chronograf
chronograf copied to clipboard
influxdata
Password not saved when creating new source via POST API (works with PATCH)
Bug Description
Password is not saved when creating a new data source via POST API, but works correctly when updating via PATCH API.
Environment
- Chronograf: 1.10.7
- InfluxDB: 1.8.10(Enterprise)
Steps to Reproduce
- Create a new source with password:
curl -X POST 'http://localhost:8888/chronograf/v1/sources' \
-H 'Content-Type: application/json' \
-d '{
"name": "Test Source",
"type": "influx-enterprise",
"username": "admin",
"password": "admin",
"url": "http://192.168.213.72:8086",
"metaUrl": "http://192.168.2.181:8091/",
"telegraf": "telegraf"
}'
- Check user permissions:
curl 'http://localhost:8888/chronograf/v1/sources/{id}/users'
Expected: Users should have permissions listed
Actual: All users show empty permissions: "permissions": []
Workaround
Update password via PATCH after creation:
curl -X PATCH 'http://localhost:8888/chronograf/v1/sources/{id}' \
-H 'Content-Type: application/json' \
-d '{"password": "admin"}'
After PATCH, permissions load correctly.
Impact
- Every new data source requires an additional PATCH request
- UI shows "Value saved in server" but password is not actually saved
- User permissions cannot be viewed until password is manually updated
Root Cause Analysis
The password appears to be lost somewhere in the NewSource function flow in server/sources.go. The UpdateSource function works correctly because it explicitly checks and updates the password field:
// UpdateSource - works correctly
if req.Password != "" {
src.Password = req.Password
}
However, in NewSource, the password is somehow not persisted to the database despite being present in the request.
