Parametrically build query, rather than creating large string

[JoshuaKahn]

Currently, influxdb-client-go (and other InfluxDB 2.0 client libraries) uses a string to query an InfluxDB database. This works well if the query is static, but if the query is dynamic, it can lead to some problems if IDs of measurements/fields/names or values of time have to be dynamically entered into the query. Additionally, if a user was given control over what some measurements/fields/names are called at runtime, it could lead to potential SQL injection.

Ideally, it should be possible to parametrically build a query out of variables or values; for example, calling a func/type to create a name or filter.

[JoshuaKahn]

I understand this is in discussion for other InfluxDB 2 clients - is this in consideration for Golang as well?

[vlastahajek]

@JoshuaKahn, the first proposal was that this should supported directly by the server, see InfluxDB issue #16109. However, as it looks like it will not be implemented on the server side, this features in on the backlog of all official clients, including Go, and it has been already implemented in the InfluxDB javascript client.

[programmer04]

According to the docs Parametrized Flux queries are supported now. You can read more in API docs. Would maintainers accept the PR which will add support of it to Go SDK? I'll be happy to add something like this.

Probably the simplest solution which does not break anything is to add two additional methods to interface

influxdb-client-go/api/query.go

Lines 45 to 51 in 5b2f2a3

	// QueryAPI provides methods for performing synchronously flux query against InfluxDB server.
	type QueryAPI interface {
	// QueryRaw executes flux query on the InfluxDB server and returns complete query result as a string with table annotations according to dialect
	QueryRaw(ctx context.Context, query string, dialect *domain.Dialect) (string, error)
	// Query executes flux query on the InfluxDB server and returns QueryTableResult which parses streamed response into structures representing flux table parts
	Query(ctx context.Context, query string) (*QueryTableResult, error)
	}

which will look like that

QueryParametrizedRaw(ctx context.Context, query string, params map[string]interface{}, dialect *domain.Dialect) (string, error)
QueryParametrized(ctx context.Context, query string, params map[string]interface{}) (*QueryTableResult, error) 

and later maybe refactor as part of #205 to have parametrized queries available as default way of doing it.

[vlastahajek]

@programmer04, thanks for rising this.
Generally, any PR is welcome.

However, this feature is part of the InfluxDB 2 Cloud, but it doesn't work on OSS yet. So, it cannot be part of public API yet.

To your design:
To follow current API naming conventions, I would suggest names:
QueryRawWithParams and QueryWithParams.

However, the better solution seems to be by adding variadic params to current functions:

type QueryParam struct {
  Name string
  Value interface{}
}

 // QueryAPI provides methods for performing synchronously flux query against InfluxDB server. 
 type QueryAPI interface { 
 	// QueryRaw executes flux query on the InfluxDB server and returns complete query result as a string with table annotations according to dialect 
 	QueryRaw(ctx context.Context, query string, dialect *domain.Dialect, params ...QueryParam) (string, error) 
 	// Query executes flux query on the InfluxDB server and returns QueryTableResult which parses streamed response into structures representing flux table parts 
 	Query(ctx context.Context, query string,  params ...QueryParam ) (*QueryTableResult, error) 
 }