lesam
commented
3 years ago Depends on https://github.com/influxdata/influxdb/issues/22401 (we should make adding new permission types work seamlessly before we add new permission types)
Open mirkocomparetti-synesis opened 3 years ago
lesam
commented
3 years ago Depends on https://github.com/influxdata/influxdb/issues/22401 (we should make adding new permission types work seamlessly before we add new permission types)
lesam
commented
3 years ago @russorat @mirkocomparetti-synesis : Should there be:
1) a separate permission for restore also? 2) keep restore requiring the root token? 3) backup and restore as a single permission?
I think (2) would be preferable, since you might have an automated process that can only backup and a restore is probably a manual process.
lesam
commented
3 years ago After offline conversation, I think we need a 'read everything' permission set for backup, and UI support for a 'read everything' token.
lesam
commented
3 years ago FYI @danxmoran
gdfrancia
commented
1 year ago its been two years, and I have yet to hear about this issue. I'm also having problems with this, as I do not know how exactly to make an API token specifically for backups. I do not understand why you would have to make use of the default root authorisation token to be the only usable token for backups. Is there still a plan on trying to update this specific issue with any solution or version update at all?
Proposal: In order to create a backup of an influxdb2 instance, you need to enable the root token. That is not practical in particular for daily backup as it requires the root token to be always enabled.
Current behavior: Currently, the root token is required as per documentation
Desired behavior: Find a different way that will not require to have the powermost token to be enabled.
Alternatives considered: Either one of the two:
Use case: In our case we run daily backups with scripts overnight and for that case we must have the root token always enabled, which is something we would like to avoid to improve security.