Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cli: authorization permissions invalid ID #10837

Closed
fntlnz opened this issue Jan 2, 2019 · 2 comments
Closed

cli: authorization permissions invalid ID #10837

fntlnz opened this issue Jan 2, 2019 · 2 comments
Assignees
@desa
Labels
area/api review
Milestone
Alpha

Comments

@fntlnz
Copy link
Contributor

fntlnz commented Jan 2, 2019

Observations

When trying to create a new authorization with --delete-user permissions I get an error:

influx  auth create -u yolo7  --delete-user
Error: invalid ID
Usage:
  influx auth create [flags]

Flags:
      --create-user                grants the permission to create users
      --delete-user                grants the permission to delete users
  -h, --help                       help for create
      --read-bucket stringArray    bucket id
  -u, --user string                user name (required)
      --write-bucket stringArray   bucket id

Global Flags:
      --host string    HTTP address of Influx (default "http://localhost:9999")
      --local          Run commands locally against the filesystem
  -t, --token string   API token to be used throughout client calls

invalid ID

Analysis

I noticed two possible root causes for this problem:

Client side (cli) while creating a new Permission the function NewPermission doesn't set any ID on the newly created permission here:
https://github.com/influxdata/platform/blob/3429e8d0c6753e7f1dab6b080397580a5ba94205/authz.go#L166-L173

When creating the authorization, only permissions are passed to it, while the authorization needs a valid ID.

https://github.com/influxdata/platform/blob/3429e8d0c6753e7f1dab6b080397580a5ba94205/cmd/influx/authorization.go#L101-L103
@zhulongcheng
Copy link
Contributor

zhulongcheng commented Jan 2, 2019
edited
Loading

👍

Looks like the user flag is unused:

https://github.com/influxdata/platform/blob/3429e8d0c6753e7f1dab6b080397580a5ba94205/cmd/influx/authorization.go#L38-L46

@desa
Copy link
Contributor

desa commented Jan 2, 2019

Looked into this a bit more. This root cause is that authorizations now get the user contextually

https://github.com/influxdata/platform/blob/0ddf6b35885555ededde67d0915393ad5b25b92d/http/auth_service.go#L142-L148

So the user is retrieved off of the token. Looking through things, I think that there's a few things that will need to be reworked.

@desa desa self-assigned this Jan 2, 2019
mark-rushakoff referenced this issue in mark-rushakoff/taskdemo Jan 2, 2019
@mark-rushakoff
Update to latest platform; drop yield from tasks
f29a323 
This is compiling but hasn't been fully tested yet due to
https://github.com/influxdata/platform/issues/2169.

So I don't know whether this is working properly.
@russorat russorat transferred this issue from another repository Jan 10, 2019
@desa desa mentioned this issue Jan 10, 2019
Merged
@ghost ghost added the review label Jan 10, 2019
@russorat russorat added this to the Alpha milestone Feb 1, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@desa desa

Labels
area/api review
Projects
None yet
Milestone
Alpha
Development

No branches or pull requests
4 participants
@desa @fntlnz @russorat @zhulongcheng