feat: all-access and operator token from CLI (#285)
* chore: include enum values in openapi generated code * chore: add enum template to list of template overrides * chore: update template and generated code * feat: generate permissions list from openapi spec * feat: all-access and operator token from CLI Closes #22510 * fix: cloud fixed the resources endpoint * fix: all access and operator permissions cannot be composed * fix: review comments from dan-moran
This commit is contained in:
Sam Arnold
@ -1,6 +1,8 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/influxdata/influx-cli/v2/clients/auth"
|
||||
"github.com/influxdata/influx-cli/v2/pkg/cli/middleware"
|
||||
"github.com/urfave/cli"
|
||||
@ -21,9 +23,32 @@ func newAuthCommand() cli.Command {
|
||||
}
|
||||
}
|
||||
|
||||
func helpText(perm string) struct{ readHelp, writeHelp string } {
|
||||
var helpOverrides = map[string]struct{ readHelp, writeHelp string }{
|
||||
"user": {"perform read actions against organization users", "perform mutative actions against organization users"},
|
||||
"buckets": {"perform read actions against organization buckets", "perform mutative actions against organization buckets"},
|
||||
"telegrafs": {"read telegraf configs", "create telegraf configs"},
|
||||
"orgs": {"read organizations", "create organizations"},
|
||||
"dbrps": {"read database retention policy mappings", "create database retention policy mappings"},
|
||||
}
|
||||
|
||||
help := helpOverrides[perm]
|
||||
if help.readHelp == "" {
|
||||
help.readHelp = fmt.Sprintf("read %s", perm)
|
||||
}
|
||||
if help.writeHelp == "" {
|
||||
help.writeHelp = fmt.Sprintf("create or update %s", perm)
|
||||
}
|
||||
|
||||
help.readHelp = "Grants the permission to " + help.readHelp
|
||||
help.writeHelp = "Grants the permission to " + help.writeHelp
|
||||
return help
|
||||
}
|
||||
|
||||
func newCreateCommand() cli.Command {
|
||||
var params auth.CreateParams
|
||||
flags := append(commonFlags(), getOrgFlags(¶ms.OrgParams)...)
|
||||
|
||||
flags = append(flags,
|
||||
&cli.StringFlag{
|
||||
Name: "user, u",
|
||||
@ -35,27 +60,6 @@ func newCreateCommand() cli.Command {
|
||||
Usage: "Token description",
|
||||
Destination: ¶ms.Description,
|
||||
},
|
||||
|
||||
&cli.BoolFlag{
|
||||
Name: "write-user",
|
||||
Usage: "Grants the permission to perform mutative actions against organization users",
|
||||
Destination: ¶ms.WriteUserPermission,
|
||||
},
|
||||
&cli.BoolFlag{
|
||||
Name: "read-user",
|
||||
Usage: "Grants the permission to perform read actions against organization users",
|
||||
Destination: ¶ms.ReadUserPermission,
|
||||
},
|
||||
&cli.BoolFlag{
|
||||
Name: "write-buckets",
|
||||
Usage: "Grants the permission to perform mutative actions against organization buckets",
|
||||
Destination: ¶ms.WriteBucketsPermission,
|
||||
},
|
||||
&cli.BoolFlag{
|
||||
Name: "read-buckets",
|
||||
Usage: "Grants the permission to perform read actions against organization buckets",
|
||||
Destination: ¶ms.ReadBucketsPermission,
|
||||
},
|
||||
&cli.StringSliceFlag{
|
||||
Name: "write-bucket",
|
||||
Usage: "The bucket id",
|
||||
@ -65,86 +69,40 @@ func newCreateCommand() cli.Command {
|
||||
Usage: "The bucket id",
|
||||
},
|
||||
&cli.BoolFlag{
|
||||
Name: "write-tasks",
|
||||
Usage: "Grants the permission to create tasks",
|
||||
Destination: ¶ms.WriteTasksPermission,
|
||||
Name: "operator",
|
||||
Usage: "Grants all permissions in all organizations",
|
||||
Destination: ¶ms.OperatorPermission,
|
||||
},
|
||||
&cli.BoolFlag{
|
||||
Name: "read-tasks",
|
||||
Usage: "Grants the permission to read tasks",
|
||||
Destination: ¶ms.ReadTasksPermission,
|
||||
},
|
||||
&cli.BoolFlag{
|
||||
Name: "write-telegrafs",
|
||||
Usage: "Grants the permission to create telegraf configs",
|
||||
Destination: ¶ms.WriteTelegrafsPermission,
|
||||
},
|
||||
&cli.BoolFlag{
|
||||
Name: "read-telegrafs",
|
||||
Usage: "Grants the permission to read telegraf configs",
|
||||
Destination: ¶ms.ReadTelegrafsPermission,
|
||||
},
|
||||
&cli.BoolFlag{
|
||||
Name: "write-orgs",
|
||||
Usage: "Grants the permission to create organizations",
|
||||
Destination: ¶ms.WriteOrganizationsPermission,
|
||||
},
|
||||
&cli.BoolFlag{
|
||||
Name: "read-orgs",
|
||||
Usage: "Grants the permission to read organizations",
|
||||
Destination: ¶ms.ReadOrganizationsPermission,
|
||||
},
|
||||
&cli.BoolFlag{
|
||||
Name: "write-dashboards",
|
||||
Usage: "Grants the permission to create dashboards",
|
||||
Destination: ¶ms.WriteDashboardsPermission,
|
||||
},
|
||||
&cli.BoolFlag{
|
||||
Name: "read-dashboards",
|
||||
Usage: "Grants the permission to read dashboards",
|
||||
Destination: ¶ms.ReadDashboardsPermission,
|
||||
},
|
||||
&cli.BoolFlag{
|
||||
Name: "write-checks",
|
||||
Usage: "Grants the permission to create checks",
|
||||
Destination: ¶ms.WriteCheckPermission,
|
||||
},
|
||||
&cli.BoolFlag{
|
||||
Name: "read-checks",
|
||||
Usage: "Grants the permission to read checks",
|
||||
Destination: ¶ms.ReadCheckPermission,
|
||||
},
|
||||
&cli.BoolFlag{
|
||||
Name: "write-notificationRules",
|
||||
Usage: "Grants the permission to create notificationRules",
|
||||
Destination: ¶ms.WriteNotificationRulePermission,
|
||||
},
|
||||
&cli.BoolFlag{
|
||||
Name: "read-notificationRules",
|
||||
Usage: "Grants the permission to read notificationRules",
|
||||
Destination: ¶ms.ReadNotificationRulePermission,
|
||||
},
|
||||
&cli.BoolFlag{
|
||||
Name: "write-notificationEndpoints",
|
||||
Usage: "Grants the permission to create notificationEndpoints",
|
||||
Destination: ¶ms.WriteNotificationEndpointPermission,
|
||||
},
|
||||
&cli.BoolFlag{
|
||||
Name: "read-notificationEndpoints",
|
||||
Usage: "Grants the permission to read notificationEndpoints",
|
||||
Destination: ¶ms.ReadNotificationEndpointPermission,
|
||||
},
|
||||
&cli.BoolFlag{
|
||||
Name: "write-dbrps",
|
||||
Usage: "Grants the permission to create database retention policy mappings",
|
||||
Destination: ¶ms.WriteDBRPPermission,
|
||||
},
|
||||
&cli.BoolFlag{
|
||||
Name: "read-dbrps",
|
||||
Usage: "Grants the permission to read database retention policy mappings",
|
||||
Destination: ¶ms.ReadDBRPPermission,
|
||||
Name: "all-access",
|
||||
Usage: "Grants all permissions in a single organization",
|
||||
Destination: ¶ms.AllAccess,
|
||||
},
|
||||
)
|
||||
|
||||
params.ResourcePermissions = auth.BuildResourcePermissions()
|
||||
for _, perm := range params.ResourcePermissions {
|
||||
help := helpText(perm.Name)
|
||||
ossVsCloud := ""
|
||||
if perm.IsCloud && !perm.IsOss {
|
||||
ossVsCloud = " (Cloud only)"
|
||||
}
|
||||
if !perm.IsCloud && perm.IsOss {
|
||||
ossVsCloud = " (OSS only)"
|
||||
}
|
||||
flags = append(flags,
|
||||
&cli.BoolFlag{
|
||||
Name: "read-" + perm.Name,
|
||||
Usage: help.readHelp + ossVsCloud,
|
||||
Destination: &perm.Read,
|
||||
},
|
||||
&cli.BoolFlag{
|
||||
Name: "write-" + perm.Name,
|
||||
Usage: help.writeHelp + ossVsCloud,
|
||||
Destination: &perm.Write,
|
||||
})
|
||||
}
|
||||
|
||||
return cli.Command{
|
||||
Name: "create",
|
||||
Usage: "Create authorization",
|
||||
@ -160,6 +118,7 @@ func newCreateCommand() cli.Command {
|
||||
AuthorizationsApi: api.AuthorizationsApi,
|
||||
UsersApi: api.UsersApi,
|
||||
OrganizationsApi: api.OrganizationsApi,
|
||||
ResourceListApi: api.ResourceListApi,
|
||||
}
|
||||
return client.Create(getContext(ctx), ¶ms)
|
||||
},
|
||||
|
||||
Reference in New Issue
Block a user