diff --git a/cmd/influxd/launcher/launcher.go b/cmd/influxd/launcher/launcher.go index fe37a2acd0..29e3482b35 100644 --- a/cmd/influxd/launcher/launcher.go +++ b/cmd/influxd/launcher/launcher.go @@ -264,14 +264,8 @@ func buildLauncherCommand(l *Launcher, cmd *cobra.Command) { { DestP: &l.enableNewMetaStore, Flag: "new-meta-store", - Default: false, - Desc: "enables the new meta store", - }, - { - DestP: &l.newMetaStoreReadOnly, - Flag: "new-meta-store-read-only", Default: true, - Desc: "toggles read-only mode for the new meta store, if so, the reads are duplicated between the old and new store (has meaning only if the new meta store is enabled)", + Desc: "enables the new meta store", }, { DestP: &l.noTasks, @@ -336,8 +330,7 @@ type Launcher struct { enginePath string secretStore string - enableNewMetaStore bool - newMetaStoreReadOnly bool + enableNewMetaStore bool // Query options. concurrencyQuota int @@ -583,14 +576,16 @@ func (m *Launcher) run(ctx context.Context) (err error) { m.reg.MustRegister(m.boltClient) var ( - orgSvc platform.OrganizationService = m.kvService + userSvc platform.UserService = m.kvService + orgSvc platform.OrganizationService = m.kvService + userResourceSvc platform.UserResourceMappingService = m.kvService + bucketSvc platform.BucketService = m.kvService + passwdsSvc platform.PasswordsService = m.kvService + authSvc platform.AuthorizationService = m.kvService - userSvc platform.UserService = m.kvService variableSvc platform.VariableService = m.kvService - bucketSvc platform.BucketService = m.kvService sourceSvc platform.SourceService = m.kvService sessionSvc platform.SessionService = m.kvService - passwdsSvc platform.PasswordsService = m.kvService dashboardSvc platform.DashboardService = m.kvService dashboardLogSvc platform.DashboardOperationLogService = m.kvService userLogSvc platform.UserOperationLogService = m.kvService @@ -598,7 +593,6 @@ func (m *Launcher) run(ctx context.Context) (err error) { orgLogSvc platform.OrganizationOperationLogService = m.kvService scraperTargetSvc platform.ScraperTargetStoreService = m.kvService telegrafSvc platform.TelegrafConfigStore = m.kvService - userResourceSvc platform.UserResourceMappingService = m.kvService labelSvc platform.LabelService = m.kvService secretSvc platform.SecretService = m.kvService lookupSvc platform.LookupService = m.kvService @@ -611,28 +605,13 @@ func (m *Launcher) run(ctx context.Context) (err error) { return err } - userSvcForAuth := userSvc if m.enableNewMetaStore { - var ts platform.TenantService - if m.newMetaStoreReadOnly { - store, err := tenant.NewReadOnlyStore(m.kvStore) - if err != nil { - m.log.Error("Failed creating new meta store", zap.Error(err)) - return err - } - oldSvc := m.kvService - newSvc := tenant.NewService(store) - ts = tenant.NewDuplicateReadTenantService(m.log, oldSvc, newSvc) - } else { - ts = tenant.NewService(store) - } - userSvcForAuth = ts - - userSvc = tenant.NewAuthedUserService(tenant.NewUserLogger(m.log.With(zap.String("store", "new")), tenant.NewUserMetrics(m.reg, ts, tenant.WithSuffix("new")))) - orgSvc = tenant.NewAuthedOrgService(tenant.NewOrgLogger(m.log.With(zap.String("store", "new")), tenant.NewOrgMetrics(m.reg, ts, tenant.WithSuffix("new")))) - userResourceSvc = tenant.NewAuthedURMService(ts, tenant.NewURMLogger(m.log.With(zap.String("store", "new")), tenant.NewUrmMetrics(m.reg, ts, tenant.WithSuffix("new")))) - bucketSvc = tenant.NewAuthedBucketService(tenant.NewBucketLogger(m.log.With(zap.String("store", "new")), tenant.NewBucketMetrics(m.reg, ts, tenant.WithSuffix("new"))), userResourceSvc) - passwdsSvc = tenant.NewAuthedPasswordService(tenant.NewPasswordLogger(m.log.With(zap.String("store", "new")), tenant.NewPasswordMetrics(m.reg, ts, tenant.WithSuffix("new")))) + ts := tenant.NewService(store) + userSvc = tenant.NewUserLogger(m.log.With(zap.String("store", "new")), tenant.NewUserMetrics(m.reg, ts, tenant.WithSuffix("new"))) + orgSvc = tenant.NewOrgLogger(m.log.With(zap.String("store", "new")), tenant.NewOrgMetrics(m.reg, ts, tenant.WithSuffix("new"))) + userResourceSvc = tenant.NewURMLogger(m.log.With(zap.String("store", "new")), tenant.NewUrmMetrics(m.reg, ts, tenant.WithSuffix("new"))) + bucketSvc = tenant.NewBucketLogger(m.log.With(zap.String("store", "new")), tenant.NewBucketMetrics(m.reg, ts, tenant.WithSuffix("new"))) + passwdsSvc = tenant.NewPasswordLogger(m.log.With(zap.String("store", "new")), tenant.NewPasswordMetrics(m.reg, ts, tenant.WithSuffix("new"))) } switch m.secretStore { @@ -956,7 +935,7 @@ func (m *Launcher) run(ctx context.Context) (err error) { } { - platformHandler := http.NewPlatformHandler(m.apibackend, userSvcForAuth, http.WithResourceHandler(pkgHTTPServer), http.WithResourceHandler(onboardHTTPServer)) + platformHandler := http.NewPlatformHandler(m.apibackend, http.WithResourceHandler(pkgHTTPServer), http.WithResourceHandler(onboardHTTPServer)) httpLogger := m.log.With(zap.String("service", "http")) m.httpServer.Handler = http.NewHandlerFromRegistry( diff --git a/http/platform_handler.go b/http/platform_handler.go index 5c04e0fa9f..77773104bd 100644 --- a/http/platform_handler.go +++ b/http/platform_handler.go @@ -4,7 +4,6 @@ import ( "net/http" "strings" - "github.com/influxdata/influxdb/v2" kithttp "github.com/influxdata/influxdb/v2/kit/transport/http" ) @@ -16,13 +15,13 @@ type PlatformHandler struct { } // NewPlatformHandler returns a platform handler that serves the API and associated assets. -func NewPlatformHandler(b *APIBackend, us influxdb.UserService, opts ...APIHandlerOptFn) *PlatformHandler { +func NewPlatformHandler(b *APIBackend, opts ...APIHandlerOptFn) *PlatformHandler { h := NewAuthenticationHandler(b.Logger, b.HTTPErrorHandler) h.Handler = NewAPIHandler(b, opts...) h.AuthorizationService = b.AuthorizationService h.SessionService = b.SessionService h.SessionRenewDisabled = b.SessionRenewDisabled - h.UserService = us + h.UserService = b.UserService h.RegisterNoAuthRoute("GET", "/api/v2") h.RegisterNoAuthRoute("POST", "/api/v2/signin") diff --git a/tenant/doc.go b/tenant/doc.go new file mode 100644 index 0000000000..61ff6ac46e --- /dev/null +++ b/tenant/doc.go @@ -0,0 +1,28 @@ +/* +The tenant domain encapsulates all the storage critical metadata services: +User +Organization +Bucket +URM's + +These services are the cornerstone of all other metadata services. The intent is to have +a single location for all tenant related code. THis should facilitate faster bug resolution and +allow us to make changes to this service without effecting any dependant services. + +When a new request for the tenant service comes in it should follow this pattern: +1 http_server_resource - this is where the request is parsed and rejected if the client didn't send + the right information +2 middleware_resource_auth - We now confirm the user that generated the request has sufficient permission + to accomplish this task, in some cases we adjust the request if the user is without the correct permissions +3 middleware_resource_metrics - Track RED metrics for this request +4 middleware_resource_logging - add logging around request duration and status. +5 service_resource - When a request reaches the service we verify the content for compatibility with the existing dataset, + for instance if a resource has a "orgID" we will ensure the organization exists +6 storage_resource - Basic CRUD actions for the system. + +This pattern of api -> middleware -> service -> basic crud helps us to break down the responsibilities into digestible +chunks and allows us to swap in or out any pieces we need depending on the situation. Currently the storage layer is using +a kv store but by breaking the crud actions into its own independent set of concerns we allow ourselves to move away from kv +if the need arises without having to be concerned about messing up some other pieces of logic. +*/ +package tenant