revert: feat(pkger): add Stack resource type to global list

This reverts commit 99eabf8. A backend change was needed to make this work in Cloud envs, that change is blocked.
influxdata · Jul 22, 2020 · 88cdf43 · 88cdf43
1 parent 437b35b
commit 88cdf43
Show file tree

Hide file tree

Showing 9 changed files with 9 additions and 30 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,7 +6,6 @@
 1. [18910](https://github.com/influxdata/influxdb/pull/18910): Add uninstall functionality for stacks
 1. [18912](https://github.com/influxdata/influxdb/pull/18912): Drop deprecated influx pkg command tree
 1. [18997](https://github.com/influxdata/influxdb/pull/18997): Add telegraf management commands to influx CLI
-1. [19000](https://github.com/influxdata/influxdb/pull/19000): Transition Stack permissions to be accessible by any non root user
 
 ### Bug Fixes
 

diff --git a/authorizer/agent.go b/authorizer/agent.go
@@ -36,7 +36,7 @@ func (a *AuthAgent) IsWritable(ctx context.Context, orgID influxdb.ID, resType i
 	if resTypeErr != nil && orgErr != nil {
 		return &influxdb.Error{
 			Code: influxdb.EUnauthorized,
-			Msg:  "not authorized to write " + string(resType),
+			Msg:  "not authorized to create " + string(resType),
 		}
 	}
 

diff --git a/authz.go b/authz.go
@@ -129,9 +129,8 @@ const (
 	NotificationEndpointResourceType = ResourceType("notificationEndpoints") // 15
 	// ChecksResourceType gives permission to one or more Checks.
 	ChecksResourceType = ResourceType("checks") // 16
-	// DBRPResourceType gives permission to one or more DBRPs.
-	DBRPResourceType               = ResourceType("dbrp") // 17
-	ResourceTypeStack ResourceType = "stack"
+	// DBRPType gives permission to one or more DBRPs.
+	DBRPResourceType = ResourceType("dbrp") // 17
 )
 
 // AllResourceTypes is the list of all known resource types.
@@ -154,7 +153,6 @@ var AllResourceTypes = []ResourceType{
 	NotificationEndpointResourceType, // 15
 	ChecksResourceType,               // 16
 	DBRPResourceType,                 // 17
-	ResourceTypeStack,                //18
 	// NOTE: when modifying this list, please update the swagger for components.schemas.Permission resource enum.
 }
 
@@ -173,7 +171,6 @@ var OrgResourceTypes = []ResourceType{
 	NotificationEndpointResourceType, // 15
 	ChecksResourceType,               // 16
 	DBRPResourceType,                 // 17
-	ResourceTypeStack,                // 18
 }
 
 // Valid checks if the resource type is a member of the ResourceType enum.
@@ -202,7 +199,6 @@ func (t ResourceType) Valid() (err error) {
 	case NotificationEndpointResourceType: // 15
 	case ChecksResourceType: // 16
 	case DBRPResourceType: // 17
-	case ResourceTypeStack: // 18
 	default:
 		err = ErrInvalidResourceType
 	}

diff --git a/http/swagger.yml b/http/swagger.yml
@@ -7351,7 +7351,6 @@ components:
             - notificationEndpoints
             - checks
             - dbrp
-            - stack
         id:
           type: string
           nullable: true

diff --git a/pkger/service.go b/pkger/service.go
@@ -120,6 +120,8 @@ func (e StackEventType) String() string {
 	}
 }
 
+const ResourceTypeStack influxdb.ResourceType = "stack"
+
 // SVC is the packages service interface.
 type SVC interface {
 	InitStack(ctx context.Context, userID influxdb.ID, stack StackCreate) (Stack, error)

diff --git a/pkger/service_auth.go b/pkger/service_auth.go
@@ -29,23 +29,23 @@ func MWAuth(authAgent AuthAgent) SVCMiddleware {
 }
 
 func (s *authMW) InitStack(ctx context.Context, userID influxdb.ID, newStack StackCreate) (Stack, error) {
-	err := s.authAgent.IsWritable(ctx, newStack.OrgID, influxdb.ResourceTypeStack)
+	err := s.authAgent.IsWritable(ctx, newStack.OrgID, ResourceTypeStack)
 	if err != nil {
 		return Stack{}, err
 	}
 	return s.next.InitStack(ctx, userID, newStack)
 }
 
 func (s *authMW) UninstallStack(ctx context.Context, identifiers struct{ OrgID, UserID, StackID influxdb.ID }) (Stack, error) {
-	err := s.authAgent.IsWritable(ctx, identifiers.OrgID, influxdb.ResourceTypeStack)
+	err := s.authAgent.IsWritable(ctx, identifiers.OrgID, ResourceTypeStack)
 	if err != nil {
 		return Stack{}, err
 	}
 	return s.next.UninstallStack(ctx, identifiers)
 }
 
 func (s *authMW) DeleteStack(ctx context.Context, identifiers struct{ OrgID, UserID, StackID influxdb.ID }) error {
-	err := s.authAgent.IsWritable(ctx, identifiers.OrgID, influxdb.ResourceTypeStack)
+	err := s.authAgent.IsWritable(ctx, identifiers.OrgID, ResourceTypeStack)
 	if err != nil {
 		return err
 	}
@@ -79,7 +79,7 @@ func (s *authMW) UpdateStack(ctx context.Context, upd StackUpdate) (Stack, error
 		return Stack{}, err
 	}
 
-	err = s.authAgent.IsWritable(ctx, stack.OrgID, influxdb.ResourceTypeStack)
+	err = s.authAgent.IsWritable(ctx, stack.OrgID, ResourceTypeStack)
 	if err != nil {
 		return Stack{}, err
 	}

diff --git a/tenant/service_user_test.go b/tenant/service_user_test.go
@@ -155,7 +155,6 @@ func TestFindPermissionsFromUser(t *testing.T) {
 		influxdb.Permission{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &orgID, Type: influxdb.NotificationEndpointResourceType}},
 		influxdb.Permission{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &orgID, Type: influxdb.ChecksResourceType}},
 		influxdb.Permission{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &orgID, Type: influxdb.DBRPResourceType}},
-		influxdb.Permission{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &orgID, Type: influxdb.ResourceTypeStack}},
 		influxdb.Permission{Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.UsersResourceType, ID: &u.ID}},
 		influxdb.Permission{Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.UsersResourceType, ID: &u.ID}},
 	}

diff --git a/ui/src/authorizations/utils/permissions.test.ts b/ui/src/authorizations/utils/permissions.test.ts
@@ -177,20 +177,6 @@ const hvhs: Permission[] = [
       type: 'sources',
     },
   },
-  {
-    action: 'read',
-    resource: {
-      orgID: 'bulldogs',
-      type: 'stack',
-    },
-  },
-  {
-    action: 'write',
-    resource: {
-      orgID: 'bulldogs',
-      type: 'stack',
-    },
-  },
   {
     action: 'read',
     resource: {

diff --git a/ui/src/authorizations/utils/permissions.ts b/ui/src/authorizations/utils/permissions.ts
@@ -20,7 +20,6 @@ const allPermissionTypes: PermissionTypes[] = [
   'secrets',
   'scrapers',
   'sources',
-  'stack',
   'tasks',
   'telegrafs',
   'users',
@@ -48,7 +47,6 @@ const ensureT = (orgID: string, userID: string) => (
     case 'secrets':
     case 'scrapers':
     case 'sources':
-    case 'stack':
     case 'tasks':
     case 'telegrafs':
     case 'variables':
-Original file line number
+Diff line change
@@ Expand Up / @@ -7351,7 +7351,6 @@ components: @@
                 - notificationEndpoints
                 - checks
                 - dbrp
-                - stack
             id:
               type: string
               nullable: true
@@ Expand Down @@