authorizer

package
v2.0.0-rc.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 21, 2020 License: MIT Imports: 8 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrInactiveTask = &influxdb.Error{
		Code: influxdb.EInvalid,
		Msg:  "inactive task",
	}

	ErrFailedPermission = &influxdb.Error{
		Code: influxdb.EInvalid,
		Msg:  "unauthorized",
	}
)

Functions

func AuthorizeCreate 

func AuthorizeCreate(ctx context.Context, rt influxdb.ResourceType, oid influxdb.ID) (influxdb.Authorizer, influxdb.Permission, error)

AuthorizeCreate authorizes a user to create a resource of the given type for the given org.

func AuthorizeFindAuthorizations 

func AuthorizeFindAuthorizations(ctx context.Context, rs []*influxdb.Authorization) ([]*influxdb.Authorization, int, error)

AuthorizeFindAuthorizations takes the given items and returns only the ones that the user is authorized to read.

func AuthorizeFindBuckets 

func AuthorizeFindBuckets(ctx context.Context, rs []*influxdb.Bucket) ([]*influxdb.Bucket, int, error)

AuthorizeFindBuckets takes the given items and returns only the ones that the user is authorized to read.

func AuthorizeFindChecks 

func AuthorizeFindChecks(ctx context.Context, rs []influxdb.Check) ([]influxdb.Check, int, error)

AuthorizeFindChecks takes the given items and returns only the ones that the user is authorized to read.

func AuthorizeFindDBRPs 

func AuthorizeFindDBRPs(ctx context.Context, rs []*influxdb.DBRPMappingV2) ([]*influxdb.DBRPMappingV2, int, error)

AuthorizeFindDBRPs takes the given items and returns only the ones that the user is authorized to read.

func AuthorizeFindDashboards 

func AuthorizeFindDashboards(ctx context.Context, rs []*influxdb.Dashboard) ([]*influxdb.Dashboard, int, error)

AuthorizeFindDashboards takes the given items and returns only the ones that the user is authorized to read.

func AuthorizeFindLabels 

func AuthorizeFindLabels(ctx context.Context, rs []*influxdb.Label) ([]*influxdb.Label, int, error)

AuthorizeFindLabels takes the given items and returns only the ones that the user is authorized to read.

func AuthorizeFindNotificationEndpoints 

func AuthorizeFindNotificationEndpoints(ctx context.Context, rs []influxdb.NotificationEndpoint) ([]influxdb.NotificationEndpoint, int, error)

AuthorizeFindNotificationEndpoints takes the given items and returns only the ones that the user is authorized to read.

func AuthorizeFindNotificationRules 

func AuthorizeFindNotificationRules(ctx context.Context, rs []influxdb.NotificationRule) ([]influxdb.NotificationRule, int, error)

AuthorizeFindNotificationRules takes the given items and returns only the ones that the user is authorized to read.

func AuthorizeFindOrganizations 

func AuthorizeFindOrganizations(ctx context.Context, rs []*influxdb.Organization) ([]*influxdb.Organization, int, error)

AuthorizeFindOrganizations takes the given items and returns only the ones that the user is authorized to read.

func AuthorizeFindScrapers 

func AuthorizeFindScrapers(ctx context.Context, rs []influxdb.ScraperTarget) ([]influxdb.ScraperTarget, int, error)

AuthorizeFindScrapers takes the given items and returns only the ones that the user is authorize to read.

func AuthorizeFindSources 

func AuthorizeFindSources(ctx context.Context, rs []*influxdb.Source) ([]*influxdb.Source, int, error)

AuthorizeFindSources takes the given items and returns only the ones that the user is authorized to read.

func AuthorizeFindTasks 

func AuthorizeFindTasks(ctx context.Context, rs []*influxdb.Task) ([]*influxdb.Task, int, error)

AuthorizeFindTasks takes the given items and returns only the ones that the user is authorized to read.

func AuthorizeFindTelegrafs 

func AuthorizeFindTelegrafs(ctx context.Context, rs []*influxdb.TelegrafConfig) ([]*influxdb.TelegrafConfig, int, error)

AuthorizeFindTelegrafs takes the given items and returns only the ones that the user is authorized to read.

func AuthorizeFindUserResourceMappings 

func AuthorizeFindUserResourceMappings(ctx context.Context, os OrganizationService, rs []*influxdb.UserResourceMapping) ([]*influxdb.UserResourceMapping, int, error)

AuthorizeFindUserResourceMappings takes the given items and returns only the ones that the user is authorized to read.

func AuthorizeFindUsers 

func AuthorizeFindUsers(ctx context.Context, rs []*influxdb.User) ([]*influxdb.User, int, error)

AuthorizeFindUsers takes the given items and returns only the ones that the user is authorized to read.

func AuthorizeFindVariables 

func AuthorizeFindVariables(ctx context.Context, rs []*influxdb.Variable) ([]*influxdb.Variable, int, error)

AuthorizeFindVariables takes the given items and returns only the ones that the user is authorized to read.

func AuthorizeOrgReadResource 

func AuthorizeOrgReadResource(ctx context.Context, rt influxdb.ResourceType, oid influxdb.ID) (influxdb.Authorizer, influxdb.Permission, error)

AuthorizeOrgReadResource authorizes the given org to read the resources of the given type. NOTE: this is pretty much the same as AuthorizeRead, in the case that the resource ID is ignored. Use it in the case that you do not know which resource in particular you want to give access to.

func AuthorizeOrgWriteResource 

func AuthorizeOrgWriteResource(ctx context.Context, rt influxdb.ResourceType, oid influxdb.ID) (influxdb.Authorizer, influxdb.Permission, error)

AuthorizeOrgWriteResource authorizes the given org to write the resources of the given type. NOTE: this is pretty much the same as AuthorizeWrite, in the case that the resource ID is ignored. Use it in the case that you do not know which resource in particular you want to give access to.

func AuthorizeRead 

func AuthorizeRead(ctx context.Context, rt influxdb.ResourceType, rid, oid influxdb.ID) (influxdb.Authorizer, influxdb.Permission, error)

AuthorizeRead authorizes the user in the context to read the specified resource (identified by its type, ID, and orgID). NOTE: authorization will pass even if the user only has permissions for the resource type and organization ID only.

func AuthorizeReadBucket 

func AuthorizeReadBucket(ctx context.Context, bt influxdb.BucketType, bid, oid influxdb.ID) (influxdb.Authorizer, influxdb.Permission, error)

AuthorizeReadBucket exists because buckets are a special case and should use this method. I.e., instead of: 

AuthorizeRead(ctx, influxdb.BucketsResourceType, b.ID, b.OrgID)

use: 

AuthorizeReadBucket(ctx, b.Type, b.ID, b.OrgID)

func AuthorizeReadGlobal 

func AuthorizeReadGlobal(ctx context.Context, rt influxdb.ResourceType) (influxdb.Authorizer, influxdb.Permission, error)

AuthorizeReadGlobal authorizes to read resources of the given type.

func AuthorizeReadOrg 

func AuthorizeReadOrg(ctx context.Context, oid influxdb.ID) (influxdb.Authorizer, influxdb.Permission, error)

AuthorizeReadOrg authorizes the user to read the given org.

func AuthorizeReadResource 

func AuthorizeReadResource(ctx context.Context, rt influxdb.ResourceType, rid influxdb.ID) (influxdb.Authorizer, influxdb.Permission, error)

AuthorizeRead authorizes the user in the context to read the specified resource (identified by its type, ID). NOTE: authorization will pass only if the user has a specific permission for the given resource.

func AuthorizeWrite 

func AuthorizeWrite(ctx context.Context, rt influxdb.ResourceType, rid, oid influxdb.ID) (influxdb.Authorizer, influxdb.Permission, error)

AuthorizeWrite authorizes the user in the context to write the specified resource (identified by its type, ID, and orgID). NOTE: authorization will pass even if the user only has permissions for the resource type and organization ID only.

func AuthorizeWriteGlobal 

func AuthorizeWriteGlobal(ctx context.Context, rt influxdb.ResourceType) (influxdb.Authorizer, influxdb.Permission, error)

AuthorizeWriteGlobal authorizes to write resources of the given type.

func AuthorizeWriteOrg 

func AuthorizeWriteOrg(ctx context.Context, oid influxdb.ID) (influxdb.Authorizer, influxdb.Permission, error)

AuthorizeWriteOrg authorizes the user to write the given org.

func AuthorizeWriteResource 

func AuthorizeWriteResource(ctx context.Context, rt influxdb.ResourceType, rid influxdb.ID) (influxdb.Authorizer, influxdb.Permission, error)

AuthorizeWrite authorizes the user in the context to write the specified resource (identified by its type, ID). NOTE: authorization will pass only if the user has a specific permission for the given resource.

func IsAllowed 

func IsAllowed(ctx context.Context, p influxdb.Permission) error

IsAllowed checks to see if an action is authorized by retrieving the authorizer off of context and authorizing the action appropriately.

func IsAllowedAll 

func IsAllowedAll(ctx context.Context, permissions []influxdb.Permission) error

IsAllowedAll checks to see if an action is authorized by ALL permissions. Also see IsAllowed.

func IsAllowedAny 

func IsAllowedAny(ctx context.Context, permissions []influxdb.Permission) error

IsAllowedAll checks to see if an action is authorized by ALL permissions. Also see IsAllowed.

func NewDocumentService 

func NewDocumentService(s influxdb.DocumentService) influxdb.DocumentService

NewDocumentService constructs an instance of an authorizing document service.

func NewTaskService 

func NewTaskService(log *zap.Logger, ts influxdb.TaskService) influxdb.TaskService

TaskService wraps ts and checks appropriate permissions before calling requested methods on ts. Authorization failures are logged to the logger.

func VerifyPermissions 

func VerifyPermissions(ctx context.Context, ps []influxdb.Permission) error

VerifyPermissions ensures that an authorization is allowed all of the appropriate permissions.

Types

type AuthAgent 

type AuthAgent struct{}

AuthAgent provides a means to authenticate users with resource and their associate actions. It makes for a clear dependency, to an auth middleware for instance.

func (*AuthAgent) IsWritable 

func (a *AuthAgent) IsWritable(ctx context.Context, orgID influxdb.ID, resType influxdb.ResourceType) error

func (*AuthAgent) OrgPermissions 

func (a *AuthAgent) OrgPermissions(ctx context.Context, orgID influxdb.ID, action influxdb.Action, rest ...influxdb.Action) error

OrgPermissions identifies if a user has access to the org by the specified action.

type AuthorizationService 

type AuthorizationService struct {
	// contains filtered or unexported fields
}

AuthorizationService wraps a influxdb.AuthorizationService and authorizes actions against it appropriately.

func NewAuthorizationService 

func NewAuthorizationService(s influxdb.AuthorizationService) *AuthorizationService

NewAuthorizationService constructs an instance of an authorizing authorization serivce.

func (*AuthorizationService) CreateAuthorization 

func (s *AuthorizationService) CreateAuthorization(ctx context.Context, a *influxdb.Authorization) error

CreateAuthorization checks to see if the authorizer on context has write access to the global authorizations resource.

func (*AuthorizationService) DeleteAuthorization 

func (s *AuthorizationService) DeleteAuthorization(ctx context.Context, id influxdb.ID) error

DeleteAuthorization checks to see if the authorizer on context has write access to the authorization provided.

func (*AuthorizationService) FindAuthorizationByID 

func (s *AuthorizationService) FindAuthorizationByID(ctx context.Context, id influxdb.ID) (*influxdb.Authorization, error)

FindAuthorizationByID checks to see if the authorizer on context has read access to the id provided.

func (*AuthorizationService) FindAuthorizationByToken 

func (s *AuthorizationService) FindAuthorizationByToken(ctx context.Context, t string) (*influxdb.Authorization, error)

FindAuthorizationByToken retrieves the authorization and checks to see if the authorizer on context has read access to the authorization.

func (*AuthorizationService) FindAuthorizations 

func (s *AuthorizationService) FindAuthorizations(ctx context.Context, filter influxdb.AuthorizationFilter, opt ...influxdb.FindOptions) ([]*influxdb.Authorization, int, error)

FindAuthorizations retrieves all authorizations that match the provided filter and then filters the list down to only the resources that are authorized.

func (*AuthorizationService) UpdateAuthorization 

func (s *AuthorizationService) UpdateAuthorization(ctx context.Context, id influxdb.ID, upd *influxdb.AuthorizationUpdate) (*influxdb.Authorization, error)

UpdateAuthorization checks to see if the authorizer on context has write access to the authorization provided.

type BackupService 

type BackupService struct {
	// contains filtered or unexported fields
}

BackupService wraps a influxdb.BackupService and authorizes actions against it appropriately.

func NewBackupService 

func NewBackupService(s influxdb.BackupService) *BackupService

NewBackupService constructs an instance of an authorizing backup service.

func (BackupService) CreateBackup 

func (b BackupService) CreateBackup(ctx context.Context) (int, []string, error)

func (BackupService) FetchBackupFile 

func (b BackupService) FetchBackupFile(ctx context.Context, backupID int, backupFile string, w io.Writer) error

func (BackupService) InternalBackupPath 

func (b BackupService) InternalBackupPath(backupID int) string

type BucketService 

type BucketService struct {
	// contains filtered or unexported fields
}

BucketService wraps a influxdb.BucketService and authorizes actions against it appropriately.

func NewBucketService 

func NewBucketService(s influxdb.BucketService) *BucketService

NewBucketService constructs an instance of an authorizing bucket serivce.

func (*BucketService) CreateBucket 

func (s *BucketService) CreateBucket(ctx context.Context, b *influxdb.Bucket) error

CreateBucket checks to see if the authorizer on context has write access to the global buckets resource.

func (*BucketService) DeleteBucket 

func (s *BucketService) DeleteBucket(ctx context.Context, id influxdb.ID) error

DeleteBucket checks to see if the authorizer on context has write access to the bucket provided.

func (*BucketService) FindBucket 

func (s *BucketService) FindBucket(ctx context.Context, filter influxdb.BucketFilter) (*influxdb.Bucket, error)

FindBucket retrieves the bucket and checks to see if the authorizer on context has read access to the bucket.

func (*BucketService) FindBucketByID 

func (s *BucketService) FindBucketByID(ctx context.Context, id influxdb.ID) (*influxdb.Bucket, error)

FindBucketByID checks to see if the authorizer on context has read access to the id provided.

func (*BucketService) FindBucketByName 

func (s *BucketService) FindBucketByName(ctx context.Context, orgID influxdb.ID, n string) (*influxdb.Bucket, error)

FindBucketByName returns a bucket by name for a particular organization.

func (*BucketService) FindBuckets 

func (s *BucketService) FindBuckets(ctx context.Context, filter influxdb.BucketFilter, opt ...influxdb.FindOptions) ([]*influxdb.Bucket, int, error)

FindBuckets retrieves all buckets that match the provided filter and then filters the list down to only the resources that are authorized.

func (*BucketService) UpdateBucket 

func (s *BucketService) UpdateBucket(ctx context.Context, id influxdb.ID, upd influxdb.BucketUpdate) (*influxdb.Bucket, error)

UpdateBucket checks to see if the authorizer on context has write access to the bucket provided.

type CheckService 

type CheckService struct {
	influxdb.UserResourceMappingService
	influxdb.OrganizationService
	influxdb.TaskService
	// contains filtered or unexported fields
}

CheckService wraps a influxdb.CheckService and authorizes actions against it appropriately.

func NewCheckService 

func NewCheckService(s influxdb.CheckService, urm influxdb.UserResourceMappingService, org influxdb.OrganizationService) *CheckService

NewCheckService constructs an instance of an authorizing check serivce.

func (*CheckService) CreateCheck 

func (s *CheckService) CreateCheck(ctx context.Context, chk influxdb.CheckCreate, userID influxdb.ID) error

CreateCheck checks to see if the authorizer on context has write access to the global check resource.

func (*CheckService) DeleteCheck 

func (s *CheckService) DeleteCheck(ctx context.Context, id influxdb.ID) error

DeleteCheck checks to see if the authorizer on context has write access to the check provided.

func (*CheckService) FindCheck 

func (s *CheckService) FindCheck(ctx context.Context, filter influxdb.CheckFilter) (influxdb.Check, error)

FindCheck will return the check.

func (*CheckService) FindCheckByID 

func (s *CheckService) FindCheckByID(ctx context.Context, id influxdb.ID) (influxdb.Check, error)

FindCheckByID checks to see if the authorizer on context has read access to the id provided.

func (*CheckService) FindChecks 

func (s *CheckService) FindChecks(ctx context.Context, filter influxdb.CheckFilter, opt ...influxdb.FindOptions) ([]influxdb.Check, int, error)

FindChecks retrieves all checks that match the provided filter and then filters the list down to only the resources that are authorized.

func (*CheckService) PatchCheck 

func (s *CheckService) PatchCheck(ctx context.Context, id influxdb.ID, upd influxdb.CheckUpdate) (influxdb.Check, error)

PatchCheck checks to see if the authorizer on context has write access to the check provided.

func (*CheckService) UpdateCheck 

func (s *CheckService) UpdateCheck(ctx context.Context, id influxdb.ID, upd influxdb.CheckCreate) (influxdb.Check, error)

UpdateCheck checks to see if the authorizer on context has write access to the check provided.

type DashboardService 

type DashboardService struct {
	// contains filtered or unexported fields
}

DashboardService wraps a influxdb.DashboardService and authorizes actions against it appropriately.

func NewDashboardService 

func NewDashboardService(s influxdb.DashboardService) *DashboardService

NewDashboardService constructs an instance of an authorizing dashboard serivce.

func (*DashboardService) AddDashboardCell 

func (s *DashboardService) AddDashboardCell(ctx context.Context, id influxdb.ID, c *influxdb.Cell, opts influxdb.AddDashboardCellOptions) error

func (*DashboardService) CreateDashboard 

func (s *DashboardService) CreateDashboard(ctx context.Context, b *influxdb.Dashboard) error

CreateDashboard checks to see if the authorizer on context has write access to the global dashboards resource.

func (*DashboardService) DeleteDashboard 

func (s *DashboardService) DeleteDashboard(ctx context.Context, id influxdb.ID) error

DeleteDashboard checks to see if the authorizer on context has write access to the dashboard provided.

func (*DashboardService) FindDashboardByID 

func (s *DashboardService) FindDashboardByID(ctx context.Context, id influxdb.ID) (*influxdb.Dashboard, error)

FindDashboardByID checks to see if the authorizer on context has read access to the id provided.

func (*DashboardService) FindDashboards 

func (s *DashboardService) FindDashboards(ctx context.Context, filter influxdb.DashboardFilter, opt influxdb.FindOptions) ([]*influxdb.Dashboard, int, error)

FindDashboards retrieves all dashboards that match the provided filter and then filters the list down to only the resources that are authorized.

func (*DashboardService) GetDashboardCellView 

func (s *DashboardService) GetDashboardCellView(ctx context.Context, dashboardID influxdb.ID, cellID influxdb.ID) (*influxdb.View, error)

func (*DashboardService) RemoveDashboardCell 

func (s *DashboardService) RemoveDashboardCell(ctx context.Context, dashboardID influxdb.ID, cellID influxdb.ID) error

func (*DashboardService) ReplaceDashboardCells 

func (s *DashboardService) ReplaceDashboardCells(ctx context.Context, id influxdb.ID, c []*influxdb.Cell) error

func (*DashboardService) UpdateDashboard 

func (s *DashboardService) UpdateDashboard(ctx context.Context, id influxdb.ID, upd influxdb.DashboardUpdate) (*influxdb.Dashboard, error)

UpdateDashboard checks to see if the authorizer on context has write access to the dashboard provided.

func (*DashboardService) UpdateDashboardCell 

func (s *DashboardService) UpdateDashboardCell(ctx context.Context, dashboardID influxdb.ID, cellID influxdb.ID, upd influxdb.CellUpdate) (*influxdb.Cell, error)

func (*DashboardService) UpdateDashboardCellView 

func (s *DashboardService) UpdateDashboardCellView(ctx context.Context, dashboardID influxdb.ID, cellID influxdb.ID, upd influxdb.ViewUpdate) (*influxdb.View, error)

type DocumentService 

type DocumentService struct {
	// contains filtered or unexported fields
}

func (*DocumentService) CreateDocumentStore 

func (s *DocumentService) CreateDocumentStore(ctx context.Context, name string) (influxdb.DocumentStore, error)

func (*DocumentService) FindDocumentStore 

func (s *DocumentService) FindDocumentStore(ctx context.Context, name string) (influxdb.DocumentStore, error)

type LabelService 

type LabelService struct {
	// contains filtered or unexported fields
}

LabelService wraps a influxdb.LabelService and authorizes actions against it appropriately.

func NewLabelServiceWithOrg 

func NewLabelServiceWithOrg(s influxdb.LabelService, orgSvc OrganizationService) *LabelService

NewLabelServiceWithOrg constructs an instance of an authorizing label serivce. Replaces NewLabelService.

func (*LabelService) CreateLabel 

func (s *LabelService) CreateLabel(ctx context.Context, l *influxdb.Label) error

CreateLabel checks to see if the authorizer on context has write access to the new label's org.

func (*LabelService) CreateLabelMapping 

func (s *LabelService) CreateLabelMapping(ctx context.Context, m *influxdb.LabelMapping) error

CreateLabelMapping checks to see if the authorizer on context has write access to the label and the resource contained by the label mapping in creation.

func (*LabelService) DeleteLabel 

func (s *LabelService) DeleteLabel(ctx context.Context, id influxdb.ID) error

DeleteLabel checks to see if the authorizer on context has write access to the label provided.

func (*LabelService) DeleteLabelMapping 

func (s *LabelService) DeleteLabelMapping(ctx context.Context, m *influxdb.LabelMapping) error

DeleteLabelMapping checks to see if the authorizer on context has write access to the label and the resource of the label mapping to delete.

func (*LabelService) FindLabelByID 

func (s *LabelService) FindLabelByID(ctx context.Context, id influxdb.ID) (*influxdb.Label, error)

FindLabelByID checks to see if the authorizer on context has read access to the label id provided.

func (*LabelService) FindLabels 

func (s *LabelService) FindLabels(ctx context.Context, filter influxdb.LabelFilter, opt ...influxdb.FindOptions) ([]*influxdb.Label, error)

FindLabels retrieves all labels that match the provided filter and then filters the list down to only the resources that are authorized.

func (*LabelService) FindResourceLabels 

func (s *LabelService) FindResourceLabels(ctx context.Context, filter influxdb.LabelMappingFilter) ([]*influxdb.Label, error)

FindResourceLabels retrieves all labels belonging to the filtering resource if the authorizer on context has read access to it. Then it filters the list down to only the labels that are authorized.

func (*LabelService) UpdateLabel 

func (s *LabelService) UpdateLabel(ctx context.Context, id influxdb.ID, upd influxdb.LabelUpdate) (*influxdb.Label, error)

UpdateLabel checks to see if the authorizer on context has write access to the label provided.

type NotificationEndpointService 

type NotificationEndpointService struct {
	influxdb.UserResourceMappingService
	influxdb.OrganizationService
	// contains filtered or unexported fields
}

NotificationEndpointService wraps a influxdb.NotificationEndpointService and authorizes actions against it appropriately.

func NewNotificationEndpointService 

func NewNotificationEndpointService(
	s influxdb.NotificationEndpointService,
	urm influxdb.UserResourceMappingService,
	org influxdb.OrganizationService,
) *NotificationEndpointService

NewNotificationEndpointService constructs an instance of an authorizing notification endpoint serivce.

func (*NotificationEndpointService) CreateNotificationEndpoint 

func (s *NotificationEndpointService) CreateNotificationEndpoint(ctx context.Context, edp influxdb.NotificationEndpoint, userID influxdb.ID) error

CreateNotificationEndpoint checks to see if the authorizer on context has write access to the global notification endpoint resource.

func (*NotificationEndpointService) DeleteNotificationEndpoint 

func (s *NotificationEndpointService) DeleteNotificationEndpoint(ctx context.Context, id influxdb.ID) ([]influxdb.SecretField, influxdb.ID, error)

DeleteNotificationEndpoint checks to see if the authorizer on context has write access to the notification endpoint provided.

func (*NotificationEndpointService) FindNotificationEndpointByID 

func (s *NotificationEndpointService) FindNotificationEndpointByID(ctx context.Context, id influxdb.ID) (influxdb.NotificationEndpoint, error)

FindNotificationEndpointByID checks to see if the authorizer on context has read access to the id provided.

func (*NotificationEndpointService) FindNotificationEndpoints 

func (s *NotificationEndpointService) FindNotificationEndpoints(ctx context.Context, filter influxdb.NotificationEndpointFilter, opt ...influxdb.FindOptions) ([]influxdb.NotificationEndpoint, int, error)

FindNotificationEndpoints retrieves all notification endpoints that match the provided filter and then filters the list down to only the resources that are authorized.

func (*NotificationEndpointService) PatchNotificationEndpoint 

func (s *NotificationEndpointService) PatchNotificationEndpoint(ctx context.Context, id influxdb.ID, upd influxdb.NotificationEndpointUpdate) (influxdb.NotificationEndpoint, error)

PatchNotificationEndpoint checks to see if the authorizer on context has write access to the notification endpoint provided.

func (*NotificationEndpointService) UpdateNotificationEndpoint 

func (s *NotificationEndpointService) UpdateNotificationEndpoint(ctx context.Context, id influxdb.ID, upd influxdb.NotificationEndpoint, userID influxdb.ID) (influxdb.NotificationEndpoint, error)

UpdateNotificationEndpoint checks to see if the authorizer on context has write access to the notification endpoint provided.

type NotificationRuleStore 

type NotificationRuleStore struct {
	influxdb.UserResourceMappingService
	influxdb.OrganizationService
	// contains filtered or unexported fields
}

NotificationRuleStore wraps a influxdb.NotificationRuleStore and authorizes actions against it appropriately.

func NewNotificationRuleStore 

func NewNotificationRuleStore(s influxdb.NotificationRuleStore, urm influxdb.UserResourceMappingService, org influxdb.OrganizationService) *NotificationRuleStore

NewNotificationRuleStore constructs an instance of an authorizing notification rule serivce.

func (*NotificationRuleStore) CreateNotificationRule 

func (s *NotificationRuleStore) CreateNotificationRule(ctx context.Context, nr influxdb.NotificationRuleCreate, userID influxdb.ID) error

CreateNotificationRule checks to see if the authorizer on context has write access to the global notification rule resource.

func (*NotificationRuleStore) DeleteNotificationRule 

func (s *NotificationRuleStore) DeleteNotificationRule(ctx context.Context, id influxdb.ID) error

DeleteNotificationRule checks to see if the authorizer on context has write access to the notification rule provided.

func (*NotificationRuleStore) FindNotificationRuleByID 

func (s *NotificationRuleStore) FindNotificationRuleByID(ctx context.Context, id influxdb.ID) (influxdb.NotificationRule, error)

FindNotificationRuleByID checks to see if the authorizer on context has read access to the id provided.

func (*NotificationRuleStore) FindNotificationRules 

func (s *NotificationRuleStore) FindNotificationRules(ctx context.Context, filter influxdb.NotificationRuleFilter, opt ...influxdb.FindOptions) ([]influxdb.NotificationRule, int, error)

FindNotificationRules retrieves all notification rules that match the provided filter and then filters the list down to only the resources that are authorized.

func (*NotificationRuleStore) PatchNotificationRule 

func (s *NotificationRuleStore) PatchNotificationRule(ctx context.Context, id influxdb.ID, upd influxdb.NotificationRuleUpdate) (influxdb.NotificationRule, error)

PatchNotificationRule checks to see if the authorizer on context has write access to the notification rule provided.

func (*NotificationRuleStore) UpdateNotificationRule 

func (s *NotificationRuleStore) UpdateNotificationRule(ctx context.Context, id influxdb.ID, upd influxdb.NotificationRuleCreate, userID influxdb.ID) (influxdb.NotificationRule, error)

UpdateNotificationRule checks to see if the authorizer on context has write access to the notification rule provided.

type OrgService 

type OrgService struct {
	// contains filtered or unexported fields
}

OrgService wraps a influxdb.OrganizationService and authorizes actions against it appropriately.

func NewOrgService 

func NewOrgService(s influxdb.OrganizationService) *OrgService

NewOrgService constructs an instance of an authorizing org serivce.

func (*OrgService) CreateOrganization 

func (s *OrgService) CreateOrganization(ctx context.Context, o *influxdb.Organization) error

CreateOrganization checks to see if the authorizer on context has write access to the global orgs resource.

func (*OrgService) DeleteOrganization 

func (s *OrgService) DeleteOrganization(ctx context.Context, id influxdb.ID) error

DeleteOrganization checks to see if the authorizer on context has write access to the organization provided.

func (*OrgService) FindOrganization 

func (s *OrgService) FindOrganization(ctx context.Context, filter influxdb.OrganizationFilter) (*influxdb.Organization, error)

FindOrganization retrieves the organization and checks to see if the authorizer on context has read access to the org.

func (*OrgService) FindOrganizationByID 

func (s *OrgService) FindOrganizationByID(ctx context.Context, id influxdb.ID) (*influxdb.Organization, error)

FindOrganizationByID checks to see if the authorizer on context has read access to the id provided.

func (*OrgService) FindOrganizations 

func (s *OrgService) FindOrganizations(ctx context.Context, filter influxdb.OrganizationFilter, opt ...influxdb.FindOptions) ([]*influxdb.Organization, int, error)

FindOrganizations retrieves all organizations that match the provided filter and then filters the list down to only the resources that are authorized.

func (*OrgService) UpdateOrganization 

func (s *OrgService) UpdateOrganization(ctx context.Context, id influxdb.ID, upd influxdb.OrganizationUpdate) (*influxdb.Organization, error)

UpdateOrganization checks to see if the authorizer on context has write access to the organization provided.

type OrganizationService 

type OrganizationService interface {
	FindResourceOrganizationID(ctx context.Context, rt influxdb.ResourceType, id influxdb.ID) (influxdb.ID, error)
}

type PasswordService 

type PasswordService struct {
	// contains filtered or unexported fields
}

PasswordService is a new authorization middleware for a password service.

func NewPasswordService 

func NewPasswordService(svc influxdb.PasswordsService) *PasswordService

NewPasswordService wraps an existing password service with auth middlware.

func (*PasswordService) CompareAndSetPassword 

func (s *PasswordService) CompareAndSetPassword(ctx context.Context, userID influxdb.ID, old string, new string) error

CompareAndSetPassword checks the password and if they match updates to the new password.

func (*PasswordService) ComparePassword 

func (s *PasswordService) ComparePassword(ctx context.Context, userID influxdb.ID, password string) error

ComparePassword checks if the password matches the password recorded. Passwords that do not match return errors.

func (*PasswordService) SetPassword 

func (s *PasswordService) SetPassword(ctx context.Context, userID influxdb.ID, password string) error

SetPassword overrides the password of a known user.

type ScraperTargetStoreService 

type ScraperTargetStoreService struct {
	influxdb.UserResourceMappingService
	influxdb.OrganizationService
	// contains filtered or unexported fields
}

ScraperTargetStoreService wraps a influxdb.ScraperTargetStoreService and authorizes actions against it appropriately.

func NewScraperTargetStoreService 

func NewScraperTargetStoreService(s influxdb.ScraperTargetStoreService,
	urm influxdb.UserResourceMappingService,
	org influxdb.OrganizationService,
) *ScraperTargetStoreService

NewScraperTargetStoreService constructs an instance of an authorizing scraper target store serivce.

func (*ScraperTargetStoreService) AddTarget 

func (s *ScraperTargetStoreService) AddTarget(ctx context.Context, st *influxdb.ScraperTarget, userID influxdb.ID) error

AddTarget checks to see if the authorizer on context has write access to the global scraper target resource.

func (*ScraperTargetStoreService) GetTargetByID 

func (s *ScraperTargetStoreService) GetTargetByID(ctx context.Context, id influxdb.ID) (*influxdb.ScraperTarget, error)

GetTargetByID checks to see if the authorizer on context has read access to the id provided.

func (*ScraperTargetStoreService) ListTargets 

func (s *ScraperTargetStoreService) ListTargets(ctx context.Context, filter influxdb.ScraperTargetFilter) ([]influxdb.ScraperTarget, error)

ListTargets retrieves all scraper targets that match the provided filter and then filters the list down to only the resources that are authorized.

func (*ScraperTargetStoreService) RemoveTarget 

func (s *ScraperTargetStoreService) RemoveTarget(ctx context.Context, id influxdb.ID) error

RemoveTarget checks to see if the authorizer on context has write access to the scraper target provided.

func (*ScraperTargetStoreService) UpdateTarget 

func (s *ScraperTargetStoreService) UpdateTarget(ctx context.Context, upd *influxdb.ScraperTarget, userID influxdb.ID) (*influxdb.ScraperTarget, error)

UpdateTarget checks to see if the authorizer on context has write access to the scraper target provided.

type SecretService 

type SecretService struct {
	// contains filtered or unexported fields
}

SecretService wraps a influxdb.SecretService and authorizes actions against it appropriately.

func NewSecretService 

func NewSecretService(s influxdb.SecretService) *SecretService

NewSecretService constructs an instance of an authorizing secret serivce.

func (*SecretService) DeleteSecret 

func (s *SecretService) DeleteSecret(ctx context.Context, orgID influxdb.ID, keys ...string) error

DeleteSecret checks to see if the authorizer on context has write access to the secret keys provided.

func (*SecretService) GetSecretKeys 

func (s *SecretService) GetSecretKeys(ctx context.Context, orgID influxdb.ID) ([]string, error)

GetSecretKeys checks to see if the authorizer on context has read access to all the secrets belonging to orgID.

func (*SecretService) LoadSecret 

func (s *SecretService) LoadSecret(ctx context.Context, orgID influxdb.ID, key string) (string, error)

LoadSecret checks to see if the authorizer on context has read access to the secret key provided.

func (*SecretService) PatchSecrets 

func (s *SecretService) PatchSecrets(ctx context.Context, orgID influxdb.ID, m map[string]string) error

PatchSecrets checks to see if the authorizer on context has write access to the secret keys provided.

func (*SecretService) PutSecret 

func (s *SecretService) PutSecret(ctx context.Context, orgID influxdb.ID, key string, val string) error

PutSecret checks to see if the authorizer on context has write access to the secret key provided.

func (*SecretService) PutSecrets 

func (s *SecretService) PutSecrets(ctx context.Context, orgID influxdb.ID, m map[string]string) error

PutSecrets checks to see if the authorizer on context has read and write access to the secret keys provided.

type SourceService 

type SourceService struct {
	// contains filtered or unexported fields
}

SourceService wraps a influxdb.SourceService and authorizes actions against it appropriately.

func NewSourceService 

func NewSourceService(s influxdb.SourceService) *SourceService

NewSourceService constructs an instance of an authorizing source service.

func (*SourceService) CreateSource 

func (s *SourceService) CreateSource(ctx context.Context, src *influxdb.Source) error

CreateSource checks to see if the authorizer on context has write access to the global source resource.

func (*SourceService) DefaultSource 

func (s *SourceService) DefaultSource(ctx context.Context) (*influxdb.Source, error)

DefaultSource checks to see if the authorizer on context has read access to the default source.

func (*SourceService) DeleteSource 

func (s *SourceService) DeleteSource(ctx context.Context, id influxdb.ID) error

DeleteSource checks to see if the authorizer on context has write access to the source provided.

func (*SourceService) FindSourceByID 

func (s *SourceService) FindSourceByID(ctx context.Context, id influxdb.ID) (*influxdb.Source, error)

FindSourceByID checks to see if the authorizer on context has read access to the id provided.

func (*SourceService) FindSources 

func (s *SourceService) FindSources(ctx context.Context, opts influxdb.FindOptions) ([]*influxdb.Source, int, error)

FindSources retrieves all sources that match the provided options and then filters the list down to only the resources that are authorized.

func (*SourceService) UpdateSource 

func (s *SourceService) UpdateSource(ctx context.Context, id influxdb.ID, upd influxdb.SourceUpdate) (*influxdb.Source, error)

UpdateSource checks to see if the authorizer on context has write access to the source provided.

type TelegrafConfigService 

type TelegrafConfigService struct {
	influxdb.UserResourceMappingService
	// contains filtered or unexported fields
}

TelegrafConfigService wraps a influxdb.TelegrafConfigStore and authorizes actions against it appropriately.

func NewTelegrafConfigService 

func NewTelegrafConfigService(s influxdb.TelegrafConfigStore, urm influxdb.UserResourceMappingService) *TelegrafConfigService

NewTelegrafConfigService constructs an instance of an authorizing telegraf serivce.

func (*TelegrafConfigService) CreateTelegrafConfig 

func (s *TelegrafConfigService) CreateTelegrafConfig(ctx context.Context, tc *influxdb.TelegrafConfig, userID influxdb.ID) error

CreateTelegrafConfig checks to see if the authorizer on context has write access to the global telegraf config resource.

func (*TelegrafConfigService) DeleteTelegrafConfig 

func (s *TelegrafConfigService) DeleteTelegrafConfig(ctx context.Context, id influxdb.ID) error

DeleteTelegrafConfig checks to see if the authorizer on context has write access to the telegraf config provided.

func (*TelegrafConfigService) FindTelegrafConfigByID 

func (s *TelegrafConfigService) FindTelegrafConfigByID(ctx context.Context, id influxdb.ID) (*influxdb.TelegrafConfig, error)

FindTelegrafConfigByID checks to see if the authorizer on context has read access to the id provided.

func (*TelegrafConfigService) FindTelegrafConfigs 

func (s *TelegrafConfigService) FindTelegrafConfigs(ctx context.Context, filter influxdb.TelegrafConfigFilter, opt ...influxdb.FindOptions) ([]*influxdb.TelegrafConfig, int, error)

FindTelegrafConfigs retrieves all telegraf configs that match the provided filter and then filters the list down to only the resources that are authorized.

func (*TelegrafConfigService) UpdateTelegrafConfig 

func (s *TelegrafConfigService) UpdateTelegrafConfig(ctx context.Context, id influxdb.ID, upd *influxdb.TelegrafConfig, userID influxdb.ID) (*influxdb.TelegrafConfig, error)

UpdateTelegrafConfig checks to see if the authorizer on context has write access to the telegraf config provided.

type URMService 

type URMService struct {
	// contains filtered or unexported fields
}

func NewURMService 

func NewURMService(orgSvc OrganizationService, s influxdb.UserResourceMappingService) *URMService

func (*URMService) CreateUserResourceMapping 

func (s *URMService) CreateUserResourceMapping(ctx context.Context, m *influxdb.UserResourceMapping) error

func (*URMService) DeleteUserResourceMapping 

func (s *URMService) DeleteUserResourceMapping(ctx context.Context, resourceID influxdb.ID, userID influxdb.ID) error

func (*URMService) FindUserResourceMappings 

func (s *URMService) FindUserResourceMappings(ctx context.Context, filter influxdb.UserResourceMappingFilter, opt ...influxdb.FindOptions) ([]*influxdb.UserResourceMapping, int, error)

type UserService 

type UserService struct {
	// contains filtered or unexported fields
}

UserService wraps a influxdb.UserService and authorizes actions against it appropriately.

func NewUserService 

func NewUserService(s influxdb.UserService) *UserService

NewUserService constructs an instance of an authorizing user serivce.

func (*UserService) CreateUser 

func (s *UserService) CreateUser(ctx context.Context, o *influxdb.User) error

CreateUser checks to see if the authorizer on context has write access to the global users resource.

func (*UserService) DeleteUser 

func (s *UserService) DeleteUser(ctx context.Context, id influxdb.ID) error

DeleteUser checks to see if the authorizer on context has write access to the user provided.

func (*UserService) FindPermissionForUser 

func (s *UserService) FindPermissionForUser(ctx context.Context, uid influxdb.ID) (influxdb.PermissionSet, error)

func (*UserService) FindUser 

func (s *UserService) FindUser(ctx context.Context, filter influxdb.UserFilter) (*influxdb.User, error)

FindUser retrieves the user and checks to see if the authorizer on context has read access to the user.

func (*UserService) FindUserByID 

func (s *UserService) FindUserByID(ctx context.Context, id influxdb.ID) (*influxdb.User, error)

FindUserByID checks to see if the authorizer on context has read access to the id provided.

func (*UserService) FindUsers 

func (s *UserService) FindUsers(ctx context.Context, filter influxdb.UserFilter, opt ...influxdb.FindOptions) ([]*influxdb.User, int, error)

FindUsers retrieves all users that match the provided filter and then filters the list down to only the resources that are authorized.

func (*UserService) UpdateUser 

func (s *UserService) UpdateUser(ctx context.Context, id influxdb.ID, upd influxdb.UserUpdate) (*influxdb.User, error)

UpdateUser checks to see if the authorizer on context has write access to the user provided.

type VariableService 

type VariableService struct {
	// contains filtered or unexported fields
}

VariableService wraps a influxdb.VariableService and authorizes actions against it appropriately.

func NewVariableService 

func NewVariableService(s influxdb.VariableService) *VariableService

NewVariableService constructs an instance of an authorizing variable service.

func (*VariableService) CreateVariable 

func (s *VariableService) CreateVariable(ctx context.Context, v *influxdb.Variable) error

CreateVariable checks to see if the authorizer on context has write access to the global variable resource.

func (*VariableService) DeleteVariable 

func (s *VariableService) DeleteVariable(ctx context.Context, id influxdb.ID) error

DeleteVariable checks to see if the authorizer on context has write access to the variable provided.

func (*VariableService) FindVariableByID 

func (s *VariableService) FindVariableByID(ctx context.Context, id influxdb.ID) (*influxdb.Variable, error)

FindVariableByID checks to see if the authorizer on context has read access to the id provided.

func (*VariableService) FindVariables 

func (s *VariableService) FindVariables(ctx context.Context, filter influxdb.VariableFilter, opt ...influxdb.FindOptions) ([]*influxdb.Variable, error)

FindVariables retrieves all variables that match the provided filter and then filters the list down to only the resources that are authorized.

func (*VariableService) ReplaceVariable 

func (s *VariableService) ReplaceVariable(ctx context.Context, m *influxdb.Variable) error

ReplaceVariable checks to see if the authorizer on context has write access to the variable provided.

func (*VariableService) UpdateVariable 

func (s *VariableService) UpdateVariable(ctx context.Context, id influxdb.ID, upd *influxdb.VariableUpdate) (*influxdb.Variable, error)

UpdateVariable checks to see if the authorizer on context has write access to the variable provided.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.