Allow non-admin users to execute SHOW DATABASES #7974
Merged
+302
−14
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mark-rushakoff
force-pushed
the
mr-4785-show-databases
branch
from
30eea1e to
c22801c
Compare
joelegasse
suggested changes
Feb 9, 2017
There was a problem hiding this comment.
I think adding an extra type here, then ultimately tying that type back to the user is taking the long road.
I would rather see the UserInfo attached to the execution context, and then just call Authorize for each database instead.
I don't see the benefit in adding a second way to check if a user is authorized for a given database...
|
Per Joe's comment and an offline conversation with him, I'll be pushing up a cleaner implementation most likely today. |
mark-rushakoff
force-pushed
the
mr-4785-show-databases
branch
from
c22801c to
a10062f
Compare
joelegasse
approved these changes
Feb 13, 2017
This commit introduces a new interface type, influxql.Authorizer, that is passed as part of a statement's execution context and determines whether the context is permitted to access a given database. In the future, the Authorizer interface may be expanded to other resources besides databases. In this commit, the Authorizer interface is specifically used to determine which databases are returned when executing SHOW DATABASES. When HTTP authentication is enabled, the existing meta.UserInfo struct implements Authorizer, meaning admin users can SHOW every database, and non-admin users can SHOW only databases for which they have read and/or write permission. When HTTP authentication is disabled, all databases are visible through SHOW DATABASES. This addresses a long-standing issue where Chronograf or Grafana would be unable to list databases if the logged-in user did not have admin privileges. Fixes #4785.
mark-rushakoff
force-pushed
the
mr-4785-show-databases
branch
from
a10062f to
53699aa
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit introduces a new interface type, influxql.Authorizer, that
is passed as part of a statement's execution context and determines
whether the context is permitted to access a given database. In the
future, the Authorizer interface may be expanded to other resources
besides databases. In this commit, the Authorizer interface is
specifically used to determine which databases are returned when
executing SHOW DATABASES.
When HTTP authentication is enabled, the existing meta.UserInfo struct
implements Authorizer, meaning admin users can SHOW every database, and
non-admin users can SHOW only databases for which they have read and/or
write permission.
When HTTP authentication is disabled, all databases are visible through
SHOW DATABASES.
This addresses a long-standing issue where Chronograf or Grafana would
be unable to list databases if the logged-in user did not have admin
privileges.
Fixes #4785.
Required for all non-trivial PRs