(#108) influx_auth: fix creation using resource name

[lennardk]

influx_get doesn't support params since c195e50.

This feels like a candidate for an additional test creating tokens with a resource name referenced, however I'm not familiar with the test framework so I'm creating this PR without.

[CLAassistant]

All committers have signed the CLA.

[lennardk]

Actually, More is needed. Don't know how I thought I succesfully tested it. More to come!

[m0dular]

Hi @lennardk, is there an issue you're seeing when trying to create or manage tokens? I looked at this and I don't remember what the intent of the code here was, but it doesn't ever actually call influxdb_get there. The map just ends up returning the permissions array as-is and never calls the influxdb_get method. I deleted this block and changed the body to use

permissions: should[:permissions],

instead and it works fine. We should probably make this change since there is some dead code here which could be misleading, but is there an issue you're trying to fix with this PR?

[lennardk]

Hi,

Hi @lennardk, is there an issue you're seeing when trying to create or manage tokens
Yes, issue is linked in commit message. With the current code in place, it errors out when trying to create permissions on specific resources (buckets, in my case).

I looked at this and I don't remember what the intent of the code here was, but it doesn't ever actually call influxdb_get there. The map just ends up returning the permissions array as-is and never calls the influxdb_get method. I deleted this block and changed the body to use

permissions: should[:permissions],

instead and it works fine. We should probably make this change since there is some dead code here which could be misleading, but is there an issue you're trying to fix with this PR?
You have a point here, just straight passing the name, maybe adding the org, without adding the ID might be just as valid. That would make things easier. I can't test it right away myself but I'll have a look in the next few days.

[m0dular]

Ah, I think I see the problem. When you try to create a more restrictive set of permissions, like

      permissions      => [
        {
          'action'   => 'read',
          'resource' => {
            'type'   => 'buckets',
            "name"   => "puppet_data",
            "org"   => "puppetlabs",
          }
        },
    ]

we need to get the IDs of the bucket and org to use in the POST to create the token. I'm not sure if that ever worked properly, but we can start with specifically named buckets since that's probably the most common use case. The code in the current PR seems to account for the bucket name, but not the org name. I'll see if we can just grab the IDs from the cache.

[m0dular]

Turns out the "org" => "puppetlabs" item doesn't need to be inside the actual resource part of the permission. So the PR works, but I think we could use the bucket cache to make it a bit cleaner. I'll start a review.

[m0dular]

Hi @lennardk, I opened #110 to fix this and added a unit test there. Let us know if that works for you.