search

komminarlabs / pulumi-influxdb

Pulumi provider for InfluxDB
https://www.pulumi.com/registry/packages/influxdb
Apache License 2.0
1 stars 0 forks source link

Create authorizations for all resources of type #10

Closed zevisert closed 6 months ago

zevisert commented 6 months ago

Use-cases

Using the influx UI, I can create a token that eg, enables read / writing to all telegrafs and some specific buckets; that looks like this: image

When I click generate, the request that goes over the wire looks like: 

$ curl 'http://localhost:8086/api/v2/authorizations' \
$  -H 'Accept: */*' \
$  -H 'Cookie: influxdb-oss-session=[...] \
$  -H 'DNT: 1' \
$  -H 'Referer: http://localhost:8086/orgs/90a2dbdc3b0ff490/load-data/tokens' \
$  -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36' \
$  -H 'content-type: application/json' \
$  --data-raw '{
$    "orgID": "90a2dbdc3b0ff490",
$    "description": "example for new issue",
$    "permissions": [{
$        "action": "read",
$        "resource": {"orgID": "90a2dbdc3b0ff490", "type": "buckets", "name": "telegraf", "id": "e42561946e0fbc6c"}
$      }, {
$        "action": "write",
$        "resource": {"orgID": "90a2dbdc3b0ff490", "type": "buckets", "name": "telegraf", "id": "e42561946e0fbc6c"}
$      }, {
$        "action": "read",
$        "resource": {"orgID": "90a2dbdc3b0ff490", "type": "telegrafs"}
$      }, {
$        "action": "write",
$        "resource": {"orgID": "90a2dbdc3b0ff490", "type": "telegrafs"}
$    }]
$ }'
{
    "id": "0cdd8ff47782f000",
    "token": "[...]",
    "status": "active",
    "description": "example for new issue",
    "orgID": "90a2dbdc3b0ff490",
    "org": "example",
    "userID": "0cdd7d2ab673a000",
    "user": "admin",
    "permissions": [{
            "action": "read",
            "resource": {"orgID": "90a2dbdc3b0ff490", "type": "buckets", "name": "telegraf", "id": "e42561946e0fbc6c"}
          }, {
            "action": "write",
            "resource": {"orgID": "90a2dbdc3b0ff490", "type": "buckets", "name": "telegraf", "id": "e42561946e0fbc6c"}
          }, {
            "action": "read",
            "resource": {"orgID": "90a2dbdc3b0ff490", "type": "telegrafs"}
          }, {
            "action": "write",
            "resource": {"orgID": "90a2dbdc3b0ff490", "type": "telegrafs"}
        }],
    "links": {
        "self": "/api/v2/authorizations/0cdd8ff47782f000",
        "user": "/api/v2/users/0cdd7d2ab673a000"
    },
    "createdAt": "2024-04-10T04:27:06.078376348Z",
    "updatedAt": "2024-04-10T04:27:06.078376348Z"
}

Attempted Solutions

I'm working with pulumi in python, and I tried using id=None and id='', but both fail a validation before the request is made

Proposal

Over at https://github.com/komminarlabs/terraform-provider-influxdb/blob/96a4a075c861fa52ec8cc159e01ae11fef9e1b80/internal/provider/authorization_resource.go#L128-L131, the id needs to be optional to match the influx API, which only declares type as a required property on Authorization.permissions[].resource: https://docs.influxdata.com/influxdb/cloud/api/v2/#operation/PostAuthorizations

thulasirajkomminar commented 6 months ago

@zevisert Published a new release(v1.2.0), will take few hours before the docs in the Pulumi registry gets updated.