github.com/influxdata/influxdb/v2@v2.7.6/auth.go

github.com/influxdata/influxdb/v2@v2.7.6/auth.go (about)

     1  package influxdb
     2  
     3  import (
     4  	"context"
     5  	"fmt"
     6  
     7  	"github.com/influxdata/influxdb/v2/kit/platform"
     8  	"github.com/influxdata/influxdb/v2/kit/platform/errors"
     9  )
    10  
    11  // AuthorizationKind is returned by (*Authorization).Kind().
    12  const AuthorizationKind = "authorization"
    13  
    14  // ErrUnableToCreateToken sanitized error message for all errors when a user cannot create a token
    15  var ErrUnableToCreateToken = &errors.Error{
    16  	Msg:  "unable to create token",
    17  	Code: errors.EInvalid,
    18  }
    19  
    20  // Authorization is an authorization. 🎉
    21  type Authorization struct {
    22  	ID          platform.ID  `json:"id"`
    23  	Token       string       `json:"token"`
    24  	Status      Status       `json:"status"`
    25  	Description string       `json:"description"`
    26  	OrgID       platform.ID  `json:"orgID"`
    27  	UserID      platform.ID  `json:"userID,omitempty"`
    28  	Permissions []Permission `json:"permissions"`
    29  	CRUDLog
    30  }
    31  
    32  // AuthorizationUpdate is the authorization update request.
    33  type AuthorizationUpdate struct {
    34  	Status      *Status `json:"status,omitempty"`
    35  	Description *string `json:"description,omitempty"`
    36  }
    37  
    38  // Valid ensures that the authorization is valid.
    39  func (a *Authorization) Valid() error {
    40  	for _, p := range a.Permissions {
    41  		if p.Resource.OrgID != nil && *p.Resource.OrgID != a.OrgID {
    42  			return &errors.Error{
    43  				Msg:  fmt.Sprintf("permission %s is not for org id %s", p, a.OrgID),
    44  				Code: errors.EInvalid,
    45  			}
    46  		}
    47  	}
    48  
    49  	return nil
    50  }
    51  
    52  // PermissionSet returns the set of permissions associated with the Authorization.
    53  func (a *Authorization) PermissionSet() (PermissionSet, error) {
    54  	if !a.IsActive() {
    55  		return nil, &errors.Error{
    56  			Code: errors.EUnauthorized,
    57  			Msg:  "token is inactive",
    58  		}
    59  	}
    60  
    61  	return a.Permissions, nil
    62  }
    63  
    64  // IsActive is a stub for idpe.
    65  func IsActive(a *Authorization) bool {
    66  	return a.IsActive()
    67  }
    68  
    69  // IsActive returns true if the authorization active.
    70  func (a *Authorization) IsActive() bool {
    71  	return a.Status == Active
    72  }
    73  
    74  // GetUserID returns the user id.
    75  func (a *Authorization) GetUserID() platform.ID {
    76  	return a.UserID
    77  }
    78  
    79  // Kind returns session and is used for auditing.
    80  func (a *Authorization) Kind() string { return AuthorizationKind }
    81  
    82  // Identifier returns the authorizations ID and is used for auditing.
    83  func (a *Authorization) Identifier() platform.ID { return a.ID }
    84  
    85  // auth service op
    86  const (
    87  	OpFindAuthorizationByID    = "FindAuthorizationByID"
    88  	OpFindAuthorizationByToken = "FindAuthorizationByToken"
    89  	OpFindAuthorizations       = "FindAuthorizations"
    90  	OpCreateAuthorization      = "CreateAuthorization"
    91  	OpUpdateAuthorization      = "UpdateAuthorization"
    92  	OpDeleteAuthorization      = "DeleteAuthorization"
    93  )
    94  
    95  // AuthorizationService represents a service for managing authorization data.
    96  type AuthorizationService interface {
    97  	// Returns a single authorization by ID.
    98  	FindAuthorizationByID(ctx context.Context, id platform.ID) (*Authorization, error)
    99  
   100  	// Returns a single authorization by Token.
   101  	FindAuthorizationByToken(ctx context.Context, t string) (*Authorization, error)
   102  
   103  	// Returns a list of authorizations that match filter and the total count of matching authorizations.
   104  	// Additional options provide pagination & sorting.
   105  	FindAuthorizations(ctx context.Context, filter AuthorizationFilter, opt ...FindOptions) ([]*Authorization, int, error)
   106  
   107  	// Creates a new authorization and sets a.Token and a.UserID with the new identifier.
   108  	CreateAuthorization(ctx context.Context, a *Authorization) error
   109  
   110  	// UpdateAuthorization updates the status and description if available.
   111  	UpdateAuthorization(ctx context.Context, id platform.ID, upd *AuthorizationUpdate) (*Authorization, error)
   112  
   113  	// Removes a authorization by token.
   114  	DeleteAuthorization(ctx context.Context, id platform.ID) error
   115  }
   116  
   117  // AuthorizationFilter represents a set of filter that restrict the returned results.
   118  type AuthorizationFilter struct {
   119  	Token *string
   120  	ID    *platform.ID
   121  
   122  	UserID *platform.ID
   123  	User   *string
   124  
   125  	OrgID *platform.ID
   126  	Org   *string
   127  }