influxdb icon indicating copy to clipboard operation
influxdb copied to clipboard
verified publisher icon influxdata

Add ability to pass a token value when creating a new token

Open boutetnico opened this issue 4 years ago • 19 comments

Proposal:

Add an option to influx auth create so that we can give it a pre-defined token value. Note: a token option already exists but is is only used to authenticate the command, not to define the new token value. This was also asked in Discourse.

Current behavior:

influx auth create --org example --user grafana --write-user An auto generated token is created and returned.

Desired behavior:

influx auth create --org example --user grafana --write-user --token-value my-predefined-token my-predefined-token is set as token and returned.

Alternatives considered:

Use case:

I'm creating a ansible role to allow one to setup and configure InfluxDB 2.X. With the current version 2.0.3, one can't predict token values and have them pre-defined in their favourite Infrastructure As Code utility (Ansible, Terraform, etc...).

boutetnico avatar Jan 21 '21 11:01 boutetnico

For this use case, you can set the operator token when setting up a new instance of influxdb, just not when you manually create an auth. see the helm chart for an example: https://github.com/influxdata/helm-charts/blob/master/charts/influxdb2/templates/job-setup-admin.yaml#L38

russorat avatar Jan 22 '21 22:01 russorat

+1 for me. I have a similar use case. I'd like to use for some local hobby work the docker versions of InfluxDB2 and Telegraf. Having a token stored in an .env file and used to create a limited scope user AND have it passed in to the telegraf config helps to avoid having to worry about sequencing and restarts. Ansible (or similar) could help there but if I'm needing to do that then it somewhat defeats the point of keeping all in a docker-compose file.

johnnyfleet avatar Apr 15 '21 23:04 johnnyfleet

This is also something that would be very useful for my configuration.

This would make host disaster recovery or upgrading from one host to another in the future far easier if both hosts could have the same token for a certain bucket. Without that, anything writing to the new host would either need to switch to the new token quickly or something like a telegraf agent to switch to using the new token.

andrewbierbaum avatar Nov 22 '21 17:11 andrewbierbaum

+1 for me

jherkenhoff avatar Jun 21 '22 18:06 jherkenhoff

+1

kapinyajudit avatar Oct 12 '22 08:10 kapinyajudit

+1

devcpu avatar Jan 17 '23 17:01 devcpu

+1

pa-m avatar Jan 18 '23 13:01 pa-m

+1

martin-moravcik-at-ohpen-com avatar Feb 01 '23 08:02 martin-moravcik-at-ohpen-com

+1

Grisnir avatar Mar 07 '23 09:03 Grisnir

+1

For our setup, we want to setup all the tokens in an Azure Keyvault (done as part of infrastructure as code pipeline that setups server) and then have the different services have their own token with restricted access. The dynamic method of creating a token using the influx CLI is painful as we then need to extract back to a pipeline variable so it can be pushed to the keyvault and then back to the requisite services

rballard-ghd avatar Jan 09 '24 23:01 rballard-ghd

+1

CoolZeroNL avatar Jan 24 '24 06:01 CoolZeroNL

+1

Elnadrion avatar Feb 21 '24 11:02 Elnadrion

+1

daniel-pebble avatar Feb 21 '24 12:02 daniel-pebble

+1

Solabaev-developer avatar Feb 23 '24 14:02 Solabaev-developer

+1

ldomesjo avatar Mar 11 '24 11:03 ldomesjo

+1

pire12 avatar Apr 04 '24 08:04 pire12