Skip to content

Commit 39b5ea8

Browse files
SMillerDevSMillerDev
committed
feat: add v1 auths
1 parent 87f32f7 commit 39b5ea8

File tree

1 file changed

+83
-19
lines changed

1 file changed

+83
-19
lines changed

influxdb/users.sls

Lines changed: 83 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -1,24 +1,24 @@
1-
{% from "influxdb/defaults.yaml.jinja2" import rawmap with context %}
1+
{%- from "influxdb/defaults.yaml.jinja2" import rawmap with context %}
22
{%- set influxdb = salt['grains.filter_by'](rawmap, grain='os_family', merge=salt['pillar.get']('influxdb')) %}
33
4-
{% if "user" in influxdb and "remote" not in influxdb %}
5-
{% for name,config in influxdb["user"].items() %}
4+
{%- if "user" in influxdb and "remote" not in influxdb %}
5+
{%- for name,config in influxdb["user"].items() %}
66
influxdb_user_{{ name }}:
77
influxdb_user.present:
88
- name: {{ name }}
99
- passwd: {{ config["password"] }}
10-
{% if "admin" in config %}
10+
{%- if "admin" in config %}
1111
- admin: {{ config["admin"] }}
12-
{% endif %}
13-
{% if "grants" in config %}
12+
{%- endif %}
13+
{%- if "grants" in config %}
1414
- grants: {{ config["grants"] }}
15-
{% endif %}
16-
{% endfor %}
17-
{% endif %}
15+
{%- endif %}
16+
{%- endfor %}
17+
{%- endif %}
1818
19-
{% if "user" in influxdb and "remote" in influxdb %}
19+
{%- if "user" in influxdb and "remote" in influxdb %}
2020
{%- set base_url = "https://" ~ influxdb['remote']['host'] ~ ":" ~ influxdb['remote']['port'] %}
21-
{% for name,config in influxdb["user"].items() %}
21+
{%- for name,config in influxdb["user"].items() %}
2222
get_user_{{ name }}:
2323
http.query:
2424
- name: '{{ base_url }}/api/v2/users/?name={{ name }}'
@@ -61,7 +61,7 @@ make_{{ name }}_admin_in_org:
6161
Authorization: Token {{ influxdb['user']['admin']['token'] }}
6262
- onfail:
6363
- http: check_{{ name }}_admin_in_org
64-
{% else %}
64+
{%- else %}
6565
check_{{ name }}_member_in_org:
6666
http.query:
6767
- name: '{{ base_url }}/api/v2/orgs/{{ orgID }}/members'
@@ -82,10 +82,10 @@ make_{{ name }}_member_in_org:
8282
Authorization: Token {{ influxdb['user']['admin']['token'] }}
8383
- onfail:
8484
- http: check_{{ name }}_member_in_org
85-
{% endif %}
85+
{%- endif %}
8686
8787
88-
{% if "password" in config %}
88+
{%- if "password" in config %}
8989
set_password_{{ name }}:
9090
http.query:
9191
- name: '{{ base_url }}/api/v2/users/{{ id }}/password'
@@ -94,9 +94,9 @@ set_password_{{ name }}:
9494
- data: '{"password": "{{ config["password"] }}"}'
9595
- header_dict:
9696
Authorization: Token {{ influxdb['user']['admin']['token'] }}
97-
{% endif %}
97+
{%- endif %}
9898
99-
{% if "grants" in config %}
99+
{%- if "grants" in config %}
100100
{%- for bucket,access in config['grants'].items() %}
101101
{%- set bucketID = salt['cmd.shell']("curl -s -f -H'Authorization: Token " ~ influxdb['user']['admin']['token'] ~ "' '" ~ base_url ~ "/api/v2/buckets?name=" ~ bucket ~ "' | jq -r '.buckets[0].id'") %}
102102
@@ -120,8 +120,72 @@ grant_user_{{ name }}_to_{{ bucket }}:
120120
Authorization: Token {{ influxdb['user']['admin']['token'] }}
121121
- onfail:
122122
- http: check_grant_user_{{ name }}_to_{{ bucket }}
123+
124+
{%- set token = '-'.join([name, access, bucket]) %}
125+
{%- set all_permissions = [{
126+
'action': 'read',
127+
'resource': {
128+
'id': bucketID,
129+
'orgID': orgID,
130+
'type': "buckets"
131+
}
132+
},{
133+
'action': 'write',
134+
'resource': {
135+
'id': bucketID,
136+
'orgID': orgID,
137+
'type': "buckets"
138+
}
139+
}] %}
140+
{%- set base_permissions = [{
141+
'action': access,
142+
'resource': {
143+
'id': bucketID,
144+
'orgID': orgID,
145+
'type': "buckets"
146+
}
147+
}] %}
148+
{%- set auth_data = {
149+
'token': token,
150+
'description': 'Grant ' ~ name ~ ' ' ~ access ~ ' access to bucket ' ~ bucket,
151+
'orgID': orgID,
152+
'userID': id,
153+
'permissions': all_permissions if access == 'all' else base_permissions
154+
} %}
155+
156+
check_auth_user_{{ name }}_to_{{ bucket }}:
157+
http.query:
158+
- name: '{{ base_url }}/private/legacy/authorizations?token={{ token }}'
159+
- status: 200
160+
- method: GET
161+
- match: '"{{ token }}"'
162+
- match_type: string
163+
- header_dict:
164+
Authorization: Token {{ influxdb['user']['admin']['token'] }}
165+
166+
auth_user_{{ name }}_to_{{ bucket }}:
167+
http.query:
168+
- name: '{{ base_url }}/private/legacy/authorizations'
169+
- status: 201
170+
- method: POST
171+
- data: '{{ auth_data | tojson }}'
172+
- header_dict:
173+
Authorization: Token {{ influxdb['user']['admin']['token'] }}
174+
- onfail:
175+
- http: check_auth_user_{{ name }}_to_{{ bucket }}
176+
177+
{%- set authID = salt['cmd.shell']("curl -s -f -H'Authorization: Token " ~ influxdb['user']['admin']['token'] ~ "' '" ~ base_url ~ "/private/legacy/authorizations?token=" ~ token ~ "' | jq -r '.authorizations[0].id'") %}
178+
password_auth_user_{{ name }}_to_{{ bucket }}:
179+
http.query:
180+
- name: '{{ base_url }}/private/legacy/authorizations/{{ authID }}/password'
181+
- status: 204
182+
- method: POST
183+
- data: '{"password": "{{ config["password"] }}"}'
184+
- header_dict:
185+
Authorization: Token {{ influxdb['user']['admin']['token'] }}
186+
123187
{%- endfor %}
124-
{% endif %}
188+
{%- endif %}
125189
126-
{% endfor %}
127-
{% endif %}
190+
{%- endfor %}
191+
{%- endif %}

0 commit comments

Comments
 (0)