Comments (6)
umrikar
commented on July 17, 2024
@sanderson at present in v2.0.6 we dont have option to specify authorization flag when we create token through CLI, We should have ability to create all-access token through CLI
from influx-cli.
danxmoran
commented on July 17, 2024
Transferring this to the new influxdata/influx-cli repo, as it's likely that all CLI feature work will be happening there in the future.
from influx-cli.
umrikar
commented on July 17, 2024
Which release of influxdb will have this feature
from influx-cli.
williamhbaker
commented on July 17, 2024
Most of the interesting stuff that happens in the UI when creating an all-access token is in this file: https://github.com/influxdata/ui/blob/master/src/authorizations/utils/permissions.ts
There is a hard-coded list of resource types to grant permissions to in the UI code, and when making a request to create an all-access token that list is used to generate a POST request with a body that looks something like this, containing all of the resource types listed:
{
"orgID":"<org id>",
"description":"<token name>",
"permissions":[
{
"action":"read",
"resource":{
"type":"authorizations",
"orgID":"<org id>"
}
},
{
"action":"write",
"resource":{
"type":"authorizations",
"orgID":"<org id>"
}
},
{
"action":"read",
"resource":{
"type":"buckets",
"orgID":"<org id>"
}
},
{
"action":"write",
"resource":{
"type":"buckets",
"orgID":"<org id>"
}
},
{
"action":"read",
"resource":{
"type":"checks",
"orgID":"<org id>"
}
},
{
"action":"write",
"resource":{
"type":"checks",
"orgID":"<org id>"
}
},
{
"action":"read",
"resource":{
"type":"dashboards",
"orgID":"<org id>"
}
},
{
"action":"write",
"resource":{
"type":"dashboards",
"orgID":"<org id>"
}
},
... etc ...
]
}
The most obvious way to implement similar behavior in the CLI would be to have a hard-coded list in the CLI code as well to create the request.
Edit: After thinking about this a couple of minutes, I realized the only way this works in the UI is that the UI can differentiate if it is running in cloud-mode vs OSS-mode via a built-time environment variable. There are different types of resources for cloud vs. oss, like scrapers, managed functions, etc. I don't think there's a way for the CLI to know if it's sending a request to a cloud server or an OSS server. So adding some server-side functionality might be the only way...
A more elegant (but less backward compatible) strategy would be to add something server-side for creating an all-access token. I could see there being an endpoint like api/v2/authorizations/allAccess that you could POST to with a minimal amount of information like the orgID and token description that would internally generate a token for all resources on the server, for example.
from influx-cli.
williamhbaker
commented on July 17, 2024
Relevant: influxdata/influxdb#22135
from influx-cli.
danxmoran
commented on July 17, 2024
Closed by #285
from influx-cli.
Related Issues (20)
- Client tooltips hiding results
- not implemented: CREATE RETENTION POLICY
- Please bump golang.org/x/sys dependency to make the port build on riscv64 HOT 2
- Contributing to influx-cli HOT 1
- `influx v1 auth ls` fails with `unable to decode response content type "text/html"` HOT 8
- CLI version 2.7.1 broken for Windows HOT 3
- influx write incorrectly parses input data when --skipRowOnError is enabled HOT 2
- Required --user flag problems: prevents token creation on cloud2 offering using cli
- Inconsistency in required parameters for bucket commands
- Unvalidated duration input leads to signed integer overflow and confusing error message
- release version not reported
- CLI v2.7.1 for Windows is not an executable HOT 4
- Error: flag provided but not defined: -read-dbrps HOT 1
- influxdb-cli does not follow xdg base directory specification
- [bug] user option ignored when listing tokens with `influx auth list`
- `influx write` with seperator does not work as without
- Add V3 Querying to CLI
- Is the download link for InfluxDB CLI Windows version 2.7.1 correct?
- influx client CLI / auth create read-telegrafs all or nothing? (create token for specific telegraf config)
- shard duration 0 (infinite) not applying, `Error: retention policy duration must be greater than the shard duration` HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from influx-cli.