* chore(flightsql): rename Namespace to Database in error message
* chore(flightsql): rename Namespace to Database in test error msg
---------
Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
* feat(idpe-17265): authorization should occur as part of the single_tenant specific mod
* authz service is accessed only through the single_tenant mod handler
* authz service is wrapped in auth mod
* move auth integration test into auth mod
* push down the authorize() call into the query params parser call, in order to access query params in the extract_token
* provide configuration error when authz or single_tenant mode are not co-presented
* update authz e2e fixtures
* feat(idpe-17265): extract tokens based upon preferred ordering in spec, and write tests to verify behavior.
* chore(idpe-17265): update naming conventions for a unifying parser
* test: make MockAuthorizer have default, and add a test_delegate_to_authz for CST
* chore: record authz duration metric, and include in delegation test.
* chore: use authz terminology instead of auth_service
* chore: more explicit naming
* Revert "chore: record authz duration metric, and include in delegation test."
This reverts commit 05c36888ca7247b6953343d759a5185098fae679.
* refactor: extract_header_token versus the else condition
* refactor: make single_tenant mod and move auth within
* chore: make unreachable explicitly panic in the build
* test: make token values be const, to be consumed when MockAuthorizer is used
* test: use locking for calls_counter in test
* fix: add base64 encoding as expected for Basic header
* fix: merge conflict resolution. The AuthorizationHeaderExtension is now under the authz::http mod, which is a required feature for router package.
* chore: run rustfmt nightly with preferred import handling, on files with modified imports
* chore: code cleanup, to have minimal code needed
Provide a configuration item for the ingester2 that controls the maximum
incoming RPC message size.
Raises the maximum from the default 4MiB to a more reasonable 100MiB.
Provide a configuration item for the router (in RPC mode) that controls
the maximum outgoing RPC message size when communicating with an
Ingester.
Raises the maximum from the default 4MiB to 100MiB. This does not
increase exposure to memory-based DOS, as writes are size-limited by the
HTTP layer to 10MiB, preventing a user from submitting a write this
large (or larger!) across the RPC boundary.
* fix: Garbage collector hangs indefinitely on shutdown
* style(garbage_collector): conform to linter and fmt
---------
Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
In #7559 I introduced code to coalesce N queries for a given partition
down to a single query, with the other callers (async) blocking to
obtain the shared result.
This is usually fine, but it is hypothetically possible for all callers
to start the partition lookup and abort (cancelling their shared poll
future) before the partition resolves, leaving it half complete.
The problem is this half-complete future MAY be holding a connection
from the catalog connection pool (internally a semaphore). This means
this connection is "stuck", lent out to this future that isn't making
progress (and may never make progress!). Given sufficient occurrences,
it's possible this could lead to starving the system of catalog
connections.
This fix is simple - spawn the resolve future into the runtime so it
completes irrespective of any caller polling it (they only poll for the
result, not to drive it forward).
NOTE: this isn't practically possible, because writes that traverse the
WAL DmlSink currently become uncancellable - this may not always be the
case however, so this underlying foot gun should be patched over!
Changes the CoalescePartitionResolver state cleanup path to avoid an
optimistic RMW operation against the atomic "has been cleaned up" flag.
This gives callers who are going to fail the opportunity to do so
quickly and cheaply, where all but one caller will fail.
This commit adds additive merge behaviour for tables missing
from the new NamespaceCache entry, as well as moving calculation
of change stat metrics down to the in-memory implementation.
The metrics no longer distinguish between insert and update
caches OPs as a result of the change to the `put_schema()` interface.
Prior to this commit, the gRPC NamespaceService would allow namespaces
to be created with invalid names due to a missing call to NamespaceName
that performs validation.
This is helpful to test changes in our defaults but also for testing.
Required for https://github.com/influxdata/idpe/issues/17474 .
Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>
Phil Bracikowski
wiedld
dependabot[bot]
kodiakhq[bot]
Stuart Carnie
Carol (Nichols || Goulding)
Chunchun Ye
Marco Neumann
Christopher M. Wolff
wiedld
Dom
Armin Primadi
Fraser Savage