* fix: forbid reading OSS buckets for a token with only write permissions
We previously enabled write tokens to also find DBRP buckets, in order to allow
the legacy /write (not /api/v2/write) endpoint to read the DBRP mappings and
find the real bucket id to write to.
This had the unintended consequency of allowing tokens with only write permissions
to read data in buckets via the legacy /query (not /api/v2/query) endpoint with
InfluxQL.
This change fixes the behaviour to allow writing to /write with a write-only
token, while forbidding reading from /query.
* fix: nanosecond precision in tests
* feat(annotations): added authz service for annotations and streams
* fix: tests and adjustments
* chore: misc cleanup
* chore: update number in authz comment
Co-authored-by: Daniel Moran <danxmoran@gmail.com>
* chore: update number in authz comment
Co-authored-by: Daniel Moran <danxmoran@gmail.com>
* chore: update number in authz comment
Co-authored-by: Daniel Moran <danxmoran@gmail.com>
* fix: address review comments
* feat: added post-list filter for fine-grained auth
Co-authored-by: Daniel Moran <danxmoran@gmail.com>
* chore: remove dead code
* refactor: move FluxLanguageService interface to fluxlang
* chore: run fmt
* refactor: move task.go from top level to task/taskmodel
* chore: run formatter
* chore: fix up import ordering with gci
* refactor(notification): move rule service into own package
* chore(launcher): fix tests to use clients as opposed to direct kv service
* chore(influx): update task cli to consume core domain model task from client
* chore(kv): remove rule service behaviours from kv
This also introduces the org id resolver type. Which is transplanted
from the kv service. As this one function coupled all resource
capabilities onto the kv service. Making removing these capabilities
impossible. Moving this type out into its own package which depends on
each service explicitly ensures we don't have one type which has to
implement all the service contracts.
* fix(launcher): remove double reference to influxdb package
Sam Arnold
Daniel Moran
William Baker
George
Brett Buddin
Gianluca Arbezzano
Jonathan A. Sternberg
Lorenzo Affetti