refactor: create new token package (#17874)

auth.go

@@ -103,7 +103,7 @@ type AuthorizationService interface {
 	CreateAuthorization(ctx context.Context, a *Authorization) error
 
 	// UpdateAuthorization updates the status and description if available.
-	UpdateAuthorization(ctx context.Context, id ID, udp *AuthorizationUpdate) (*Authorization, error)
+	UpdateAuthorization(ctx context.Context, id ID, upd *AuthorizationUpdate) (*Authorization, error)
 
 	// Removes a authorization by token.
 	DeleteAuthorization(ctx context.Context, id ID) error

authorization/error.go

@@ -0,0 +1,66 @@
+package authorization
+
+import (
+	"fmt"
+
+	"github.com/influxdata/influxdb/v2"
+)
+
+var (
+	// ErrInvalidAuthID is used when the Authorization's ID cannot be encoded
+	ErrInvalidAuthID = &influxdb.Error{
+		Code: influxdb.EInvalid,
+		Msg:  "authorization ID is invalid",
+	}
+
+	// ErrAuthNotFound is used when the specified auth cannot be found
+	ErrAuthNotFound = &influxdb.Error{
+		Code: influxdb.ENotFound,
+		Msg:  "authorization not found",
+	}
+
+	// NotUniqueIDError is used when ...
+	NotUniqueIDError = &influxdb.Error{
+		Code: influxdb.EConflict,
+		Msg:  "ID already exists",
+	}
+
+	// ErrFailureGeneratingID occurs ony when the random number generator
+	// cannot generate an ID in MaxIDGenerationN times.
+	ErrFailureGeneratingID = &influxdb.Error{
+		Code: influxdb.EInternal,
+		Msg:  "unable to generate valid id",
+	}
+
+	// ErrTokenAlreadyExistsError is used when attempting to create an authorization
+	// with a token that already exists
+	ErrTokenAlreadyExistsError = &influxdb.Error{
+		Code: influxdb.EConflict,
+		Msg:  fmt.Sprintf("token already exists"),
+	}
+)
+
+// ErrInvalidAuthIDError is used when a service was provided an invalid ID.
+func ErrInvalidAuthIDError(err error) *influxdb.Error {
+	return &influxdb.Error{
+		Code: influxdb.EInvalid,
+		Msg:  "auth id provided is invalid",
+		Err:  err,
+	}
+}
+
+// ErrInternalServiceError is used when the error comes from an internal system.
+func ErrInternalServiceError(err error) *influxdb.Error {
+	return &influxdb.Error{
+		Code: influxdb.EInternal,
+		Err:  err,
+	}
+}
+
+// UnexpectedAuthIndexError is used when the error comes from an internal system.
+func UnexpectedAuthIndexError(err error) *influxdb.Error {
+	return &influxdb.Error{
+		Code: influxdb.EInternal,
+		Msg:  fmt.Sprintf("unexpected error retrieving auth index; Err: %v", err),
+	}
+}

authorization/http_client.go

@@ -0,0 +1,106 @@
+package authorization
+
+import (
+	"context"
+	"errors"
+
+	"github.com/influxdata/influxdb/v2"
+	"github.com/influxdata/influxdb/v2/pkg/httpc"
+)
+
+var _ influxdb.AuthorizationService = (*AuthorizationClientService)(nil)
+
+// AuthorizationClientService connects to Influx via HTTP using tokens to manage authorizations
+type AuthorizationClientService struct {
+	Client *httpc.Client
+}
+
+// CreateAuthorization creates a new authorization and sets b.ID with the new identifier.
+func (s *AuthorizationClientService) CreateAuthorization(ctx context.Context, a *influxdb.Authorization) error {
+	newAuth, err := newPostAuthorizationRequest(a)
+	if err != nil {
+		return err
+	}
+
+	return s.Client.
+		PostJSON(newAuth, prefixAuthorization).
+		DecodeJSON(a).
+		Do(ctx)
+}
+
+// FindAuthorizations returns a list of authorizations that match filter and the total count of matching authorizations.
+// Additional options provide pagination & sorting.
+func (s *AuthorizationClientService) FindAuthorizations(ctx context.Context, filter influxdb.AuthorizationFilter, opt ...influxdb.FindOptions) ([]*influxdb.Authorization, int, error) {
+	params := influxdb.FindOptionParams(opt...)
+	if filter.ID != nil {
+		params = append(params, [2]string{"id", filter.ID.String()})
+	}
+	if filter.UserID != nil {
+		params = append(params, [2]string{"userID", filter.UserID.String()})
+	}
+	if filter.User != nil {
+		params = append(params, [2]string{"user", *filter.User})
+	}
+	if filter.OrgID != nil {
+		params = append(params, [2]string{"orgID", filter.OrgID.String()})
+	}
+	if filter.Org != nil {
+		params = append(params, [2]string{"org", *filter.Org})
+	}
+
+	var as authsResponse
+	err := s.Client.
+		Get(prefixAuthorization).
+		QueryParams(params...).
+		DecodeJSON(&as).
+		Do(ctx)
+	if err != nil {
+		return nil, 0, err
+	}
+
+	auths := make([]*influxdb.Authorization, 0, len(as.Auths))
+	for _, a := range as.Auths {
+		auths = append(auths, a.toInfluxdb())
+	}
+
+	return auths, len(auths), nil
+}
+
+// FindAuthorizationByToken is not supported by the HTTP authorization service.
+func (s *AuthorizationClientService) FindAuthorizationByToken(ctx context.Context, token string) (*influxdb.Authorization, error) {
+	return nil, errors.New("not supported in HTTP authorization service")
+}
+
+// FindAuthorizationByID finds a single Authorization by its ID against a remote influx server.
+func (s *AuthorizationClientService) FindAuthorizationByID(ctx context.Context, id influxdb.ID) (*influxdb.Authorization, error) {
+	var b influxdb.Authorization
+	err := s.Client.
+		Get(prefixAuthorization, id.String()).
+		DecodeJSON(&b).
+		Do(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return &b, nil
+}
+
+// UpdateAuthorization updates the status and description if available.
+func (s *AuthorizationClientService) UpdateAuthorization(ctx context.Context, id influxdb.ID, upd *influxdb.AuthorizationUpdate) (*influxdb.Authorization, error) {
+	var res authResponse
+	err := s.Client.
+		PatchJSON(upd, prefixAuthorization, id.String()).
+		DecodeJSON(&res).
+		Do(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	return res.toInfluxdb(), nil
+}
+
+// DeleteAuthorization removes a authorization by id.
+func (s *AuthorizationClientService) DeleteAuthorization(ctx context.Context, id influxdb.ID) error {
+	return s.Client.
+		Delete(prefixAuthorization, id.String()).
+		Do(ctx)
+}