* fix: fixes an error querying virtual dbrps
When the virtual pointer was set to false, the mappings were being ignored.
* fix: missed part in a rebase
* test: add test for shard mapping virtual dbrps
* fix: do not create virtual mappings for equivalent physical mappings
* fix: fix find dbrps, make bucket default if not overridden
* fix: allow filtering of virtual DBRPs, filter in shard mapper
* fix: update tests to mock for virtual filter for shards and update server test
We previously allowed read tokens access to all of v1 query, including
InfluxQL queries that made state changes to the DB, specifically,
'DELETE' and 'DROP MEASUREMENT'. This allowed tokens with only read
permissions to delete points via the legacy /query endpoint.
/api/v2/query was unaffected.
This adjusts the behavior to verify that the token has write permissions
when specifying 'DELETE' and 'DROP MEASUREMENT' InfluxQL queries. We
follow the same pattern as other existing v1 failure scenarios and
instead of failing hard with 401, we use ectx.Send() to send an error to
the user (with 200 status):
{"results":[{"statement_id":0,"error":"insufficient permissions"}]}
Returning in this manner is consistent with Cloud 2, which also returns
200 with "insufficient permissions" for these two InfluxQL queries.
To facilitate authorization unit tests, we add MustNewPermission() to
testing/util.go.
Closes: #22799
Jeffrey Smith II
Andrew Lee
Jamie Strandboge
Sam Arnold
Daniel Moran
Stuart Carnie
Brett Buddin