* fix: improve delete speed when a measurement is part of the predicate
* test: add test for deleting measurement by predicate
* chore: improve error messaging and capturing
* chore: set goland to use the right formatting style
* fix: fixes an error querying virtual dbrps
When the virtual pointer was set to false, the mappings were being ignored.
* fix: missed part in a rebase
* test: add test for shard mapping virtual dbrps
* fix: do not create virtual mappings for equivalent physical mappings
* test: remove group skips
* test: inline previously extended testcases that broke with added sort
Some tests had a sort added so they'd pass in cloud, vanilla, and OSS.
This also broke some extended testcases here in OSS since pushdown rules
no longer match the plan.
This diff "inlines" the testcase body for each of these so we get our
coverage back, but leaves a FIXME to note that it would be better if we
could somehow thread the needle and retain the extension.
* fix: allow backup of all buckets
* Revert "fix: allow backup of all buckets"
This reverts commit 256ec2f591a36b946f5c46014f378b2b76c9a8de.
* fix: remove 20 item limit in several of the data stores
* test: add a test for 20 item limit
* feat(security): set SameSite=strict on session cookie
Use SameSite=Strict as a hardening measure against cross-origin attacks.
While browsers have been moving to default to SameSite=Lax, explicitly
setting SameSite ensures that all browsers enforce it consistently.
While 'lax' is a reasonable hardening choice, the cookie is only
required for requests to '/api/...' and we don't expect 3rd party links
into '/api/...', so this stricter setting should be safe in terms of
usability. Furthermore, while our GET APIs are not state-changing, using
'strict' future-proofs us in case we add a state-changing GET API ('lax'
allows cross-origin 'GET' requests for increased usability for read-only
requests).
Also add a comment to SetCORS() lack of Access-Control-Allow-Credentials
as a reminder that its omission is intentional for defense in depth on
when to attach the cookie to a request.
* chore: mention that Lax sends the cookie with other safe HTTP methods
* chore: add protoc-gen script to releng
* chore: break cross-container-tag into separate variable
* fix: call GNUMakefile "generate-sources" target instead
This also does a better job at mounting the root directory
in the docker container.
This fixes an occurrence of a loop variable being captured in a
parallel test. With the previous code, only the last test case is
actually exercised. To work around this problem, we create a local
copy of the range variable before the parallel test, as suggested in
the Go documentation for the `testing` package:
https://pkg.go.dev/testing#hdr-Subtests_and_Sub_benchmarks
Issue was found automatically using the `loopvarcapture` linter.
Jeffrey Smith II
Ole Kristian (Zee)
davidby-influx
Nathaniel Cook
Sam Arnold
Christopher M. Wolff
Jamie Strandboge
Dane Strandboge
Sunil Kartikey
Cyril Bonté
charlesmahler
Brandon Pfeifer
Sean Brickley
Jonathan A. Sternberg
Owen Nelson
Jason Stirnaman
Cemre Mengu
Abirdcfly
Renato Costa