chore: Merge branch 'master' into feat/light-mode-dashboards

CHANGELOG.md

@@ -1,4 +1,10 @@
-## v2.0.0-beta.6 [unreleased]
+## v2.0.0-beta.7 [unreleased]
+
+### Features
+
+### Bug Fixes
+
+## v2.0.0-beta.6 [2020-03-12]
 
 ### Features
 
@@ -7,6 +13,7 @@
 1. [17114](https://github.com/influxdata/influxdb/pull/17114): Allow for retention to be provided to influx setup command as a duration
 1. [17138](https://github.com/influxdata/influxdb/pull/17138): Extend pkger export all capabilities to support filtering by lable name and resource type
 1. [17049](https://github.com/influxdata/influxdb/pull/17049): Added new login and sign-up screen that for cloud users that allows direct login from their region
+1. [17170](https://github.com/influxdata/influxdb/pull/17170): Added new cli multiple profiles management tool
 
 ### Bug Fixes
 
@@ -16,13 +23,15 @@
 1. [17028](https://github.com/influxdata/influxdb/pull/17028): Fixed issue where selecting an aggregate function in the script editor was not adding the function to a new line
 1. [17072](https://github.com/influxdata/influxdb/pull/17072): Fixed issue where creating a variable of type map was piping the incorrect value when map variables were used in queries
 1. [17050](https://github.com/influxdata/influxdb/pull/17050): Added missing user names to auth CLI commands
-1. [17091](https://github.com/influxdata/influxdb/pull/17091): Require Content-Type for query endpoint
 1. [17113](https://github.com/influxdata/influxdb/pull/17113): Disabled group functionality for check query builder
 1. [17120](https://github.com/influxdata/influxdb/pull/17120): Fixed cell configuration error that was popping up when users create a dashboard and accessed the disk usage cell for the first time
 1. [17097](https://github.com/influxdata/influxdb/pull/17097): Listing all the default variables in the VariableTab of the script editor
 1. [17049](https://github.com/influxdata/influxdb/pull/17049): Fixed bug that was preventing the interval status on the dashboard header from refreshing on selections
 1. [17161](https://github.com/influxdata/influxdb/pull/17161): Update table custom decimal feature for tables to update table onFocus
 1. [17168](https://github.com/influxdata/influxdb/pull/17168): Fixed UI bug that was setting Telegraf config buttons off-center and was resizing config selections when filtering through the data
+1. [17208](https://github.com/influxdata/influxdb/pull/17208): Fixed UI bug that was setting causing dashboard cells to error when the a v.bucket was being used and was being configured for the first time
+1. [17214](https://github.com/influxdata/influxdb/pull/17214): Fix appearance of client library logos in Safari
+1. [17202](https://github.com/influxdata/influxdb/pull/17202): Fixed UI bug that was preventing checks created with the query builder from updating. Also fixed a bug that was preventing dashboard cell queries from working properly when creating group queries using the query builder
 
 ## v2.0.0-beta.5 [2020-02-27]
 

authorizer/document.go

@@ -41,14 +41,17 @@ type documentStore struct {
 	s influxdb.DocumentStore
 }
 
-func newDocumentOrgPermission(a influxdb.Action, orgID influxdb.ID) (*influxdb.Permission, error) {
+func newDocumentPermission(a influxdb.Action, orgID influxdb.ID, did *influxdb.ID) (*influxdb.Permission, error) {
+	if did != nil {
+		return influxdb.NewPermissionAtID(*did, a, influxdb.DocumentsResourceType, orgID)
+	}
 	return influxdb.NewPermission(a, influxdb.DocumentsResourceType, orgID)
 }
 
-func toPerms(orgs map[influxdb.ID]influxdb.UserType, action influxdb.Action) ([]influxdb.Permission, error) {
+func toPerms(action influxdb.Action, orgs map[influxdb.ID]influxdb.UserType, did *influxdb.ID) ([]influxdb.Permission, error) {
 	ps := make([]influxdb.Permission, 0, len(orgs))
 	for orgID := range orgs {
-		p, err := newDocumentOrgPermission(action, orgID)
+		p, err := newDocumentPermission(action, orgID, did)
 		if err != nil {
 			return nil, err
 		}
@@ -61,7 +64,7 @@ func (s *documentStore) CreateDocument(ctx context.Context, d *influxdb.Document
 	if len(d.Organizations) == 0 {
 		return fmt.Errorf("cannot authorize document creation without any orgID")
 	}
-	ps, err := toPerms(d.Organizations, influxdb.WriteAction)
+	ps, err := toPerms(influxdb.WriteAction, d.Organizations, nil)
 	if err != nil {
 		return err
 	}
@@ -76,7 +79,7 @@ func (s *documentStore) FindDocument(ctx context.Context, id influxdb.ID) (*infl
 	if err != nil {
 		return nil, err
 	}
-	ps, err := toPerms(d.Organizations, influxdb.ReadAction)
+	ps, err := toPerms(influxdb.ReadAction, d.Organizations, &id)
 	if err != nil {
 		return nil, err
 	}
@@ -95,7 +98,7 @@ func (s *documentStore) UpdateDocument(ctx context.Context, d *influxdb.Document
 		}
 		d.Organizations = ds.Organizations
 	}
-	ps, err := toPerms(d.Organizations, influxdb.WriteAction)
+	ps, err := toPerms(influxdb.WriteAction, d.Organizations, &d.ID)
 	if err != nil {
 		return err
 	}
@@ -110,7 +113,7 @@ func (s *documentStore) DeleteDocument(ctx context.Context, id influxdb.ID) erro
 	if err != nil {
 		return err
 	}
-	ps, err := toPerms(d.Organizations, influxdb.WriteAction)
+	ps, err := toPerms(influxdb.WriteAction, d.Organizations, &id)
 	if err != nil {
 		return err
 	}
@@ -133,7 +136,7 @@ func (s *documentStore) findDocs(ctx context.Context, action influxdb.Action, op
 	// https://github.com/golang/go/wiki/SliceTricks#filtering-without-allocating
 	fds := ds[:0]
 	for _, d := range ds {
-		ps, err := toPerms(d.Organizations, action)
+		ps, err := toPerms(action, d.Organizations, &d.ID)
 		if err != nil {
 			return nil, err
 		}

authorizer/label.go

@@ -133,6 +133,10 @@ func (s *LabelService) FindLabels(ctx context.Context, filter influxdb.LabelFilt
 // FindResourceLabels retrieves all labels belonging to the filtering resource if the authorizer on context has read access to it.
 // Then it filters the list down to only the labels that are authorized.
 func (s *LabelService) FindResourceLabels(ctx context.Context, filter influxdb.LabelMappingFilter) ([]*influxdb.Label, error) {
+	if err := filter.ResourceType.Valid(); err != nil {
+		return nil, err
+	}
+
 	if s.orgSvc == nil {
 		return nil, errors.New("failed to find orgSvc")
 	}
@@ -167,9 +171,9 @@ func (s *LabelService) FindResourceLabels(ctx context.Context, filter influxdb.L
 	return labels, nil
 }
 
-// CreateLabel checks to see if the authorizer on context has read access to the new label's org.
+// CreateLabel checks to see if the authorizer on context has write access to the new label's org.
 func (s *LabelService) CreateLabel(ctx context.Context, l *influxdb.Label) error {
-	if err := authorizeReadOrg(ctx, l.OrgID); err != nil {
+	if err := authorizeWriteOrg(ctx, l.OrgID); err != nil {
 		return err
 	}
 

authorizer/label_test.go

@@ -509,7 +509,7 @@ func TestLabelService_CreateLabel(t *testing.T) {
 		wants  wants
 	}{
 		{
-			name: "authorized to create label",
+			name: "unauthorized to create label with read only permission",
 			fields: fields{
 				LabelService: &mock.LabelService{
 					CreateLabelFn: func(ctx context.Context, l *influxdb.Label) error {
@@ -527,11 +527,14 @@ func TestLabelService_CreateLabel(t *testing.T) {
 				},
 			},
 			wants: wants{
-				err: nil,
+				err: &influxdb.Error{
+					Msg:  "write:orgs/020f755c3c083000 is unauthorized",
+					Code: influxdb.EUnauthorized,
+				},
 			},
 		},
 		{
-			name: "unauthorized to create label",
+			name: "unauthorized to create label with incomplete write permission",
 			fields: fields{
 				LabelService: &mock.LabelService{
 					CreateLabelFn: func(ctx context.Context, b *influxdb.Label) error {
@@ -541,19 +544,42 @@ func TestLabelService_CreateLabel(t *testing.T) {
 			},
 			args: args{
 				permission: influxdb.Permission{
-					Action: "read",
+					Action: "write",
 					Resource: influxdb.Resource{
 						Type: influxdb.LabelsResourceType,
 					},
 				},
 			},
 			wants: wants{
 				err: &influxdb.Error{
-					Msg:  "read:orgs/020f755c3c083000 is unauthorized",
+					Msg:  "write:orgs/020f755c3c083000 is unauthorized",
 					Code: influxdb.EUnauthorized,
 				},
 			},
 		},
+
+		{
+			name: "authorized to create label",
+			fields: fields{
+				LabelService: &mock.LabelService{
+					CreateLabelFn: func(ctx context.Context, l *influxdb.Label) error {
+						return nil
+					},
+				},
+			},
+			args: args{
+				permission: influxdb.Permission{
+					Action: "write",
+					Resource: influxdb.Resource{
+						ID:   influxdbtesting.IDPtr(orgOneInfluxID),
+						Type: influxdb.OrgsResourceType,
+					},
+				},
+			},
+			wants: wants{
+				err: nil,
+			},
+		},
 	}
 
 	for _, tt := range tests {

cmd/influx/authorization.go

@@ -106,7 +106,7 @@ func authCreateCmd() *cobra.Command {
 }
 
 func authorizationCreateF(cmd *cobra.Command, args []string) error {
-	if err := authCreateFlags.org.validOrgFlags(); err != nil {
+	if err := authCreateFlags.org.validOrgFlags(&flags); err != nil {
 		return err
 	}
 

cmd/influx/backup.go

@@ -55,8 +55,8 @@ func init() {
 
 func newBackupService() (influxdb.BackupService, error) {
 	return &http.BackupService{
-		Addr:  flags.host,
-		Token: flags.token,
+		Addr:  flags.Host,
+		Token: flags.Token,
 	}, nil
 }
 

cmd/influx/bucket.go

@@ -78,7 +78,7 @@ func (b *cmdBucketBuilder) cmdCreate() *cobra.Command {
 }
 
 func (b *cmdBucketBuilder) cmdCreateRunEFn(*cobra.Command, []string) error {
-	if err := b.org.validOrgFlags(); err != nil {
+	if err := b.org.validOrgFlags(b.globalFlags); err != nil {
 		return err
 	}
 
@@ -183,7 +183,7 @@ func (b *cmdBucketBuilder) cmdFind() *cobra.Command {
 }
 
 func (b *cmdBucketBuilder) cmdFindRunEFn(cmd *cobra.Command, args []string) error {
-	if err := b.org.validOrgFlags(); err != nil {
+	if err := b.org.validOrgFlags(b.globalFlags); err != nil {
 		return err
 	}