Commit Graph

49685 Commits (praveen/v1-write-basic-auth)

Author SHA1 Message Date
Praveen Kumar 1853facc6c
refactor: change the message sent back for malformed auth header 2025-05-09 17:45:13 +01:00
Praveen Kumar 661a88dd1d
refactor: address PR feedback to return MalformedRequest error when `:` is used more than once in user-pass pair 2025-05-08 16:35:16 +01:00
Praveen Kumar cc50b3ef1a
feat: support `Basic $TOKEN` for all apis
closes: https://github.com/influxdata/influxdb/issues/25833
2025-05-07 17:15:07 +01:00
Trevor Hilton a2dc597d54
chore: update rust toolchain to 1.86.0 (#26355) 2025-05-05 17:33:26 -04:00
Trevor Hilton db27c69fb0
docs: remaining release process for docker/apt/yum (#26354) 2025-05-05 13:36:10 -04:00
peterbarnett03 403791e69a
chore: update install_influxdb.sh (#26352) 2025-05-03 12:25:38 -04:00
Trevor Hilton f34d99c61f
docs: update RELEASE.md for post-GA process (#26351) 2025-05-02 16:21:41 -04:00
Trevor Hilton d544073db2
chore: add -nightly to cargo version for snapshot releases (#26349)
This will have revision info displayed with `-nightly` added to the version, which
leads the most recent released version by 1 minor release.

For example,
* Using the `/ping` API:
```
❯ curl localhost:8181/ping
{"version":"3.1.0-nightly","revision":"f6aa0c1b29","process_id":"ccbd5879-a83b-4091-b68c-92c6b704cf8a"}
```
* Checking the binary version:
```
❯ influxdb3 --version
influxdb3 3.1.0-nightly, revision f6aa0c1b29
```
2025-05-02 12:11:50 -04:00
peterbarnett03 f6aa0c1b29
fix: update token creation output (#26336)
* fix: clarify token generation output for easier readibility

* fix: linter error

* fix: additional linter error

* fix: linter error on output

* fix: switch to owo_colorize
2025-04-30 12:11:33 -05:00
praveen-influx 08f2f857da
feat: additional info when started --without-auth (#26338)
- return 405 message body to indicate the endpoints are disabled
- extra log to say server has been started without auth
2025-04-29 08:06:44 -05:00
peterbarnett03 6a6743412a
feat: Remove Last Cache Size Limitation (#26333)
* feat: remove limit on LVC size

* fix: bad test case and incorrect info

* fix: more clarity and default value

* fix: light CLI polishes

* fix: bad snapshot
2025-04-28 13:40:18 -04:00
praveen-influx a3428261a3
feat: add `cluser_uuid`/`catalog_uuid` to telemetry (#26335)
closes: https://github.com/influxdata/influxdb_pro/issues/764
2025-04-28 12:37:37 -05:00
Trevor Hilton d30f26618c
fix: distinct cache counting bug (#26332)
* test: reproducer for #26318

* fix: distinct cache counting bug

Fixed an issue where the distinct cache was not counting rows correctly
for scenarios where a projection and predicate were used in conjunction
2025-04-25 16:40:25 -04:00
praveen-influx 9c8c7fe105
refactor: port changes from enterprise (#26329) 2025-04-25 18:08:07 +01:00
Trevor Hilton e977d263f8
chore: back-port changes from influxdb_pro#762 (#26323) 2025-04-25 10:02:08 -04:00
Trevor Hilton 85850cd394
feat: improve control of logs on test harness (#26325) 2025-04-24 21:09:00 -04:00
Trevor Hilton 0f52ebb90d
fix: group by tag columns with escape quotes (#26326)
* test: reproducer for #26216
* fix: group by tag columns with escape quotes
2025-04-24 20:31:14 -04:00
Michael Gattozzi fb8daa7860
feat: Add more TLS tests to the test suite (#26324)
* feat: Add a negative cert test

This adds a test that will panic on server startup because connections
to said server are invalid. We add a bad expired cert to our cert
generation for usage in our tests.

Note that this test is only really valid if other tests pass as it
depends on waiting for the server start checks to fail. If other
tests run then their server started fine and so did this one, the
only difference being that connections will error due to a bad tls cert.

Closes #26256

* feat: Add minimum TLS version test

This is a follow on to #26307. In this commit we add a test where we
check that connections only pass if TLS is set to v1.3. The default is
1.2 and other tests connect with that just fine. In this test we spin
up a server using only v1.3 as the minimum and try to connect with v1.2
which we expect to fail and then v1.3 which should pass.

Closes #26308
2025-04-24 18:11:39 -04:00
Michael Gattozzi e684fc1a24
feat: Add support for CORS requests from a browser (#26314)
This commit adds support for CORS by modifying our requests to make
preflight checks valid and to handle responses containing the necessary
headers for browsers to access the data they need. We keep what we
accept as open as this is essentially what requests to the server are
normally like and we gate the requests with an auth token.

Closes #26313
2025-04-24 15:16:18 -04:00
Stuart Carnie 8507bdc766
fix: Ensure `iox` table schema is sorted for SHOW TABLES (#26302)
* fix: Ensure `iox` table schema is sorted for SHOW TABLES

Closes #25860

* chore: Add insta snapshot

* chore: placate clippy
2025-04-23 09:05:06 +10:00
Stuart Carnie b0532dce87
fix: Consistent thread arguments with influxdb3_pro (#26304)
If the old environment variables are used, a warning will be displayed
on the console with the recommended replacement.
2025-04-23 09:04:32 +10:00
Michael Gattozzi af57abd6a9
feat: Allow setting a minimum TLS version (#26307)
This commit allows users to set a minimum TLS version. The default is
1.2. The choices are TLS 1.2 or TLS 1.3 which can be set via env var:

INFLUXDB3_TLS_MINIMUM_VERSION="tls-1.2"
or
INFLUXDB3_TLS_MINIMUM_VERSION="tls-1.3"

and for the command line flag for the serve command:

--tls-minimum-version tls-1.2

or

--tls-minimum-version tls-1.3

With this users have more fine grained control over what tls version
they require.

Closes #26255
2025-04-22 13:57:23 -04:00
Trevor Hilton 59c87aee7a
test: distinct cache ignores rows with nulls (#26306) 2025-04-22 11:43:49 -04:00
Michael Gattozzi f9721d3355
feat: Generate testing TLS certs on the fly (#26288)
This commit is a follow up to #26246 and generates test certs on the fly
for our test suite. In practice this will only need to be done once with
a fresh repo check out as the certs will expire long after anyone would
reasonably be working on this code in the year 4096! This could be
extended in the future to generate negative tls tests where the file
should be expired.

Closes #26254
2025-04-21 11:43:33 -04:00
peterbarnett03 c894451900
fix: update install script to use latest version and DockerHub (#26300)
* chore: update install script to use DockerHub

* fix: ensure script pulls latest images and uses DockerHub
2025-04-21 08:37:36 -05:00
praveen-influx b41a2d9bc3
feat: expose `--format json` for token creation cmd (#26286)
* feat: expose `--format json` for token creation cmd

closes: https://github.com/influxdata/influxdb/issues/25913

* refactor: address feedback
2025-04-18 08:06:02 +01:00
Paul Dix e9a27f1aab
chore: version bump for 3.0.1 (#26282) (#26284) 2025-04-17 10:04:16 -04:00
peterbarnett03 2ceed952b8
docs: clarify default maxes for distinct cache (#26281) 2025-04-16 15:29:30 -04:00
Trevor Hilton e4cfbf71f7
chore: back-port catalog limit refactor from enterprise (#26278)
This back-ports some changes to how limits are enforced on the catalog
from enterprise. There were some changes that would catch some potential
bugs.
2025-04-16 14:03:24 -04:00
Michael Gattozzi ab13c05c3f
feat: Add env vars for TLS options (#26277) 2025-04-16 12:11:28 -04:00
Stuart Carnie 5da3850319
fix: `--tags` argument is optional and now requires at least one tag (#26275)
* fix: `--tags` argument is optional and now requires at least one tag

Closes #25824

* chore: Added CLI unit tests
2025-04-16 11:46:13 -04:00
Paul Dix 8f0a0538e9
chore: Update README.md (#26272) 2025-04-15 09:48:00 -04:00
Paul Dix c86f907897
chore: update README for 3.0 release (#26271) 2025-04-15 09:29:28 -04:00
Paul Dix b4d050f7e0
chore: update install script for three (#26269) 2025-04-14 20:05:34 -04:00
Paul Dix 3b602eead2
chore: version bump to release 3.0 (#26268) 2025-04-14 18:15:17 -04:00
Trevor Hilton 78616025b9
chore: fix help text in core (#26267) 2025-04-14 16:54:09 -04:00
Trevor Hilton 847c53ab2d
docs: fix typos in help text (#26266) 2025-04-14 16:11:00 -04:00
Trevor Hilton 2b2899f60f
chore: back-port changes from enterprise (#26265) 2025-04-14 14:47:20 -04:00
praveen-influx f3aa3ecf02
feat: updates to token help message (#26264) 2025-04-14 18:37:21 +01:00
praveen-influx 0cb5f9077c
feat: ask for confirmation when regenerating token (#26258) 2025-04-13 09:07:09 +01:00
Trevor Hilton 5d7cb88f87
feat: track catalog retries as prometheus metric (#26251)
Adds a metric to track total retried catalog operations due to the catalog
being updated elsewhere. Includes a test to check the counter increments
on basic catalog operations.
2025-04-11 15:24:10 -04:00
Trevor Hilton b11cf81dc6
refactor: remove Option from catalog update APIs (#26250)
Catalog update APIs were returning an Option that was not necessary. It
was always Some, so this removes the Option from the API to make the
intent clear - if there is an update made by the requested change, there
is a Batch; whereas if the requested change is erroneous, or would not
produce a change, the response is Err.
2025-04-11 12:34:18 -04:00
praveen-influx e5af9f95d2
feat: enable auth by default (#26243)
* feat: enable auth by default

- Removes `--bearer-token` support and starts the server with auth by
  default.
- Adds `--without-auth` switch to start the server without any auth

* feat: changes for auth being turned off

when auth is turned off,
- disallow token endpoints (returns 405)
- remove hash column when querying tokens system table

* refactor: address PR feedback
2025-04-11 16:44:27 +01:00
Paul Dix 26728028df
feat: limit tag columns per table to 250 (#26249) 2025-04-10 17:38:07 -04:00
Trevor Hilton a1923d9304
fix: build after some merge regressions (#26248) 2025-04-10 16:20:11 -04:00
praveen-influx 64eeb09687
feat: allow token deletes (#26247)
This commit allows deletion of tokens by name. Below is an example,

`influxdb3 delete token --token-name _admin --token $CURRENT_ADMIN_TOKEN`

It needs user confirmation before proceeding with the delete
2025-04-10 20:31:19 +01:00
Michael Gattozzi fe69793418
feat: Add TLS support for influxdb3 (#26246)
This commit adds TLS support to influxdb3 and allows users to pass in a
path to a key and cert file with the --tls-key and --tls-cert flags in
the serve command. It also adds the ability for every command to specify
a certificate authority for requests. This is mostly needed when the
cert is self signed, but there are other use cases for this.

The big thing is that most of our tests now use TLS by default. Included
are self signed certs for localhost and the the CA cert included in the
commit. Since these are *only* used for testing this should be fine to
include as they are not used in nor are they intended to be used in any
production system. The expiry has been set for 365 days and the file
perms are set to o600 like the original issue mentioned. The tests pass
with this restriction.

I've verified that the API works via curl with the self signed certs as
I did *not* need to pass in the -k option to bypass checking the certs
were valid. The same goes for our tests. They use the rootCA.pem file
to verify the self signed cert when connecting and reject it otherwise.

With this users can be confident that their queries are safely encrypted
during transport.

Note that TLS works for both FlightSQL and our normal APIs.

Closes #25774
2025-04-10 13:45:47 -04:00
Jamie Strandboge 37e2981ce2
fix(install_influxdb.sh): use 'shasum -a 256' on OSX (#26245)
sha256sum is present on some versions of OSX, but not all. Use
'shasum -a 256' on OSX since it should always be present.
2025-04-09 17:05:16 -05:00
Michael Gattozzi f7feaacc99
feat: Change help messages for influxdb3 and serve (#26235)
This changes the help messages for the serve command and the influxdb3
top level help output. This is to provide better help output and options
for users compared to the clap defaults. After many iterations this code
was the final design I landed on. In order to make our custom help work
we:

1. Roughly parse the args to check for a given command and help message
2. If there is no subcommand we print out our custom help message for
   the top level command
3. If there is a subcommand we only print it out for serve currently
4. --help-all prints a more detailed message

This lets us upgrade our help messages in place over time as the
subcommands themselves have subcommands that also need their own help
messages. For now we only include these two.

We could not use something like `clap-help` or derive the output from
the derived clap struct automatically due to multiple issues, but
suffice to say the main thing was that we could not parse the args into
the `Config` struct and then figure out our help message and `clap`'s
message template function was too underpowered. We also wanted to create
a `help-all` flag and this was quite hard to make work with `clap`'s
short and long help.

In the end the best option was to roll our own. While a bit hacky in
terms of us maintaining it, the overall outcome should be a much nicer
user experience in which they can have much better introductions to the
tool. `serve` was quite egregious with a lot of output and very little
actionable options to use for most users.

Closes #26201
2025-04-09 14:25:16 -04:00
praveen-influx 1983818e36
feat: porting token work from enterprise (#26239)
* feat: generate persistable admin token

- this commit allows admin token creation using `influxdb3 create token
  --admin` and also allows regeneration of admin token by `influxdb3
  create token --admin --regenerate`
- `influxdb3_authz` crate hosts all low level token types and behaviour
- catalog log and snapshot types updated to use the token repo
- tests that relied on auth have been updated to use the new token
  generation mechanism and new admin token generation/regeneration tests
  have been added

* feat: list admin tokens

- allows listing admin tokens
- uses _internal db for token system table
- mostly test fixes due to _internal db
2025-04-09 16:31:59 +01:00