Commit Graph

125 Commits (65f42deec4523e48d81a251c6e5c7afd2d71e9c2)

Author SHA1 Message Date
Daniel Moran 15b9531273
fix: correct various typos (#19987)
Co-authored-by: kumakichi <xyesan@gmail.com>
2020-11-11 13:54:21 -05:00
Daniel Moran 3317ea0644
fix: enable write-only users to pass auth checks in the V1 API (#19945) 2020-11-09 18:10:35 -05:00
Adrian Thurston 30ad7281aa
refactor: replace builtin package with fluxinit/static (#3304) (#19909)
A static initialization is not desirable in the main binaries, as it forces all
paths of code to init, but it is still useful in tests. It allows static
intialization to be performed once for all tests and eliminates the need to
always add the FluxInit call. Added a fluxinit/static package that calls
fluxinit.FluxInit() to replace the builtin package. This hides the nature of
the initialization and makes it clear that it is mandatory initialization code
getting called.
2020-11-05 16:54:28 -08:00
Ben Johnson 419b0cf76b feat: Implement full restore 2020-11-05 10:05:01 -07:00
Ben Johnson 2c554ae974 fix: Use operator permissions for backup/restore 2020-11-05 10:05:01 -07:00
Ben Johnson 6e1097c625 feat: Minor updates to backup/restore 2020-11-05 10:05:01 -07:00
Ben Johnson 23679c2375 feat: Implement backup/restore CLI subcommands. 2020-11-05 10:05:01 -07:00
George 3d643e0681
refactor(notification): move rule service into own package (#19804)
* refactor(notification): move rule service into own package

* chore(launcher): fix tests to use clients as opposed to direct kv service

* chore(influx): update task cli to consume core domain model task from client

* chore(kv): remove rule service behaviours from kv

This also introduces the org id resolver type. Which is transplanted
from the kv service. As this one function coupled all resource
capabilities onto the kv service. Making removing these capabilities
impossible. Moving this type out into its own package which depends on
each service explicitly ensures we don't have one type which has to
implement all the service contracts.

* fix(launcher): remove double reference to influxdb package
2020-10-27 11:45:05 +00:00
Yoofi Quansah 48f72e0dfd chore: remove hardcoded constants for ids 2020-09-10 12:35:25 -07:00
George 5e22e0101d
chore(auth): remove unnecessary URM service from Bucket authorizer (#19060) 2020-08-04 14:37:14 +01:00
Bucky Schwarz 88cdf43db1 revert: feat(pkger): add Stack resource type to global list
This reverts commit 99eabf8a44.

A backend change was needed to make this work in Cloud envs, that change is blocked.
2020-07-22 12:48:53 -07:00
Johnny Steenbergen 99eabf8a44 feat(pkger): add Stack resource type to global list
now that Stacks have landed, the resource type can now be included for
any all access tokens, not just the token from setup
2020-07-21 11:16:00 -07:00
Lyon Hill a31b651057
feat(task): Add new permission lookup pattern for executor (#18920)
* feat(task): Add new permission lookup pattern for executor

We can now use the user service to populate task owners permissions.
This should improve the task lookup time and decouple the task system
from the URM system. In the future we will have the ability to better isolate
tenant pieces from the rest of the service.

* feat: add feature flagging
2020-07-13 14:47:58 -06:00
George b8f5604613
revert(tasks): Add new permission lookup pattern for executor (#18869) (#18915)
This reverts commit e9e4d794cf.
2020-07-10 11:05:07 +01:00
Lyon Hill e9e4d794cf
feat(task): Add new permission lookup pattern for executor (#18869)
We can now use the user service to populate task owners permissions.
This should improve the task lookup time and decouple the task system
from the URM system. In the future we will have the ability to better isolate
tenant pieces from the rest of the service.
2020-07-09 14:06:46 -06:00
George 96d84b9126
refactor: migrator and introduce Store.(Create|Delete)Bucket (#18570)
* refactor: migrator and introduce Store.(Create|Delete)Bucket

feat: kvmigration internal utility to create / managing kv store migrations

fix: ensure migrations applied in all test cases

* chore: update kv and migration documentation
2020-07-01 12:08:20 +01:00
Brett Buddin d8aa318985
fix(dbrp): Change DBRP mapping service to use Buckets resource permissions instead of DBRP. 2020-06-15 15:50:37 -04:00
Gianluca Arbezzano 1cf64fd721
feat: dbrp service
Signed-off-by: Lorenzo Affetti <lorenzo.affetti@gmail.com>
Co-Authored-By: Gianluca Arbezzano <gianarb92@gmail.com>
Co-Authored-By: George MacRorie <gmacrorie@influxdata.com>
Co-Authored-By: Alirie Gray <alirie.gray@gmail.com>
2020-05-15 12:05:38 +02:00
George f646653b1b
refactor!: replace authorizer.Allowed method with PermissionSet (#17959)
* refactor!: replace Allow method with PermissionSet

* chore(changelog): update changelog to reflect changes to authorizer
2020-05-13 12:27:46 +01:00
Lyon Hill c02e83038f
fix: org filtering for both kv and tenant need to match behaviors. (#17758) 2020-04-16 12:22:21 -06:00
Alirie Gray 8975fd2365
refactor(tenant): move bucket and urm auth layers to tenant service (#17474)
Co-authored-by: Lyon Hill <lyondhill@gmail.com>
2020-04-07 11:13:27 -07:00
Jonathan A. Sternberg 0ae8bebd75
refactor: rewrite imports to include the /v2 suffix for version 2 2020-04-03 12:39:20 -05:00
Lorenzo Affetti 77ae0eacb5
fix(authorizer): fix auth for authorizations 2020-04-02 11:21:39 +02:00
Johnny Steenbergen 7a24e450c1 feat(pkger): add auth for pkger stack CRUDing
adds new AuthAgent type that can be reused across service middleware.
2020-03-26 10:11:59 -07:00
Marc Delagrammatikas ea8e6d15d0 refactor: fixes typo in OnboardInitialUser method
Fixes typo introduced by 7b99c28a99
2020-03-20 10:48:20 -07:00
Lorenzo Affetti 40999629ee
refactor(authorizer): auth micro framework 2020-03-19 09:43:20 +01:00
Marc Delagrammatikas 7b99c28a99 refactor: rename Generate to OnboardInitialUser
Renaming Generate in anticipation of a new method that will onboard
users other than the initial user. The intent is to simplify multi-user
setups.

Co-authored-by: Chris Goller <goller@gmail.com>
2020-03-18 15:35:26 -07:00
Gavin Cabbage 14ba382e4f
fix(buckets): return unauthorized if no org is found for user (#17264) 2020-03-13 15:35:33 -04:00
Alirie Gray 991002d83b
fix(labels): add check for write permissions to create label (#17174) 2020-03-12 10:51:50 -07:00
Lorenzo Affetti fa80fad800
refactor(authorizer): make document permission in line with other services 2020-03-12 09:52:37 +01:00
Lorenzo Affetti 76067d548e
Merge pull request #17201 from influxdata/fix/notification-endpoint-auth
fix(authorizer): fix endpoint handler auth
2020-03-11 18:30:36 +01:00
Lorenzo Affetti 4e22b0b1af
fix(authorizer): fix endpoint handler auth 2020-03-11 18:09:53 +01:00
Gavin Cabbage f5e8547482
fix(buckets): prevent returning system buckets to unauthorized users (#17117) 2020-03-11 13:06:08 -04:00
Greg f98874566c
fix: allow authorized label service to be called indirectly (#17111)
* fix: allow authorized label service to be called indirectly

17071 exists because pkger loads all service resources as authorized on
start, resulting in them all being authorized when referenced indirectly
(not hit directly via api by consumer). Rather than restructure pkger to
only authorize direct services, this allows proper indirect auth to
labels (the cause of 17071).

* Add orgService to tests

* Add resource types to find orgID from
2020-03-11 10:58:39 -06:00
Lorenzo Affetti fd729f8a38
fix(http): refactor document service and fix auth 2020-03-09 20:32:31 +01:00
Jonathan A. Sternberg 834a8740e0
refactor(task/backend): move the task/backend constants to the global package (#17133)
This moves a few types and constants to the global package so it can be
used without importing the `task/backend` package. These constants are
referenced in non tasks-specific code.

This is needed to break a dependency chain where the task backend will
call into the flux runtime to perform parsing or evaluation of a script
and to prevent the http package from inheriting that dependency.
2020-03-06 16:19:32 -06:00
Jacob Marble b836ab9c17
feat(storage): implement backup and restore (#16504)
* feat(backup): `influx backup` creates data backup

* feat(backup): initial restore work

* feat(restore): initial restore impl

Adds a restore tool which does offline restore of data and metadata.

* fix(restore): pr cleanup

* fix(restore): fix data dir creation

* fix(restore): pr cleanup

* chore: amend CHANGELOG

* fix: restore to empty dir fails differently

* feat(backup): backup and restore credentials

Saves the credentials file to backups and restores it from backups.

Additionally adds some logging for errors when fetching backup files.

* fix(restore): add missed commit

* fix(restore): pr cleanup

* fix(restore): fix default credentials restore path

* fix(backup): actually copy the credentials file for the backup

* fix: dirs get 0777, files get 0666

* fix: small review feedback

Co-authored-by: tmgordeeva <tanya@influxdata.com>
2020-01-21 14:22:45 -08:00
Johnny Steenbergen 8d6d44ac79 chore(bolt): nuke crufty bolt db service
kv store is a thing.. use it instead
2019-12-30 11:19:48 -08:00
Johnny Steenbergen e6f1805e5e chore(inmem): nuke the duplicative inmem store
use kv store... its a thing
2019-12-30 11:04:45 -08:00
Johnny Steenbergen 86a359f34b chore(http): refactor http layer to be able to encode/decode influxdb.ID's safely
noticed that I had not used the http server as the entry point for server tests.
This was work to make that happen. Along the way, found a bunch of issues I hadn't
seen before 🤦. There are a number of changes tucked away inside the
other types, that make it possible to encode/decode a type with zero value for
influxdb.ID.
2019-12-13 09:46:01 -08:00
Jacob Marble 5f19c6cace
chore: Remove several instances of WithLogger (#15996)
* chore: Remove several instances of WithLogger

* chore: unexport Logger fields

* chore: unexport some more Logger fields

* chore: go fmt

chore: fix test

chore: s/logger/log

chore: fix test

chore: revert http.Handler.Handler constructor initialization

* refactor: integrate review feedback, fix all test nop loggers

* refactor: capitalize all log messages

* refactor: rename two logger to log
2019-12-04 15:10:23 -08:00
Lyon Hill 997168c0be
fix(endpoint): when looking up a endpoint we should allow org only lookup (#16050)
* fix(endpoint): when looking up a endpoint we should allow org only lookup

In the current system the api always adds "UserID" to the filter. This only
allows the system to look up endpoints that user created. The behavior should be
that we filter based on user input and use authorizor to hide things they shouldn't see.
2019-11-27 09:09:36 -07:00
Johnny Steenbergen bc083e169c chore: refactor password service to provide userID instead of name 2019-11-20 09:16:31 -08:00
Brandon Farmer ea82dc3470 fix(tasks): tasks look up system bucket id 2019-10-21 14:48:47 -07:00
Brandon Farmer 2e0749b3ba feat(influxdb): Add system buckets on org creation
* Only allow users to create user buckets
* Only accept bucket creation parameters on post
2019-10-21 14:48:47 -07:00
Alirie Gray 552168d3ae
refactor(tasks): use Go time objects for timestamps on task Runs (#15406) 2019-10-17 17:23:45 -07:00
Lyon Hill 3c6779f011
feat(task): Allow tasks to run more isolated from other task systems (#15384)
* feat(task): Allow tasks to run more isolated from other task systems

To allow the task internal system to be used for user created tasks as well
as checks, notification and other future additions we needed to take 2 actions:

1 - We need to use type as a first class citizen, meaning that task's have a type
and each system that will be creating tasks will set the task type through the api.
This is a change to the previous assumption that any user could set task types. This change
will allow us to have other service's white label the task service for their own purposes and not
have to worry about colissions between the types.

2 - We needed to allow other systems to add data specific to the problem they are trying to solve.
For this purpose adding a `metadata` field to the internal task system which should allow other systems to
use the task service.

These changes will allow us in the future to allow for the current check's and notifications implementations
to create a task with meta data instead of creating a check object and a task object in the database.
By allowing this new behavior checks, notifications, and user task's can all follow the same pattern:

Field an api request in a system specific http endpoint, use a small translation to the `TaskService` function call,
translate the results to what the api expects for this system, and return results.

* fix(task): undo additional check for ownerID because check is not ready
2019-10-11 08:53:38 -06:00
Lyon Hill 5e1d7f6c69
feat(task): remove preauth (#15286)
* feat(task): remove preauth

* fix(task): remove e2e test that verified preauth
2019-09-26 10:52:24 -06:00
Brandon Farmer d83fabeabc feat(influxdb): user disabling 2019-09-23 11:57:16 -07:00
Jonathan A. Sternberg cbd04f2884
refactor: http error serialization matches the new error schema (#15196)
The http error schema has been changed to simplify the outward facing
API. The `op` and `error` attributes have been dropped because they
confused people. The `error` attribute will likely be readded in some
form in the future, but only as additional context and will not be
required or even suggested for the UI to use.

Errors are now output differently both when they are serialized to JSON
and when they are output as strings. The `op` is no longer used if it is
present. It will only appear as an optional attribute if at all. The
`message` attribute for an error is always output and it will be the
prefix for any nested error. When this is serialized to JSON, the
message is automatically flattened so a nested error such as:

    influxdb.Error{
        Msg: errors.New("something bad happened"),
        Err: io.EOF,
    }

This would be written to the message as:

    something bad happened: EOF

This matches a developers expectations much more easily as most
programmers assume that wrapping an error will act as a prefix for the
inner error.

This is flattened when written out to HTTP in order to make this logic
immaterial to a frontend developer.

The code is still present and plays an important role in categorizing
the error type. On the other hand, the code will not be output as part
of the message as it commonly plays a redundant and confusing role when
humans read it. The human readable message usually gives more context
and a message like with the code acting as a prefix is generally not
desired. But, the code plays a very important role in helping to
identify categories of errors and so it is very important as part of the
return response.
2019-09-19 10:06:47 -05:00