feat: add v1 auths

Author: SMillerDev

influxdb/users.sls

@@ -1,24 +1,24 @@
-{% from "influxdb/defaults.yaml.jinja2" import rawmap with context %}
+{%- from "influxdb/defaults.yaml.jinja2" import rawmap with context %}
 {%- set influxdb = salt['grains.filter_by'](rawmap, grain='os_family', merge=salt['pillar.get']('influxdb')) %}
 
-{% if "user" in influxdb and "remote" not in influxdb %}
-{% for name,config in influxdb["user"].items() %}
+{%- if "user" in influxdb and "remote" not in influxdb %}
+{%- for name,config in influxdb["user"].items() %}
 influxdb_user_{{ name }}:
   influxdb_user.present:
     - name: {{ name }}
     - passwd: {{ config["password"] }}
-{% if "admin" in config %}
+{%- if "admin" in config %}
     - admin: {{ config["admin"] }}
-{% endif %}
-{% if "grants" in config %}
+{%- endif %}
+{%- if "grants" in config %}
     - grants: {{ config["grants"] }}
-{% endif %}
-{% endfor %}
-{% endif %}
+{%- endif %}
+{%- endfor %}
+{%- endif %}
 
-{% if "user" in influxdb and "remote" in influxdb %}
+{%- if "user" in influxdb and "remote" in influxdb %}
 {%- set base_url = "https://" ~ influxdb['remote']['host'] ~ ":" ~ influxdb['remote']['port'] %}
-{% for name,config in influxdb["user"].items() %}
+{%- for name,config in influxdb["user"].items() %}
 get_user_{{ name }}:
   http.query:
     - name: '{{ base_url }}/api/v2/users/?name={{ name }}'
@@ -61,7 +61,7 @@ make_{{ name }}_admin_in_org:
         Authorization: Token {{ influxdb['user']['admin']['token'] }}
     - onfail:
         - http: check_{{ name }}_admin_in_org
-{% else %}
+{%- else %}
 check_{{ name }}_member_in_org:
   http.query:
     - name: '{{ base_url }}/api/v2/orgs/{{ orgID }}/members'
@@ -82,10 +82,10 @@ make_{{ name }}_member_in_org:
         Authorization: Token {{ influxdb['user']['admin']['token'] }}
     - onfail:
         - http: check_{{ name }}_member_in_org
-{% endif %}
+{%- endif %}
 
 
-{% if "password" in config %}
+{%- if "password" in config %}
 set_password_{{ name }}:
   http.query:
     - name: '{{ base_url }}/api/v2/users/{{ id }}/password'
@@ -94,9 +94,9 @@ set_password_{{ name }}:
     - data: '{"password": "{{ config["password"] }}"}'
     - header_dict:
         Authorization: Token {{ influxdb['user']['admin']['token'] }}
-{% endif %}
+{%- endif %}
 
-{% if "grants" in config %}
+{%- if "grants" in config %}
 {%- for bucket,access in config['grants'].items() %}
 {%- set bucketID = salt['cmd.shell']("curl -s -f -H'Authorization: Token " ~ influxdb['user']['admin']['token'] ~ "' '" ~ base_url ~ "/api/v2/buckets?name=" ~ bucket ~ "' | jq -r '.buckets[0].id'") %}
 
@@ -120,8 +120,48 @@ grant_user_{{ name }}_to_{{ bucket }}:
         Authorization: Token {{ influxdb['user']['admin']['token'] }}
     - onfail:
         - http: check_grant_user_{{ name }}_to_{{ bucket }}
+
+{%- set token = '-'.join([name, access, bucket]) %}
+{%- set auth_data = {
+  'token': token,
+  'description': 'Grant ' ~ name ~ ' ' ~ access ~ ' access to bucket ' ~ bucket,
+  'orgID': orgID,
+  'userID': id,
+  'permissions': [{
+    'action': 'write' if access != 'read' else 'read',
+    'resource': [{
+      'id': bucketID,
+      'name': bucket,
+      'orgID': orgID,
+      'type': "buckets"
+    }]
+  }]
+} %}
+
+check_auth_user_{{ name }}_to_{{ bucket }}:
+  http.query:
+    - name: '{{ base_url }}/private/legacy/authorizations?token={{ token }}'
+    - status: 200
+    - method: GET
+    - match: '"{{ token }}"'
+    - match_type: string
+    - header_dict:
+        Authorization: Token {{ influxdb['user']['admin']['token'] }}
+
+auth_user_{{ name }}_to_{{ bucket }}:
+  http.query:
+    - name: '{{ base_url }}/private/legacy/authorizations'
+    - status: 201
+    - method: POST
+    - data: |
+        '{{ auth_data | tojson }}'
+    - header_dict:
+        Authorization: Token {{ influxdb['user']['admin']['token'] }}
+    - onfail:
+        - http: check_auth_user_{{ name }}_to_{{ bucket }}
+
 {%- endfor %}
-{% endif %}
+{%- endif %}
 
-{% endfor %}
-{% endif %}
+{%- endfor %}
+{%- endif %}