625273adf9
* chore: update openapi * feat: update replication field names to match influx changes * feat: add new field to show replication queue sync progress * chore: update to master openapi
264 lines
7.3 KiB
Go
264 lines
7.3 KiB
Go
package main
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/influxdata/influx-cli/v2/api/extras"
|
|
"github.com/influxdata/influx-cli/v2/clients/auth"
|
|
"github.com/influxdata/influx-cli/v2/pkg/cli/middleware"
|
|
"github.com/urfave/cli"
|
|
)
|
|
|
|
func newAuthCommand() cli.Command {
|
|
return cli.Command{
|
|
Name: "auth",
|
|
Usage: "Authorization management commands",
|
|
Aliases: []string{"authorization"},
|
|
Before: middleware.NoArgs,
|
|
Subcommands: []cli.Command{
|
|
newCreateCommand(),
|
|
newDeleteCommand(),
|
|
newListCommand(),
|
|
newSetActiveCommand(),
|
|
newSetInactiveCommand(),
|
|
},
|
|
}
|
|
}
|
|
|
|
func helpText(perm string) struct{ readHelp, writeHelp string } {
|
|
var helpOverrides = map[string]struct{ readHelp, writeHelp string }{
|
|
"user": {"perform read actions against organization users", "perform mutative actions against organization users"},
|
|
"buckets": {"perform read actions against organization buckets", "perform mutative actions against organization buckets"},
|
|
"telegrafs": {"read telegraf configs", "create telegraf configs"},
|
|
"orgs": {"read organizations", "create organizations"},
|
|
"dbrps": {"read database retention policy mappings", "create database retention policy mappings"},
|
|
}
|
|
|
|
help := helpOverrides[perm]
|
|
if help.readHelp == "" {
|
|
help.readHelp = fmt.Sprintf("read %s", perm)
|
|
}
|
|
if help.writeHelp == "" {
|
|
help.writeHelp = fmt.Sprintf("create or update %s", perm)
|
|
}
|
|
|
|
help.readHelp = "Grants the permission to " + help.readHelp
|
|
help.writeHelp = "Grants the permission to " + help.writeHelp
|
|
return help
|
|
}
|
|
|
|
func hidden(perm string) bool {
|
|
var hiddenTypes = map[string]struct{}{
|
|
"functions": {},
|
|
}
|
|
_, ok := hiddenTypes[perm]
|
|
return ok
|
|
}
|
|
|
|
func newCreateCommand() cli.Command {
|
|
var params auth.CreateParams
|
|
flags := append(commonFlags(), getOrgFlags(¶ms.OrgParams)...)
|
|
|
|
flags = append(flags,
|
|
&cli.StringFlag{
|
|
Name: "user, u",
|
|
Usage: "The user name",
|
|
Destination: ¶ms.User,
|
|
},
|
|
&cli.StringFlag{
|
|
Name: "description, d",
|
|
Usage: "Token description",
|
|
Destination: ¶ms.Description,
|
|
},
|
|
&cli.StringSliceFlag{
|
|
Name: "write-bucket",
|
|
Usage: "The bucket id",
|
|
},
|
|
&cli.StringSliceFlag{
|
|
Name: "read-bucket",
|
|
Usage: "The bucket id",
|
|
},
|
|
&cli.BoolFlag{
|
|
Name: "operator",
|
|
Usage: "Grants all permissions in all organizations",
|
|
Destination: ¶ms.OperatorPermission,
|
|
},
|
|
&cli.BoolFlag{
|
|
Name: "all-access",
|
|
Usage: "Grants all permissions in a single organization",
|
|
Destination: ¶ms.AllAccess,
|
|
},
|
|
)
|
|
|
|
params.ResourcePermissions = auth.BuildResourcePermissions()
|
|
for _, perm := range params.ResourcePermissions {
|
|
if perm.Name == string(extras.RESOURCEENUMOSS_INSTANCE) {
|
|
// Instance permissions are only set during setup
|
|
continue
|
|
}
|
|
help := helpText(perm.Name)
|
|
ossVsCloud := ""
|
|
if perm.IsCloud && !perm.IsOss {
|
|
ossVsCloud = " (Cloud only)"
|
|
}
|
|
if !perm.IsCloud && perm.IsOss {
|
|
ossVsCloud = " (OSS only)"
|
|
}
|
|
flags = append(flags,
|
|
&cli.BoolFlag{
|
|
Name: "read-" + perm.Name,
|
|
Usage: help.readHelp + ossVsCloud,
|
|
Destination: &perm.Read,
|
|
Hidden: hidden(perm.Name),
|
|
},
|
|
&cli.BoolFlag{
|
|
Name: "write-" + perm.Name,
|
|
Usage: help.writeHelp + ossVsCloud,
|
|
Destination: &perm.Write,
|
|
Hidden: hidden(perm.Name),
|
|
})
|
|
}
|
|
|
|
return cli.Command{
|
|
Name: "create",
|
|
Usage: "Create authorization",
|
|
Flags: flags,
|
|
Before: middleware.WithBeforeFns(withCli(), withApi(true), middleware.NoArgs),
|
|
Action: func(ctx *cli.Context) error {
|
|
if err := checkOrgFlags(¶ms.OrgParams); err != nil {
|
|
return err
|
|
}
|
|
params.WriteBucketIds = ctx.StringSlice("write-bucket")
|
|
params.ReadBucketIds = ctx.StringSlice("read-bucket")
|
|
|
|
api := getAPI(ctx)
|
|
client := auth.Client{
|
|
CLI: getCLI(ctx),
|
|
AuthorizationsAPITokensApi: api.AuthorizationsAPITokensApi,
|
|
UsersApi: api.UsersApi,
|
|
OrganizationsApi: api.OrganizationsApi,
|
|
ResourcesApi: api.ResourcesApi,
|
|
}
|
|
return client.Create(getContext(ctx), ¶ms)
|
|
},
|
|
}
|
|
}
|
|
|
|
func newDeleteCommand() cli.Command {
|
|
return cli.Command{
|
|
Name: "delete",
|
|
Usage: "Delete authorization",
|
|
Flags: append(
|
|
commonFlags(),
|
|
&cli.StringFlag{
|
|
Name: "id, i",
|
|
Usage: "The authorization ID (required)",
|
|
Required: true,
|
|
},
|
|
),
|
|
Before: middleware.WithBeforeFns(withCli(), withApi(true), middleware.NoArgs),
|
|
Action: func(ctx *cli.Context) error {
|
|
api := getAPI(ctx)
|
|
client := auth.Client{
|
|
CLI: getCLI(ctx),
|
|
AuthorizationsAPITokensApi: api.AuthorizationsAPITokensApi,
|
|
UsersApi: api.UsersApi,
|
|
OrganizationsApi: api.OrganizationsApi,
|
|
}
|
|
return client.Remove(getContext(ctx), ctx.String("id"))
|
|
},
|
|
}
|
|
}
|
|
|
|
func newListCommand() cli.Command {
|
|
var params auth.ListParams
|
|
flags := append(commonFlags(), getOrgFlags(¶ms.OrgParams)...)
|
|
flags = append(flags,
|
|
&cli.StringFlag{
|
|
Name: "id, i",
|
|
Usage: "The authorization ID",
|
|
Destination: ¶ms.Id,
|
|
},
|
|
&cli.StringFlag{
|
|
Name: "user, u",
|
|
Usage: "The user",
|
|
Destination: ¶ms.User,
|
|
},
|
|
&cli.StringFlag{
|
|
Name: "user-id",
|
|
Usage: "The user ID",
|
|
Destination: ¶ms.UserID,
|
|
},
|
|
)
|
|
return cli.Command{
|
|
Name: "list",
|
|
Usage: "List authorizations",
|
|
Aliases: []string{"find", "ls"},
|
|
Flags: flags,
|
|
Before: middleware.WithBeforeFns(withCli(), withApi(true), middleware.NoArgs),
|
|
Action: func(ctx *cli.Context) error {
|
|
if err := checkOrgFlags(¶ms.OrgParams); err != nil {
|
|
return err
|
|
}
|
|
api := getAPI(ctx)
|
|
client := auth.Client{
|
|
CLI: getCLI(ctx),
|
|
AuthorizationsAPITokensApi: api.AuthorizationsAPITokensApi,
|
|
UsersApi: api.UsersApi,
|
|
OrganizationsApi: api.OrganizationsApi,
|
|
}
|
|
return client.List(getContext(ctx), ¶ms)
|
|
},
|
|
}
|
|
}
|
|
|
|
func newSetActiveCommand() cli.Command {
|
|
return cli.Command{
|
|
Name: "active",
|
|
Usage: "Active authorization",
|
|
Flags: []cli.Flag{
|
|
&cli.StringFlag{
|
|
Name: "id, i",
|
|
Usage: "The authorization ID (required)",
|
|
Required: true,
|
|
},
|
|
},
|
|
Before: middleware.WithBeforeFns(withCli(), withApi(true), middleware.NoArgs),
|
|
Action: func(ctx *cli.Context) error {
|
|
api := getAPI(ctx)
|
|
client := auth.Client{
|
|
CLI: getCLI(ctx),
|
|
AuthorizationsAPITokensApi: api.AuthorizationsAPITokensApi,
|
|
UsersApi: api.UsersApi,
|
|
OrganizationsApi: api.OrganizationsApi,
|
|
}
|
|
return client.SetActive(getContext(ctx), ctx.String("id"), true)
|
|
},
|
|
}
|
|
}
|
|
|
|
func newSetInactiveCommand() cli.Command {
|
|
return cli.Command{
|
|
Name: "inactive",
|
|
Usage: "Inactive authorization",
|
|
Flags: []cli.Flag{
|
|
&cli.StringFlag{
|
|
Name: "id, i",
|
|
Usage: "The authorization ID (required)",
|
|
Required: true,
|
|
},
|
|
},
|
|
Before: middleware.WithBeforeFns(withCli(), withApi(true), middleware.NoArgs),
|
|
Action: func(ctx *cli.Context) error {
|
|
api := getAPI(ctx)
|
|
client := auth.Client{
|
|
CLI: getCLI(ctx),
|
|
AuthorizationsAPITokensApi: api.AuthorizationsAPITokensApi,
|
|
UsersApi: api.UsersApi,
|
|
OrganizationsApi: api.OrganizationsApi,
|
|
}
|
|
return client.SetActive(getContext(ctx), ctx.String("id"), false)
|
|
},
|
|
}
|
|
}
|