt implementation of RoleStore
...
Signed-off-by: Jared Scheib <jared.scheib@gmail.com>
2017-10-12 19:31:06 -04:00
4db4ae5bcf
Refactor Roles & Protobuf to be part of User msg
...
Signed-off-by: Michael de Sa <mjdesa@gmail.com>
2017-10-12 19:30:50 -04:00
Michael de Sa
Jared Scheib
Jared Scheib