From 39c740666c84efa7b93ae1f79d7fc16a6fa2bb95 Mon Sep 17 00:00:00 2001
From: Scott Anderson <sanderson@users.noreply.github.com>
Date: Sat, 27 Apr 2024 06:25:24 -0600
Subject: [PATCH] Add information about database token wildcard permissions
 (#5443)

* add information about database token wildcards

* fixed typo
---
 .../admin/tokens/database/create.md             | 15 +++++++++++++++
 .../admin/tokens/database/update.md             | 17 +++++++++++++++++
 .../reference/cli/influxctl/token/create.md     | 14 ++++++++++++++
 .../reference/cli/influxctl/token/update.md     | 16 ++++++++++++++++
 .../clustered/admin/tokens/database/create.md   | 15 +++++++++++++++
 .../clustered/admin/tokens/database/update.md   | 17 +++++++++++++++++
 .../reference/cli/influxctl/token/create.md     | 14 ++++++++++++++
 .../reference/cli/influxctl/token/update.md     | 16 ++++++++++++++++
 8 files changed, 124 insertions(+)

diff --git a/content/influxdb/cloud-dedicated/admin/tokens/database/create.md b/content/influxdb/cloud-dedicated/admin/tokens/database/create.md
index 3e22dc61e..d08ce8541 100644
--- a/content/influxdb/cloud-dedicated/admin/tokens/database/create.md
+++ b/content/influxdb/cloud-dedicated/admin/tokens/database/create.md
@@ -31,6 +31,11 @@ to create a token that grants access to databases in your InfluxDB Cloud Dedicat
     - Token permissions (read and write)
       - `--read-database`: Grants read permissions to the specified database. Repeatable.
       - `--write-database`: Grants write permissions to the specified database. Repeatable.
+
+      Both of these flags support the `*` wildcard which grants read or write
+      permissions to all databases. Enclose wildcards in single or double
+      quotes--for example: `'*'` or `"*"`.
+
     - Token description
 
 {{% code-placeholders "DATABASE_NAME|TOKEN_DESCRIPTION" %}}
@@ -63,6 +68,7 @@ For example, see how to [authenticate Telegraf using tokens in your OS secret st
 ### Examples
 
 - [Create a token with read and write access to a database](#create-a-token-with-read-and-write-access-to-a-database)
+- [Create a token with read and write access to all databases](#create-a-token-with-read-and-write-access-to-all-databases)
 - [Create a token with read-only access to a database](#create-a-token-with-read-only-access-to-a-database)
 - [Create a token with read-only access to multiple databases](#create-a-token-with-read-only-access-to-multiple-databases)
 - [Create a token with mixed permissions to multiple databases](#create-a-token-with-mixed-permissions-to-multiple-databases)
@@ -83,6 +89,15 @@ influxctl token create \
 ```
 {{% /code-placeholders %}}
 
+#### Create a token with read and write access to all databases
+
+```sh
+influxctl token create \
+  --read-database "*" \
+  --write-database "*" \
+  "Read/write token for all databases"
+```
+
 #### Create a token with read-only access to a database
 
 {{% code-placeholders "DATABASE_NAME" %}}
diff --git a/content/influxdb/cloud-dedicated/admin/tokens/database/update.md b/content/influxdb/cloud-dedicated/admin/tokens/database/update.md
index d519df8f8..4a66b864c 100644
--- a/content/influxdb/cloud-dedicated/admin/tokens/database/update.md
+++ b/content/influxdb/cloud-dedicated/admin/tokens/database/update.md
@@ -30,6 +30,11 @@ to update a database token's permissions in your {{< product-name omit=" Cluster
     - Token permissions (read and write)
       - `--read-database`: Grants read permissions to the specified database. Repeatable.
       - `--write-database`: Grants write permissions to the specified database. Repeatable.
+
+      Both of these flags support the `*` wildcard which grants read or write
+      permissions to all databases. Enclose wildcards in single or double
+      quotes--for example: `'*'` or `"*"`.
+
     - Token ID
 
 {{% code-placeholders "DATABASE_NAME|TOKEN_ID" %}}
@@ -57,6 +62,7 @@ To retain existing permissions, include them in the update command.
 ### Examples
 
 - [Update a token with read and write access to a database](#update-a-token-with-read-and-write-access-to-a-database)
+- [Update a token with read and write access to all databases](#update-a-token-with-read-and-write-access-to-all-databases)
 - [Update a token with read-only access to a database](#update-a-token-with-read-only-access-to-a-database)
 - [Update a token with read-only access to multiple databases](#update-a-token-with-read-only-access-to-multiple-databases)
 - [Update a token with mixed permissions to multiple databases](#update-a-token-with-mixed-permissions-to-multiple-databases)
@@ -78,6 +84,17 @@ influxctl token update \
 ```
 {{% /code-placeholders %}}
 
+#### Update a token with read and write access to all databases
+
+{{% code-placeholders "TOKEN_ID" %}}
+```sh
+influxctl token update \
+  --read-database "*" \
+  --write-database "*" \
+  TOKEN_ID
+```
+{{% /code-placeholders %}}
+
 #### Update a token with read-only access to a database
 
 {{% code-placeholders "DATABASE_NAME|TOKEN_ID" %}}
diff --git a/content/influxdb/cloud-dedicated/reference/cli/influxctl/token/create.md b/content/influxdb/cloud-dedicated/reference/cli/influxctl/token/create.md
index 9a51e7c1d..cb7075b48 100644
--- a/content/influxdb/cloud-dedicated/reference/cli/influxctl/token/create.md
+++ b/content/influxdb/cloud-dedicated/reference/cli/influxctl/token/create.md
@@ -13,6 +13,10 @@ The `influxctl token create` command creates a database token with specified
 permissions to resources in an InfluxDB Cloud Dedicated cluster and outputs
 the token string.
 
+The `--read-database` and `--write-database` flags support the `*` wildcard
+which grants read or write permissions to all databases. Enclose wildcards in
+single or double quotes--for example: `'*'` or `"*"`.
+
 The `--format` flag lets you print the output in other formats.
 The `json` format is available for programmatic parsing by other tooling.
 Default: `table`.
@@ -55,6 +59,7 @@ _Also see [`influxctl` global flags](/influxdb/cloud-dedicated/reference/cli/inf
 ## Examples
 
 - [Create a token with read and write access to a database](#create-a-token-with-read-and-write-access-to-a-database)
+- [Create a token with read and write access to all databases](#create-a-token-with-read-and-write-access-to-all-databases)
 - [Create a token with read-only access to a database](#create-a-token-with-read-only-access-to-a-database)
 - [Create a token with read-only access to multiple databases](#create-a-token-with-read-only-access-to-multiple-databases)
 - [Create a token with mixed permissions to multiple databases](#create-a-token-with-mixed-permissions-on-multiple-databases)
@@ -76,6 +81,15 @@ influxctl token create \
 ```
 {{% /code-placeholders %}}
 
+### Create a token with read and write access to all databases
+
+```sh
+influxctl token create \
+  --read-database "*" \
+  --write-database "*" \
+  "Read/write token for all databases"
+```
+
 ### Create a token with read-only access to a database
 
 {{% code-placeholders "DATABASE_NAME" %}}
diff --git a/content/influxdb/cloud-dedicated/reference/cli/influxctl/token/update.md b/content/influxdb/cloud-dedicated/reference/cli/influxctl/token/update.md
index f4fc4b7b2..bf2876cd9 100644
--- a/content/influxdb/cloud-dedicated/reference/cli/influxctl/token/update.md
+++ b/content/influxdb/cloud-dedicated/reference/cli/influxctl/token/update.md
@@ -12,6 +12,10 @@ weight: 301
 The `influxctl token update` command updates a database token with specified
 permissions to resources in an InfluxDB Cloud Dedicated cluster.
 
+The `--read-database` and `--write-database` flags support the `*` wildcard
+which grants read or write permissions to all databases. Enclose wildcards in
+single or double quotes--for example: `'*'` or `"*"`.
+
 ## Usage
 
 ```sh
@@ -50,6 +54,7 @@ _Also see [`influxctl` global flags](/influxdb/cloud-dedicated/reference/cli/inf
 ## Examples
 
 - [Update a token's permissions](#update-a-tokens-permissions)
+- [Update a token with read and write access to all databases](#update-a-token-with-read-and-write-access-to-all-databases)
 - [Update a token with read-only access to multiple databases](#update-a-token-with-read-only-access-to-multiple-databases)
 - [Update a token with mixed permissions to multiple databases](#update-a-token-with-mixed-permissions-to-multiple-databases)
 
@@ -70,6 +75,17 @@ influxctl token update \
 ```
 {{% /code-placeholders %}}
 
+### Update a token with read and write access to all databases
+
+{{% code-placeholders "TOKEN_ID" %}}
+```sh
+influxctl token update \
+  --read-database "*" \
+  --write-database "*" \
+  TOKEN_ID
+```
+{{% /code-placeholders %}}
+
 ### Update a token with read-only access to multiple databases
 
 {{% code-placeholders "DATABASE_NAME|DATABASE2_NAME|TOKEN_ID" %}}
diff --git a/content/influxdb/clustered/admin/tokens/database/create.md b/content/influxdb/clustered/admin/tokens/database/create.md
index 02554a6de..f0309aab3 100644
--- a/content/influxdb/clustered/admin/tokens/database/create.md
+++ b/content/influxdb/clustered/admin/tokens/database/create.md
@@ -32,6 +32,11 @@ to create a token that grants access to databases in your InfluxDB cluster.
     - Token permissions (read and write)
       - `--read-database`: Grants read permissions to the specified database. Repeatable.
       - `--write-database`: Grants write permissions to the specified database. Repeatable.
+
+      Both of these flags support the `*` wildcard which grants read or write
+      permissions to all databases. Enclose wildcards in single or double
+      quotes--for example: `'*'` or `"*"`.
+
     - Token description
 
 {{% code-placeholders "DATABASE_NAME|TOKEN_DESCRIPTION" %}}
@@ -64,6 +69,7 @@ For example, see how to [authenticate Telegraf using tokens in your OS secret st
 #### Examples
 
 - [Create a token with read and write access to a database](#create-a-token-with-read-and-write-access-to-a-database)
+- [Create a token with read and write access to all databases](#create-a-token-with-read-and-write-access-to-all-databases)
 - [Create a token with read-only access to a database](#create-a-token-with-read-only-access-to-a-database)
 - [Create a token with read-only access to multiple databases](#create-a-token-with-read-only-access-to-multiple-databases)
 - [Create a token with mixed permissions to multiple databases](#create-a-token-with-mixed-permissions-to-multiple-databases)
@@ -84,6 +90,15 @@ influxctl token create \
 ```
 {{% /code-placeholders %}}
 
+#### Create a token with read and write access to all databases
+
+```sh
+influxctl token create \
+  --read-database "*" \
+  --write-database "*" \
+  "Read/write token for all databases"
+```
+
 #### Create a token with read-only access to a database
 
 {{% code-placeholders "DATABASE_NAME" %}}
diff --git a/content/influxdb/clustered/admin/tokens/database/update.md b/content/influxdb/clustered/admin/tokens/database/update.md
index d2857b060..ee0b9d8eb 100644
--- a/content/influxdb/clustered/admin/tokens/database/update.md
+++ b/content/influxdb/clustered/admin/tokens/database/update.md
@@ -30,6 +30,11 @@ to update a database token's permissions in your {{< product-name omit=" Cluster
     - Token permissions (read and write)
       - `--read-database`: Grants read permissions to the specified database. Repeatable.
       - `--write-database`: Grants write permissions to the specified database. Repeatable.
+
+      Both of these flags support the `*` wildcard which grants read or write
+      permissions to all databases. Enclose wildcards in single or double
+      quotes--for example: `'*'` or `"*"`.
+
     - Token ID
 
 {{% code-placeholders "DATABASE_NAME|TOKEN_ID" %}}
@@ -57,6 +62,7 @@ To retain existing permissions, include them in the update command.
 ### Examples
 
 - [Update a token with read and write access to a database](#update-a-token-with-read-and-write-access-to-a-database)
+- [Update a token with read and write access to all databases](#update-a-token-with-read-and-write-access-to-all-databases)
 - [Update a token with read-only access to a database](#update-a-token-with-read-only-access-to-a-database)
 - [Update a token with read-only access to multiple databases](#update-a-token-with-read-only-access-to-multiple-databases)
 - [Update a token with mixed permissions to multiple databases](#update-a-token-with-mixed-permissions-to-multiple-databases)
@@ -78,6 +84,17 @@ influxctl token update \
 ```
 {{% /code-placeholders %}}
 
+#### Update a token with read and write access to all databases
+
+{{% code-placeholders "TOKEN_ID" %}}
+```sh
+influxctl token update \
+  --read-database "*" \
+  --write-database "*" \
+  TOKEN_ID
+```
+{{% /code-placeholders %}}
+
 #### Update a token with read-only access to a database
 
 {{% code-placeholders "DATABASE_NAME|TOKEN_ID" %}}
diff --git a/content/influxdb/clustered/reference/cli/influxctl/token/create.md b/content/influxdb/clustered/reference/cli/influxctl/token/create.md
index 8bf0ab390..f4739a756 100644
--- a/content/influxdb/clustered/reference/cli/influxctl/token/create.md
+++ b/content/influxdb/clustered/reference/cli/influxctl/token/create.md
@@ -13,6 +13,10 @@ The `influxctl token create` command creates a database token with specified
 permissions to resources in an InfluxDB cluster and outputs
 the token string.
 
+The `--read-database` and `--write-database` flags support the `*` wildcard
+which grants read or write permissions to all databases. Enclose wildcards in
+single or double quotes--for example: `'*'` or `"*"`.
+
 The `--format` flag lets you print the output in other formats.
 The `json` format is available for programmatic parsing by other tooling.
 Default: `table`.
@@ -55,6 +59,7 @@ _Also see [`influxctl` global flags](/influxdb/clustered/reference/cli/influxctl
 ## Examples
 
 - [Create a token with read and write access to a database](#create-a-token-with-read-and-write-access-to-a-database)
+- [Create a token with read and write access to all databases](#create-a-token-with-read-and-write-access-to-all-databases)
 - [Create a token with read-only access to a database](#create-a-token-with-read-only-access-to-a-database)
 - [Create a token with read-only access to multiple databases](#create-a-token-with-read-only-access-to-multiple-databases)
 - [Create a token with mixed permissions to multiple databases](#create-a-token-with-mixed-permissions-on-multiple-databases)
@@ -76,6 +81,15 @@ influxctl token create \
 ```
 {{% /code-placeholders %}}
 
+### Create a token with read and write access to all databases
+
+```sh
+influxctl token create \
+  --read-database "*" \
+  --write-database "*" \
+  "Read/write token for all databases"
+```
+
 ### Create a token with read-only access to a database
 
 {{% code-placeholders "DATABASE_NAME" %}}
diff --git a/content/influxdb/clustered/reference/cli/influxctl/token/update.md b/content/influxdb/clustered/reference/cli/influxctl/token/update.md
index b9209cc63..bbfbe8914 100644
--- a/content/influxdb/clustered/reference/cli/influxctl/token/update.md
+++ b/content/influxdb/clustered/reference/cli/influxctl/token/update.md
@@ -12,6 +12,10 @@ weight: 301
 The `influxctl token update` command updates a database token with specified
 permissions to resources in an InfluxDB cluster.
 
+The `--read-database` and `--write-database` flags support the `*` wildcard
+which grants read or write permissions to all databases. Enclose wildcards in
+single or double quotes--for example: `'*'` or `"*"`.
+
 ## Usage
 
 ```sh
@@ -50,6 +54,7 @@ _Also see [`influxctl` global flags](/influxdb/clustered/reference/cli/influxctl
 ## Examples
 
 - [Update a token's permissions](#update-a-tokens-permissions)
+- [Update a token with read and write access to all databases](#update-a-token-with-read-and-write-access-to-all-databases)
 - [Update a token with read-only access to multiple databases](#update-a-token-with-read-only-access-to-multiple-databases)
 - [Update a token with mixed permissions to multiple databases](#update-a-token-with-mixed-permissions-to-multiple-databases)
 
@@ -70,6 +75,17 @@ influxctl token update \
 ```
 {{% /code-placeholders %}}
 
+### Update a token with read and write access to all databases
+
+{{% code-placeholders "TOKEN_ID" %}}
+```sh
+influxctl token update \
+  --read-database "*" \
+  --write-database "*" \
+  TOKEN_ID
+```
+{{% /code-placeholders %}}
+
 ### Update a token with read-only access to multiple databases
 
 {{% code-placeholders "DATABASE_NAME|DATABASE2_NAME|TOKEN_ID" %}}