influxdb/user_resource_mapping.go

220 lines
5.2 KiB
Go

package influxdb
import (
"context"
"encoding/json"
"errors"
"github.com/influxdata/influxdb/v2/kit/platform"
)
var (
// ErrInvalidUserType notes that the provided UserType is invalid
ErrInvalidUserType = errors.New("unknown user type")
// ErrInvalidMappingType notes that the provided MappingType is invalid
ErrInvalidMappingType = errors.New("unknown mapping type")
// ErrUserIDRequired notes that the ID was not provided
ErrUserIDRequired = errors.New("user id is required")
// ErrResourceIDRequired notes that the provided ID was not provided
ErrResourceIDRequired = errors.New("resource id is required")
)
// UserType can either be owner or member.
type UserType string
const (
// Owner can read and write to a resource
Owner UserType = "owner" // 1
// Member can read from a resource.
Member UserType = "member" // 2
)
// Valid checks if the UserType is a member of the UserType enum
func (ut UserType) Valid() (err error) {
switch ut {
case Owner: // 1
case Member: // 2
default:
err = ErrInvalidUserType
}
return err
}
type MappingType uint8
const (
UserMappingType = 0
OrgMappingType = 1
)
func (mt MappingType) Valid() error {
switch mt {
case UserMappingType, OrgMappingType:
return nil
}
return ErrInvalidMappingType
}
func (mt MappingType) String() string {
switch mt {
case UserMappingType:
return "user"
case OrgMappingType:
return "org"
}
return "unknown"
}
func (mt MappingType) MarshalJSON() ([]byte, error) {
return json.Marshal(mt.String())
}
func (mt *MappingType) UnmarshalJSON(b []byte) error {
var s string
if err := json.Unmarshal(b, &s); err != nil {
return err
}
switch s {
case "user":
*mt = UserMappingType
return nil
case "org":
*mt = OrgMappingType
return nil
}
return ErrInvalidMappingType
}
// UserResourceMappingService maps the relationships between users and resources.
type UserResourceMappingService interface {
// FindUserResourceMappings returns a list of UserResourceMappings that match filter and the total count of matching mappings.
FindUserResourceMappings(ctx context.Context, filter UserResourceMappingFilter, opt ...FindOptions) ([]*UserResourceMapping, int, error)
// CreateUserResourceMapping creates a user resource mapping.
CreateUserResourceMapping(ctx context.Context, m *UserResourceMapping) error
// DeleteUserResourceMapping deletes a user resource mapping.
DeleteUserResourceMapping(ctx context.Context, resourceID, userID platform.ID) error
}
// UserResourceMapping represents a mapping of a resource to its user.
type UserResourceMapping struct {
UserID platform.ID `json:"userID"`
UserType UserType `json:"userType"`
MappingType MappingType `json:"mappingType"`
ResourceType ResourceType `json:"resourceType"`
ResourceID platform.ID `json:"resourceID"`
}
// Validate reports any validation errors for the mapping.
func (m UserResourceMapping) Validate() error {
if !m.ResourceID.Valid() {
return ErrResourceIDRequired
}
if !m.UserID.Valid() {
return ErrUserIDRequired
}
if err := m.UserType.Valid(); err != nil {
return err
}
if err := m.MappingType.Valid(); err != nil {
return err
}
if err := m.ResourceType.Valid(); err != nil {
return err
}
return nil
}
// UserResourceMappingFilter represents a set of filters that restrict the returned results.
type UserResourceMappingFilter struct {
ResourceID platform.ID
ResourceType ResourceType
UserID platform.ID
UserType UserType
}
func (m *UserResourceMapping) ownerPerms() ([]Permission, error) {
if m.ResourceType == OrgsResourceType {
return OwnerPermissions(m.ResourceID), nil
}
if m.ResourceType == InstanceResourceType {
return []Permission{
{Action: ReadAction, Resource: Resource{Type: InstanceResourceType}},
{Action: WriteAction, Resource: Resource{Type: InstanceResourceType}},
}, nil
}
ps := []Permission{
// TODO: Uncomment these once the URM system is no longer being used for find lookups for:
// Telegraf
// DashBoard
// notification rule
// notification endpoint
// Permission{
// Action: ReadAction,
// Resource: Resource{
// Type: m.ResourceType,
// ID: &m.ResourceID,
// },
// },
// Permission{
// Action: WriteAction,
// Resource: Resource{
// Type: m.ResourceType,
// ID: &m.ResourceID,
// },
// },
}
return ps, nil
}
func (m *UserResourceMapping) memberPerms() ([]Permission, error) {
if m.ResourceType == OrgsResourceType {
return MemberPermissions(m.ResourceID), nil
}
if m.ResourceType == BucketsResourceType {
return []Permission{MemberBucketPermission(m.ResourceID)}, nil
}
ps := []Permission{
// TODO: Uncomment these once the URM system is no longer being used for find lookups for:
// Telegraf
// DashBoard
// notification rule
// notification endpoint
// Permission{
// Action: ReadAction,
// Resource: Resource{
// Type: m.ResourceType,
// ID: &m.ResourceID,
// },
// },
}
return ps, nil
}
// ToPermissions converts a user resource mapping into a set of permissions.
func (m *UserResourceMapping) ToPermissions() ([]Permission, error) {
switch m.UserType {
case Owner:
return m.ownerPerms()
case Member:
return m.memberPerms()
default:
return nil, ErrInvalidUserType
}
}