* chore: update task tests to use the tenant service
After the introduction of the tenant system we need to switch the testing frameworks
to use it instead of the old kv system
* chore: update onboarding to allow injected middleware
* feat(task): Add new permission lookup pattern for executor
We can now use the user service to populate task owners permissions.
This should improve the task lookup time and decouple the task system
from the URM system. In the future we will have the ability to better isolate
tenant pieces from the rest of the service.
* feat: add feature flagging
We can now use the user service to populate task owners permissions.
This should improve the task lookup time and decouple the task system
from the URM system. In the future we will have the ability to better isolate
tenant pieces from the rest of the service.
* refactor: migrator and introduce Store.(Create|Delete)Bucket
feat: kvmigration internal utility to create / managing kv store migrations
fix: ensure migrations applied in all test cases
* chore: update kv and migration documentation
* fix: remove urm create from task create request.
This will greatly reduce the amount of urms created in the system. To make this change to the system we need to also remove our direct reliance on the urm's in tasks.
Remove the create and delete portion of the task actions that are creating and deleting urms
Remove reliance on urm's when we are doing FindTaskByUser and instead rely on the user filter matching the task.OwnerID
One test had to be changed because the test was explicitly hacking the task to remove the owner ID and then trying to successfully look up the task by ownerID
* fix: add in feature flag
* fix: apply cursor cleanliness and permission error handling
This new session service has the ability to work independant of other systems
it relies on having its own store type which should allow us to be more flexible
then using the built in kv system.
I have included an in mem session store.
* chore(kv): add failing test for session renewal extension
* fix(kv): ensure renew session only updates expiration if it is newer than existing
* chore: update changelog to reflect renew session expiration fix
At the moment, the default session length only gets set to the default
when no service config is specified. So if a service config is used and
it does not set a value for the session length, then the session length
will be zero.
This modifies the creation of the kv service so that it will set the
default session length if the session length is set to zero (the default
value) instead of only doing it when no service config is specified.
Renaming Generate in anticipation of a new method that will onboard
users other than the initial user. The intent is to simplify multi-user
setups.
Co-authored-by: Chris Goller <goller@gmail.com>
* feat(kv): migration types for managing kv buckets and indexes over time
chore(kv): fixup comments in migrator types
fix(kv): initialize migrator bucket on kv service initialize
chore(kv): remove currently unused auth index
chore(kv): remove currently unused urm index
* chore(kv): move migrator tests into testing package and run for inmem and bolt
* chore(changelog): update changelog to reflect kv migrator type
* fix(kv): update auto migration store to return migratable store
* chore(kv): wrap error using func instead of defer in index
* chore(kv): rename Name method to MigrationName for clarity
* chore(kv): update migration log messages to match influxdb standard
* fix: allow authorized label service to be called indirectly
17071 exists because pkger loads all service resources as authorized on
start, resulting in them all being authorized when referenced indirectly
(not hit directly via api by consumer). Rather than restructure pkger to
only authorize direct services, this allows proper indirect auth to
labels (the cause of 17071).
* Add orgService to tests
* Add resource types to find orgID from
* feat(kv): new index type for managing kv indexes
* feat(kv): index verify diff now can produce list of corrupt foreign keys
* fix(testing): refactor kv index tests into testing package and integrate with bolt
* chore(kv): fix go lint error in index
* fix(kv): add test for index walk
* fix(kv): change index cursing strategy to reduce calls to source bkt.Get
* feat(kv): add delete and populate remove dangling foreign keys to index
In the past, the default was only being set if a service config wasn't
provided. But if a service config was provided and gave a zero value, it
would not fill in the default value. This changes the code so that it
will always set the default value if the session length is set to zero.
This moves a few types and constants to the global package so it can be
used without importing the `task/backend` package. These constants are
referenced in non tasks-specific code.
This is needed to break a dependency chain where the task backend will
call into the flux runtime to perform parsing or evaluation of a script
and to prevent the http package from inheriting that dependency.
The tasks subsystem will now use the flux language service to parse and
evaluate flux instead of directly interacting with the parser or
runtime. This helps break the dependency on the libflux parser for the
base influxdb package.
This includes the task notification packages which were changed at the
same time.
* Revert "fix(kv): Don't stop when key not found from index."
This reverts commit bd9167d383.
* Revert "fix(kv): push down org ID to skip in delete URM (#16841)"
This reverts commit a5f508de77.
* Revert "fix(kv): delete authorization from correct index bucket (#16835)"
This reverts commit 7349216e94.
* Revert "feat(kv): Index Authorizations by User ID (#16818)"
This reverts commit df36fe957b.
* Revert "feat: add indexes to urm for user lookups (#16789)"
This reverts commit 9561d0a4f4.
* fix(kv): push down org ID to skip in delete URM
* fix(kv): use database key rather than resource id
We are trying to skip deletes that would remove keys
that have already been deleted. This is a rather
extreme approach and I believe we should think about how
to fix user-resource-mappings.
Co-authored-by: Lyon Hill <lyondhill@gmail.com>
Signed-off-by: Chris Goller <goller@gmail.com>
Co-authored-by: George <me@georgemac.com>
Co-authored-by: Lyon Hill <lyondhill@gmail.com>
* fix(kv): delete authorization from correct index bucket
* fix(kv): return not found code when user resource mapping indexed by not in source
* chore(kv): define failing test for URM on delete
* feat(kv): add user id index on authorizations
* chore(auths): test FindAuthorizations both with and without a populated index
* chore(kv): cleanup index skipping flag in auths service
* fix(kv): bad flag around auth by user index population
* fix(kv): auth by user index lookup use correct buckets
* chore(kv): ensure indexer is called as expected when auth user index missing
* chore(kv): add benchmarks around authorization lookup
* feat(kv): Create a indexer to allow the addition of indexes
This will allow the population of indexes to be incremental and allow
for a rolling update to the index's to be handled cleanly.
* Begin implementing retreival of telegraf plugin stats
* Implement storing/deletion of telegraf plugin stats
* Test plugin stats
* Initialize plugins bucket for tests
* Add comment
* Shorten time and frequency in bolt when providing telegraf plugins metrics
* Simplify ticker loop
* Leak underlying ticker while still satisfying linter
* fix(kv): Update scrapers to use new forward cursor
I also made a minor update to move a db lookup outside of a for loop to save
time and optimize
* fix(inmem): fix a potential race condition
* feat(backup): `influx backup` creates data backup
* feat(backup): initial restore work
* feat(restore): initial restore impl
Adds a restore tool which does offline restore of data and metadata.
* fix(restore): pr cleanup
* fix(restore): fix data dir creation
* fix(restore): pr cleanup
* chore: amend CHANGELOG
* fix: restore to empty dir fails differently
* feat(backup): backup and restore credentials
Saves the credentials file to backups and restores it from backups.
Additionally adds some logging for errors when fetching backup files.
* fix(restore): add missed commit
* fix(restore): pr cleanup
* fix(restore): fix default credentials restore path
* fix(backup): actually copy the credentials file for the backup
* fix: dirs get 0777, files get 0666
* fix: small review feedback
Co-authored-by: tmgordeeva <tanya@influxdata.com>
Stuart Carnie
Lyon Hill
Alirie Gray
George
Jonathan A. Sternberg
Brett Buddin
Johnny Steenbergen
jlapacik
Yiqun (Ethan) Zhang
Lorenzo Affetti
Marc Delagrammatikas
Gavin Cabbage
Greg
Chris Goller
Christopher M. Wolff
Kelvin Wang
Gavin Cabbage
Jacob Marble
Zoe Steinkamp