* feat(annotations): added authz service for annotations and streams
* fix: tests and adjustments
* chore: misc cleanup
* chore: update number in authz comment
Co-authored-by: Daniel Moran <danxmoran@gmail.com>
* chore: update number in authz comment
Co-authored-by: Daniel Moran <danxmoran@gmail.com>
* chore: update number in authz comment
Co-authored-by: Daniel Moran <danxmoran@gmail.com>
* fix: address review comments
* feat: added post-list filter for fine-grained auth
Co-authored-by: Daniel Moran <danxmoran@gmail.com>
This includes removal of a lot of kv.Service responsibilities. However,
it does not finish the re-wiring. It removes documents, telegrafs,
notification rules + endpoints, checks, orgs, users, buckets, passwords,
urms, labels and authorizations. There are some oustanding pieces that
are needed to get kv service compiling (dashboard service urm
dependency). Then all the call sites for kv service need updating and
the new implementations of telegraf and notification rules + endpoints
needed installing (along with any necessary migrations).
feat(dashboard): add owner ID to dashboard model
This adds the explicit OwnerID field to Dashboard and also adds a
migration which populates dashboard owners IDs based on dashboard owner
URMs.
feat(dashboards): isolate service in own package
This change isolates the dashboards service into its own package. It
also updates the API to no longer interface with user resource mappings.
Instead it defines new handlers which rely on the newly populated owner
ID field.
chore(dashboards): port tests from http package into new service transport package
chore(launcher): use dashboard transport package client in launcher tests
chore(kv): remove now defunkt dashboard service implementations
* feat(paging): add support for after id parameter in find options
* chore(http): update swagger to reflect after query parameter in list buckets
* chore(changelog): update changelog to reflect after query parameter in list buckets
* chore(tenant): update tenant storage tests for paginating with after
* fix: restrict urm listing of a resource to members of org owning said resource
* chore: add testing around new urm behavior
* fix: add feature flagging
* fix: ensure we are returning the correct error
Co-authored-by: greg linton <greg@influxdata.com>
* chore: update task tests to use the tenant service
After the introduction of the tenant system we need to switch the testing frameworks
to use it instead of the old kv system
* chore: update onboarding to allow injected middleware
Tenant services often need to make function calls to other services inside the tenant system. This can cause a problem when a external system needs to inject middleware into the call stack for the secondary system call. For instance when a bucket is created we may need to alert the storage system of the change. To accomplish this we need a way for the org svc to call a middleware influxdb.BucketService that is a tenant type service wrapped with a middleware piece. This is accomplished by allowing the individual services access to the tenant system that was generated. If a middleware is wrapping one of the systems the embedded system can still make internal calls
* fix(tenant): use rand org bucket id generator over snowflake in tenant service
* fix(tenant): update bucket test harness to create org via store instead of service
* feat(task): Add new permission lookup pattern for executor
We can now use the user service to populate task owners permissions.
This should improve the task lookup time and decouple the task system
from the URM system. In the future we will have the ability to better isolate
tenant pieces from the rest of the service.
* feat: add feature flagging
Daniel Moran
William Baker
Jakub Bednář
Sam Arnold
George MacRorie
Dan Moran
Lyon Hill
Yoofi Quansah
Stuart Carnie
KevinSmile
Alirie Gray
Bucky Schwarz
Johnny Steenbergen