influxdb

History

Martin Hilton 052e190dd0 feat(service_grpc_flight): optional query authorization (#7351 ) * feat(service_grpc_flight): optional query authorization Add support for requiriing namespace-level authorization for arrow flight based query requests. These are the flight SQL commands as well as the IOx-specific SQL over flight and InfluxQL over flight protocols. Supports the optional configuration of an authorization sidecar, in the same manner as is used in the router. If this is configured then all arrow flight gRPC requests that are implemented will require a valid authorization token to be supplied in the request. For a multi-legged operation such as GetFlightInfo + DoGet required for FlightSQL then a valid authorization is required for every request. Ideally this support would be implemented using some sort of interceptor, however the namespace isn't known until the request processing has been started. The authorization check is performed as soon as possible once the desired operation is known. The legacy "storage" API has no authorization checks. Care should be taken to ensure this API is never exposed to an untrusted network. * chore(service_grpc_flight): review suggestions Implement some suggestions from reviewers. The main change is adding authorization checks to the handshake command. * chore(service_grpc_flight): remove authorization of handshake The Handshake call is used by existing clients to verify the connection. These clients do not send a namespace header with the request meaning there is nothing to authorize against. Remove this authorization for now to avoid breaking existing clients. * refactor: implement Authorizer trait on Option Based on a suggestion from Dom implement the Authorizer trait on Option<T: Authorizer> so that the call sites no longer need to check if an authorizer is configured. This simplifies the code at the call sites. To maximise the utility the signature has changed so that a optional token is now used. When no authorizer is configured this will not be looked at. When a token is required a new error will be returned if no token was supplied. * fix: suggestions from clippy	2023-03-31 07:33:54 +00:00
..
src	feat(service_grpc_flight): optional query authorization (#7351 )	2023-03-31 07:33:54 +00:00
Cargo.toml	feat(service_grpc_flight): optional query authorization (#7351 )	2023-03-31 07:33:54 +00:00

feat(service_grpc_flight): optional query authorization (#7351 )

* feat(service_grpc_flight): optional query authorization

Add support for requiriing namespace-level authorization for
arrow flight based query requests. These are the flight SQL commands
as well as the IOx-specific SQL over flight and InfluxQL over flight
protocols.

Supports the optional configuration of an authorization sidecar,
in the same manner as is used in the router. If this is configured
then all arrow flight gRPC requests that are implemented will require
a valid authorization token to be supplied in the request. For a
multi-legged operation such as GetFlightInfo + DoGet required for
FlightSQL then a valid authorization is required for every request.

Ideally this support would be implemented using some sort of
interceptor, however the namespace isn't known until the request
processing has been started. The authorization check is performed
as soon as possible once the desired operation is known.

The legacy "storage" API has no authorization checks. Care should
be taken to ensure this API is never exposed to an untrusted network.

* chore(service_grpc_flight): review suggestions

Implement some suggestions from reviewers. The main change is adding
authorization checks to the handshake command.

* chore(service_grpc_flight): remove authorization of handshake

The Handshake call is used by existing clients to verify the
connection. These clients do not send a namespace header with the
request meaning there is nothing to authorize against. Remove this
authorization for now to avoid breaking existing clients.

* refactor: implement Authorizer trait on Option

Based on a suggestion from Dom implement the Authorizer trait on
Option<T: Authorizer> so that the call sites no longer need to check
if an authorizer is configured. This simplifies the code at the
call sites.

To maximise the utility the signature has changed so that a optional
token is now used. When no authorizer is configured this will not
be looked at. When a token is required a new error will be returned
if no token was supplied.

* fix: suggestions from clippy

2023-03-31 07:33:54 +00:00

src

feat(service_grpc_flight): optional query authorization (#7351 )

2023-03-31 07:33:54 +00:00

Cargo.toml

feat(service_grpc_flight): optional query authorization (#7351 )

2023-03-31 07:33:54 +00:00