influxdb/cmd/influx/authorization.go

582 lines
15 KiB
Go

package main
import (
"context"
"os"
platform "github.com/influxdata/influxdb"
"github.com/influxdata/influxdb/cmd/influx/internal"
"github.com/influxdata/influxdb/http"
"github.com/spf13/cobra"
)
var authorizationCmd = &cobra.Command{
Use: "auth",
Aliases: []string{"authorization"},
Short: "Authorization management commands",
Run: func(cmd *cobra.Command, args []string) {
cmd.Usage()
},
}
// AuthorizationCreateFlags are command line args used when creating a authorization
type AuthorizationCreateFlags struct {
user string
org string
writeUserPermission bool
readUserPermission bool
writeBucketsPermission bool
readBucketsPermission bool
writeBucketPermissions []string
readBucketPermissions []string
writeTasksPermission bool
readTasksPermission bool
writeTelegrafsPermission bool
readTelegrafsPermission bool
writeOrganizationsPermission bool
readOrganizationsPermission bool
writeDashboardsPermission bool
readDashboardsPermission bool
}
var authorizationCreateFlags AuthorizationCreateFlags
func init() {
authorizationCreateCmd := &cobra.Command{
Use: "create",
Short: "Create authorization",
RunE: wrapCheckSetup(authorizationCreateF),
}
authorizationCreateCmd.Flags().StringVarP(&authorizationCreateFlags.org, "org", "o", "", "The organization name (required)")
authorizationCreateCmd.MarkFlagRequired("org")
authorizationCreateCmd.Flags().StringVarP(&authorizationCreateFlags.user, "user", "u", "", "The user name")
authorizationCreateCmd.Flags().BoolVarP(&authorizationCreateFlags.writeUserPermission, "write-user", "", false, "Grants the permission to perform mutative actions against organization users")
authorizationCreateCmd.Flags().BoolVarP(&authorizationCreateFlags.readUserPermission, "read-user", "", false, "Grants the permission to perform read actions against organization users")
authorizationCreateCmd.Flags().BoolVarP(&authorizationCreateFlags.writeBucketsPermission, "write-buckets", "", false, "Grants the permission to perform mutative actions against organization buckets")
authorizationCreateCmd.Flags().BoolVarP(&authorizationCreateFlags.readBucketsPermission, "read-buckets", "", false, "Grants the permission to perform read actions against organization buckets")
authorizationCreateCmd.Flags().StringArrayVarP(&authorizationCreateFlags.writeBucketPermissions, "write-bucket", "", []string{}, "The bucket id")
authorizationCreateCmd.Flags().StringArrayVarP(&authorizationCreateFlags.readBucketPermissions, "read-bucket", "", []string{}, "The bucket id")
authorizationCreateCmd.Flags().BoolVarP(&authorizationCreateFlags.writeTasksPermission, "write-tasks", "", false, "Grants the permission to create tasks")
authorizationCreateCmd.Flags().BoolVarP(&authorizationCreateFlags.readTasksPermission, "read-tasks", "", false, "Grants the permission to read tasks")
authorizationCreateCmd.Flags().BoolVarP(&authorizationCreateFlags.writeTelegrafsPermission, "write-telegrafs", "", false, "Grants the permission to create telegraf configs")
authorizationCreateCmd.Flags().BoolVarP(&authorizationCreateFlags.readTelegrafsPermission, "read-telegrafs", "", false, "Grants the permission to read telegraf configs")
authorizationCreateCmd.Flags().BoolVarP(&authorizationCreateFlags.writeOrganizationsPermission, "write-orgs", "", false, "Grants the permission to create organizations")
authorizationCreateCmd.Flags().BoolVarP(&authorizationCreateFlags.readOrganizationsPermission, "read-orgs", "", false, "Grants the permission to read organizations")
authorizationCreateCmd.Flags().BoolVarP(&authorizationCreateFlags.writeDashboardsPermission, "write-dashboards", "", false, "Grants the permission to create dashboards")
authorizationCreateCmd.Flags().BoolVarP(&authorizationCreateFlags.readDashboardsPermission, "read-dashboards", "", false, "Grants the permission to read dashboards")
authorizationCmd.AddCommand(authorizationCreateCmd)
}
func authorizationCreateF(cmd *cobra.Command, args []string) error {
var permissions []platform.Permission
orgSvc, err := newOrganizationService(flags)
if err != nil {
return err
}
ctx := context.Background()
orgFilter := platform.OrganizationFilter{Name: &authorizationCreateFlags.org}
o, err := orgSvc.FindOrganization(ctx, orgFilter)
if err != nil {
return err
}
if authorizationCreateFlags.writeUserPermission {
p, err := platform.NewPermission(platform.WriteAction, platform.UsersResourceType, o.ID)
if err != nil {
return err
}
permissions = append(permissions, *p)
}
if authorizationCreateFlags.readUserPermission {
p, err := platform.NewPermission(platform.ReadAction, platform.UsersResourceType, o.ID)
if err != nil {
return err
}
permissions = append(permissions, *p)
}
if authorizationCreateFlags.writeBucketsPermission {
p, err := platform.NewPermission(platform.WriteAction, platform.BucketsResourceType, o.ID)
if err != nil {
return err
}
permissions = append(permissions, *p)
}
if authorizationCreateFlags.readBucketsPermission {
p, err := platform.NewPermission(platform.ReadAction, platform.BucketsResourceType, o.ID)
if err != nil {
return err
}
permissions = append(permissions, *p)
}
for _, p := range authorizationCreateFlags.writeBucketPermissions {
var id platform.ID
if err := id.DecodeFromString(p); err != nil {
return err
}
p, err := platform.NewPermissionAtID(id, platform.WriteAction, platform.BucketsResourceType, o.ID)
if err != nil {
return err
}
permissions = append(permissions, *p)
}
for _, p := range authorizationCreateFlags.readBucketPermissions {
var id platform.ID
if err := id.DecodeFromString(p); err != nil {
return err
}
p, err := platform.NewPermissionAtID(id, platform.ReadAction, platform.BucketsResourceType, o.ID)
if err != nil {
return err
}
permissions = append(permissions, *p)
}
if authorizationCreateFlags.writeTasksPermission {
p, err := platform.NewPermission(platform.WriteAction, platform.TasksResourceType, o.ID)
if err != nil {
return err
}
permissions = append(permissions, *p)
}
if authorizationCreateFlags.readTasksPermission {
p, err := platform.NewPermission(platform.ReadAction, platform.TasksResourceType, o.ID)
if err != nil {
return err
}
permissions = append(permissions, *p)
}
if authorizationCreateFlags.writeTelegrafsPermission {
p, err := platform.NewPermission(platform.WriteAction, platform.TelegrafsResourceType, o.ID)
if err != nil {
return err
}
permissions = append(permissions, *p)
}
if authorizationCreateFlags.readTelegrafsPermission {
p, err := platform.NewPermission(platform.ReadAction, platform.TelegrafsResourceType, o.ID)
if err != nil {
return err
}
permissions = append(permissions, *p)
}
if authorizationCreateFlags.writeOrganizationsPermission {
p, err := platform.NewPermission(platform.WriteAction, platform.OrgsResourceType, o.ID)
if err != nil {
return err
}
permissions = append(permissions, *p)
}
if authorizationCreateFlags.readOrganizationsPermission {
p, err := platform.NewPermission(platform.ReadAction, platform.OrgsResourceType, o.ID)
if err != nil {
return err
}
permissions = append(permissions, *p)
}
if authorizationCreateFlags.writeDashboardsPermission {
p, err := platform.NewPermission(platform.WriteAction, platform.DashboardsResourceType, o.ID)
if err != nil {
return err
}
permissions = append(permissions, *p)
}
if authorizationCreateFlags.readDashboardsPermission {
p, err := platform.NewPermission(platform.ReadAction, platform.DashboardsResourceType, o.ID)
if err != nil {
return err
}
permissions = append(permissions, *p)
}
authorization := &platform.Authorization{
Permissions: permissions,
OrgID: o.ID,
}
s, err := newAuthorizationService(flags)
if err != nil {
return err
}
if err := s.CreateAuthorization(context.Background(), authorization); err != nil {
return err
}
w := internal.NewTabWriter(os.Stdout)
w.WriteHeaders(
"ID",
"Token",
"Status",
"UserID",
"Permissions",
)
ps := []string{}
for _, p := range authorization.Permissions {
ps = append(ps, p.String())
}
w.Write(map[string]interface{}{
"ID": authorization.ID.String(),
"Token": authorization.Token,
"Status": authorization.Status,
"UserID": authorization.UserID.String(),
"Permissions": ps,
})
w.Flush()
return nil
}
// AuthorizationFindFlags are command line args used when finding a authorization
type AuthorizationFindFlags struct {
user string
userID string
org string
orgID string
id string
}
var authorizationFindFlags AuthorizationFindFlags
func init() {
authorizationFindCmd := &cobra.Command{
Use: "find",
Short: "Find authorization",
RunE: wrapCheckSetup(authorizationFindF),
}
authorizationFindCmd.Flags().StringVarP(&authorizationFindFlags.user, "user", "u", "", "The user")
authorizationFindCmd.Flags().StringVarP(&authorizationFindFlags.userID, "user-id", "", "", "The user ID")
authorizationFindCmd.Flags().StringVarP(&authorizationFindFlags.org, "org", "o", "", "The org")
authorizationFindCmd.Flags().StringVarP(&authorizationFindFlags.orgID, "org-id", "", "", "The org ID")
authorizationFindCmd.Flags().StringVarP(&authorizationFindFlags.id, "id", "i", "", "The authorization ID")
authorizationCmd.AddCommand(authorizationFindCmd)
}
func newAuthorizationService(f Flags) (platform.AuthorizationService, error) {
if flags.local {
return newLocalKVService()
}
return &http.AuthorizationService{
Addr: flags.host,
Token: flags.token,
}, nil
}
func authorizationFindF(cmd *cobra.Command, args []string) error {
s, err := newAuthorizationService(flags)
if err != nil {
return err
}
filter := platform.AuthorizationFilter{}
if authorizationFindFlags.id != "" {
fID, err := platform.IDFromString(authorizationFindFlags.id)
if err != nil {
return err
}
filter.ID = fID
}
if authorizationFindFlags.user != "" {
filter.User = &authorizationFindFlags.user
}
if authorizationFindFlags.userID != "" {
uID, err := platform.IDFromString(authorizationFindFlags.userID)
if err != nil {
return err
}
filter.UserID = uID
}
if authorizationFindFlags.org != "" {
filter.Org = &authorizationFindFlags.org
}
if authorizationFindFlags.orgID != "" {
oID, err := platform.IDFromString(authorizationFindFlags.orgID)
if err != nil {
return err
}
filter.OrgID = oID
}
authorizations, _, err := s.FindAuthorizations(context.Background(), filter)
if err != nil {
return err
}
w := internal.NewTabWriter(os.Stdout)
w.WriteHeaders(
"ID",
"Token",
"Status",
"User",
"UserID",
"Permissions",
)
for _, a := range authorizations {
var permissions []string
for _, p := range a.Permissions {
permissions = append(permissions, p.String())
}
w.Write(map[string]interface{}{
"ID": a.ID,
"Token": a.Token,
"Status": a.Status,
"UserID": a.UserID.String(),
"Permissions": permissions,
})
}
w.Flush()
return nil
}
// AuthorizationDeleteFlags are command line args used when deleting a authorization
type AuthorizationDeleteFlags struct {
id string
}
var authorizationDeleteFlags AuthorizationDeleteFlags
func init() {
authorizationDeleteCmd := &cobra.Command{
Use: "delete",
Short: "Delete authorization",
RunE: wrapCheckSetup(authorizationDeleteF),
}
authorizationDeleteCmd.Flags().StringVarP(&authorizationDeleteFlags.id, "id", "i", "", "The authorization ID (required)")
authorizationDeleteCmd.MarkFlagRequired("id")
authorizationCmd.AddCommand(authorizationDeleteCmd)
}
func authorizationDeleteF(cmd *cobra.Command, args []string) error {
s, err := newAuthorizationService(flags)
if err != nil {
return err
}
id, err := platform.IDFromString(authorizationDeleteFlags.id)
if err != nil {
return err
}
ctx := context.TODO()
a, err := s.FindAuthorizationByID(ctx, *id)
if err != nil {
return err
}
if err := s.DeleteAuthorization(context.Background(), *id); err != nil {
return err
}
w := internal.NewTabWriter(os.Stdout)
w.WriteHeaders(
"ID",
"Token",
"User",
"UserID",
"Permissions",
"Deleted",
)
ps := []string{}
for _, p := range a.Permissions {
ps = append(ps, p.String())
}
w.Write(map[string]interface{}{
"ID": a.ID.String(),
"Token": a.Token,
"UserID": a.UserID.String(),
"Permissions": ps,
"Deleted": true,
})
w.Flush()
return nil
}
// AuthorizationActiveFlags are command line args used when enabling an authorization
type AuthorizationActiveFlags struct {
id string
}
var authorizationActiveFlags AuthorizationActiveFlags
func init() {
authorizationActiveCmd := &cobra.Command{
Use: "active",
Short: "Active authorization",
RunE: wrapCheckSetup(authorizationActiveF),
}
authorizationActiveCmd.Flags().StringVarP(&authorizationActiveFlags.id, "id", "i", "", "The authorization ID (required)")
authorizationActiveCmd.MarkFlagRequired("id")
authorizationCmd.AddCommand(authorizationActiveCmd)
}
func authorizationActiveF(cmd *cobra.Command, args []string) error {
s, err := newAuthorizationService(flags)
if err != nil {
return err
}
var id platform.ID
if err := id.DecodeFromString(authorizationActiveFlags.id); err != nil {
return err
}
ctx := context.TODO()
if _, err := s.FindAuthorizationByID(ctx, id); err != nil {
return err
}
a, err := s.UpdateAuthorization(context.Background(), id, &platform.AuthorizationUpdate{
Status: platform.Active.Ptr(),
})
if err != nil {
return err
}
w := internal.NewTabWriter(os.Stdout)
w.WriteHeaders(
"ID",
"Token",
"Status",
"User",
"UserID",
"Permissions",
)
ps := []string{}
for _, p := range a.Permissions {
ps = append(ps, p.String())
}
w.Write(map[string]interface{}{
"ID": a.ID.String(),
"Token": a.Token,
"Status": a.Status,
"UserID": a.UserID.String(),
"Permissions": ps,
})
w.Flush()
return nil
}
// AuthorizationInactiveFlags are command line args used when disabling an authorization
type AuthorizationInactiveFlags struct {
id string
}
var authorizationInactiveFlags AuthorizationInactiveFlags
func init() {
authorizationInactiveCmd := &cobra.Command{
Use: "inactive",
Short: "Inactive authorization",
RunE: wrapCheckSetup(authorizationInactiveF),
}
authorizationInactiveCmd.Flags().StringVarP(&authorizationInactiveFlags.id, "id", "i", "", "The authorization ID (required)")
authorizationInactiveCmd.MarkFlagRequired("id")
authorizationCmd.AddCommand(authorizationInactiveCmd)
}
func authorizationInactiveF(cmd *cobra.Command, args []string) error {
s, err := newAuthorizationService(flags)
if err != nil {
return err
}
var id platform.ID
if err := id.DecodeFromString(authorizationInactiveFlags.id); err != nil {
return err
}
ctx := context.TODO()
if _, err = s.FindAuthorizationByID(ctx, id); err != nil {
return err
}
a, err := s.UpdateAuthorization(context.Background(), id, &platform.AuthorizationUpdate{
Status: platform.Inactive.Ptr(),
})
if err != nil {
return err
}
w := internal.NewTabWriter(os.Stdout)
w.WriteHeaders(
"ID",
"Token",
"Status",
"User",
"UserID",
"Permissions",
)
ps := []string{}
for _, p := range a.Permissions {
ps = append(ps, p.String())
}
w.Write(map[string]interface{}{
"ID": a.ID.String(),
"Token": a.Token,
"Status": a.Status,
"UserID": a.UserID.String(),
"Permissions": ps,
})
w.Flush()
return nil
}