Switch to use the new user handler. We have been using the tenant backend for some
time now and just need to switch over to using tenant front to back.
This commit checks http.Request.Context().Err() to see if the context
has been canceled before writing an error code. It uses the non-standard
Nginx 499 error code for client disconnection.
Pipeline tests in idpe are setting up an `http.APIBackend` directly
without a constructor function. This is causing this `AlgoWProxy` field
to be `nil` when exercising end-to-end tests. This just makes the
structure a bit more defensive and falls back to using the no-op proxy
in the presence of a nil value.
We have reached the stage wehre the new tenant service is being used and
is stable but we want to get it in more hands and used as the default service.
also drops a skipped test that has been skipped for over a year. Tried
unskipping it, but now it fails for all sorts of reasons, without the
race flag enabled.
_http.NewRequestWithContext_ (available since golang 1.13) ensures that the supplied context also controls the entire lifetime of a request and its response.
This commit adds `user_id` as a tag for traces. It helps to lookup and
filter traces we need by userID.
OrgID is harder to get right, so I will open an issue, but it will be
nice to have it in as well.
Signed-off-by: Gianluca Arbezzano <gianarb92@gmail.com>
Co-authored-by: George MacRorie <gmacrorie@influxdata.com>
Renaming Generate in anticipation of a new method that will onboard
users other than the initial user. The intent is to simplify multi-user
setups.
Co-authored-by: Chris Goller <goller@gmail.com>
* fix: allow authorized label service to be called indirectly
17071 exists because pkger loads all service resources as authorized on
start, resulting in them all being authorized when referenced indirectly
(not hit directly via api by consumer). Rather than restructure pkger to
only authorize direct services, this allows proper indirect auth to
labels (the cause of 17071).
* Add orgService to tests
* Add resource types to find orgID from
This removes the spec and updates the lang package usage to make use of
passing in the runtime as a parameter.
It removes all direct dependendencies on the flux runtime from the http
package.
This moves a few types and constants to the global package so it can be
used without importing the `task/backend` package. These constants are
referenced in non tasks-specific code.
This is needed to break a dependency chain where the task backend will
call into the flux runtime to perform parsing or evaluation of a script
and to prevent the http package from inheriting that dependency.
The tasks subsystem will now use the flux language service to parse and
evaluate flux instead of directly interacting with the parser or
runtime. This helps break the dependency on the libflux parser for the
base influxdb package.
This includes the task notification packages which were changed at the
same time.
* fix(backup): handle backup with no credentials file
Backups and restores should work whether or not the original installation uses
a credentials file and whether or not the backup contains a credentials file.
* Revert "fix(kv): Don't stop when key not found from index."
This reverts commit bd9167d383.
* Revert "fix(kv): push down org ID to skip in delete URM (#16841)"
This reverts commit a5f508de77.
* Revert "fix(kv): delete authorization from correct index bucket (#16835)"
This reverts commit 7349216e94.
* Revert "feat(kv): Index Authorizations by User ID (#16818)"
This reverts commit df36fe957b.
* Revert "feat: add indexes to urm for user lookups (#16789)"
This reverts commit 9561d0a4f4.
Prior to this change influxql requests were sent to the same back end as Flux queries.
This MAY not always be the case. Now InfluxQL queries are specifically routed to the InfluxQLService.
In the case of this OSS build the FluxService and InfluxQLService are the same.
2 issues from investigating this error. First is the status check func
did not identify it was a media unsupported issue adn tries to unmarshal
the empty response body. The 2nd, was the double content type headers were
causing an error. Locally this error does not surface, cannot repoduce on
macos, but in cloud it is persistent.
closes: #16819
* feat(kv): add user id index on authorizations
* chore(auths): test FindAuthorizations both with and without a populated index
* chore(kv): cleanup index skipping flag in auths service
* fix(kv): bad flag around auth by user index population
* fix(kv): auth by user index lookup use correct buckets
* chore(kv): ensure indexer is called as expected when auth user index missing
* chore(kv): add benchmarks around authorization lookup
This change allows for the InfluxQL language type to be used with the
/v2/query API endpoint.
This change also introduces a way to give the transpiler an explicit
bucket name instead of using the DBRPMapping service.
Requests to the endpoint will know the bucket name directly but will
likely not have run the migration step to populate the DBRP mappings.
this is the last step for pkger to follow the service definition pattern
that is in the works. Some bits from http were moved into kit/transport/http
for reusability. End result is to hopefully axe http pkg for resuable types in
kit. Long ways off still...
* refactor: move views logic to separate directory
* refactor: normalize views
* fix: spinners
* fix: dont render views until status is done
* fix(http/dashboards): view shape not returning from getDashboard
* test: delete irrelevant and redundant test
* fix: go tidy
* test: skipping monaco test
* chore: sort type exports
* chore: cleanup
* feat(backup): `influx backup` creates data backup
* feat(backup): initial restore work
* feat(restore): initial restore impl
Adds a restore tool which does offline restore of data and metadata.
* fix(restore): pr cleanup
* fix(restore): fix data dir creation
* fix(restore): pr cleanup
* chore: amend CHANGELOG
* fix: restore to empty dir fails differently
* feat(backup): backup and restore credentials
Saves the credentials file to backups and restores it from backups.
Additionally adds some logging for errors when fetching backup files.
* fix(restore): add missed commit
* fix(restore): pr cleanup
* fix(restore): fix default credentials restore path
* fix(backup): actually copy the credentials file for the backup
* fix: dirs get 0777, files get 0666
* fix: small review feedback
Co-authored-by: tmgordeeva <tanya@influxdata.com>
also makes the yaml decoder the default. To foten we end up in application/octet-stream
which is the default for many different mime types. This provides a mechanism
around that so that when the automagical detection fails it can allow the user
to provide it via the CLI.
* feat(checks): Add custom check type
* feat(checks): Remove alert builder from custom check
* feat(checks): Add AlertBuilderAction to list of possible actions
* feat(checks): Query visualization does not make sense for custom check
* feat(check): check editor should only reexecute queries if view query changes
* Update ui/src/timeMachine/components/TimeMachineFluxEditor.tsx
Co-Authored-By: Bucky Schwarz <hoorayimhelping@users.noreply.github.com>
* Address PR review
Co-authored-by: Bucky Schwarz <hoorayimhelping@users.noreply.github.com>
feat(ui): added last run status checks for notification rules and check rules, readded updateCheck to fix linter and functionality issues with program and added tests to ensure check creation and update stability
this work is to support pkger, but was able to add back in the
skipped tests. seeing failures upstream, and didn't catch it in
influxdb b/c the tests were being skipped.
closes: #14799
this is a blocker for anyone who hits the endpoint services internally. They
had to know that they need to also know of hte secret service then do all that
put/delete alongside the operation. This makes that unified inside the store tx.
one other thing this does is make obvious the dependencies that
notification services has. In this case it is the secrets service it
depends on.
noticed that I had not used the http server as the entry point for server tests.
This was work to make that happen. Along the way, found a bunch of issues I hadn't
seen before 🤦. There are a number of changes tucked away inside the
other types, that make it possible to encode/decode a type with zero value for
influxdb.ID.
* added date-time format for start and stop DeletePredicateRequest
* fixed malformed reference to ViewProperties in PkgChart model
* define separate model for RetentionRule as is in Organizations, Buckets, Labels
* "labels" property from Check and PostCheck should be part of CheckBase (it is ancestor for all Check types)
* "labels" property from NotificationRule and PostNotificationRule should be part of NotificationRuleBase (it is ancestor for all NotificationRule and types)
* "labels" property from NotificationEndpoint and PostNotificationEndpoint should be part of NotificationEndpointBase (it is ancestor for all NotificationEndpoint and types)
* The url property of HTTPNotificationRuleBase should not be required
* Added query link for CheckBase and NotificationRuleBase
note: tests are seriously borked here. Cannot reuse any existing testing
as the setup is very particular and the http layer doesn't suppport everyting.
that being said, there are goign to be implicit testing in the
`launcher/pkger_test.go` file. This feels broken, and probably needs to be
readdressed before we GA a 2.0 influxdb....
this is a step towards providing a shared http client that manages pooling connections,
timeouts, and reducing GC for by not creating/GCing a client each req. Bring on the red!
Now, traces will have all headers except authorization and user-agent.
Additionally, I've removed the referer and remoteaddr as they did not
contribute much.
Eventually, this may change to just a small set of headers to record.
This removes the bucket name validation from the KV BucketService,
and moves it to the http implementation of the service.
The effect is that API user requests still get validated but direct KV access does not
* chore: Remove several instances of WithLogger
* chore: unexport Logger fields
* chore: unexport some more Logger fields
* chore: go fmt
chore: fix test
chore: s/logger/log
chore: fix test
chore: revert http.Handler.Handler constructor initialization
* refactor: integrate review feedback, fix all test nop loggers
* refactor: capitalize all log messages
* refactor: rename two logger to log
* fix(http): Return an empty array if organization has no secret keys
* fix(http): Return an empty array if organization has no secret keys instead nil
* fix(endpoint): when looking up a endpoint we should allow org only lookup
In the current system the api always adds "UserID" to the filter. This only
allows the system to look up endpoints that user created. The behavior should be
that we filter based on user input and use authorizor to hide things they shouldn't see.
* feat(tracing): dont trace spans with full URL path names in ExtractFromHTTPRequest
* chore(multiple): replace all occurrences of julienschmidt/httprouter with influxdata/httprouter
the errors changed during the pkger http server error improvements and this
fixes it to be similar to what it once was, only now its in a flatter fashion
very similar to the pkger http server apply response.
one thing to note here is that new endpoint was created. there was no
endpoint for setting an initial password that worked. The existin endpoint
was a bit messy and coupled across multiple routes. Having multiple auth
schemes proved incredibly taxing to write against.
also adds some extra user friendliness. it sorts the pkg created via an
export by resource kinds. It also titles the kinds to make them match the
documentation even though the kind is case insensitive. Easier to read this
way.
no associations included at this time. Also fixes http response to be just
the pkg without the envelope. Having that envelope makes the API icky to
work with from any shell script or just saving it to file. This feels more
organic to just drop that envelope.
Yiqun (Ethan) Zhang
Jakub Bednář
Alirie Gray
jlapacik
Russ Savage
Lyon Hill
Pavel Zavora
Jonathan A. Sternberg
Andrew Watkins
Ben Johnson
Gianluca Arbezzano
George
Ariel Salem
vlastahajek
Brett Buddin
Gavin Cabbage
Johnny Steenbergen
Lorenzo Affetti
Christopher M. Wolff
Marc Delagrammatikas
Kelvin Wang
Greg
Jorge Landivar
pierwill
tmgordeeva
Nathaniel Cook
kelwang
Michael Desa
Jade McGough
kun
Jacob Marble
Zoe Steinkamp
Stuart Carnie
Gavin Cabbage
Deniz Kusefoglu
Deary Hudson III
Chris Goller
Edd Robinson
nwneisen
Timmy Luong
Bucky Schwarz
Scott Anderson