Closed zevisert closed 6 months ago
Using the influx UI, I can create a token that eg, enables read / writing to all telegrafs and some specific buckets; that looks like this:
When I click generate, the request that goes over the wire looks like:
$ curl 'http://localhost:8086/api/v2/authorizations' \ $ -H 'Accept: */*' \ $ -H 'Cookie: influxdb-oss-session=[...] \ $ -H 'DNT: 1' \ $ -H 'Referer: http://localhost:8086/orgs/90a2dbdc3b0ff490/load-data/tokens' \ $ -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36' \ $ -H 'content-type: application/json' \ $ --data-raw '{ $ "orgID": "90a2dbdc3b0ff490", $ "description": "example for new issue", $ "permissions": [{ $ "action": "read", $ "resource": {"orgID": "90a2dbdc3b0ff490", "type": "buckets", "name": "telegraf", "id": "e42561946e0fbc6c"} $ }, { $ "action": "write", $ "resource": {"orgID": "90a2dbdc3b0ff490", "type": "buckets", "name": "telegraf", "id": "e42561946e0fbc6c"} $ }, { $ "action": "read", $ "resource": {"orgID": "90a2dbdc3b0ff490", "type": "telegrafs"} $ }, { $ "action": "write", $ "resource": {"orgID": "90a2dbdc3b0ff490", "type": "telegrafs"} $ }] $ }' { "id": "0cdd8ff47782f000", "token": "[...]", "status": "active", "description": "example for new issue", "orgID": "90a2dbdc3b0ff490", "org": "example", "userID": "0cdd7d2ab673a000", "user": "admin", "permissions": [{ "action": "read", "resource": {"orgID": "90a2dbdc3b0ff490", "type": "buckets", "name": "telegraf", "id": "e42561946e0fbc6c"} }, { "action": "write", "resource": {"orgID": "90a2dbdc3b0ff490", "type": "buckets", "name": "telegraf", "id": "e42561946e0fbc6c"} }, { "action": "read", "resource": {"orgID": "90a2dbdc3b0ff490", "type": "telegrafs"} }, { "action": "write", "resource": {"orgID": "90a2dbdc3b0ff490", "type": "telegrafs"} }], "links": { "self": "/api/v2/authorizations/0cdd8ff47782f000", "user": "/api/v2/users/0cdd7d2ab673a000" }, "createdAt": "2024-04-10T04:27:06.078376348Z", "updatedAt": "2024-04-10T04:27:06.078376348Z" }
I'm working with pulumi in python, and I tried using id=None and id='', but both fail a validation before the request is made
id=None
id=''
Over at https://github.com/komminarlabs/terraform-provider-influxdb/blob/96a4a075c861fa52ec8cc159e01ae11fef9e1b80/internal/provider/authorization_resource.go#L128-L131, the id needs to be optional to match the influx API, which only declares type as a required property on Authorization.permissions[].resource: https://docs.influxdata.com/influxdb/cloud/api/v2/#operation/PostAuthorizations
id
type
Authorization.permissions[].resource
@zevisert Published a new release(v1.2.0), will take few hours before the docs in the Pulumi registry gets updated.
v1.2.0
Use-cases
Using the influx UI, I can create a token that eg, enables read / writing to all telegrafs and some specific buckets; that looks like this:
When I click generate, the request that goes over the wire looks like:
Attempted Solutions
I'm working with pulumi in python, and I tried using
id=None
andid=''
, but both fail a validation before the request is madeProposal
Over at https://github.com/komminarlabs/terraform-provider-influxdb/blob/96a4a075c861fa52ec8cc159e01ae11fef9e1b80/internal/provider/authorization_resource.go#L128-L131, the
id
needs to be optional to match the influx API, which only declarestype
as a required property onAuthorization.permissions[].resource
: https://docs.influxdata.com/influxdb/cloud/api/v2/#operation/PostAuthorizations