* fix: fixes an error querying virtual dbrps
When the virtual pointer was set to false, the mappings were being ignored.
* fix: missed part in a rebase
* test: add test for shard mapping virtual dbrps
* fix: do not create virtual mappings for equivalent physical mappings
* fix: fix find dbrps, make bucket default if not overridden
* fix: allow filtering of virtual DBRPs, filter in shard mapper
* fix: update tests to mock for virtual filter for shards and update server test
We previously allowed read tokens access to all of v1 query, including
InfluxQL queries that made state changes to the DB, specifically,
'DELETE' and 'DROP MEASUREMENT'. This allowed tokens with only read
permissions to delete points via the legacy /query endpoint.
/api/v2/query was unaffected.
This adjusts the behavior to verify that the token has write permissions
when specifying 'DELETE' and 'DROP MEASUREMENT' InfluxQL queries. We
follow the same pattern as other existing v1 failure scenarios and
instead of failing hard with 401, we use ectx.Send() to send an error to
the user (with 200 status):
{"results":[{"statement_id":0,"error":"insufficient permissions"}]}
Returning in this manner is consistent with Cloud 2, which also returns
200 with "insufficient permissions" for these two InfluxQL queries.
To facilitate authorization unit tests, we add MustNewPermission() to
testing/util.go.
Closes: #22799
* Move tenant.Service unit tests into its package
* Delete the top-level TenantService interface now that it's not used.
* Move helper funcs for setting up test stores into testing pkg
* Delete duplicate implementations scattered through the codebase
* Move error assertions into store-creation helpers
This commit adds a new index and migration to the DBRP service for
retrieving all database and retention policy mappings for a single
organization.
This change was required to resolve an invalid assumption of the DBRP
service, which relied on a prefix match of the byOrgAndDatabase kv.Index
when performing search operations by organization ID only.
Closes#20096
This includes removal of a lot of kv.Service responsibilities. However,
it does not finish the re-wiring. It removes documents, telegrafs,
notification rules + endpoints, checks, orgs, users, buckets, passwords,
urms, labels and authorizations. There are some oustanding pieces that
are needed to get kv service compiling (dashboard service urm
dependency). Then all the call sites for kv service need updating and
the new implementations of telegraf and notification rules + endpoints
needed installing (along with any necessary migrations).
feat(dashboard): add owner ID to dashboard model
This adds the explicit OwnerID field to Dashboard and also adds a
migration which populates dashboard owners IDs based on dashboard owner
URMs.
feat(dashboards): isolate service in own package
This change isolates the dashboards service into its own package. It
also updates the API to no longer interface with user resource mappings.
Instead it defines new handlers which rely on the newly populated owner
ID field.
chore(dashboards): port tests from http package into new service transport package
chore(launcher): use dashboard transport package client in launcher tests
chore(kv): remove now defunkt dashboard service implementations
* refactor(notifications): isolate endpoint service
Following the ongoing effort to isolate behaviours into their own
packages and off of kv.Service, this change move the notification
endpoints service implementation into its own package. It removes the
endpoint behaviors from the kv service completely.
* chore(influxd): wire up the isolated check service in place of kv service
* refactor(notification): move rule service into own package
* chore(launcher): fix tests to use clients as opposed to direct kv service
* chore(influx): update task cli to consume core domain model task from client
* chore(kv): remove rule service behaviours from kv
This also introduces the org id resolver type. Which is transplanted
from the kv service. As this one function coupled all resource
capabilities onto the kv service. Making removing these capabilities
impossible. Moving this type out into its own package which depends on
each service explicitly ensures we don't have one type which has to
implement all the service contracts.
* fix(launcher): remove double reference to influxdb package
This ensures that transaction lifetimes are shorter to reduce lock
contention.
Additionally, this PR removes the ability to set an empty password
when running the initial on-boarding process. According to the
original developer, this behavior was required to permit Cloud
processes to complete. As this code is no longer shared, this security
issue is corrected.
* feat(paging): add support for after id parameter in find options
* chore(http): update swagger to reflect after query parameter in list buckets
* chore(changelog): update changelog to reflect after query parameter in list buckets
* chore(tenant): update tenant storage tests for paginating with after
The `buckets()` command would use a bucket lookup that wrapped the
`FindBuckets` API. It did not use the pagination aspect of this API
correctly. When the underlying implementation was changed to a version
that correctly implemented pagination, this broke the query `buckets()`
command. Since it was query that used the API incorrectly rather than a
regression in the `FindBuckets` implementation, this fixes the usage to
correctly use pagination.
* refactor: migrator and introduce Store.(Create|Delete)Bucket
feat: kvmigration internal utility to create / managing kv store migrations
fix: ensure migrations applied in all test cases
* chore: update kv and migration documentation
Jeffrey Smith II
Christopher M. Wolff
Andrew Lee
Dane Strandboge
Jamie Strandboge
Daniel Moran
Sam Arnold
Jakub Bednář
Stuart Carnie
George MacRorie
Dan Moran
Alirie Gray
Lyon Hill
Michael Desa
KevinSmile
Jonathan A. Sternberg
jlapacik