search

influxdata / influxdb

Scalable datastore for metrics, events, and real-time analytics
https://influxdata.com
Apache License 2.0
28.64k stars 3.54k forks source link

it is not possible to update an existing tasks token #12074

Closed gshif closed 5 years ago

gshif commented 5 years ago

according to the swagger doc, If we want to just update the token of the existing tasks, we should be able to do that, but if we just using token filed in the request body, the below error will be returned.

cannot update task without content

and if token field is being used together with another filed, then new value of the token is being ignored.

requests.patch('http://localhost:9999/api/v2/tasks/036f654a8f0bf000', data='{"token:":"TFFVQdWXP2HsKIwxpAwkxfnOBInEhQkgaUWIjeKKeX2ldz-TEyFcRW7qdDTfXmD55zjMXcrFFHhgOTqQLUknEg=="}', headers={'Authorization':'Token %s' % token})

Cannot update task without content error is being returned,

requests.patch('http://localhost:9999/api/v2/tasks/036f654a8f0bf000', data='{"status":"active","token:":"TFFVQdWXP2HsKIwxpAwkxfnOBInEh"}', headers={'Authorization':'Token %s' % token})

return object will still have the original authorizationID:

{
  "authorizationID": "036f42af1a81f002", 
  "createdAt": "2019-02-20T17:07:24-08:00", 
  "every": "3h0m0s", 
  "flux": "option task = {name: \"test_task_name\", every: 10800000000000ns}\n\nfrom(bucket: \"b_1\")\n\t|> range(start: -1h)", 
  "id": "036f654a8f0bf000", 
  "labels": [], 
  "latestCompleted": "2019-02-21T14:10:00-08:00", 
  "links": {
    "labels": "/api/v2/tasks/036f654a8f0bf000/labels", 
    "logs": "/api/v2/tasks/036f654a8f0bf000/logs", 
    "members": "/api/v2/tasks/036f654a8f0bf000/members", 
    "owners": "/api/v2/tasks/036f654a8f0bf000/owners", 
    "runs": "/api/v2/tasks/036f654a8f0bf000/runs", 
    "self": "/api/v2/tasks/036f654a8f0bf000"
  }, 
  "name": "test_task_name", 
  "org": "o_1", 
  "orgID": "036f43714301f000", 
  "status": "active", 
  "updatedAt": "2019-02-21T14:10:29-08:00"
}

I am not sure what is the use case for updating the token, maybe it should be removed from the request Body.

mark-rushakoff commented 5 years ago

The simplest use case for token/authorization modification is the event of a compromised token. You wouldn't want to delete the task and lose its history.

That being said, I was able to modify the token and authorization on a task from the command-line just now from master at a499a8b0d9e10a64d8f27a4e2366242a9cea38c8 with a fresh bolt database that had just been onboarded.

First create a simple task, and it automatically refers to the lone authorization belonging to my user, from using influx setup:

$ ./influx task create --org-id 03708ce16e72e000 'option task = {name: "x", every: 30s} from(bucket:"a") |> range(start:-1m)'
ID          Name    OrganizationID      Organization    AuthorizationID     Status  Every   Cron
03708d79a779a000    x   03708ce16e72e000    a       03708ce16e72e002    active  30s

$  ./influx auth find
ID          Token                                               Status  User    UserID          Permissions
03708ce16e72e002    o943yre05phvFTlobvfYYxQXER516U67xz8UOmbhFOrpZO7PLF6gxXi1NF4c0jq5Jmqx3BxzIIe9OFG0wsOYNw==    active  <nil>   03708ce15bb2e000    [read:authorizations ...]

Then create a new authorization:

$ ./influx auth create -o a --read-buckets --read-tasks
ID          Token                                               Status  UserID          Permissions
03708e499f32e000    Z5zScKorTEqs6geMAaRqFPL-0ef4IdB79zE-pne9bJa0Ok-4fQhlv8KGXcWQrQMjGsJzzwg0hXIfRivRMCUttg==    active  03708ce15bb2e000    [read:orgs/03708ce16e72e000/buckets read:orgs/03708ce16e72e000/tasks]

Then use curl to patch the task. I provide the token belonging to the authorization I just created, and the response reports the new authorization's ID:

$ curl -H "Authorization: Token $(cat ~/.influxdbv2/credentials)" -XPATCH 'http://localhost:9999/api/v2/tasks/03708d79a779a000' --data-binary '{"token": "Z5zScKorTEqs6geMAaRqFPL-0ef4IdB79zE-pne9bJa0Ok-4fQhlv8KGXcWQrQMjGsJzzwg0hXIfRivRMCUttg=="}'
{"links":{"labels":"/api/v2/tasks/03708d79a779a000/labels","logs":"/api/v2/tasks/03708d79a779a000/logs","members":"/api/v2/tasks/03708d79a779a000/members","owners":"/api/v2/tasks/03708d79a779a000/owners","runs":"/api/v2/tasks/03708d79a779a000/runs","self":"/api/v2/tasks/03708d79a779a000"},"labels":[],"id":"03708d79a779a000","orgID":"03708ce16e72e000","org":"a","authorizationID":"03708e499f32e000","name":"x","status":"active","flux":"option task = {name: \"x\", every: 30s} from(bucket:\"a\") |\u003e range(start:-1m)","every":"30s","latestCompleted":"2019-02-21T14:46:30-08:00","createdAt":"2019-02-21T14:41:27-08:00","updatedAt":"2019-02-21T14:46:49-08:00"}

$ ./influx task find
ID          Name    OrganizationID      Organization    AuthorizationID     Status  Every   Cron
03708d79a779a000    x   03708ce16e72e000    a       03708e499f32e000    active  30s

I don't see what's wrong with the first patch call in your example. In the example with status and token, the token is incomplete, but I don't know if you just truncated that while pasting into the issue. I would expect the request to fail if you provided an invalid token, but I'd have to run it to confirm if that's the case.

gshif commented 5 years ago

I will try with the latest master

gshif commented 5 years ago

tested with influxdb master @1471be4a7f3ae0e7181a329ad0441bb3e527c868

mark-rushakoff commented 5 years ago

The second and third examples have "token:" instead of "token" so the json parser is ignoring the value, due to an unrecognized key.

On Tue, Feb 26, 2019 at 5:19 PM Gershon Shif notifications@github.com wrote:

tested with influxdb master @1471be4a7f3ae0e7181a329ad0441bb3e527c868

-

Updated using invalid token, returns error message:

  • Request body

    {"token":"qwertyuiiopasdfgh==123456fggh"}

    • Error:

      token invalid or unreadable by the current user

    Update with incomplete token

  • Request body:

    data='{"token:":"PxnxDihh75SebI6DuTuNOr8Gzxpll_-8AqnYQ077iGyhm3ecigW5Ygmh9plrcA=="}'

    • Error:

      cannot update task without content

    • NOTE: The message is not correct.

  • Update with incomplete token and status:

  • Request body:

    data='{"status":"active","token:":"TFFVQdWXP2HsKIwxpAwkxfnOBInEh"}'

    -

    Request response:

{ "authorizationID": "03771e3424888000", "createdAt": "2019-02-26T17:05:52-08:00", "every": "1h0m0s", "flux": "option task = {name: \"task_1\", every: 1h} from(bucket:\"read_from_b_query_params\") |> range(start: -1h)", "id": "03771e7b0c2d3000", "labels": [], "latestCompleted": "2019-02-26T17:00:00-08:00", "links": { "labels": "/api/v2/tasks/03771e7b0c2d3000/labels", "logs": "/api/v2/tasks/03771e7b0c2d3000/logs", "members": "/api/v2/tasks/03771e7b0c2d3000/members", "owners": "/api/v2/tasks/03771e7b0c2d3000/owners", "runs": "/api/v2/tasks/03771e7b0c2d3000/runs", "self": "/api/v2/tasks/03771e7b0c2d3000" }, "name": "task_1", "org": "org_name_query_param", "orgID": "03771e342b888000", "status": "active", "updatedAt": "2019-02-26T17:13:13-08:00" }

  • Note Should return an error message instead of success.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/influxdata/influxdb/issues/12074#issuecomment-467683823, or mute the thread https://github.com/notifications/unsubscribe-auth/AARvV4k1pmCLTSC4fzSLgDEakhcHgppSks5vRd0lgaJpZM4bIcTk .

gshif commented 5 years ago

@mark-rushakoff , I always new an extra set of eyes are sooo helpful. Thanks. Will retest agains.

gshif commented 5 years ago

Now it is working as expected.