Back to godoc.org

Package authorizer

v1.5.1-0...-af5ebd3
Latest Go to latest

The latest major version is .

Published: Apr 3, 2020 | License: MIT | Module: github.com/influxdata/influxdb

Index

Variables

var (
	ErrInactiveTask = &influxdb.Error{
		Code: influxdb.EInvalid,
		Msg:  "inactive task",
	}

	ErrFailedPermission = &influxdb.Error{
		Code: influxdb.EInvalid,
		Msg:  "unauthorized",
	}
)

func AuthorizeCreate

func AuthorizeCreate(ctx context.Context, rt influxdb.ResourceType, oid influxdb.ID) (influxdb.Authorizer, influxdb.Permission, error)

AuthorizeCreate authorizes a user to create a resource of the given type for the given org.

func AuthorizeFindAuthorizations

func AuthorizeFindAuthorizations(ctx context.Context, rs []*influxdb.Authorization) ([]*influxdb.Authorization, int, error)

AuthorizeFindAuthorizations takes the given items and returns only the ones that the user is authorized to read.

func AuthorizeFindBuckets

func AuthorizeFindBuckets(ctx context.Context, rs []*influxdb.Bucket) ([]*influxdb.Bucket, int, error)

AuthorizeFindBuckets takes the given items and returns only the ones that the user is authorized to read.

func AuthorizeFindChecks

func AuthorizeFindChecks(ctx context.Context, rs []influxdb.Check) ([]influxdb.Check, int, error)

AuthorizeFindChecks takes the given items and returns only the ones that the user is authorized to read.

func AuthorizeFindDashboards

func AuthorizeFindDashboards(ctx context.Context, rs []*influxdb.Dashboard) ([]*influxdb.Dashboard, int, error)

AuthorizeFindDashboards takes the given items and returns only the ones that the user is authorized to read.

func AuthorizeFindLabels

func AuthorizeFindLabels(ctx context.Context, rs []*influxdb.Label) ([]*influxdb.Label, int, error)

AuthorizeFindLabels takes the given items and returns only the ones that the user is authorized to read.

func AuthorizeFindNotificationEndpoints

func AuthorizeFindNotificationEndpoints(ctx context.Context, rs []influxdb.NotificationEndpoint) ([]influxdb.NotificationEndpoint, int, error)

AuthorizeFindNotificationEndpoints takes the given items and returns only the ones that the user is authorized to read.

func AuthorizeFindNotificationRules

func AuthorizeFindNotificationRules(ctx context.Context, rs []influxdb.NotificationRule) ([]influxdb.NotificationRule, int, error)

AuthorizeFindNotificationRules takes the given items and returns only the ones that the user is authorized to read.

func AuthorizeFindOrganizations

func AuthorizeFindOrganizations(ctx context.Context, rs []*influxdb.Organization) ([]*influxdb.Organization, int, error)

AuthorizeFindOrganizations takes the given items and returns only the ones that the user is authorized to read.

func AuthorizeFindScrapers

func AuthorizeFindScrapers(ctx context.Context, rs []influxdb.ScraperTarget) ([]influxdb.ScraperTarget, int, error)

AuthorizeFindScrapers takes the given items and returns only the ones that the user is authorize to read.

func AuthorizeFindSources

func AuthorizeFindSources(ctx context.Context, rs []*influxdb.Source) ([]*influxdb.Source, int, error)

AuthorizeFindSources takes the given items and returns only the ones that the user is authorized to read.

func AuthorizeFindTasks

func AuthorizeFindTasks(ctx context.Context, rs []*influxdb.Task) ([]*influxdb.Task, int, error)

AuthorizeFindTasks takes the given items and returns only the ones that the user is authorized to read.

func AuthorizeFindTelegrafs

func AuthorizeFindTelegrafs(ctx context.Context, rs []*influxdb.TelegrafConfig) ([]*influxdb.TelegrafConfig, int, error)

AuthorizeFindTelegrafs takes the given items and returns only the ones that the user is authorized to read.

func AuthorizeFindUserResourceMappings

func AuthorizeFindUserResourceMappings(ctx context.Context, os OrganizationService, rs []*influxdb.UserResourceMapping) ([]*influxdb.UserResourceMapping, int, error)

AuthorizeFindUserResourceMappings takes the given items and returns only the ones that the user is authorized to read.

func AuthorizeFindUsers

func AuthorizeFindUsers(ctx context.Context, rs []*influxdb.User) ([]*influxdb.User, int, error)

AuthorizeFindUsers takes the given items and returns only the ones that the user is authorized to read.

func AuthorizeFindVariables

func AuthorizeFindVariables(ctx context.Context, rs []*influxdb.Variable) ([]*influxdb.Variable, int, error)

AuthorizeFindVariables takes the given items and returns only the ones that the user is authorized to read.

func AuthorizeOrgReadResource

func AuthorizeOrgReadResource(ctx context.Context, rt influxdb.ResourceType, oid influxdb.ID) (influxdb.Authorizer, influxdb.Permission, error)

AuthorizeOrgReadResource authorizes the given org to read the resources of the given type. NOTE: this is pretty much the same as AuthorizeRead, in the case that the resource ID is ignored. Use it in the case that you do not know which resource in particular you want to give access to.

func AuthorizeOrgWriteResource

func AuthorizeOrgWriteResource(ctx context.Context, rt influxdb.ResourceType, oid influxdb.ID) (influxdb.Authorizer, influxdb.Permission, error)

AuthorizeOrgWriteResource authorizes the given org to write the resources of the given type. NOTE: this is pretty much the same as AuthorizeWrite, in the case that the resource ID is ignored. Use it in the case that you do not know which resource in particular you want to give access to.

func AuthorizeRead

func AuthorizeRead(ctx context.Context, rt influxdb.ResourceType, rid, oid influxdb.ID) (influxdb.Authorizer, influxdb.Permission, error)

AuthorizeRead authorizes the user in the context to read the specified resource (identified by its type, ID, and orgID). NOTE: authorization will pass even if the user only has permissions for the resource type and organization ID only.

func AuthorizeReadBucket

func AuthorizeReadBucket(ctx context.Context, bt influxdb.BucketType, bid, oid influxdb.ID) (influxdb.Authorizer, influxdb.Permission, error)

AuthorizeReadBucket exists because buckets are a special case and should use this method. I.e., instead of:

AuthorizeRead(ctx, influxdb.BucketsResourceType, b.ID, b.OrgID)

use:

AuthorizeReadBucket(ctx, b.Type, b.ID, b.OrgID)

func AuthorizeReadGlobal

func AuthorizeReadGlobal(ctx context.Context, rt influxdb.ResourceType) (influxdb.Authorizer, influxdb.Permission, error)

AuthorizeReadGlobal authorizes to read resources of the given type.

func AuthorizeReadOrg

func AuthorizeReadOrg(ctx context.Context, oid influxdb.ID) (influxdb.Authorizer, influxdb.Permission, error)

AuthorizeReadOrg authorizes the user to read the given org.

func AuthorizeReadResource

func AuthorizeReadResource(ctx context.Context, rt influxdb.ResourceType, rid influxdb.ID) (influxdb.Authorizer, influxdb.Permission, error)

AuthorizeRead authorizes the user in the context to read the specified resource (identified by its type, ID). NOTE: authorization will pass only if the user has a specific permission for the given resource.

func AuthorizeWrite

func AuthorizeWrite(ctx context.Context, rt influxdb.ResourceType, rid, oid influxdb.ID) (influxdb.Authorizer, influxdb.Permission, error)

AuthorizeWrite authorizes the user in the context to write the specified resource (identified by its type, ID, and orgID). NOTE: authorization will pass even if the user only has permissions for the resource type and organization ID only.

func AuthorizeWriteGlobal

func AuthorizeWriteGlobal(ctx context.Context, rt influxdb.ResourceType) (influxdb.Authorizer, influxdb.Permission, error)

AuthorizeWriteGlobal authorizes to write resources of the given type.

func AuthorizeWriteOrg

func AuthorizeWriteOrg(ctx context.Context, oid influxdb.ID) (influxdb.Authorizer, influxdb.Permission, error)

AuthorizeWriteOrg authorizes the user to write the given org.

func AuthorizeWriteResource

func AuthorizeWriteResource(ctx context.Context, rt influxdb.ResourceType, rid influxdb.ID) (influxdb.Authorizer, influxdb.Permission, error)

AuthorizeWrite authorizes the user in the context to write the specified resource (identified by its type, ID). NOTE: authorization will pass only if the user has a specific permission for the given resource.

func IsAllowed

func IsAllowed(ctx context.Context, p influxdb.Permission) error

IsAllowed checks to see if an action is authorized by retrieving the authorizer off of context and authorizing the action appropriately.

func IsAllowedAll

func IsAllowedAll(ctx context.Context, permissions []influxdb.Permission) error

IsAllowedAll checks to see if an action is authorized by ALL permissions. Also see IsAllowed.

func IsAllowedAny

func IsAllowedAny(ctx context.Context, permissions []influxdb.Permission) error

IsAllowedAll checks to see if an action is authorized by ALL permissions. Also see IsAllowed.

func NewDocumentService

func NewDocumentService(s influxdb.DocumentService) influxdb.DocumentService

NewDocumentService constructs an instance of an authorizing document service.

func NewTaskService

func NewTaskService(log *zap.Logger, ts influxdb.TaskService) influxdb.TaskService

TaskService wraps ts and checks appropriate permissions before calling requested methods on ts. Authorization failures are logged to the logger.

func VerifyPermissions

func VerifyPermissions(ctx context.Context, ps []influxdb.Permission) error

VerifyPermissions ensures that an authorization is allowed all of the appropriate permissions.

type AuthAgent

type AuthAgent struct{}

AuthAgent provides a means to authenticate users with resource and their associate actions. It makes for a clear dependency, to an auth middleware for instance.

func (*AuthAgent) IsWritable

func (a *AuthAgent) IsWritable(ctx context.Context, orgID influxdb.ID, resType influxdb.ResourceType) error

func (*AuthAgent) OrgPermissions

func (a *AuthAgent) OrgPermissions(ctx context.Context, orgID influxdb.ID, action influxdb.Action, rest ...influxdb.Action) error

OrgPermissions identifies if a user has access to the org by the specified action.

type AuthorizationService

type AuthorizationService struct {
	// contains filtered or unexported fields
}

AuthorizationService wraps a influxdb.AuthorizationService and authorizes actions against it appropriately.

func NewAuthorizationService

func NewAuthorizationService(s influxdb.AuthorizationService) *AuthorizationService

NewAuthorizationService constructs an instance of an authorizing authorization serivce.

func (*AuthorizationService) CreateAuthorization

func (s *AuthorizationService) CreateAuthorization(ctx context.Context, a *influxdb.Authorization) error

CreateAuthorization checks to see if the authorizer on context has write access to the global authorizations resource.

func (*AuthorizationService) DeleteAuthorization

func (s *AuthorizationService) DeleteAuthorization(ctx context.Context, id influxdb.ID) error

DeleteAuthorization checks to see if the authorizer on context has write access to the authorization provided.

func (*AuthorizationService) FindAuthorizationByID

func (s *AuthorizationService) FindAuthorizationByID(ctx context.Context, id influxdb.ID) (*influxdb.Authorization, error)

FindAuthorizationByID checks to see if the authorizer on context has read access to the id provided.

func (*AuthorizationService) FindAuthorizationByToken

func (s *AuthorizationService) FindAuthorizationByToken(ctx context.Context, t string) (*influxdb.Authorization, error)

FindAuthorizationByToken retrieves the authorization and checks to see if the authorizer on context has read access to the authorization.

func (*AuthorizationService) FindAuthorizations

func (s *AuthorizationService) FindAuthorizations(ctx context.Context, filter influxdb.AuthorizationFilter, opt ...influxdb.FindOptions) ([]*influxdb.Authorization, int, error)

FindAuthorizations retrieves all authorizations that match the provided filter and then filters the list down to only the resources that are authorized.

func (*AuthorizationService) UpdateAuthorization

func (s *AuthorizationService) UpdateAuthorization(ctx context.Context, id influxdb.ID, upd *influxdb.AuthorizationUpdate) (*influxdb.Authorization, error)

UpdateAuthorization checks to see if the authorizer on context has write access to the authorization provided.

type BackupService

type BackupService struct {
	// contains filtered or unexported fields
}

BackupService wraps a influxdb.BackupService and authorizes actions against it appropriately.

func NewBackupService

func NewBackupService(s influxdb.BackupService) *BackupService

NewBackupService constructs an instance of an authorizing backup service.

func (BackupService) CreateBackup

func (b BackupService) CreateBackup(ctx context.Context) (int, []string, error)

func (BackupService) FetchBackupFile

func (b BackupService) FetchBackupFile(ctx context.Context, backupID int, backupFile string, w io.Writer) error

func (BackupService) InternalBackupPath

func (b BackupService) InternalBackupPath(backupID int) string

type BucketService

type BucketService struct {
	// contains filtered or unexported fields
}

BucketService wraps a influxdb.BucketService and authorizes actions against it appropriately.

func NewBucketService

func NewBucketService(s influxdb.BucketService, u influxdb.UserResourceMappingService) *BucketService

NewBucketService constructs an instance of an authorizing bucket serivce.

func (*BucketService) CreateBucket

func (s *BucketService) CreateBucket(ctx context.Context, b *influxdb.Bucket) error

CreateBucket checks to see if the authorizer on context has write access to the global buckets resource.

func (*BucketService) DeleteBucket

func (s *BucketService) DeleteBucket(ctx context.Context, id influxdb.ID) error

DeleteBucket checks to see if the authorizer on context has write access to the bucket provided.

func (*BucketService) FindBucket

func (s *BucketService) FindBucket(ctx context.Context, filter influxdb.BucketFilter) (*influxdb.Bucket, error)

FindBucket retrieves the bucket and checks to see if the authorizer on context has read access to the bucket.

func (*BucketService) FindBucketByID

func (s *BucketService) FindBucketByID(ctx context.Context, id influxdb.ID) (*influxdb.Bucket, error)

FindBucketByID checks to see if the authorizer on context has read access to the id provided.

func (*BucketService) FindBucketByName

func (s *BucketService) FindBucketByName(ctx context.Context, orgID influxdb.ID, n string) (*influxdb.Bucket, error)

FindBucketByName returns a bucket by name for a particular organization.

func (*BucketService) FindBuckets

func (s *BucketService) FindBuckets(ctx context.Context, filter influxdb.BucketFilter, opt ...influxdb.FindOptions) ([]*influxdb.Bucket, int, error)

FindBuckets retrieves all buckets that match the provided filter and then filters the list down to only the resources that are authorized.

func (*BucketService) UpdateBucket

func (s *BucketService) UpdateBucket(ctx context.Context, id influxdb.ID, upd influxdb.BucketUpdate) (*influxdb.Bucket, error)

UpdateBucket checks to see if the authorizer on context has write access to the bucket provided.

type CheckService

type CheckService struct {
	influxdb.UserResourceMappingService
	influxdb.OrganizationService
	influxdb.TaskService
	// contains filtered or unexported fields
}

CheckService wraps a influxdb.CheckService and authorizes actions against it appropriately.

func NewCheckService

func NewCheckService(s influxdb.CheckService, urm influxdb.UserResourceMappingService, org influxdb.OrganizationService) *CheckService

NewCheckService constructs an instance of an authorizing check serivce.

func (*CheckService) CreateCheck

func (s *CheckService) CreateCheck(ctx context.Context, chk influxdb.CheckCreate, userID influxdb.ID) error

CreateCheck checks to see if the authorizer on context has write access to the global check resource.

func (*CheckService) DeleteCheck

func (s *CheckService) DeleteCheck(ctx context.Context, id influxdb.ID) error

DeleteCheck checks to see if the authorizer on context has write access to the check provided.

func (*CheckService) FindCheck

func (s *CheckService) FindCheck(ctx context.Context, filter influxdb.CheckFilter) (influxdb.Check, error)

FindCheck will return the check.

func (*CheckService) FindCheckByID

func (s *CheckService) FindCheckByID(ctx context.Context, id influxdb.ID) (influxdb.Check, error)

FindCheckByID checks to see if the authorizer on context has read access to the id provided.

func (*CheckService) FindChecks

func (s *CheckService) FindChecks(ctx context.Context, filter influxdb.CheckFilter, opt ...influxdb.FindOptions) ([]influxdb.Check, int, error)

FindChecks retrieves all checks that match the provided filter and then filters the list down to only the resources that are authorized.

func (*CheckService) PatchCheck

func (s *CheckService) PatchCheck(ctx context.Context, id influxdb.ID, upd influxdb.CheckUpdate) (influxdb.Check, error)

PatchCheck checks to see if the authorizer on context has write access to the check provided.

func (*CheckService) UpdateCheck

func (s *CheckService) UpdateCheck(ctx context.Context, id influxdb.ID, upd influxdb.CheckCreate) (influxdb.Check, error)

UpdateCheck checks to see if the authorizer on context has write access to the check provided.

type DashboardService

type DashboardService struct {
	// contains filtered or unexported fields
}

DashboardService wraps a influxdb.DashboardService and authorizes actions against it appropriately.

func NewDashboardService

func NewDashboardService(s influxdb.DashboardService) *DashboardService

NewDashboardService constructs an instance of an authorizing dashboard serivce.

func (*DashboardService) AddDashboardCell

func (s *DashboardService) AddDashboardCell(ctx context.Context, id influxdb.ID, c *influxdb.Cell, opts influxdb.AddDashboardCellOptions) error

func (*DashboardService) CreateDashboard

func (s *DashboardService) CreateDashboard(ctx context.Context, b *influxdb.Dashboard) error

CreateDashboard checks to see if the authorizer on context has write access to the global dashboards resource.

func (*DashboardService) DeleteDashboard

func (s *DashboardService) DeleteDashboard(ctx context.Context, id influxdb.ID) error

DeleteDashboard checks to see if the authorizer on context has write access to the dashboard provided.

func (*DashboardService) FindDashboardByID

func (s *DashboardService) FindDashboardByID(ctx context.Context, id influxdb.ID) (*influxdb.Dashboard, error)

FindDashboardByID checks to see if the authorizer on context has read access to the id provided.

func (*DashboardService) FindDashboards

func (s *DashboardService) FindDashboards(ctx context.Context, filter influxdb.DashboardFilter, opt influxdb.FindOptions) ([]*influxdb.Dashboard, int, error)

FindDashboards retrieves all dashboards that match the provided filter and then filters the list down to only the resources that are authorized.

func (*DashboardService) GetDashboardCellView

func (s *DashboardService) GetDashboardCellView(ctx context.Context, dashboardID influxdb.ID, cellID influxdb.ID) (*influxdb.View, error)

func (*DashboardService) RemoveDashboardCell

func (s *DashboardService) RemoveDashboardCell(ctx context.Context, dashboardID influxdb.ID, cellID influxdb.ID) error

func (*DashboardService) ReplaceDashboardCells

func (s *DashboardService) ReplaceDashboardCells(ctx context.Context, id influxdb.ID, c []*influxdb.Cell) error

func (*DashboardService) UpdateDashboard

func (s *DashboardService) UpdateDashboard(ctx context.Context, id influxdb.ID, upd influxdb.DashboardUpdate) (*influxdb.Dashboard, error)

UpdateDashboard checks to see if the authorizer on context has write access to the dashboard provided.

func (*DashboardService) UpdateDashboardCell

func (s *DashboardService) UpdateDashboardCell(ctx context.Context, dashboardID influxdb.ID, cellID influxdb.ID, upd influxdb.CellUpdate) (*influxdb.Cell, error)

func (*DashboardService) UpdateDashboardCellView

func (s *DashboardService) UpdateDashboardCellView(ctx context.Context, dashboardID influxdb.ID, cellID influxdb.ID, upd influxdb.ViewUpdate) (*influxdb.View, error)

type DocumentService

type DocumentService struct {
	// contains filtered or unexported fields
}

func (*DocumentService) CreateDocumentStore

func (s *DocumentService) CreateDocumentStore(ctx context.Context, name string) (influxdb.DocumentStore, error)

func (*DocumentService) FindDocumentStore

func (s *DocumentService) FindDocumentStore(ctx context.Context, name string) (influxdb.DocumentStore, error)

type LabelService

type LabelService struct {
	// contains filtered or unexported fields
}

LabelService wraps a influxdb.LabelService and authorizes actions against it appropriately.

func NewLabelServiceWithOrg

func NewLabelServiceWithOrg(s influxdb.LabelService, orgSvc OrganizationService) *LabelService

NewLabelServiceWithOrg constructs an instance of an authorizing label serivce. Replaces NewLabelService.

func (*LabelService) CreateLabel

func (s *LabelService) CreateLabel(ctx context.Context, l *influxdb.Label) error

CreateLabel checks to see if the authorizer on context has write access to the new label's org.

func (*LabelService) CreateLabelMapping

func (s *LabelService) CreateLabelMapping(ctx context.Context, m *influxdb.LabelMapping) error

CreateLabelMapping checks to see if the authorizer on context has write access to the label and the resource contained by the label mapping in creation.

func (*LabelService) DeleteLabel

func (s *LabelService) DeleteLabel(ctx context.Context, id influxdb.ID) error

DeleteLabel checks to see if the authorizer on context has write access to the label provided.

func (*LabelService) DeleteLabelMapping

func (s *LabelService) DeleteLabelMapping(ctx context.Context, m *influxdb.LabelMapping) error

DeleteLabelMapping checks to see if the authorizer on context has write access to the label and the resource of the label mapping to delete.

func (*LabelService) FindLabelByID

func (s *LabelService) FindLabelByID(ctx context.Context, id influxdb.ID) (*influxdb.Label, error)

FindLabelByID checks to see if the authorizer on context has read access to the label id provided.

func (*LabelService) FindLabels

func (s *LabelService) FindLabels(ctx context.Context, filter influxdb.LabelFilter, opt ...influxdb.FindOptions) ([]*influxdb.Label, error)

FindLabels retrieves all labels that match the provided filter and then filters the list down to only the resources that are authorized.

func (*LabelService) FindResourceLabels

func (s *LabelService) FindResourceLabels(ctx context.Context, filter influxdb.LabelMappingFilter) ([]*influxdb.Label, error)

FindResourceLabels retrieves all labels belonging to the filtering resource if the authorizer on context has read access to it. Then it filters the list down to only the labels that are authorized.

func (*LabelService) UpdateLabel

func (s *LabelService) UpdateLabel(ctx context.Context, id influxdb.ID, upd influxdb.LabelUpdate) (*influxdb.Label, error)

UpdateLabel checks to see if the authorizer on context has write access to the label provided.

type NotificationEndpointService

type NotificationEndpointService struct {
	influxdb.UserResourceMappingService
	influxdb.OrganizationService
	// contains filtered or unexported fields
}

NotificationEndpointService wraps a influxdb.NotificationEndpointService and authorizes actions against it appropriately.

func NewNotificationEndpointService

func NewNotificationEndpointService(
	s influxdb.NotificationEndpointService,
	urm influxdb.UserResourceMappingService,
	org influxdb.OrganizationService,
) *NotificationEndpointService

NewNotificationEndpointService constructs an instance of an authorizing notification endpoint serivce.

func (*NotificationEndpointService) CreateNotificationEndpoint

func (s *NotificationEndpointService) CreateNotificationEndpoint(ctx context.Context, edp influxdb.NotificationEndpoint, userID influxdb.ID) error

CreateNotificationEndpoint checks to see if the authorizer on context has write access to the global notification endpoint resource.

func (*NotificationEndpointService) DeleteNotificationEndpoint

func (s *NotificationEndpointService) DeleteNotificationEndpoint(ctx context.Context, id influxdb.ID) ([]influxdb.SecretField, influxdb.ID, error)

DeleteNotificationEndpoint checks to see if the authorizer on context has write access to the notification endpoint provided.

func (*NotificationEndpointService) FindNotificationEndpointByID

func (s *NotificationEndpointService) FindNotificationEndpointByID(ctx context.Context, id influxdb.ID) (influxdb.NotificationEndpoint, error)

FindNotificationEndpointByID checks to see if the authorizer on context has read access to the id provided.

func (*NotificationEndpointService) FindNotificationEndpoints

func (s *NotificationEndpointService) FindNotificationEndpoints(ctx context.Context, filter influxdb.NotificationEndpointFilter, opt ...influxdb.FindOptions) ([]influxdb.NotificationEndpoint, int, error)

FindNotificationEndpoints retrieves all notification endpoints that match the provided filter and then filters the list down to only the resources that are authorized.

func (*NotificationEndpointService) PatchNotificationEndpoint

func (s *NotificationEndpointService) PatchNotificationEndpoint(ctx context.Context, id influxdb.ID, upd influxdb.NotificationEndpointUpdate) (influxdb.NotificationEndpoint, error)

PatchNotificationEndpoint checks to see if the authorizer on context has write access to the notification endpoint provided.

func (*NotificationEndpointService) UpdateNotificationEndpoint

func (s *NotificationEndpointService) UpdateNotificationEndpoint(ctx context.Context, id influxdb.ID, upd influxdb.NotificationEndpoint, userID influxdb.ID) (influxdb.NotificationEndpoint, error)

UpdateNotificationEndpoint checks to see if the authorizer on context has write access to the notification endpoint provided.

type NotificationRuleStore

type NotificationRuleStore struct {
	influxdb.UserResourceMappingService
	influxdb.OrganizationService
	// contains filtered or unexported fields
}

NotificationRuleStore wraps a influxdb.NotificationRuleStore and authorizes actions against it appropriately.

func NewNotificationRuleStore

func NewNotificationRuleStore(s influxdb.NotificationRuleStore, urm influxdb.UserResourceMappingService, org influxdb.OrganizationService) *NotificationRuleStore

NewNotificationRuleStore constructs an instance of an authorizing notification rule serivce.

func (*NotificationRuleStore) CreateNotificationRule

func (s *NotificationRuleStore) CreateNotificationRule(ctx context.Context, nr influxdb.NotificationRuleCreate, userID influxdb.ID) error

CreateNotificationRule checks to see if the authorizer on context has write access to the global notification rule resource.

func (*NotificationRuleStore) DeleteNotificationRule

func (s *NotificationRuleStore) DeleteNotificationRule(ctx context.Context, id influxdb.ID) error

DeleteNotificationRule checks to see if the authorizer on context has write access to the notification rule provided.

func (*NotificationRuleStore) FindNotificationRuleByID

func (s *NotificationRuleStore) FindNotificationRuleByID(ctx context.Context, id influxdb.ID) (influxdb.NotificationRule, error)

FindNotificationRuleByID checks to see if the authorizer on context has read access to the id provided.

func (*NotificationRuleStore) FindNotificationRules

func (s *NotificationRuleStore) FindNotificationRules(ctx context.Context, filter influxdb.NotificationRuleFilter, opt ...influxdb.FindOptions) ([]influxdb.NotificationRule, int, error)

FindNotificationRules retrieves all notification rules that match the provided filter and then filters the list down to only the resources that are authorized.

func (*NotificationRuleStore) PatchNotificationRule

func (s *NotificationRuleStore) PatchNotificationRule(ctx context.Context, id influxdb.ID, upd influxdb.NotificationRuleUpdate) (influxdb.NotificationRule, error)

PatchNotificationRule checks to see if the authorizer on context has write access to the notification rule provided.

func (*NotificationRuleStore) UpdateNotificationRule

func (s *NotificationRuleStore) UpdateNotificationRule(ctx context.Context, id influxdb.ID, upd influxdb.NotificationRuleCreate, userID influxdb.ID) (influxdb.NotificationRule, error)

UpdateNotificationRule checks to see if the authorizer on context has write access to the notification rule provided.

type OrgService

type OrgService struct {
	// contains filtered or unexported fields
}

OrgService wraps a influxdb.OrganizationService and authorizes actions against it appropriately.

func NewOrgService

func NewOrgService(s influxdb.OrganizationService) *OrgService

NewOrgService constructs an instance of an authorizing org serivce.

func (*OrgService) CreateOrganization

func (s *OrgService) CreateOrganization(ctx context.Context, o *influxdb.Organization) error

CreateOrganization checks to see if the authorizer on context has write access to the global orgs resource.

func (*OrgService) DeleteOrganization

func (s *OrgService) DeleteOrganization(ctx context.Context, id influxdb.ID) error

DeleteOrganization checks to see if the authorizer on context has write access to the organization provided.

func (*OrgService) FindOrganization

func (s *OrgService) FindOrganization(ctx context.Context, filter influxdb.OrganizationFilter) (*influxdb.Organization, error)

FindOrganization retrieves the organization and checks to see if the authorizer on context has read access to the org.

func (*OrgService) FindOrganizationByID

func (s *OrgService) FindOrganizationByID(ctx context.Context, id influxdb.ID) (*influxdb.Organization, error)

FindOrganizationByID checks to see if the authorizer on context has read access to the id provided.

func (*OrgService) FindOrganizations

func (s *OrgService) FindOrganizations(ctx context.Context, filter influxdb.OrganizationFilter, opt ...influxdb.FindOptions) ([]*influxdb.Organization, int, error)

FindOrganizations retrieves all organizations that match the provided filter and then filters the list down to only the resources that are authorized.

func (*OrgService) UpdateOrganization

func (s *OrgService) UpdateOrganization(ctx context.Context, id influxdb.ID, upd influxdb.OrganizationUpdate) (*influxdb.Organization, error)

UpdateOrganization checks to see if the authorizer on context has write access to the organization provided.

type OrganizationService

type OrganizationService interface {
	FindResourceOrganizationID(ctx context.Context, rt influxdb.ResourceType, id influxdb.ID) (influxdb.ID, error)
}

type PasswordService

type PasswordService struct {
	// contains filtered or unexported fields
}

PasswordService is a new authorization middleware for a password service.

func NewPasswordService

func NewPasswordService(svc influxdb.PasswordsService) *PasswordService

NewPasswordService wraps an existing password service with auth middlware.

func (*PasswordService) CompareAndSetPassword

func (s *PasswordService) CompareAndSetPassword(ctx context.Context, userID influxdb.ID, old string, new string) error

CompareAndSetPassword checks the password and if they match updates to the new password.

func (*PasswordService) ComparePassword

func (s *PasswordService) ComparePassword(ctx context.Context, userID influxdb.ID, password string) error

ComparePassword checks if the password matches the password recorded. Passwords that do not match return errors.

func (*PasswordService) SetPassword

func (s *PasswordService) SetPassword(ctx context.Context, userID influxdb.ID, password string) error

SetPassword overrides the password of a known user.

type ScraperTargetStoreService

type ScraperTargetStoreService struct {
	influxdb.UserResourceMappingService
	influxdb.OrganizationService
	// contains filtered or unexported fields
}

ScraperTargetStoreService wraps a influxdb.ScraperTargetStoreService and authorizes actions against it appropriately.

func NewScraperTargetStoreService

func NewScraperTargetStoreService(s influxdb.ScraperTargetStoreService,
	urm influxdb.UserResourceMappingService,
	org influxdb.OrganizationService,
) *ScraperTargetStoreService

NewScraperTargetStoreService constructs an instance of an authorizing scraper target store serivce.

func (*ScraperTargetStoreService) AddTarget

func (s *ScraperTargetStoreService) AddTarget(ctx context.Context, st *influxdb.ScraperTarget, userID influxdb.ID) error

AddTarget checks to see if the authorizer on context has write access to the global scraper target resource.

func (*ScraperTargetStoreService) GetTargetByID

func (s *ScraperTargetStoreService) GetTargetByID(ctx context.Context, id influxdb.ID) (*influxdb.ScraperTarget, error)

GetTargetByID checks to see if the authorizer on context has read access to the id provided.

func (*ScraperTargetStoreService) ListTargets

func (s *ScraperTargetStoreService) ListTargets(ctx context.Context, filter influxdb.ScraperTargetFilter) ([]influxdb.ScraperTarget, error)

ListTargets retrieves all scraper targets that match the provided filter and then filters the list down to only the resources that are authorized.

func (*ScraperTargetStoreService) RemoveTarget

func (s *ScraperTargetStoreService) RemoveTarget(ctx context.Context, id influxdb.ID) error

RemoveTarget checks to see if the authorizer on context has write access to the scraper target provided.

func (*ScraperTargetStoreService) UpdateTarget

func (s *ScraperTargetStoreService) UpdateTarget(ctx context.Context, upd *influxdb.ScraperTarget, userID influxdb.ID) (*influxdb.ScraperTarget, error)

UpdateTarget checks to see if the authorizer on context has write access to the scraper target provided.

type SecretService

type SecretService struct {
	// contains filtered or unexported fields
}

SecretService wraps a influxdb.SecretService and authorizes actions against it appropriately.

func NewSecretService

func NewSecretService(s influxdb.SecretService) *SecretService

NewSecretService constructs an instance of an authorizing secret serivce.

func (*SecretService) DeleteSecret

func (s *SecretService) DeleteSecret(ctx context.Context, orgID influxdb.ID, keys ...string) error

DeleteSecret checks to see if the authorizer on context has write access to the secret keys provided.

func (*SecretService) GetSecretKeys

func (s *SecretService) GetSecretKeys(ctx context.Context, orgID influxdb.ID) ([]string, error)

GetSecretKeys checks to see if the authorizer on context has read access to all the secrets belonging to orgID.

func (*SecretService) LoadSecret

func (s *SecretService) LoadSecret(ctx context.Context, orgID influxdb.ID, key string) (string, error)

LoadSecret checks to see if the authorizer on context has read access to the secret key provided.

func (*SecretService) PatchSecrets

func (s *SecretService) PatchSecrets(ctx context.Context, orgID influxdb.ID, m map[string]string) error

PatchSecrets checks to see if the authorizer on context has write access to the secret keys provided.

func (*SecretService) PutSecret

func (s *SecretService) PutSecret(ctx context.Context, orgID influxdb.ID, key string, val string) error

PutSecret checks to see if the authorizer on context has write access to the secret key provided.

func (*SecretService) PutSecrets

func (s *SecretService) PutSecrets(ctx context.Context, orgID influxdb.ID, m map[string]string) error

PutSecrets checks to see if the authorizer on context has read and write access to the secret keys provided.

type SourceService

type SourceService struct {
	// contains filtered or unexported fields
}

SourceService wraps a influxdb.SourceService and authorizes actions against it appropriately.

func NewSourceService

func NewSourceService(s influxdb.SourceService) *SourceService

NewSourceService constructs an instance of an authorizing source service.

func (*SourceService) CreateSource

func (s *SourceService) CreateSource(ctx context.Context, src *influxdb.Source) error

CreateSource checks to see if the authorizer on context has write access to the global source resource.

func (*SourceService) DefaultSource

func (s *SourceService) DefaultSource(ctx context.Context) (*influxdb.Source, error)

DefaultSource checks to see if the authorizer on context has read access to the default source.

func (*SourceService) DeleteSource

func (s *SourceService) DeleteSource(ctx context.Context, id influxdb.ID) error

DeleteSource checks to see if the authorizer on context has write access to the source provided.

func (*SourceService) FindSourceByID

func (s *SourceService) FindSourceByID(ctx context.Context, id influxdb.ID) (*influxdb.Source, error)

FindSourceByID checks to see if the authorizer on context has read access to the id provided.

func (*SourceService) FindSources

func (s *SourceService) FindSources(ctx context.Context, opts influxdb.FindOptions) ([]*influxdb.Source, int, error)

FindSources retrieves all sources that match the provided options and then filters the list down to only the resources that are authorized.

func (*SourceService) UpdateSource

func (s *SourceService) UpdateSource(ctx context.Context, id influxdb.ID, upd influxdb.SourceUpdate) (*influxdb.Source, error)

UpdateSource checks to see if the authorizer on context has write access to the source provided.

type TelegrafConfigService

type TelegrafConfigService struct {
	influxdb.UserResourceMappingService
	// contains filtered or unexported fields
}

TelegrafConfigService wraps a influxdb.TelegrafConfigStore and authorizes actions against it appropriately.

func NewTelegrafConfigService

func NewTelegrafConfigService(s influxdb.TelegrafConfigStore, urm influxdb.UserResourceMappingService) *TelegrafConfigService

NewTelegrafConfigService constructs an instance of an authorizing telegraf serivce.

func (*TelegrafConfigService) CreateTelegrafConfig

func (s *TelegrafConfigService) CreateTelegrafConfig(ctx context.Context, tc *influxdb.TelegrafConfig, userID influxdb.ID) error

CreateTelegrafConfig checks to see if the authorizer on context has write access to the global telegraf config resource.

func (*TelegrafConfigService) DeleteTelegrafConfig

func (s *TelegrafConfigService) DeleteTelegrafConfig(ctx context.Context, id influxdb.ID) error

DeleteTelegrafConfig checks to see if the authorizer on context has write access to the telegraf config provided.

func (*TelegrafConfigService) FindTelegrafConfigByID

func (s *TelegrafConfigService) FindTelegrafConfigByID(ctx context.Context, id influxdb.ID) (*influxdb.TelegrafConfig, error)

FindTelegrafConfigByID checks to see if the authorizer on context has read access to the id provided.

func (*TelegrafConfigService) FindTelegrafConfigs

func (s *TelegrafConfigService) FindTelegrafConfigs(ctx context.Context, filter influxdb.TelegrafConfigFilter, opt ...influxdb.FindOptions) ([]*influxdb.TelegrafConfig, int, error)

FindTelegrafConfigs retrieves all telegraf configs that match the provided filter and then filters the list down to only the resources that are authorized.

func (*TelegrafConfigService) UpdateTelegrafConfig

func (s *TelegrafConfigService) UpdateTelegrafConfig(ctx context.Context, id influxdb.ID, upd *influxdb.TelegrafConfig, userID influxdb.ID) (*influxdb.TelegrafConfig, error)

UpdateTelegrafConfig checks to see if the authorizer on context has write access to the telegraf config provided.

type URMService

type URMService struct {
	// contains filtered or unexported fields
}

func (*URMService) CreateUserResourceMapping

func (s *URMService) CreateUserResourceMapping(ctx context.Context, m *influxdb.UserResourceMapping) error

func (*URMService) DeleteUserResourceMapping

func (s *URMService) DeleteUserResourceMapping(ctx context.Context, resourceID influxdb.ID, userID influxdb.ID) error

func (*URMService) FindUserResourceMappings

func (s *URMService) FindUserResourceMappings(ctx context.Context, filter influxdb.UserResourceMappingFilter, opt ...influxdb.FindOptions) ([]*influxdb.UserResourceMapping, int, error)

type UserService

type UserService struct {
	// contains filtered or unexported fields
}

UserService wraps a influxdb.UserService and authorizes actions against it appropriately.

func NewUserService

func NewUserService(s influxdb.UserService) *UserService

NewUserService constructs an instance of an authorizing user serivce.

func (*UserService) CreateUser

func (s *UserService) CreateUser(ctx context.Context, o *influxdb.User) error

CreateUser checks to see if the authorizer on context has write access to the global users resource.

func (*UserService) DeleteUser

func (s *UserService) DeleteUser(ctx context.Context, id influxdb.ID) error

DeleteUser checks to see if the authorizer on context has write access to the user provided.

func (*UserService) FindUser

func (s *UserService) FindUser(ctx context.Context, filter influxdb.UserFilter) (*influxdb.User, error)

FindUser retrieves the user and checks to see if the authorizer on context has read access to the user.

func (*UserService) FindUserByID

func (s *UserService) FindUserByID(ctx context.Context, id influxdb.ID) (*influxdb.User, error)

FindUserByID checks to see if the authorizer on context has read access to the id provided.

func (*UserService) FindUsers

func (s *UserService) FindUsers(ctx context.Context, filter influxdb.UserFilter, opt ...influxdb.FindOptions) ([]*influxdb.User, int, error)

FindUsers retrieves all users that match the provided filter and then filters the list down to only the resources that are authorized.

func (*UserService) UpdateUser

func (s *UserService) UpdateUser(ctx context.Context, id influxdb.ID, upd influxdb.UserUpdate) (*influxdb.User, error)

UpdateUser checks to see if the authorizer on context has write access to the user provided.

type VariableService

type VariableService struct {
	// contains filtered or unexported fields
}

VariableService wraps a influxdb.VariableService and authorizes actions against it appropriately.

func NewVariableService

func NewVariableService(s influxdb.VariableService) *VariableService

NewVariableService constructs an instance of an authorizing variable service.

func (*VariableService) CreateVariable

func (s *VariableService) CreateVariable(ctx context.Context, v *influxdb.Variable) error

CreateVariable checks to see if the authorizer on context has write access to the global variable resource.

func (*VariableService) DeleteVariable

func (s *VariableService) DeleteVariable(ctx context.Context, id influxdb.ID) error

DeleteVariable checks to see if the authorizer on context has write access to the variable provided.

func (*VariableService) FindVariableByID

func (s *VariableService) FindVariableByID(ctx context.Context, id influxdb.ID) (*influxdb.Variable, error)

FindVariableByID checks to see if the authorizer on context has read access to the id provided.

func (*VariableService) FindVariables

func (s *VariableService) FindVariables(ctx context.Context, filter influxdb.VariableFilter, opt ...influxdb.FindOptions) ([]*influxdb.Variable, error)

FindVariables retrieves all variables that match the provided filter and then filters the list down to only the resources that are authorized.

func (*VariableService) ReplaceVariable

func (s *VariableService) ReplaceVariable(ctx context.Context, m *influxdb.Variable) error

ReplaceVariable checks to see if the authorizer on context has write access to the variable provided.

func (*VariableService) UpdateVariable

func (s *VariableService) UpdateVariable(ctx context.Context, id influxdb.ID, upd *influxdb.VariableUpdate) (*influxdb.Variable, error)

UpdateVariable checks to see if the authorizer on context has write access to the variable provided.

Package Files

Documentation was rendered with GOOS=linux and GOARCH=amd64.

Jump to identifier

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to identifier