diff --git a/api-docs/cloud/ref.yml b/api-docs/cloud/ref.yml index 4b5b0c43a..eaa8b7811 100644 --- a/api-docs/cloud/ref.yml +++ b/api-docs/cloud/ref.yml @@ -730,16 +730,16 @@ components: $ref: '#/components/schemas/Links' ColorMapping: additionalProperties: - type: int + type: string description: >- A color mapping is an object that maps time series data to a UI color scheme to allow the UI to render graphs consistent colors across reloads. example: - configcat_deployments-autopromotionblocker: 0 - measurement_birdmigration_europe: 0 - series_id_1: 0 - series_id_2: 1 + configcat_deployments-autopromotionblocker: '#663cd0' + measurement_birdmigration_europe: '#663cd0' + series_id_1: '#edf529' + series_id_2: '#edf529' type: object ColumnDataType: enum: @@ -5981,7 +5981,7 @@ components: For more information and examples, see the following: - [`/authorizations`](#tag/Authorizations) endpoint. - [Authorize API requests](/influxdb/cloud/api-guide/api_intro/#authentication). - - [Manage API tokens](/influxdb/cloud/security/tokens). + - [Manage API tokens](/influxdb/cloud/security/tokens/). in: header name: Authorization type: apiKey @@ -12236,7 +12236,7 @@ paths: InfluxDB validated the request data format and accepted the data for writing to the bucket. `204` doesn't indicate a successful write operation since writes are asynchronous. See [how to check for write - errors](https://docs.influxdata.com/influxdb/cloud/write-data/troubleshoot). + errors](https://docs.influxdata.com/influxdb/cloud/write-data/troubleshoot/). '400': content: application/json: @@ -12352,7 +12352,7 @@ paths: description: Internal server error. '503': description: >- - The server is temporarily unavailable to accept writes. The + The server is temporarily unavailable to accept writes. The `Retry-After` header describes when to try the write again. headers: Retry-After: @@ -12392,8 +12392,8 @@ tags: For more information and examples, see the following: - [Authorize API requests](/influxdb/cloud/api-guide/api_intro/#authentication). - - [Manage API tokens](/influxdb/cloud/security/tokens). - - [Assign a token to a specific user](/influxdb/cloud/security/tokens/create-token). + - [Manage API tokens](/influxdb/cloud/security/tokens/). + - [Assign a token to a specific user](/influxdb/cloud/security/tokens/create-token/). name: Authorizations - Bucket Schemas - Buckets diff --git a/api-docs/cloud/swaggerV1Compat.yml b/api-docs/cloud/swaggerV1Compat.yml index 9e7bf32b4..1a2cdaef3 100644 --- a/api-docs/cloud/swaggerV1Compat.yml +++ b/api-docs/cloud/swaggerV1Compat.yml @@ -36,13 +36,13 @@ paths: type: string required: true description: >- - Bucket to write to. If none exist a bucket will be created with - a default 3 day retention policy. + Bucket to write to. If none exists, a bucket will be created with a + default 3-day retention policy. - in: query name: rp schema: type: string - description: The retention policy name. + description: Retention policy name. - in: query name: precision schema: @@ -113,7 +113,7 @@ paths: format: int32 '503': description: >- - Server is temporarily unavailable to accept writes. The Retry-After + Server is temporarily unavailable to accept writes. The Retry-After header describes when to try the write again. headers: Retry-After: diff --git a/api-docs/v2.1/ref.yml b/api-docs/v2.1/ref.yml index dfd5070d5..3e83b7739 100644 --- a/api-docs/v2.1/ref.yml +++ b/api-docs/v2.1/ref.yml @@ -796,16 +796,16 @@ components: $ref: '#/components/schemas/Links' ColorMapping: additionalProperties: - type: int + type: string description: >- A color mapping is an object that maps time series data to a UI color scheme to allow the UI to render graphs consistent colors across reloads. example: - configcat_deployments-autopromotionblocker: 0 - measurement_birdmigration_europe: 0 - series_id_1: 0 - series_id_2: 1 + configcat_deployments-autopromotionblocker: '#663cd0' + measurement_birdmigration_europe: '#663cd0' + series_id_1: '#edf529' + series_id_2: '#edf529' type: object ConditionalExpression: description: >- @@ -8022,13 +8022,13 @@ paths: application/json: schema: $ref: '#/components/schemas/HealthCheck' - description: The instance is healthy + description: The instance is healthy. '503': content: application/json: schema: $ref: '#/components/schemas/HealthCheck' - description: The instance is unhealthy + description: The instance is unhealthy. default: $ref: '#/components/responses/ServerError' description: Unexpected error @@ -8426,6 +8426,71 @@ paths: summary: Update a password tags: - Users + /metrics: + get: + operationId: GetMetrics + parameters: + - $ref: '#/components/parameters/TraceSpan' + responses: + '200': + content: + text/plain: + examples: + expositionResponse: + summary: Metrics in plain text + value: > + # HELP go_threads Number of OS threads created. + + # TYPE go_threads gauge + + go_threads 19 + + # HELP http_api_request_duration_seconds Time taken to + respond to HTTP request + + # TYPE http_api_request_duration_seconds histogram + + http_api_request_duration_seconds_bucket{handler="platform",method="GET",path="/:fallback_path",response_code="200",status="2XX",user_agent="curl",le="0.005"} + 4 + + http_api_request_duration_seconds_bucket{handler="platform",method="GET",path="/:fallback_path",response_code="200",status="2XX",user_agent="curl",le="0.01"} + 4 + + http_api_request_duration_seconds_bucket{handler="platform",method="GET",path="/:fallback_path",response_code="200",status="2XX",user_agent="curl",le="0.025"} + 5 + schema: + externalDocs: + description: Prometheus exposition formats + url: https://prometheus.io/docs/instrumenting/exposition_formats + type: Prometheus text-based exposition + description: > + Payload body contains metrics about the InfluxDB instance. + + + Metrics are formatted in the + + Prometheus [plain-text exposition + format](https://prometheus.io/docs/instrumenting/exposition_formats). + + Each metric is identified by its name and a set of optional + key-value pairs. + + + The following descriptors precede each metric: + + + - *`HELP`*: description of the metric + + - *`TYPE`*: type of the metric (e.g. `counter`, `gauge`, + `histogram`, or `summary`) + default: + $ref: '#/components/responses/ServerError' + description: Unexpected error + servers: + - url: '' + summary: Get metrics of an instance + tags: + - Metrics /api/v2/notificationEndpoints: get: operationId: GetNotificationEndpoints @@ -12816,7 +12881,7 @@ paths: InfluxDB validated the request data format and accepted the data for writing to the bucket. `204` doesn't indicate a successful write operation since writes are asynchronous. See [how to check for write - errors](https://docs.influxdata.com/influxdb/v2.1/write-data/troubleshoot). + errors](https://docs.influxdata.com/influxdb/v2.1/write-data/troubleshoot/). '400': content: application/json: @@ -12932,7 +12997,7 @@ paths: description: Internal server error. '503': description: >- - The server is temporarily unavailable to accept writes. The + The server is temporarily unavailable to accept writes. The `Retry-After` header describes when to try the write again. headers: Retry-After: @@ -12973,7 +13038,7 @@ tags: For more information and examples, see the following: - [Authorize API requests](/influxdb/v2.1/api-guide/api_intro/#authentication). - [Manage API tokens](/influxdb/v2.1/security/tokens/). - - [Assign a token to a specific user](/influxdb/v2.1/security/tokens/create-token). + - [Assign a token to a specific user](/influxdb/v2.1/security/tokens/create-token/). name: Authorizations - Backup - Buckets @@ -12985,6 +13050,7 @@ tags: - Health - Labels - Legacy Authorizations + - Metrics - NotificationEndpoints - NotificationRules - Organizations @@ -13118,6 +13184,7 @@ x-tagGroups: - Health - Labels - Legacy Authorizations + - Metrics - NotificationEndpoints - NotificationRules - Organizations diff --git a/api-docs/v2.1/swaggerV1Compat.yml b/api-docs/v2.1/swaggerV1Compat.yml index 9c0604e70..6ebeeb9f3 100644 --- a/api-docs/v2.1/swaggerV1Compat.yml +++ b/api-docs/v2.1/swaggerV1Compat.yml @@ -36,13 +36,13 @@ paths: type: string required: true description: >- - The bucket to write to. If none exist a bucket will be created with - a default 3 day retention policy. + Bucket to write to. If none exist a bucket will be created with a + default 3 day retention policy. - in: query name: rp schema: type: string - description: The retention policy name. + description: Retention policy name. - in: query name: precision schema: @@ -185,12 +185,12 @@ paths: schema: type: string required: true - description: The bucket to query. + description: Bucket to query. - in: query name: rp schema: type: string - description: The retention policy name. + description: Retention policy name. - in: query name: q description: Defines the influxql query to run. diff --git a/content/enterprise_influxdb/v1.9/administration/configure/ports.md b/content/enterprise_influxdb/v1.9/administration/configure/ports.md index 225af997a..cb44e2428 100644 --- a/content/enterprise_influxdb/v1.9/administration/configure/ports.md +++ b/content/enterprise_influxdb/v1.9/administration/configure/ports.md @@ -64,7 +64,7 @@ This port should not be exposed outside the cluster. ### 2003 The default port that runs the Graphite service. -[Enable and configure this port](/enterprise_influxdb/v1.9/administration/config#bind-address-2003) +[Enable and configure this port](/enterprise_influxdb/v1.9/administration/config-data-nodes/#bind-address-2003) in the configuration file. **Resources** [Graphite README](https://github.com/influxdata/influxdb/tree/1.8/services/graphite/README.md) diff --git a/content/enterprise_influxdb/v1.9/administration/configure/security/_index.md b/content/enterprise_influxdb/v1.9/administration/configure/security/_index.md new file mode 100644 index 000000000..993d1c88c --- /dev/null +++ b/content/enterprise_influxdb/v1.9/administration/configure/security/_index.md @@ -0,0 +1,16 @@ +--- +title: Configure security +description: Configure security features in InfluxDB Enterprise. +menu: + enterprise_influxdb_1_9: + name: Configure security + weight: 40 + parent: Configure +aliases: + - /enterprise_influxdb/v1.9/administration/security/ +--- + +_For user and permission management (authorization), +see [Manage users and permissions](/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/)._ + +{{< children >}} diff --git a/content/enterprise_influxdb/v1.9/administration/configure/security/authentication.md b/content/enterprise_influxdb/v1.9/administration/configure/security/authentication.md new file mode 100644 index 000000000..7cef96fcd --- /dev/null +++ b/content/enterprise_influxdb/v1.9/administration/configure/security/authentication.md @@ -0,0 +1,114 @@ +--- +title: Configure authentication +description: > + Enable authentication to require credentials for a cluster. +menu: + enterprise_influxdb_1_9: + parent: Configure security + name: Configure authentication +weight: 10 +--- + +To configure authentication, do one of the following: + +- [Enable authentication](#enable-authentication) +- [Configure authentication using JWT tokens](#configure-authentication-using-jwt-tokens) ([InfluxDB HTTP API](/enterprise_influxdb/v1.9/tools/api/) only) + +## Enable authentication + +Authentication is disabled by default in InfluxDB and InfluxDB Enterprise. +After [installing the data nodes](/enterprise_influxdb/v1.9/introduction/install-and-deploy/installation/data_node_installation/), +enable authentication to control access to your cluster. + +To enable authentication in a cluster, do the following: + +1. Set `auth-enabled` to `true` in the `[http]` section of the configuration files + for all meta **and** data nodes: + ```toml + [http] + # ... + auth-enabled = true + ``` +1. Next, create an admin user (if you haven't already). + Using the [`influx` CLI](/enterprise_influxdb/v1.9/tools/influx-cli/), + run the following command: + ``` + CREATE USER admin WITH PASSWORD 'mypassword' WITH ALL PRIVILEGES + ``` +1. Restart InfluxDB Enterprise. + Once restarted, InfluxDB Enterprise checks user credentials on every request + and only processes requests with valid credentials. + +## Configure authentication using JWT tokens + +For a more secure alternative to using passwords, include JWT tokens in requests to the InfluxDB API. + +1. **Add a shared secret in your InfluxDB Enterprise configuration file**. + + InfluxDB Enterprise uses the shared secret to encode the JWT signature. + By default, `shared-secret` is set to an empty string (no JWT authentication). + Add a custom shared secret in your [InfluxDB configuration file](/enterprise_influxdb/v1.9/administration/configure/config-data-nodes/#shared-secret--) + for each meta and data node. + Longer strings are more secure: + + ```toml + [http] + shared-secret = "my super secret pass phrase" + ``` + + Alternatively, to avoid keeping your secret phrase as plain text in your InfluxDB configuration file, + set the value with the `INFLUXDB_HTTP_SHARED_SECRET` environment variable (for example, in Linux: `export INFLUXDB_HTTP_SHARED_SECRET=MYSUPERSECRETPASSPHRASE`). + +2. **Generate your JWT token**. + + Use an authentication service (such as, [https://jwt.io/](https://jwt.io/)) + to generate a secure token using your InfluxDB username, an expiration time, and your shared secret. + + The payload (or claims) of the token must be in the following format: + + ```json + { + "username": "myUserName", + "exp": 1516239022 + } + ``` + + - **username** - InfluxDB username. + - **exp** - Token expiration in UNIX [epoch time](/enterprise_influxdb/v1.9/query_language/explore-data/#epoch_time). + For increased security, keep token expiration periods short. + For testing, you can manually generate UNIX timestamps using [https://www.unixtimestamp.com/index.php](https://www.unixtimestamp.com/index.php). + + To encode the payload using your shared secret, use a JWT library in your own authentication server or encode by hand at [https://jwt.io/](https://jwt.io/). + +3. **Include the token in HTTP requests**. + + Include your generated token as part of the `Authorization` header in HTTP requests: + + ``` + Authorization: Bearer + ``` + {{% note %}} +Only unexpired tokens will successfully authenticate. +Verify your token has not expired. + {{% /note %}} + +#### Example query request with JWT authentication +```bash +curl -G "http://localhost:8086/query?db=demodb" \ + --data-urlencode "q=SHOW DATABASES" \ + --header "Authorization: Bearer
.." +``` + +## Authentication and authorization HTTP errors + +Requests with no authentication credentials or incorrect credentials yield the `HTTP 401 Unauthorized` response. + +Requests by unauthorized users yield the `HTTP 403 Forbidden` response. + +## Next steps + +After configuring authentication, +you can [manage users and permissions](/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/) +as necessary. + +{{% enterprise-warning-authn-b4-authz %}} diff --git a/content/enterprise_influxdb/v1.9/administration/manage/security/configure-password-hashing.md b/content/enterprise_influxdb/v1.9/administration/configure/security/configure-password-hashing.md similarity index 96% rename from content/enterprise_influxdb/v1.9/administration/manage/security/configure-password-hashing.md rename to content/enterprise_influxdb/v1.9/administration/configure/security/configure-password-hashing.md index 4e92f9047..2e27a86a1 100644 --- a/content/enterprise_influxdb/v1.9/administration/manage/security/configure-password-hashing.md +++ b/content/enterprise_influxdb/v1.9/administration/configure/security/configure-password-hashing.md @@ -5,12 +5,13 @@ description: > menu: enterprise_influxdb_1_9: name: Configure password hashing - parent: Manage security -weight: 44 + parent: Configure security +weight: 40 related: - /enterprise_influxdb/v1.9/administration/configuration/ aliases: - /enterprise_influxdb/v1.9/administration/configure-password-hashing/ + - /enterprise_influxdb/v1.9/administration/manage/configure-password-hashing/ --- By default, InfluxDB Enterprise uses `bcrypt` for password hashing. diff --git a/content/enterprise_influxdb/v1.9/guides/enable_tls.md b/content/enterprise_influxdb/v1.9/administration/configure/security/enable_tls.md similarity index 98% rename from content/enterprise_influxdb/v1.9/guides/enable_tls.md rename to content/enterprise_influxdb/v1.9/administration/configure/security/enable_tls.md index c1f4c8733..783f36067 100644 --- a/content/enterprise_influxdb/v1.9/guides/enable_tls.md +++ b/content/enterprise_influxdb/v1.9/administration/configure/security/enable_tls.md @@ -1,14 +1,16 @@ --- -title: Enable HTTPS over TLS for InfluxDB Enterprise +title: Configure HTTPS over TLS description: > Enabling HTTPS over TLS encrypts the communication between clients and the InfluxDB Enterprise server, and between nodes in the cluster. menu: enterprise_influxdb_1_9: - name: Enable TLS - weight: 100 - parent: Guides + name: Configure TLS for cluster + parent: Configure security +weight: 20 aliases: - /enterprise_influxdb/v1.9/guides/https_setup/ + - /enterprise_influxdb/v1.9/guides/enable_tls/ + - /enterprise_influxdb/v1.9/guides/enable-tls/ --- Enabling HTTPS over TLS encrypts the communication between clients and the InfluxDB Enterprise server, and between nodes in the cluster. diff --git a/content/enterprise_influxdb/v1.9/administration/manage/security/ldap.md b/content/enterprise_influxdb/v1.9/administration/configure/security/ldap.md similarity index 98% rename from content/enterprise_influxdb/v1.9/administration/manage/security/ldap.md rename to content/enterprise_influxdb/v1.9/administration/configure/security/ldap.md index f8f49dfa2..abab1bab6 100644 --- a/content/enterprise_influxdb/v1.9/administration/manage/security/ldap.md +++ b/content/enterprise_influxdb/v1.9/administration/configure/security/ldap.md @@ -1,14 +1,15 @@ --- -title: Configure LDAP authentication in InfluxDB Enterprise +title: Configure LDAP authentication description: > Configure LDAP authentication in InfluxDB Enterprise and test LDAP connectivity. menu: enterprise_influxdb_1_9: name: Configure LDAP authentication - parent: Manage security -weight: 43 + parent: Configure security +weight: 30 aliases: - /enterprise_influxdb/v1.9/administration/ldap/ + - /enterprise_influxdb/v1.9/administration/manage/security/ldap/ --- Configure InfluxDB Enterprise to use LDAP (Lightweight Directory Access Protocol) to: diff --git a/content/enterprise_influxdb/v1.9/administration/manage/clusters/rebalance.md b/content/enterprise_influxdb/v1.9/administration/manage/clusters/rebalance.md index afa30c5db..addd5b15d 100644 --- a/content/enterprise_influxdb/v1.9/administration/manage/clusters/rebalance.md +++ b/content/enterprise_influxdb/v1.9/administration/manage/clusters/rebalance.md @@ -2,8 +2,8 @@ title: Rebalance InfluxDB Enterprise clusters description: Manually rebalance an InfluxDB Enterprise cluster. aliases: - - /enterprise/v1.8/guides/rebalance/ - - /enterprise/v1.9/guides/rebalance/ + - /enterprise_influxdb/v1.8/guides/rebalance/ + - /enterprise_influxdb/v1.9/guides/rebalance/ menu: enterprise_influxdb_1_9: name: Rebalance clusters diff --git a/content/enterprise_influxdb/v1.9/administration/manage/security/_index.md b/content/enterprise_influxdb/v1.9/administration/manage/security/_index.md deleted file mode 100644 index 7ce34a05b..000000000 --- a/content/enterprise_influxdb/v1.9/administration/manage/security/_index.md +++ /dev/null @@ -1,60 +0,0 @@ ---- -title: Manage security -description: Configuration, security, and logging in InfluxDB enterprise. -menu: - enterprise_influxdb_1_9: - name: Manage security - weight: 40 - parent: Manage -aliases: - - /enterprise_influxdb/v1.9/administration/security/ ---- - - - -{{< children >}} diff --git a/content/enterprise_influxdb/v1.9/administration/manage/security/authentication_and_authorization.md b/content/enterprise_influxdb/v1.9/administration/manage/security/authentication_and_authorization.md deleted file mode 100644 index cc8fbfeff..000000000 --- a/content/enterprise_influxdb/v1.9/administration/manage/security/authentication_and_authorization.md +++ /dev/null @@ -1,541 +0,0 @@ ---- -title: Manage authentication and authorization -description: > - Set up and manage authentication and authorization in InfluxDB Enterprise. -menu: - enterprise_influxdb_1_9: - name: Manage authentication and authorization - parent: Manage security -weight: 41 -related: - - /enterprise_influxdb/v1.9/guides/fine-grained-authorization/ - - /{{< latest "chronograf" >}}/administration/managing-influxdb-users/ -aliases: - - /enterprise_influxdb/v1.9/administration/authentication_and_authorization/ ---- - -This document covers setting up and managing authentication and authorization in InfluxDB Enterprise. - -- [Authentication](#authentication) - - [Enable Authentication](#enable-authentication) - - [Authenticate Requests](#authenticate-requests) -- [Authorization](#authorization) - - [User Types and Privileges](#user-types-and-privileges) - - [User Management Commands](#user-management-commands) -- [HTTP Errors](#authentication-and-authorization-http-errors) - -## Authentication - -Enable authentication in InfluxDB Enterprise -to only allow requests that are sent with valid credentials to execute. - -{{% note %}} -#### Plugins not authenticated -Authentication only occurs at the HTTP request scope. -Plugins do not currently have the ability to authenticate requests and service -endpoints (for example, Graphite, collectd, etc.) are not authenticated. -{{% /note %}} - -{{% note %}} -#### Authentication recommended on public endpoints -If InfluxDB Enterprise is being deployed on a publicly accessible endpoint, -we **strongly recommend** enabling authentication. -Otherwise, data and potentially destructive commands will be publicly available to any unauthenticated user. -For additional security, -InfluxDB Enterprise should be run behind a third-party service. -Authentication and authorization should not be soley relied upon -to prevent access and protect data from malicious actors. -{{% /note %}} - -### Enable authentication - -Authentication is disabled by default in InfluxDB and InfluxDB Enterprise. -All credentials are silently ignored, and all users have all privileges. - -To enable authentication in a cluster, do the following: - -1. **Create at least one [admin user](#admin-users)**. - - To create an admin user, - run the following command using the [`influx` CLI](/enterprise_influxdb/v1.9/tools/influx-cli/): - ``` - CREATE USER admin WITH PASSWORD 'mypassword' WITH ALL PRIVILEGES - ``` - -2. **Enable authentication in your meta and data configuration files**. - - Set the `auth-enabled` options to `true` in the `[http]` section: - - ```toml - [http] - enabled = true - bind-address = ":8086" - auth-enabled = true # Set to true - log-enabled = true - write-tracing = false - pprof-enabled = true - pprof-auth-enabled = true - debug-pprof-enabled = false - ping-auth-enabled = true - https-enabled = true - https-certificate = "/etc/ssl/influxdb.pem" - ``` - - {{% note %}} -If `pprof-enabled` is set to `true`, set `pprof-auth-enabled` and `ping-auth-enabled` -to `true` to require authentication on profiling and ping endpoints. - {{% /note %}} - -3. **Restart InfluxDB Enterprise**. - Once restarted, InfluxDB Enterprise checks user credentials on every request and only - processes requests that have valid credentials for an existing user. - -### Authenticate requests - -#### Authenticate with the InfluxDB API - -Authenticate with the [InfluxDB API](/enterprise_influxdb/v1.9/tools/api/) using one of the following options: - -- [Authenticate with basic authentication](#authenticate-with-basic-authentication) -- [Authenticate with query parameters in the URL or request body](#authenticate-with-query-parameters-in-the-url-or-request-body) - -If you authenticate with both basic authentication **and** the URL query parameters, -the user credentials specified in the query parameters take precedence. -The following examples demonstrate queries with [admin user](#admin-users) permissions. -To learn about different users types, permissions, and how to manage users, see [authorization](#authorization). - -{{% note %}} -InfluxDB Enterprise redacts passwords in log output when you enable authentication. -{{% /note %}} - -##### Authenticate with basic authentication -```bash -curl -G http://localhost:8086/query \ - -u todd:password4todd \ - --data-urlencode "q=SHOW DATABASES" -``` - -##### Authenticate with query parameters in the URL or request body -Set `u` as the username and `p` as the password. - -###### Credentials as query parameters -```bash -curl -G "http://localhost:8086/query?u=todd&p=password4todd" \ - --data-urlencode "q=SHOW DATABASES" -``` - -###### Credentials in the request body -```bash -curl -G http://localhost:8086/query \ - --data-urlencode "u=todd" \ - --data-urlencode "p=password4todd" \ - --data-urlencode "q=SHOW DATABASES" -``` - -#### Authenticate with the CLI - -There are three options for authenticating with the [CLI](/enterprise_influxdb/v1.9/tools/influx-cli/): - -- [Authenticate with environment variables](#authenticate-with-environment-variables) -- [Authenticate with CLI flags](#authenticate-with-cli-flags) -- [Authenticate with credentials in the influx shell](#authenticate-with-credentials-in-the-influx-shell) - -##### Authenticate with environment variables -Use the `INFLUX_USERNAME` and `INFLUX_PASSWORD` environment variables to provide -authentication credentials to the `influx` CLI. - -```bash -export INFLUX_USERNAME=todd -export INFLUX_PASSWORD=password4todd -echo $INFLUX_USERNAME $INFLUX_PASSWORD -todd password4todd - -influx -Connected to http://localhost:8086 version {{< latest-patch >}} -InfluxDB shell {{< latest-patch >}} -``` - -##### Authenticate with CLI flags -Use the `-username` and `-password` flags to provide authentication credentials -to the `influx` CLI. - -```bash -influx -username todd -password password4todd -Connected to http://localhost:8086 version {{< latest-patch >}} -InfluxDB shell {{< latest-patch >}} -``` - -##### Authenticate with credentials in the influx shell -Start the `influx` shell and run the `auth` command. -Enter your username and password when prompted. - -```bash -$ influx -Connected to http://localhost:8086 version {{< latest-patch >}} -InfluxDB shell {{< latest-patch >}} -> auth -username: todd -password: -> -``` - -#### Authenticate using JWT tokens -For a more secure alternative to using passwords, include JWT tokens with requests to the InfluxDB API. -This is currently only possible through the [InfluxDB HTTP API](/enterprise_influxdb/v1.9/tools/api/). - -1. **Add a shared secret in your InfluxDB Enterprise configuration file**. - - InfluxDB Enterprise uses the shared secret to encode the JWT signature. - By default, `shared-secret` is set to an empty string, in which case no JWT authentication takes place. - - Add a custom shared secret in your [InfluxDB configuration file](/enterprise_influxdb/v1.9/administration/configure/config-data-nodes/#shared-secret--). - The longer the secret string, the more secure it is: - - ```toml - [http] - shared-secret = "my super secret pass phrase" - ``` - - Alternatively, to avoid keeping your secret phrase as plain text in your InfluxDB configuration file, - set the value with the `INFLUXDB_HTTP_SHARED_SECRET` environment variable. - -2. **Generate your JWT token**. - - Use an authentication service to generate a secure token - using your InfluxDB username, an expiration time, and your shared secret. - There are online tools, such as [https://jwt.io/](https://jwt.io/), that will do this for you. - - The payload (or claims) of the token must be in the following format: - - ```json - { - "username": "myUserName", - "exp": 1516239022 - } - ``` - - - **username** - The name of your InfluxDB user. - - **exp** - The expiration time of the token in UNIX epoch time. - For increased security, keep token expiration periods short. - For testing, you can manually generate UNIX timestamps using [https://www.unixtimestamp.com/index.php](https://www.unixtimestamp.com/index.php). - - Encode the payload using your shared secret. - You can do this with either a JWT library in your own authentication server or by hand at [https://jwt.io/](https://jwt.io/). - - The generated token follows this format: `
..` - -3. **Include the token in HTTP requests**. - - Include your generated token as part of the `Authorization` header in HTTP requests: - - ``` - Authorization: Bearer - ``` - {{% note %}} -Only unexpired tokens will successfully authenticate. -Be sure your token has not expired. - {{% /note %}} - -##### Example query request with JWT authentication -```bash -curl -G "http://localhost:8086/query?db=demodb" \ - --data-urlencode "q=SHOW DATABASES" \ - --header "Authorization: Bearer
.." -``` - -## Authenticate Telegraf requests to InfluxDB - -Authenticating [Telegraf](/{{< latest "telegraf" >}}/) requests to an InfluxDB instance with -authentication enabled requires some additional steps. -In the Telegraf configuration file (`/etc/telegraf/telegraf.conf`), uncomment -and edit the `username` and `password` settings. - -```toml -############################################################################### -# OUTPUT PLUGINS # -############################################################################### - -# ... - -[[outputs.influxdb]] - # ... - username = "example-username" # Provide your username - password = "example-password" # Provide your password - -# ... -``` - -Restart Telegraf and you're all set! - -## Authorization - -Authorization in InfluxDB Enterprise refers to managing user permissions. -To enable authorization, first [enable authentication](#enable-authentication). - -This page shows examples of basic user and permission management using InfluxQL statements. -However, *only a subset of Enterprise permissions can be managed with InfluxQL.* -Consider using [Chronograf](/{{< latest "chronograf" >}}/administration/managing-influxdb-users/) -and/or the [Enterprise meta API](/enterprise_influxdb/v1.9/administration/manage/security/authentication_and_authorization-api/) -to manage InfluxDB Enterprise users and roles. - - -### User types and privileges - -InfluxDB Enterprise has the following kinds of users: - -- [Admin users](#admin-users) -- [Non-admin users](#non-admin-users) - -#### Admin users - -Admin users have the following permissions: - -| Permission | Description | Token | -|:--------------------------|---------------------------------------------------------|------------------------| -| View Admin | Permission to view or edit admin screens | `ViewAdmin` | -| View Chronograf | Permission to use Chronograf tools | `ViewChronograf` | -| Create Databases | Permission to create databases | `CreateDatabase` | -| Create Users & Roles | Permission to create users and roles | `CreateUserAndRole` | -| Add/Remove Nodes | Permission to add/remove nodes from a cluster | `AddRemoveNode` | -| Drop Databases | Permission to drop databases | `DropDatabase` | -| Drop Data | Permission to drop measurements and series | `DropData` | -| Read | Permission to read data | `ReadData` | -| Write | Permission to write data | `WriteData` | -| Rebalance | Permission to rebalance a cluster | `Rebalance` | -| Manage Shards | Permission to copy and delete shards | `ManageShard` | -| Manage Continuous Queries | Permission to create, show, and drop continuous queries | `ManageContnuousQuery` | -| Manage Queries | Permission to show and kill queries | `ManageQuery` | -| Manage Subscriptions | Permission to show, add, and drop subscriptions | `ManageSubscription` | -| Monitor | Permission to show stats and diagnostics | `Monitor` | -| Copy Shard | Permission to copy shards | `CopyShard` | - -{{% caption %}} -For more information about these commands, -see [Database management](/enterprise_influxdb/v1.9/query_language/manage-database/) and -[Continuous queries](/enterprise_influxdb/v1.9/query_language/continuous_queries/). -{{% /caption %}} - - - -#### Non-admin users - -When authentication is enabled -a new non-admin user has no access to any database -until they are specifically [granted privileges to a database](#grant-read-write-or-all-database-privileges-to-an-existing-user) -by an admin user. - -Non-admin users can [`SHOW`](/enterprise_influxdb/v1.9/query_language/explore-schema/#show-databases) -the databases for which they have `ReadData` or `WriteData` permissions. - -### User management commands - -User management commands apply to either -[admin users](#manage-admin-users), -[non-admin users](#manage-non-admin-users), -or [both](#manage-admin-and-non-admin-users). - -#### Manage admin users - -Create an admin user with: - -```sql -CREATE USER admin WITH PASSWORD '' WITH ALL PRIVILEGES -``` - -{{% note %}} -Repeating the exact `CREATE USER` statement is idempotent. -If any values change the database will return a duplicate user error. - -```sql -> CREATE USER todd WITH PASSWORD '123456' WITH ALL PRIVILEGES -> CREATE USER todd WITH PASSWORD '123456' WITH ALL PRIVILEGES -> CREATE USER todd WITH PASSWORD '123' WITH ALL PRIVILEGES -ERR: user already exists -> CREATE USER todd WITH PASSWORD '123456' -ERR: user already exists -> CREATE USER todd WITH PASSWORD '123456' WITH ALL PRIVILEGES -> -``` -{{% /note %}} - -##### `GRANT` administrative privileges to an existing user -```sql -GRANT ALL PRIVILEGES TO -``` - -##### `REVOKE` administrative privileges from an admin user -```sql -REVOKE ALL PRIVILEGES FROM -``` - -##### `SHOW` all existing users and their admin status -```sql -SHOW USERS -``` - -###### CLI Example -```sql -> SHOW USERS -user admin -todd false -paul true -hermione false -dobby false -``` - -#### Manage non-admin users - -##### `CREATE` a new non-admin user -```sql -CREATE USER WITH PASSWORD '' -``` - -###### CLI example -```js -> CREATE USER todd WITH PASSWORD 'influxdb41yf3' -> CREATE USER alice WITH PASSWORD 'wonder\'land' -> CREATE USER "rachel_smith" WITH PASSWORD 'asdf1234!' -> CREATE USER "monitoring-robot" WITH PASSWORD 'XXXXX' -> CREATE USER "$savyadmin" WITH PASSWORD 'm3tr1cL0v3r' -``` - -{{% note %}} -##### Important notes about providing user credentials -- The user value must be wrapped in double quotes if - it starts with a digit, is an InfluxQL keyword, contains a hyphen, - or includes any special characters (for example: `!@#$%^&*()-`). -- The password [string](/influxdb/v1.8/query_language/spec/#strings) must be wrapped in single quotes. - Do not include the single quotes when authenticating requests. - We recommend avoiding the single quote (`'`) and backslash (`\`) characters in passwords. - For passwords that include these characters, escape the special character with a backslash - (e.g. (`\'`) when creating the password and when submitting authentication requests. -- Repeating the exact `CREATE USER` statement is idempotent. - If any values change the database will return a duplicate user error. - -###### CLI example -```sql -> CREATE USER "todd" WITH PASSWORD '123456' -> CREATE USER "todd" WITH PASSWORD '123456' -> CREATE USER "todd" WITH PASSWORD '123' -ERR: user already exists -> CREATE USER "todd" WITH PASSWORD '123456' -> CREATE USER "todd" WITH PASSWORD '123456' WITH ALL PRIVILEGES -ERR: user already exists -> CREATE USER "todd" WITH PASSWORD '123456' -> -``` -{{% /note %}} - -##### `GRANT` `READ`, `WRITE` or `ALL` database privileges to an existing user - -```sql -GRANT [READ,WRITE,ALL] ON TO -``` - -CLI examples: - -`GRANT` `READ` access to `todd` on the `NOAA_water_database` database: - -```sql -> GRANT READ ON "NOAA_water_database" TO "todd" -``` - -`GRANT` `ALL` access to `todd` on the `NOAA_water_database` database: - -```sql -> GRANT ALL ON "NOAA_water_database" TO "todd" -``` - -##### `REVOKE` `READ`, `WRITE`, or `ALL` database privileges from an existing user - -``` -REVOKE [READ,WRITE,ALL] ON FROM -``` - -CLI examples: - -`REVOKE` `ALL` privileges from `todd` on the `NOAA_water_database` database: - -```sql -> REVOKE ALL ON "NOAA_water_database" FROM "todd" -``` - -`REVOKE` `WRITE` privileges from `todd` on the `NOAA_water_database` database: - -```sql -> REVOKE WRITE ON "NOAA_water_database" FROM "todd" -``` - -{{% note %}} -If a user with `ALL` privileges has `WRITE` privileges revoked, they are left with `READ` privileges, and vice versa. -{{% /note %}} - -##### `SHOW` a user's database privileges - -```sql -SHOW GRANTS FOR -``` - -CLI example: - -```sql -> SHOW GRANTS FOR "todd" -database privilege -NOAA_water_database WRITE -another_database_name READ -yet_another_database_name ALL PRIVILEGES -one_more_database_name NO PRIVILEGES -``` - -#### Manage admin and non-admin users - -##### Reset a user's password - -```sql -SET PASSWORD FOR = '' -``` - -CLI example: - -```sql -> SET PASSWORD FOR "todd" = 'password4todd' -``` - -{{% note %}} -The password [string](/influxdb/v1.8/query_language/spec/#strings) must be wrapped in single quotes. -Do not include the single quotes when authenticating requests. - -We recommend avoiding the single quote (`'`) and backslash (`\`) characters in passwords -For passwords that include these characters, escape the special character with a backslash (e.g. (`\'`) when creating the password and when submitting authentication requests. -{{% /note %}} - -##### `DROP` a user - -```sql -DROP USER -``` - -CLI example: - -```sql -> DROP USER "todd" -``` - -## Authentication and authorization HTTP errors - -Requests with no authentication credentials or incorrect credentials yield the `HTTP 401 Unauthorized` response. - -Requests by unauthorized users yield the `HTTP 403 Forbidden` response. diff --git a/content/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/_index.md b/content/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/_index.md new file mode 100644 index 000000000..d92c79172 --- /dev/null +++ b/content/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/_index.md @@ -0,0 +1,18 @@ +--- +title: Manage users and permissions +description: Manage authorization in InfluxDB Enterprise clusters with users, roles, and permissions. +menu: + enterprise_influxdb_1_9: + name: Manage users and permissions + weight: 40 + parent: Manage +aliases: + - /enterprise_influxdb/v1.9/administration/authentication_and_authorization/ +--- + +{{% enterprise-warning-authn-b4-authz %}} + +_For information about how to configure HTTPs over TLS, LDAP authentication, and password hashing, +see [Configure security](/enterprise_influxdb/v1.9/administration/configure/security/)._ + +{{< children >}} diff --git a/content/enterprise_influxdb/v1.9/administration/manage/security/authentication_and_authorization-api.md b/content/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/authorization-api.md similarity index 79% rename from content/enterprise_influxdb/v1.9/administration/manage/security/authentication_and_authorization-api.md rename to content/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/authorization-api.md index 412cda691..c7a148b31 100644 --- a/content/enterprise_influxdb/v1.9/administration/manage/security/authentication_and_authorization-api.md +++ b/content/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/authorization-api.md @@ -1,81 +1,38 @@ --- -title: Manage users and privileges with the InfluxDB Enterprise Meta API +title: Manage authorization with the InfluxDB Enterprise Meta API description: > - Set up and manage authentication and authorization in InfluxDB Enterprise. + Manage users and permissions with the InfluxDB Enterprise Meta API. menu: enterprise_influxdb_1_9: - name: Manage security with Meta API - parent: Manage security -weight: 42 + name: Manage authorization with the API + parent: Manage users and permissions +weight: 41 +aliases: + - /enterprise_influxdb/v1.9/administration/manage/security/authentication_and_authorization-api/ + - /enterprise_influxdb/v1.9/administration/security/authentication_and_authorization-api/ --- -- [Overview](#overview) -- [API examples](#user-and-privilege-management-over-the-influxdb-enterprise-meta-api) +{{% enterprise-warning-authn-b4-authz %}} -## Overview - -Authentication and authorization can be managed using the InfluxDB Enterprise Meta API. - -User and privilege management means -managing the contents of a user store and the permissions that users can be granted. -It entails creating and deleting users and roles, granting them privileges, and assigning roles to users. - -Managing users, roles and privileges can be done using the Chronograf InfluxDB Admin console. -However, certain operations are only available through the Enterprise meta API. - - -**Users** are granted a set of privileges. - - -A **role** is a predefined collection of privileges that can be assigned to a user. - -A **permission** (also *privilege*) is the ability to access a resource in some way, including: -- viewing the resource -- copying the resource -- dropping the resource -- writing to the resource -- full management capabilities - -The level of access and the resource are combined in predefined keys. - +Use the InfluxDB Enterprise Meta API to manage authorization for a cluster. + -* `ViewAdmin` -* `ViewChronograf` -* `CreateDatabase` -* `CreateUserAndRole` -* `AddRemoveNode` -* `DropDatabase` -* `DropData` -* `ReadData` -* `WriteData` -* `Rebalance` -* `ManageShard` -* `ManageContinuousQuery` -* `ManageQuery` -* `ManageSubscription` -* `Monitor` -* `CopyShard` +For more information, see [Enterprise users and permissions](/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/permissions/). + +### Example API requests {{% note %}} -These privileges are system privileges and are separate from the database-specific privileges -that can be inspected using the `show grants for ""` command when connected to a data node. +Many of the examples below use the `jq` utility to format JSON output for readability. +[Install `jq`](https://stedolan.github.io/jq/download/) to process JSON output. +If you don’t have access to `jq`, remove the `| jq` shown in the example. {{% /note %}} -In addition, two tokens govern Kapacitor permissions: - -* `KapacitorAPI`: - Grants the user permission to create, read, update and delete - tasks, topics, handlers and similar Kapacitor artefacts. -* `KapacitorConfigAPI`: - Grants the user permission to override the Kapacitor configuration - dynamically using the configuration endpoint. - -### User and privilege management over the InfluxDB Enterprise meta API - **Users**: - [List users](#list-users) @@ -87,6 +44,7 @@ In addition, two tokens govern Kapacitor permissions: - [Remove permissions from a user](#remove-permissions-from-a-user) - [Remove a user](#remove-a-user) - [Verify user removal](#verify-user-removal) +- [Change a user's password](#change-a-users-password) **Roles**: @@ -110,8 +68,11 @@ Use the `/user` endpoint of the InfluxDB Enterprise Meta API to manage users. ##### List users View a list of existing users. +```sh +curl --location-trusted -u "admin:changeit" -s https://cluster_node_1:8091/user | jq ``` -$ curl -u "admin:changeit" -s https://cluster_node_1:8091/user | python -m json.tool + +```json { "users": [ { @@ -151,8 +112,13 @@ Transactions that modify the user store must be sent to the lead meta node using If the node returns a 307 redirect message, try resending the request to the lead node as indicated by the `Location` field in the HTTP response header. +```sh +curl --location-trusted -u "admin:changeit" -s -v \ + -d '{"action":"create","user":{"name":"phantom2","password":"changeit"}}' \ + https://cluster_node_2:8091/user +``` + ``` -$ curl -u "admin:changeit" -s -v -d '{"action":"create","user":{"name":"phantom2","password":"changeit"}}' https://cluster_node_2:8091/user * Trying 172.31.16.140... * Connected to cluster_node_2 (172.31.16.140) port 8091 (#0) * found 149 certificates in /etc/ssl/certs/ca-certificates.crt @@ -195,8 +161,13 @@ $ curl -u "admin:changeit" -s -v -d '{"action":"create","user":{"name":"phantom2 ##### Create a user against the lead node +```sh +curl --location-trusted -u "admin:changeit" -s -v \ + -d '{"action":"create","user":{"name":"phantom","password":"changeit"}}' \ + https://cluster_node_1:8091/user +``` + ``` -$ curl -u "admin:changeit" -s -v -d '{"action":"create","user":{"name":"phantom","password":"changeit"}}' https://cluster_node_1:8091/user * Trying 172.31.16.108... * Connected to cluster_node_1 (172.31.16.108) port 8091 (#0) * found 149 certificates in /etc/ssl/certs/ca-certificates.crt @@ -237,8 +208,11 @@ $ curl -u "admin:changeit" -s -v -d '{"action":"create","user":{"name":"phantom" ##### Retrieve a user details document +```sh +curl --location-trusted --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/user?name=phantom | jq ``` -$ curl --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/user?name=phantom | python -m json.tool + +```json { "users": [ { @@ -252,7 +226,12 @@ $ curl --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/user?name= ##### Grant permissions to a user ``` -$ curl --negotiate -u "admin:changeit" -s -v -d '{"action":"add-permissions","user":{"name":"phantom","permissions":{"":["KapacitorAPI","KapacitorConfigAPI"]}}}' https://cluster_node_1:8091/user +curl --location-trusted --negotiate -u "admin:changeit" -s -v \ + -d '{"action":"add-permissions","user":{"name":"phantom","permissions":{"":["KapacitorAPI","KapacitorConfigAPI"]}}}' \ + https://cluster_node_1:8091/user +``` + +``` * Trying 172.31.16.108... * Connected to cluster_node_1 (172.31.16.108) port 8091 (#0) * found 149 certificates in /etc/ssl/certs/ca-certificates.crt @@ -291,8 +270,11 @@ $ curl --negotiate -u "admin:changeit" -s -v -d '{"action":"add-permissions","us ##### Verify user permissions +```sh +curl --location-trusted --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/user?name=phantom | jq ``` -$ curl --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/user?name=phantom | python -m json.tool + +```json { "users": [ { @@ -311,8 +293,13 @@ $ curl --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/user?name= ##### Remove permissions from a user +```sh +curl --location-trusted --negotiate -u "admin:changeit" -s -v \ + -d '{"action":"remove-permissions","user":{"name":"phantom","permissions":{"":["KapacitorConfigAPI"]}}}' \ + https://cluster_node_1:8091/user +``` + ``` -$ curl --negotiate -u "admin:changeit" -s -v -d '{"action":"remove-permissions","user":{"name":"phantom","permissions":{"":["KapacitorConfigAPI"]}}}' https://cluster_node_1:8091/user * Trying 172.31.16.108... * Connected to cluster_node_1 (172.31.16.108) port 8091 (#0) * found 149 certificates in /etc/ssl/certs/ca-certificates.crt @@ -351,8 +338,13 @@ $ curl --negotiate -u "admin:changeit" -s -v -d '{"action":"remove-permissions", ##### Remove a user +```sh +curl --location-trusted --negotiate -u "admin:changeit" -s -v \ + -d '{"action":"delete","user":{"name":"phantom2"}}' \ + https://cluster_node_1:8091/user +``` + ``` -$ curl --negotiate -u "admin:changeit" -s -v -d '{"action":"delete","user":{"name":"phantom2"}}' https://cluster_node_1:8091/user * Trying 172.31.16.108... * Connected to cluster_node_1 (172.31.16.108) port 8091 (#0) * found 149 certificates in /etc/ssl/certs/ca-certificates.crt @@ -391,19 +383,37 @@ $ curl --negotiate -u "admin:changeit" -s -v -d '{"action":"delete","user":{"nam ##### Verify user removal +```sh +curl --location-trusted --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/user?name=phantom ``` -$ curl --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/user?name=phantom -{"error":"user not found"} + +```json +{ + "error": "user not found" +} ``` +##### Change a user's password + +```sh +curl --location-trusted -u "admin:changeit" -H "Content-Type: application/json" \ + -d '{"action": "change-password", "user": {"name": "", "password": "newpassword"}}' \ + localhost:8091/user +``` + + + #### Roles The Influxd-Meta API provides an endpoint `/role` for managing roles. ##### List roles +```sh +curl --location-trusted --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/role | jq +``` + ``` -$ curl --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/role | python -m json.tool {} ``` @@ -412,8 +422,13 @@ As when creating a user the lead node must be used. ##### Create a role +```sh +curl --location-trusted --negotiate -u "admin:changeit" -v \ + -d '{"action":"create","role":{"name":"spectre"}}' \ + https://cluster_node_1:8091/role +``` + ``` -$ curl --negotiate -u "admin:changeit" -v -d '{"action":"create","role":{"name":"spectre"}}' https://cluster_node_1:8091/role * Trying 172.31.16.108... * Connected to cluster_node_1 (172.31.16.108) port 8091 (#0) * found 149 certificates in /etc/ssl/certs/ca-certificates.crt @@ -454,8 +469,11 @@ $ curl --negotiate -u "admin:changeit" -v -d '{"action":"create","role":{"name" ##### Verify roles Verify the role has been created. +```sh +curl --location-trusted --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/role | jq ``` -$ curl --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/role | python -m json.tool + +```json { "roles": [ { @@ -472,8 +490,11 @@ $ curl --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/role | pyt ##### Retrieve a role document Retrieve a record for a single node. +```sh +curl --location-trusted --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/role?name=spectre | jq ``` -curl --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/role?name=spectre | python -m json.tool + +```json { "roles": [ { @@ -486,8 +507,13 @@ curl --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/role?name=sp ##### Add permissions to a role Add permissions to a role. +```sh +curl --location-trusted --negotiate -u "admin:changeit" -s -v \ + -d '{"action":"add-permissions","role":{"name":"spectre","permissions":{"":["KapacitorAPI","KapacitorConfigAPI"]}}}' \ + https://cluster_node_1:8091/role +``` + ``` -$ curl --negotiate -u "admin:changeit" -s -v -d '{"action":"add-permissions","role":{"name":"spectre","permissions":{"":["KapacitorAPI","KapacitorConfigAPI"]}}}' https://cluster_node_1:8091/role * Trying 172.31.16.108... * Connected to cluster_node_1 (172.31.16.108) port 8091 (#0) * found 149 certificates in /etc/ssl/certs/ca-certificates.crt @@ -528,8 +554,11 @@ $ curl --negotiate -u "admin:changeit" -s -v -d '{"action":"add-permissions","ro ##### Verify role permissions Verify permissions have been added. +```sh +curl --location-trusted --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/role?name=spectre | jq ``` -$ curl --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/role?name=spectre | python -m json.tool + +```json { "roles": [ { @@ -547,8 +576,13 @@ $ curl --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/role?name= ##### Add a user to a role +```sh +curl --location-trusted --negotiate -u "admin:changeit" -s -v \ + -d '{"action":"add-users","role":{"name":"spectre","users":["phantom"]}}' \ + https://cluster_node_1:8091/role +``` + ``` -$ curl --negotiate -u "admin:changeit" -s -v -d '{"action":"add-users","role":{"name":"spectre","users":["phantom"]}}' https://cluster_node_1:8091/role * Trying 172.31.16.108... * Connected to cluster_node_1 (172.31.16.108) port 8091 (#0) * found 149 certificates in /etc/ssl/certs/ca-certificates.crt @@ -589,8 +623,11 @@ $ curl --negotiate -u "admin:changeit" -s -v -d '{"action":"add-users","role":{" ##### Verify user in role Verify user has been added to role. +```sh +curl --location-trusted --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/role?name=spectre | jq ``` -$ curl --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/role?name=spectre | python -m json.tool + +```json { "roles": [ { @@ -611,8 +648,13 @@ $ curl --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/role?name= ##### Remove a user from a role +```sh +curl --location-trusted --negotiate -u "admin:changeit" -s -v \ + -d '{"action":"remove-users","role":{"name":"spectre","users":["phantom"]}}' \ + https://admin:changeit@cluster_node_1:8091/role +``` + ``` -$ curl --negotiate -u "admin:changeit" -s -v -d '{"action":"remove-users","role":{"name":"spectre","users":["phantom"]}}' https://admin:changeit@cluster_node_1:8091/role * Trying 172.31.16.108... * Connected to cluster_node_1 (172.31.16.108) port 8091 (#0) * found 149 certificates in /etc/ssl/certs/ca-certificates.crt @@ -652,8 +694,13 @@ $ curl --negotiate -u "admin:changeit" -s -v -d '{"action":"remove-users","role" ##### Remove a permission from a role +```sh +curl --location-trusted --negotiate -u "admin:changeit" -s -v \ + -d '{"action":"remove-permissions","role":{"name":"spectre","permissions":{"":["KapacitorConfigAPI"]}}}' \ + https://cluster_node_1:8091/role +``` + ``` -$ curl --negotiate -u "admin:changeit" -s -v -d '{"action":"remove-permissions","role":{"name":"spectre","permissions":{"":["KapacitorConfigAPI"]}}}' https://cluster_node_1:8091/role * Trying 172.31.16.108... * Connected to cluster_node_1 (172.31.16.108) port 8091 (#0) * found 149 certificates in /etc/ssl/certs/ca-certificates.crt @@ -693,8 +740,13 @@ $ curl --negotiate -u "admin:changeit" -s -v -d '{"action":"remove-permissions", ##### Delete a role +```sh +curl --location-trusted --negotiate -u "admin:changeit" -s -v \ + -d '{"action":"delete","role":{"name":"spectre"}}' \ + https://cluster_node_1:8091/role +``` + ``` -$ curl --negotiate -u "admin:changeit" -s -v -d '{"action":"delete","role":{"name":"spectre"}}' https://cluster_node_1:8091/role * Trying 172.31.16.108... * Connected to cluster_node_1 (172.31.16.108) port 8091 (#0) * found 149 certificates in /etc/ssl/certs/ca-certificates.crt @@ -734,8 +786,11 @@ $ curl --negotiate -u "admin:changeit" -s -v -d '{"action":"delete","role":{"nam ##### Verify role deletion +```sh +curl --location-trusted --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/role?name=spectre | jq ``` -$ curl --negotiate -u "admin:changeit" -s https://cluster_node_1:8091/role?name=spectre | python -m json.tool + +```json { "error": "role not found" } diff --git a/content/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/authorization-influxql.md b/content/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/authorization-influxql.md new file mode 100644 index 000000000..59d697673 --- /dev/null +++ b/content/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/authorization-influxql.md @@ -0,0 +1,255 @@ +--- +title: Manage authorization with InfluxQL +description: > + Manage users and permissions with InfluxQL. +menu: + enterprise_influxdb_1_9: + parent: Manage users and permissions +weight: 40 +related: + - /enterprise_influxdb/v1.9/administration/manage/security/authorization-api.md + - /{{< latest "chronograf" >}}/administration/managing-influxdb-users/ + - /enterprise_influxdb/v1.9/administration/manage/security/fine-grained-authorization/ +aliases: + - /enterprise_influxdb/v1.9/administration/manage/security/authentication_and_authorization-api/ +--- + +{{% enterprise-warning-authn-b4-authz %}} + +{{% note %}} +We recommend using [Chronograf](/{{< latest "chronograf" >}}/administration/managing-influxdb-users/) +and/or the [Enterprise meta API](/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/authorization-api/) +to manage InfluxDB Enterprise users and roles. +{{% /note %}} + +{{% warn %}} +Outside of [creating users](/enterprise_influxdb/v1.9/query_language/spec/#create-user), +we recommend operators *do not* mix and match InfluxQL +with other authorization management methods (Chronograf and the API). +Doing so may lead to inconsistencies in user permissions. +{{% /warn %}} + +This page shows examples of basic user and permission management using InfluxQL statements. +However, *only a subset of Enterprise permissions can be managed with InfluxQL.* +Using InfluxQL, you can perform the following actions: + +- Create new users and assign them either the admin role (or no role). +- grant `READ` and/or `WRITE` permissions to users. (`READ`, `WRITE`, `ALL`) +- `REVOKE` permissions from users. +- `GRANT` or `REVOKE` specific database access to individual users. + +However, InfluxDB Enterprise offers an [*expanded set of permissions*](/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/permissions/#permissions). +You can use the Meta API and Chronograf to access and assign these more granular permissions to individual users. + +The [InfluxDB Enterprise meta API](/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/authorization-api/) +provides the most comprehensive way to manage users, roles, permission +and other [fine grained authorization](/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/fine-grained-authorization/) (FGA) capabilities. + +#### Non-admin users + +When authentication is enabled, +a new non-admin user has no access to any database +until they are specifically [granted privileges to a database](#grant-read-write-or-all-database-privileges-to-an-existing-user) +by an admin user. + +Non-admin users can [`SHOW`](/enterprise_influxdb/v1.9/query_language/explore-schema/#show-databases) +the databases for which they have `ReadData` or `WriteData` permissions. + +### User management commands + +User management commands apply to either +[admin users](#manage-admin-users), +[non-admin users](#manage-non-admin-users), +or [both](#manage-admin-and-non-admin-users). + +For more information about these commands, +see [Database management](/enterprise_influxdb/v1.9/query_language/manage-database/) and +[Continuous queries](/enterprise_influxdb/v1.9/query_language/continuous_queries/). + +#### Manage admin users + +Create an admin user with: + +```sql +CREATE USER admin WITH PASSWORD '' WITH ALL PRIVILEGES +``` + +{{% note %}} +Repeating the exact `CREATE USER` statement is idempotent. +If any values change the database will return a duplicate user error. + +```sql +> CREATE USER todd WITH PASSWORD '123456' WITH ALL PRIVILEGES +> CREATE USER todd WITH PASSWORD '123456' WITH ALL PRIVILEGES +> CREATE USER todd WITH PASSWORD '123' WITH ALL PRIVILEGES +ERR: user already exists +> CREATE USER todd WITH PASSWORD '123456' +ERR: user already exists +> CREATE USER todd WITH PASSWORD '123456' WITH ALL PRIVILEGES +> +``` +{{% /note %}} + +##### `GRANT` administrative privileges to an existing user +```sql +GRANT ALL PRIVILEGES TO +``` + +##### `REVOKE` administrative privileges from an admin user +```sql +REVOKE ALL PRIVILEGES FROM +``` + +##### `SHOW` all existing users and their admin status +```sql +SHOW USERS +``` + +###### CLI Example +```sql +> SHOW USERS +user admin +todd false +paul true +hermione false +dobby false +``` + +#### Manage non-admin users + +##### `CREATE` a new non-admin user +```sql +CREATE USER WITH PASSWORD '' +``` + +###### CLI example +```js +> CREATE USER todd WITH PASSWORD 'influxdb41yf3' +> CREATE USER alice WITH PASSWORD 'wonder\'land' +> CREATE USER "rachel_smith" WITH PASSWORD 'asdf1234!' +> CREATE USER "monitoring-robot" WITH PASSWORD 'XXXXX' +> CREATE USER "$savyadmin" WITH PASSWORD 'm3tr1cL0v3r' +``` + +{{% note %}} +##### Important notes about providing user credentials +- The user value must be wrapped in double quotes if + it starts with a digit, is an InfluxQL keyword, contains a hyphen, + or includes any special characters (for example: `!@#$%^&*()-`). +- The password [string](/influxdb/v1.8/query_language/spec/#strings) must be wrapped in single quotes. + Do not include the single quotes when authenticating requests. + We recommend avoiding the single quote (`'`) and backslash (`\`) characters in passwords. + For passwords that include these characters, escape the special character with a backslash + (e.g. (`\'`) when creating the password and when submitting authentication requests. +- Repeating the exact `CREATE USER` statement is idempotent. + If any values change the database will return a duplicate user error. + +###### CLI example +```sql +> CREATE USER "todd" WITH PASSWORD '123456' +> CREATE USER "todd" WITH PASSWORD '123456' +> CREATE USER "todd" WITH PASSWORD '123' +ERR: user already exists +> CREATE USER "todd" WITH PASSWORD '123456' +> CREATE USER "todd" WITH PASSWORD '123456' WITH ALL PRIVILEGES +ERR: user already exists +> CREATE USER "todd" WITH PASSWORD '123456' +> +``` +{{% /note %}} + +##### `GRANT` `READ`, `WRITE` or `ALL` database privileges to an existing user + +```sql +GRANT [READ,WRITE,ALL] ON TO +``` + +CLI examples: + +`GRANT` `READ` access to `todd` on the `NOAA_water_database` database: + +```sql +> GRANT READ ON "NOAA_water_database" TO "todd" +``` + +`GRANT` `ALL` access to `todd` on the `NOAA_water_database` database: + +```sql +> GRANT ALL ON "NOAA_water_database" TO "todd" +``` + +##### `REVOKE` `READ`, `WRITE`, or `ALL` database privileges from an existing user + +``` +REVOKE [READ,WRITE,ALL] ON FROM +``` + +CLI examples: + +`REVOKE` `ALL` privileges from `todd` on the `NOAA_water_database` database: + +```sql +> REVOKE ALL ON "NOAA_water_database" FROM "todd" +``` + +`REVOKE` `WRITE` privileges from `todd` on the `NOAA_water_database` database: + +```sql +> REVOKE WRITE ON "NOAA_water_database" FROM "todd" +``` + +{{% note %}} +If a user with `ALL` privileges has `WRITE` privileges revoked, they are left with `READ` privileges, and vice versa. +{{% /note %}} + +##### `SHOW` a user's database privileges + +```sql +SHOW GRANTS FOR +``` + +CLI example: + +```sql +> SHOW GRANTS FOR "todd" +database privilege +NOAA_water_database WRITE +another_database_name READ +yet_another_database_name ALL PRIVILEGES +one_more_database_name NO PRIVILEGES +``` + +#### Manage admin and non-admin users + +##### Reset a user's password + +```sql +SET PASSWORD FOR = '' +``` + +CLI example: + +```sql +> SET PASSWORD FOR "todd" = 'password4todd' +``` + +{{% note %}} +The password [string](/influxdb/v1.8/query_language/spec/#strings) must be wrapped in single quotes. +Do not include the single quotes when authenticating requests. + +We recommend avoiding the single quote (`'`) and backslash (`\`) characters in passwords +For passwords that include these characters, escape the special character with a backslash (e.g. (`\'`) when creating the password and when submitting authentication requests. +{{% /note %}} + +##### `DROP` a user + +```sql +DROP USER +``` + +CLI example: + +```sql +> DROP USER "todd" +``` + diff --git a/content/enterprise_influxdb/v1.9/guides/fine-grained-authorization.md b/content/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/fine-grained-authorization.md similarity index 96% rename from content/enterprise_influxdb/v1.9/guides/fine-grained-authorization.md rename to content/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/fine-grained-authorization.md index efdc3eeab..1a5afde08 100644 --- a/content/enterprise_influxdb/v1.9/guides/fine-grained-authorization.md +++ b/content/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/fine-grained-authorization.md @@ -1,26 +1,24 @@ --- -title: Use fine-grained authorization in InfluxDB Enterprise +title: Manage fine-grained authorization description: > Fine-grained authorization (FGA) in InfluxDB Enterprise controls user access at the database, measurement, and series levels. -alias: - -/docs/v1.5/administration/fga menu: enterprise_influxdb_1_9: - name: Use fine-grained authorization - weight: 10 - parent: Guides + parent: Manage users and permissions +weight: 44 +aliases: + - /docs/v1.5/administration/fga + - /enterprise_influxdb/v1.9/guides/fine-grained-authorization/ related: - /enterprise_influxdb/v1.9/administration/authentication_and_authorization/ - /{{< latest "chronograf" >}}/administration/managing-influxdb-users/ --- -Use fine-grained authorization (FGA) in InfluxDB Enterprise to control user access at the database, measurement, and series levels. +{{% enterprise-warning-authn-b4-authz %}} -{{% note %}} -**Note:** InfluxDB OSS controls access at the database level only. -{{% /note %}} +Use fine-grained authorization (FGA) to control user access at the database, measurement, and series levels. -You must have [admin permissions](/enterprise_influxdb/v1.9/administration/authentication_and_authorization/#admin-user-management) to set up FGA. +You must have [admin permissions](/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/permissions/#admin) to set up FGA. {{% warn %}} #### FGA does not apply to Flux @@ -28,9 +26,14 @@ FGA does not restrict actions performed by Flux queries (both read and write). If using FGA, we recommend [disabling Flux](/enterprise_influxdb/v{{< current-version >}}/flux/installation/). {{% /warn %}} +{{% note %}} +FGA is only available in InfluxDB Enterprise. +InfluxDB OSS 1.x controls access at the database level only. +{{% /note %}} + ## Set up fine-grained authorization -1. [Enable authentication](/enterprise_influxdb/v1.9/administration/authentication_and_authorization/#set-up-authentication) in your InfluxDB configuration file. +1. [Enable authentication](/enterprise_influxdb/v1.9/administration/configure/security/authentication/) in your InfluxDB configuration file. 2. Create users through the InfluxDB query API. @@ -38,7 +41,7 @@ If using FGA, we recommend [disabling Flux](/enterprise_influxdb/v{{< current-ve CREATE USER username WITH PASSWORD 'password' ``` - For more information, see [User management commands](/enterprise_influxdb/v1.9/administration/authentication_and_authorization/#user-management-commands). + For more information, see [User management commands](/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/authorization-influxql/#user-management-commands). 3. Ensure that you can access the **meta node** API (port 8091 by default). diff --git a/content/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/introduction-to-auth.md b/content/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/introduction-to-auth.md new file mode 100644 index 000000000..564d59548 --- /dev/null +++ b/content/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/introduction-to-auth.md @@ -0,0 +1,84 @@ +--- +title: Introduction to authorization in InfluxDB Enterprise +description: > + Learn the basics of managing users and permissions in InfluxDB Enterprise. +menu: + enterprise_influxdb_1_9: + name: Introduction to authorization + parent: Manage users and permissions +weight: 30 +related: + - /enterprise_influxdb/v1.9/guides/fine-grained-authorization/ + - /{{< latest "chronograf" >}}/administration/managing-influxdb-users/ +--- + +Authorization in InfluxDB Enterprise refers to managing user permissions. +To secure and manage access to an InfluxDB Enterprise cluster, +first [configure authentication](/enterprise_influxdb/v1.9/administration/configure/security/authentication/). +You can then manage users and permissions as necessary. + +This page is meant to help new users choose the best method +for managing permissions in InfluxDB Enterprise. + +## Permissions in InfluxDB Enterprise + +InfluxDB Enterprise has an [expanded set of 16 permissions](/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/permissions/#permissions). +These permissions allow for +controlling read and write access to data for all databases and for individual databases, +as well as permitting certain cluster-management actions like creating or deleting resources. + +InfluxDB 1.x OSS only supports database-level privileges: `READ` and `WRITE`. +A third permission, `ALL`, grants admin privileges. +These three permissions exist in InfluxDB Enterprise as well. +They can _only be granted by using InfluxQL_. + +## Manage user authorization + +Choose one of the following methods manage authorizations in InfluxDB Enterprise: + +- using [InfluxQL](#manage-read-and-write-privileges-with-influxql) + {{% note %}} +InfluxQL can can only grant `READ`, `WRITE`, and `ALL PRIVILEGES` privileges. +To use the full set of InfluxDB Enterprise [permissions](/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/permissions/), +use [Chronograf](#manage-specific-privileges-with-chronograf) +or the [Meta API (recommended)](#influxdb-enterprise-meta-api). + {{% /note %}} +- using [Chronograf](#manage-enterprise-permissions-with-chronograf) +- using the [InfluxDB Enterprise meta API](#manage-enterprise-permissions-with-the-meta-api) (**Recommended**) + +### Manage read and write privileges with InfluxQL + +If you only need to manage basic `READ`, `WRITE`, and `ALL` privileges, +use InfluxQL to manage authorizations. +(For instance, if you upgraded from InfluxDB OSS 1.x +and do not need the more detailed authorization in InfluxDB Enterprise, continue to use InfluxQL.) + +{{% warn %}} +We recommend operators *do not* mix and match InfluxQL +with other authorization management methods (Chronograf and the API). +Doing so may lead to inconsistencies in user permissions. +{{% /warn %}} + +### Manage Enterprise permissions with Chronograf + +The Chronograf user interface can manage the +[full set of InfluxDB Enterprise permissions](/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/permissions/#permissions). + +The permissions listed in Chronograf are global for the cluster, and available through the API. +Outside of [FGA](/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/fine-grained-authorization), +the only database-level permissions available are the basic `READ` and `WRITE`. +These can only be managed using [InfluxQL](#manage-read-and-write-privileges-with-influxql). + +Chronograf can only set permissions globally, for all databases, within a cluster. +If you need to set permissions at the database level, use the [Meta API](#influxdb-enterprise-meta-api). + +See ["Manage InfluxDB users in Chronograf"](/chronograf/v1.9/administration/managing-influxdb-users/) +for instructions. + +### Manage Enterprise permissions with the Meta API + +The InfluxDB Enterprise API is the +recommended method for managing permissions. + +For more information on using the meta API, +see [here](/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/authorization-api). diff --git a/content/enterprise_influxdb/v1.9/features/users.md b/content/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/permissions.md similarity index 86% rename from content/enterprise_influxdb/v1.9/features/users.md rename to content/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/permissions.md index 4d59f5758..3651e4b8f 100644 --- a/content/enterprise_influxdb/v1.9/features/users.md +++ b/content/enterprise_influxdb/v1.9/administration/manage/users-and-permissions/permissions.md @@ -1,19 +1,19 @@ --- -title: InfluxDB Enterprise users -description: Overview of users in InfluxDB Enterprise. -aliases: - - /enterprise/v1.8/features/users/ +title: Enterprise users and permissions reference +description: > + Detailed reference for users, roles, permissions, and permission-to-statement mappings. menu: enterprise_influxdb_1_9: - weight: 0 - parent: Enterprise features + parent: Manage users and permissions +weight: 100 +aliases: + - /enterprise_influxdb/v1.9/features/users/ --- - +{{% enterprise-warning-authn-b4-authz %}} + +- [Users](#users) +- [Permissions](#permissions) ## Users @@ -40,28 +40,45 @@ permissions to: * Manage Shards * Rebalance -### Permissions +## Permissions + +A **permission** (also *privilege*) is the ability to access a resource in some way, including: +- viewing the resource +- copying the resource +- dropping the resource +- writing to the resource +- full management capabilities InfluxDB Enterprise clusters have 16 permissions: -| Permission | Description | -|:--------------------------|---------------------------------------------------------| -| View Admin | Permission to view or edit admin screens | -| View Chronograf | Permission to use Chronograf tools | -| Create Databases | Permission to create databases | -| Create Users & Roles | Permission to create users and roles | -| Add/Remove Nodes | Permission to add/remove nodes from a cluster | -| Drop Databases | Permission to drop databases | -| Drop Data | Permission to drop measurements and series | -| Read | Permission to read data | -| Write | Permission to write data | -| Rebalance | Permission to rebalance a cluster | -| Manage Shards | Permission to copy and delete shards | -| Manage Continuous Queries | Permission to create, show, and drop continuous queries | -| Manage Queries | Permission to show and kill queries | -| Manage Subscriptions | Permission to show, add, and drop subscriptions | -| Monitor | Permission to show stats and diagnostics | -| Copy Shard | Permission to copy shards | +| Permission | Description | Token | +|:--------------------------|---------------------------------------------------------|------------------------| +| View Admin | Permission to view or edit admin screens | `ViewAdmin` | +| View Chronograf | Permission to use Chronograf tools | `ViewChronograf` | +| Create Databases | Permission to create databases | `CreateDatabase` | +| Create Users & Roles | Permission to create users and roles | `CreateUserAndRole` | +| Add/Remove Nodes | Permission to add/remove nodes from a cluster | `AddRemoveNode` | +| Drop Databases | Permission to drop databases | `DropDatabase` | +| Drop Data | Permission to drop measurements and series | `DropData` | +| Read | Permission to read data | `ReadData` | +| Write | Permission to write data | `WriteData` | +| Rebalance | Permission to rebalance a cluster | `Rebalance` | +| Manage Shards | Permission to copy and delete shards | `ManageShard` | +| Manage Continuous Queries | Permission to create, show, and drop continuous queries | `ManageContnuousQuery` | +| Manage Queries | Permission to show and kill queries | `ManageQuery` | +| Manage Subscriptions | Permission to show, add, and drop subscriptions | `ManageSubscription` | +| Monitor | Permission to show stats and diagnostics | `Monitor` | +| Copy Shard | Permission to copy shards | `CopyShard` | + +In addition, two tokens govern Kapacitor permissions: + +* `KapacitorAPI`: + Grants the user permission to create, read, update and delete + tasks, topics, handlers and similar Kapacitor artefacts. +* `KapacitorConfigAPI`: + Grants the user permission to override the Kapacitor configuration + dynamically using the configuration endpoint. + ### Permission to Statement diff --git a/content/enterprise_influxdb/v1.9/administration/monitor/logs.md b/content/enterprise_influxdb/v1.9/administration/monitor/logs.md index a6bfa05f2..4c927b9e7 100644 --- a/content/enterprise_influxdb/v1.9/administration/monitor/logs.md +++ b/content/enterprise_influxdb/v1.9/administration/monitor/logs.md @@ -111,7 +111,7 @@ The service configuration file is `/etc/default/influx-enterprise`. ### Use logrotate -You can use [logrotate](http://manpages.ubuntu.com/manpages/cosmic/en/man8/logrotate.8.html) +You can use [logrotate](https://manpages.ubuntu.com/manpages/jammy/en/man8/logrotate.8.html) to rotate the log files generated by InfluxDB on systems where logs are written to flat files. If using the package install on a sysvinit system, the config file for logrotate is installed in `/etc/logrotate.d`. You can view the file [here](https://github.com/influxdb/influxdb/blob/master/scripts/logrotate). diff --git a/content/enterprise_influxdb/v1.9/administration/monitor/monitor-with-cloud.md b/content/enterprise_influxdb/v1.9/administration/monitor/monitor-with-cloud.md index 9aa2aecdb..e9647bf86 100644 --- a/content/enterprise_influxdb/v1.9/administration/monitor/monitor-with-cloud.md +++ b/content/enterprise_influxdb/v1.9/administration/monitor/monitor-with-cloud.md @@ -182,4 +182,4 @@ Send a notification to PagerDuty or HTTP endpoints (other webhooks) by [upgradin For InfluxDB Enterprise customers, Insights and Aware are free services that can monitor your data. InfluxDB Insights sends your data to a private Cloud account and will be monitored with the help of the support team. InfluxDB Aware is a similar service, but you monitor your data yourself. -To apply for this service, please contact the [support team](support@influxdata.com). +To apply for this service, please contact the [InfluxData Support team](mailto:support@influxdata.com). diff --git a/content/enterprise_influxdb/v1.9/concepts/clustering.md b/content/enterprise_influxdb/v1.9/concepts/clustering.md index f2f8f4059..20bbbe072 100644 --- a/content/enterprise_influxdb/v1.9/concepts/clustering.md +++ b/content/enterprise_influxdb/v1.9/concepts/clustering.md @@ -4,6 +4,7 @@ description: > Learn how meta nodes and data nodes interact in InfluxDB Enterprise. aliases: - /enterprise/v1.9/concepts/clustering/ + - /enterprise_influxdb/v1.9/high_availability/clusters/ menu: enterprise_influxdb_1_9: name: Clustering diff --git a/content/enterprise_influxdb/v1.9/features/_index.md b/content/enterprise_influxdb/v1.9/features/_index.md index 14c68de17..cd7d8abee 100644 --- a/content/enterprise_influxdb/v1.9/features/_index.md +++ b/content/enterprise_influxdb/v1.9/features/_index.md @@ -9,4 +9,71 @@ menu: weight: 60 --- -{{< children hlevel="h2" >}} +InfluxDB Enterprise has additional capabilities that enhance +[availability](#clustering), +[scalability](#clustering), and +[security](#security), +and provide [eventual consistency](#eventual-consistency). + +## Clustering + +InfluxDB Enterprise runs on a network of independent servers, a *cluster*, +to provide fault tolerance, availability, and horizontal scalability of the database. + +While many InfluxDB Enterprise features are available +when run with a single meta node and a single data node, this configuration does not take advantage of the clustering capablity +or ensure high availablity. + +Nodes can be added to an existing cluster to improve database performance for querying and writing data. +Certain configurations (e.g., 3 meta and 2 data node) provide high-availability assurances +while making certain tradeoffs in query peformance when compared to a single node. + +Further increasing the number of nodes can improve performance in both respects. +For example, a cluster with 4 data nodes and a [replication factor](https://docs.influxdata.com/enterprise_influxdb/v1.9/concepts/glossary/#replication-factor) +of 2 can support a higher volume of write traffic than a single node could. +It can also support a higher *query* workload, as the data is replicated +in two locations. Performance of the queries may be on par with a single +node in cases where the query can be answered directly by the node which +receives the query. + +For more information on clustering, see [Clustering in InfluxDB Enterprise](/enterprise_influxdb/v1.9/concepts/clustering/). + +## Security + +Enterprise authorization uses an expanded set of [*16 user permissions and roles*](/enterprise_influxdb/v1.9/features/users/). +(InfluxDB OSS only has `READ` and `WRITE` permissions.) +Administrators can give users permission to read and write to databases, +create and remove databases, rebalance a cluster, and manage particular resources. + +Organizations can automate managing permissions with the [InfluxDB Enterprise Meta API](/enterprise_influxdb/v1.9/administration/manage/security/authentication_and_authorization-api/). + +[Fine-grained authorization](/enterprise_influxdb/v1.9/guides/fine-grained-authorization/) +for particular data is also available. + +InfluxDB Enterprise can also use [LDAP for managing authentication](/enterprise_influxdb/v1.9/administration/manage/security/ldap/). + +For FIPS compliance, InfluxDB Enterprise password hashing alogrithms are configurable. + +{{% note %}} +Kapacitor OSS can also delegate its LDAP and security setup to InfluxDB Enterprise. +For details, see ["Set up InfluxDB Enterprise authorizations"](/{{< latest "kapacitor" >}}/administration/auth/influxdb-enterprise-auth/). +{{% /note %}} + +## Eventual consistency + +### Hinted handoff + +Hinted handoff (HH) is how InfluxDB Enterprise deals with data node outages while writes are happening. +HH is essentially a durable disk based queue. + +For more information, see ["Hinted handoff"](/enterprise_influxdb/v1.9/concepts/clustering/#hinted-handoff). + +### Anti-entropy + +Anti-entropy is an optional service to eliminate edge cases related to cluster consistency. + +For more information, see ["Use Anti-Entropy service in InfluxDB Enterprise"](/enterprise_influxdb/v1.9/administration/anti-entropy/). + +--- + +{{< children hlevel="h3" >}} diff --git a/content/enterprise_influxdb/v1.9/features/clustering-features.md b/content/enterprise_influxdb/v1.9/features/clustering-features.md index c24d45b17..714b41277 100644 --- a/content/enterprise_influxdb/v1.9/features/clustering-features.md +++ b/content/enterprise_influxdb/v1.9/features/clustering-features.md @@ -10,6 +10,14 @@ menu: parent: Enterprise features --- +{{% note %}} +_For an overview of InfluxDB Enterprise security features, +see ["InfluxDB Enterprise features - Security"](/enterprise_influxdb/v1.9/features/#security). +To secure your InfluxDB Enterprise cluster, see +["Configure security"](/enterprise_influxdb/v1.9/administration/configure/security/) +and ["Manage security"](/enterprise_influxdb/v1.9/administration/manage/security/)_. +{{% /note %}} + ## Entitlements A valid license key is required in order to start `influxd-meta` or `influxd`. diff --git a/content/enterprise_influxdb/v1.9/flux/flux-vs-influxql.md b/content/enterprise_influxdb/v1.9/flux/flux-vs-influxql.md index eaed03f80..c7ee8915a 100644 --- a/content/enterprise_influxdb/v1.9/flux/flux-vs-influxql.md +++ b/content/enterprise_influxdb/v1.9/flux/flux-vs-influxql.md @@ -106,7 +106,7 @@ join( ### Sort by tags InfluxQL's sorting capabilities are very limited, allowing you only to control the sort order of `time` using the `ORDER BY time` clause. -Flux's [`sort()` function](/{{< latest "flux" >}}/stdlib/universer/sort) sorts records based on list of columns. +Flux's [`sort()` function](/{{< latest "flux" >}}/stdlib/universe/sort) sorts records based on list of columns. Depending on the column type, records are sorted lexicographically, numerically, or chronologically. ```js diff --git a/content/enterprise_influxdb/v1.9/guides/authenticate.md b/content/enterprise_influxdb/v1.9/guides/authenticate.md new file mode 100644 index 000000000..49fad2a00 --- /dev/null +++ b/content/enterprise_influxdb/v1.9/guides/authenticate.md @@ -0,0 +1,191 @@ +--- +title: Authenticate requests to InfluxDB Enterprise +description: > + Calculate percentages using basic math operators available in InfluxQL or Flux. + This guide walks through use cases and examples of calculating percentages from two values in a single query. +menu: + enterprise_influxdb_1_9: + weight: 25 + parent: Guides + name: Authenticate requests +--- + +_To require valid credentials for cluster access, see ["Enable authentication"](/enterprise_influxdb/v1.9/administration/configure/security/authentication/)._ + +## Authenticate requests + +### Authenticate with the InfluxDB API + +Authenticate with the [InfluxDB API](/enterprise_influxdb/v1.9/tools/api/) using one of the following options: + +- [Authenticate with basic authentication](#authenticate-with-basic-authentication) +- [Authenticate with query parameters in the URL or request body](#authenticate-with-query-parameters-in-the-url-or-request-body) + +If you authenticate with both basic authentication **and** the URL query parameters, +the user credentials specified in the query parameters take precedence. +The following examples demonstrate queries with [admin user](#admin-users) permissions. +To learn about different users types, permissions, and how to manage users, see [authorization](#authorization). + +{{% note %}} +InfluxDB Enterprise redacts passwords in log output when you enable authentication. +{{% /note %}} + +#### Authenticate with basic authentication +```bash +curl -G http://localhost:8086/query \ + -u todd:password4todd \ + --data-urlencode "q=SHOW DATABASES" +``` + +#### Authenticate with query parameters in the URL or request body +Set `u` as the username and `p` as the password. + +##### Credentials as query parameters +```bash +curl -G "http://localhost:8086/query?u=todd&p=password4todd" \ + --data-urlencode "q=SHOW DATABASES" +``` + +##### Credentials in the request body +```bash +curl -G http://localhost:8086/query \ + --data-urlencode "u=todd" \ + --data-urlencode "p=password4todd" \ + --data-urlencode "q=SHOW DATABASES" +``` + +### Authenticate with the CLI + +There are three options for authenticating with the [CLI](/enterprise_influxdb/v1.9/tools/influx-cli/): + +- [Authenticate with environment variables](#authenticate-with-environment-variables) +- [Authenticate with CLI flags](#authenticate-with-cli-flags) +- [Authenticate with credentials in the influx shell](#authenticate-with-credentials-in-the-influx-shell) + +#### Authenticate with environment variables +Use the `INFLUX_USERNAME` and `INFLUX_PASSWORD` environment variables to provide +authentication credentials to the `influx` CLI. + +```bash +export INFLUX_USERNAME=todd +export INFLUX_PASSWORD=password4todd +echo $INFLUX_USERNAME $INFLUX_PASSWORD +todd password4todd + +influx +Connected to http://localhost:8086 version {{< latest-patch >}} +InfluxDB shell {{< latest-patch >}} +``` + +#### Authenticate with CLI flags +Use the `-username` and `-password` flags to provide authentication credentials +to the `influx` CLI. + +```bash +influx -username todd -password password4todd +Connected to http://localhost:8086 version {{< latest-patch >}} +InfluxDB shell {{< latest-patch >}} +``` + +#### Authenticate with credentials in the influx shell +Start the `influx` shell and run the `auth` command. +Enter your username and password when prompted. + +```bash +$ influx +Connected to http://localhost:8086 version {{< latest-patch >}} +InfluxDB shell {{< latest-patch >}} +> auth +username: todd +password: +> +``` + +### Authenticate using JWT tokens +For a more secure alternative to using passwords, include JWT tokens with requests to the InfluxDB API. +This is currently only possible through the [InfluxDB HTTP API](/enterprise_influxdb/v1.9/tools/api/). + +1. **Add a shared secret in your InfluxDB Enterprise configuration file**. + + InfluxDB Enterprise uses the shared secret to encode the JWT signature. + By default, `shared-secret` is set to an empty string, in which case no JWT authentication takes place. + + Add a custom shared secret in your [InfluxDB configuration file](/enterprise_influxdb/v1.9/administration/configure/config-data-nodes/#shared-secret--). + The longer the secret string, the more secure it is: + + ```toml + [http] + shared-secret = "my super secret pass phrase" + ``` + + Alternatively, to avoid keeping your secret phrase as plain text in your InfluxDB configuration file, + set the value with the `INFLUXDB_HTTP_SHARED_SECRET` environment variable. + +2. **Generate your JWT token**. + + Use an authentication service to generate a secure token + using your InfluxDB username, an expiration time, and your shared secret. + There are online tools, such as [https://jwt.io/](https://jwt.io/), that will do this for you. + + The payload (or claims) of the token must be in the following format: + + ```json + { + "username": "myUserName", + "exp": 1516239022 + } + ``` + + - **username** - The name of your InfluxDB user. + - **exp** - The expiration time of the token in UNIX epoch time. + For increased security, keep token expiration periods short. + For testing, you can manually generate UNIX timestamps using [https://www.unixtimestamp.com/index.php](https://www.unixtimestamp.com/index.php). + + Encode the payload using your shared secret. + You can do this with either a JWT library in your own authentication server or by hand at [https://jwt.io/](https://jwt.io/). + + The generated token follows this format: `
..` + +3. **Include the token in HTTP requests**. + + Include your generated token as part of the `Authorization` header in HTTP requests: + + ``` + Authorization: Bearer + ``` + {{% note %}} +Only unexpired tokens will successfully authenticate. +Be sure your token has not expired. + {{% /note %}} + +#### Example query request with JWT authentication +```bash +curl -G "http://localhost:8086/query?db=demodb" \ + --data-urlencode "q=SHOW DATABASES" \ + --header "Authorization: Bearer
.." +``` + +## Authenticate Telegraf requests to InfluxDB + +Authenticating [Telegraf](/{{< latest "telegraf" >}}/) requests to an InfluxDB instance with +authentication enabled requires some additional steps. +In the Telegraf configuration file (`/etc/telegraf/telegraf.conf`), uncomment +and edit the `username` and `password` settings. + +```toml +############################################################################### +# OUTPUT PLUGINS # +############################################################################### + +# ... + +[[outputs.influxdb]] + # ... + username = "example-username" # Provide your username + password = "example-password" # Provide your password + +# ... +``` + +Restart Telegraf and you're all set! + diff --git a/content/enterprise_influxdb/v1.9/introduction/install-and-deploy/_index.md b/content/enterprise_influxdb/v1.9/introduction/install-and-deploy/_index.md index 6aec41dd3..3528bbc27 100644 --- a/content/enterprise_influxdb/v1.9/introduction/install-and-deploy/_index.md +++ b/content/enterprise_influxdb/v1.9/introduction/install-and-deploy/_index.md @@ -4,6 +4,8 @@ description: Install InfluxDB Enterprise to on-premise or cloud providers, inclu aliases: - /enterprise_influxdb/v1.9/install-and-deploy/deploying/ - /enterprise_influxdb/v1.9/install-and-deploy/ +- /enterprise_influxdb/v1.9/production_installation/ +- /enterprise_influxdb/v1.9/introduction/installation/ menu: enterprise_influxdb_1_9: name: Install and deploy diff --git a/content/enterprise_influxdb/v1.9/introduction/install-and-deploy/installation/data_node_installation.md b/content/enterprise_influxdb/v1.9/introduction/install-and-deploy/installation/data_node_installation.md index 76cddd2f0..98495bab0 100644 --- a/content/enterprise_influxdb/v1.9/introduction/install-and-deploy/installation/data_node_installation.md +++ b/content/enterprise_influxdb/v1.9/introduction/install-and-deploy/installation/data_node_installation.md @@ -311,8 +311,12 @@ CREATE USER admin WITH PASSWORD '' WITH ALL PRIVILEGES ## Next steps -Once your data nodes are part of your cluster: +Once your data nodes are part of your cluster, do the following: +- Set up [authentication](/enterprise_influxdb/v1.9/administration/configure/security/authentication/). + Once you cluster is configured for authentication, + if you want to add more users in addition to admin user, + see [Manage users and permissions](/enterprise_influxdb/v1.9/administration/manage/security/). +- [Enable TLS](/enterprise_influxdb/v1.9/guides/enable-tls/). - [Set up Chronograf](/enterprise_influxdb/v1.9/install-and-deploy/installation/chrono_install) for UI visualization, dashboards, and management. -- [Enable TLS](/enterprise_influxdb/v1.9/guides/enable-tls/) for increased security (recommended). diff --git a/content/enterprise_influxdb/v1.9/introduction/install-and-deploy/installation/meta_node_installation.md b/content/enterprise_influxdb/v1.9/introduction/install-and-deploy/installation/meta_node_installation.md index 299ac860b..2affd5c2c 100644 --- a/content/enterprise_influxdb/v1.9/introduction/install-and-deploy/installation/meta_node_installation.md +++ b/content/enterprise_influxdb/v1.9/introduction/install-and-deploy/installation/meta_node_installation.md @@ -257,7 +257,4 @@ Note that your cluster must have at least three meta nodes. If you do not see your meta nodes in the output, retry adding them to the cluster. -Once your meta nodes are part of your cluster move on to [the next steps to -set up your data nodes](/enterprise_influxdb/v1.9/install-and-deploy/installation/data_node_installation/). -Please do not continue to the next steps if your meta nodes are not part of the -cluster. +After your meta nodes are part of your cluster, [install data nodes](/enterprise_influxdb/v1.9/install-and-deploy/installation/data_node_installation/). diff --git a/content/enterprise_influxdb/v1.9/query_language/functions.md b/content/enterprise_influxdb/v1.9/query_language/functions.md index 3821590de..422bb77ff 100644 --- a/content/enterprise_influxdb/v1.9/query_language/functions.md +++ b/content/enterprise_influxdb/v1.9/query_language/functions.md @@ -6617,7 +6617,7 @@ KAMA will adjust when the data swings widen and follow data from a greater dista This trend-following indicator can be used to identify the overall trend, time turning points and filter data movements. -Source +Source #### Basic syntax diff --git a/content/enterprise_influxdb/v1.9/tools/api_client_libraries.md b/content/enterprise_influxdb/v1.9/tools/api_client_libraries.md index 04f516f05..8e16b2ec3 100644 --- a/content/enterprise_influxdb/v1.9/tools/api_client_libraries.md +++ b/content/enterprise_influxdb/v1.9/tools/api_client_libraries.md @@ -96,7 +96,7 @@ To install and use the Python client library, follow the [instructions below](#i token=token, ``` - > **Note:** The database (and retention policy, if applicable) are converted to a [bucket](https://v2. docs.influxdata.com/v2.0/reference/glossary/#bucket) data store compatible with InfluxDB 2.0. + > **Note:** The database (and retention policy, if applicable) are converted to a [bucket](/v2.0/reference/glossary/#bucket) data store compatible with InfluxDB 2.0. 5. Instantiate a writer object using the client object and the write_api method. Use the `write_api` method to configure the writer object. diff --git a/content/enterprise_influxdb/v1.9/tools/influx-cli/use-influx.md b/content/enterprise_influxdb/v1.9/tools/influx-cli/use-influx.md index 8ed99cd80..500cbd9a2 100644 --- a/content/enterprise_influxdb/v1.9/tools/influx-cli/use-influx.md +++ b/content/enterprise_influxdb/v1.9/tools/influx-cli/use-influx.md @@ -3,6 +3,7 @@ title: Use influx - InfluxDB command line interface description: InfluxDB's command line interface (`influx`) is an interactive shell for the HTTP API. aliases: - /enterprise_influxdb/v1.9/tools/shell + - /enterprise_influxdb/v1.9/tools/use-influx/ menu: enterprise_influxdb_1_9: name: Use influx diff --git a/content/enterprise_influxdb/v1.9/tools/influx_inspect.md b/content/enterprise_influxdb/v1.9/tools/influx_inspect.md index 57a43f8c1..f209020f6 100644 --- a/content/enterprise_influxdb/v1.9/tools/influx_inspect.md +++ b/content/enterprise_influxdb/v1.9/tools/influx_inspect.md @@ -428,13 +428,17 @@ The default location is `$HOME/.influxdb`. #### Syntax ``` -influx_inspect report [ options ] +influx_inspect report [ options ] ``` #### Options Optional arguments are in brackets. +##### `` + +The path to the InfluxDB [`data` directory](/enterprise_influxdb/v1.9/concepts/file-system-layout/#file-system-layout). + ##### [ `-pattern ""` ] The regular expression or wildcard pattern to match included files. diff --git a/content/flux/v0.x/_index.md b/content/flux/v0.x/_index.md index 4c0fa123f..dfa17e51c 100644 --- a/content/flux/v0.x/_index.md +++ b/content/flux/v0.x/_index.md @@ -9,6 +9,7 @@ menu: weight: 1 aliases: - /influxdb/v2.0/reference/flux/ + - /influxdb/v2.1/reference/flux/ - /influxdb/cloud/reference/flux/ --- diff --git a/content/flux/v0.x/data-types/basic/string.md b/content/flux/v0.x/data-types/basic/string.md index 98f0f3b4e..79a72fa34 100644 --- a/content/flux/v0.x/data-types/basic/string.md +++ b/content/flux/v0.x/data-types/basic/string.md @@ -13,6 +13,7 @@ flux/v0.x/tags: ["basic types", "data types"] aliases: - /influxdb/v2.0/reference/flux/language/string-interpolation/ - /influxdb/cloud/reference/flux/language/string-interpolation/ + - /flux/v0.x/spec/string-interpolation/ related: - /flux/v0.x/stdlib/universe/string/ - /flux/v0.x/stdlib/universe/tostring/ diff --git a/content/flux/v0.x/query-data/sql/_index.md b/content/flux/v0.x/query-data/sql/_index.md index 011f404c2..56ce7b438 100644 --- a/content/flux/v0.x/query-data/sql/_index.md +++ b/content/flux/v0.x/query-data/sql/_index.md @@ -48,7 +48,7 @@ The following drivers are available: - `postgres` - `snowflake` - `sqlite3` -- `sqlserver`, `mssql` +- `sqlserver` - `vertica`, `vertigo` ## Data source names diff --git a/content/flux/v0.x/query-data/sql/bigquery.md b/content/flux/v0.x/query-data/sql/bigquery.md index 4d4c8c8da..30f62fa90 100644 --- a/content/flux/v0.x/query-data/sql/bigquery.md +++ b/content/flux/v0.x/query-data/sql/bigquery.md @@ -60,13 +60,6 @@ Provide your authentication credentials using one of the following methods: - Set the `GOOGLE_APPLICATION_CREDENTIALS` environment variable to identify the location of your credential JSON file. -- Provide your BigQuery API key using the **apiKey** URL parameter in your BigQuery DSN. - - ###### Example apiKey URL parameter - ``` - bigquery://projectid/?apiKey=AIzaSyB6XK8IO5AzKZXoioQOVNTFYzbDBjY5hy4 - ``` - - Provide your base-64 encoded service account, refresh token, or JSON credentials using the **credentials** URL parameter in your BigQuery DSN. diff --git a/content/flux/v0.x/query-data/sql/sql-server.md b/content/flux/v0.x/query-data/sql/sql-server.md index 3dfc10e8f..417eb328c 100644 --- a/content/flux/v0.x/query-data/sql/sql-server.md +++ b/content/flux/v0.x/query-data/sql/sql-server.md @@ -2,8 +2,8 @@ title: Query SQL Server list_title: SQL Server description: > - Use [`sql.from()`](/flux/v0.x/stdlib/sql/from/) with the `sqlserver` or `mssql` - driver to query SQL Server. + Use [`sql.from()`](/flux/v0.x/stdlib/sql/from/) with the `sqlserver` driver to + query SQL Server. menu: flux_0_x: name: SQL Server @@ -28,7 +28,7 @@ To query [Microsoft SQL Server](https://www.microsoft.com/sql-server/) with Flux 1. Import the [`sql` package](/flux/v0.x/stdlib/sql/). 2. Use [`sql.from()`](/flux/v0.x/stdlib/sql/from/) and provide the following parameters: - - **driverName**: sqlserver _or_ mssql + - **driverName**: sqlserver - **dataSourceName**: _See [data source name](#sql-server-data-source-name)_ - **query**: SQL query to execute @@ -49,7 +49,7 @@ sql.from( - [SQL Server to Flux data type conversion](#sql-server-to-flux-data-type-conversion) ## SQL Server data source name -The `sqlserver` and `mssql` drivers use the following DSN syntaxes (also known as a **connection string**): +The `sqlserver` driver uses the following DSN syntaxes (also known as a **connection string**): ``` sqlserver://username:password@localhost:1433?database=examplebdb diff --git a/content/flux/v0.x/release-notes.md b/content/flux/v0.x/release-notes.md index cf9e57ea5..6fb15a0f3 100644 --- a/content/flux/v0.x/release-notes.md +++ b/content/flux/v0.x/release-notes.md @@ -10,6 +10,56 @@ aliases: - /influxdb/cloud/reference/release-notes/flux/ --- +## v0.149.0 [2022-01-12] + +### Features +- Add `Get` methods to `metadata`. +- Optimized `sort |> limit` operations. +- Add [`location` option](/flux/v0.x/stdlib/universe/#location) support to the `date` package. +- Use reference equality for `Symbol`. +- Add inline documentation to the following packages: + - socket + - sql + - strings + +### Bug fixes +- Do not attempt IP validation for BigQuery data source names (DSNs). + +--- + +## v0.148.0 [2022-01-10] + +### Features +- Report multiple errors from a single `unify` call. +- Update [`to`](/flux/v0.x/stdlib/influxdata/influxdb/to/) transformation to use + narrow transformation. +- Provide specific error information on function calls. +- Allow errors to be formatted via `codespan`. +- Add an `internal/debug.opaque` function. +- Provide which package exported a symbol. +- Add timeable support to [`experimental.addDuration()`](/flux/v0.x/stdlib/experimental/addduration/) + and [`experimental.subDuration()`](/flux/v0.x/stdlib/experimental/subduration/). +- Add inline documentation to the following packages: + - interpolate + - json + - kafka + - math + - regexp + - runtime + - sampledata + - slack + - system + - pagerduty + - profiler + - pushbullet + +### Bug fixes +- Classify IP validation failures as `Invalid`. +- Relocate the mutex in the optimized union to avoid a data race. +- Split the entire pipe chain into multiple lines (if necessary). + +--- + ## v0.147.0 [2021-12-14] ### Features diff --git a/content/flux/v0.x/spec/_index.md b/content/flux/v0.x/spec/_index.md index 49b767ba6..58359f3ae 100644 --- a/content/flux/v0.x/spec/_index.md +++ b/content/flux/v0.x/spec/_index.md @@ -10,6 +10,7 @@ weight: 2 aliases: - /influxdb/v2.0/reference/flux/language/ - /influxdb/cloud/reference/flux/language/ + - /flux/v0.x/language/ flux/v0.x/tags: [flux] --- diff --git a/content/flux/v0.x/stdlib/_index.md b/content/flux/v0.x/stdlib/_index.md index 3c9d93ba0..d9e7c03e1 100644 --- a/content/flux/v0.x/stdlib/_index.md +++ b/content/flux/v0.x/stdlib/_index.md @@ -6,7 +6,11 @@ description: > aliases: - /influxdb/v2.0/reference/flux/functions/ - /influxdb/v2.0/reference/flux/stdlib/ + - /influxdb/v2.1/reference/flux/functions/ + - /influxdb/v2.1/reference/flux/stdlib/ - /influxdb/cloud/reference/flux/stdlib/ + - /influxdb/cloud/reference/flux/stdlib/ + - /flux/v0.x/functions/ flux/v0.x/tags: [flux, functions, package] menu: flux_0_x_ref: diff --git a/content/flux/v0.x/stdlib/array/_index.md b/content/flux/v0.x/stdlib/array/_index.md index 67664fe54..781b633a8 100644 --- a/content/flux/v0.x/stdlib/array/_index.md +++ b/content/flux/v0.x/stdlib/array/_index.md @@ -9,6 +9,7 @@ aliases: - /influxdb/cloud/reference/flux/stdlib/experimental/array/ - /influxdb/v2.0/reference/flux/stdlib/array/ - /influxdb/cloud/reference/flux/stdlib/array/ + - /flux/v0.x/stdlib/experimental/array/ menu: flux_0_x_ref: name: array diff --git a/content/flux/v0.x/stdlib/array/from.md b/content/flux/v0.x/stdlib/array/from.md index 78165b2bb..ad442af6c 100644 --- a/content/flux/v0.x/stdlib/array/from.md +++ b/content/flux/v0.x/stdlib/array/from.md @@ -7,6 +7,7 @@ aliases: - /influxdb/cloud/reference/flux/stdlib/array/from/ - /influxdb/v2.0/reference/flux/stdlib/experimental/array/from/ - /influxdb/cloud/reference/flux/stdlib/experimental/array/from/ + - /flux/v0.x/stdlib/experimental/array/from/ menu: flux_0_x_ref: name: array.from diff --git a/content/flux/v0.x/stdlib/experimental/addduration.md b/content/flux/v0.x/stdlib/experimental/addduration.md index 6cfbef447..3d038ca9c 100644 --- a/content/flux/v0.x/stdlib/experimental/addduration.md +++ b/content/flux/v0.x/stdlib/experimental/addduration.md @@ -29,8 +29,8 @@ See [influxdata/flux#413](https://github.com/influxdata/flux/issues/413). import "experimental" experimental.addDuration( - d: 12h, - to: now(), + d: 12h, + to: now(), ) ``` @@ -39,8 +39,10 @@ experimental.addDuration( ### d {data-type="duration"} The duration to add. -### to {data-type="time"} +### to {data-type="time, duration"} The time to add the [duration](#d) to. +Use an absolute time or a relative duration. +Durations are relative to [`now()`](/flux/v0.x/stdlib/universe/now/). ## Examples @@ -48,10 +50,18 @@ The time to add the [duration](#d) to. ```js import "experimental" -experimental.addDuration( - d: 6h, - to: 2019-09-16T12:00:00Z, -) +experimental.addDuration(d: 6h, to: 2019-09-16T12:00:00Z) // Returns 2019-09-16T18:00:00.000000000Z ``` + +### Add six hours to a relative duration +```js +import "experimental" + +option now = () => 2022-01-01T12:00:00Z + +experimental.addDuration(d: 6h, to: 3h) + +// Returns 2022-01-01T21:00:00.000000000Z +``` diff --git a/content/flux/v0.x/stdlib/experimental/influxdb/api.md b/content/flux/v0.x/stdlib/experimental/influxdb/api.md index 40f8f81b5..ea01a17e2 100644 --- a/content/flux/v0.x/stdlib/experimental/influxdb/api.md +++ b/content/flux/v0.x/stdlib/experimental/influxdb/api.md @@ -18,6 +18,10 @@ The `influxdb.api()` function submits an HTTP request to the specified InfluxDB API path and returns a record containing the HTTP status code, response headers, and response body as a byte array. +`influxdb.api()` uses the authorization of the specified `token` or, if executed from +the InfluxDB UI, the authorization of the InfluxDB user that invokes the script. +Authorization permissions and limits apply to each request. + ```js import "experimental/influxdb" diff --git a/content/flux/v0.x/stdlib/experimental/subduration.md b/content/flux/v0.x/stdlib/experimental/subduration.md index 3f9e48b57..6d53bf5ed 100644 --- a/content/flux/v0.x/stdlib/experimental/subduration.md +++ b/content/flux/v0.x/stdlib/experimental/subduration.md @@ -29,8 +29,8 @@ See [influxdata/flux#413](https://github.com/influxdata/flux/issues/413). import "experimental" experimental.subDuration( - d: 12h, - from: now(), + d: 12h, + from: now(), ) ``` @@ -39,8 +39,10 @@ experimental.subDuration( ### d {data-type="duration"} The duration to subtract. -### from {data-type="time"} +### from {data-type="time, duration"} The time to subtract the [duration](#d) from. +Use an absolute time or a relative duration. +Durations are relative to [`now()`](/flux/v0.x/stdlib/universe/now/). ## Examples @@ -48,10 +50,18 @@ The time to subtract the [duration](#d) from. ```js import "experimental" -experimental.subDuration( - d: 6h, - from: 2019-09-16T12:00:00Z, -) +experimental.subDuration(d: 6h, from: 2019-09-16T12:00:00Z) // Returns 2019-09-16T06:00:00.000000000Z ``` + +### Subtract six hours from a relative duration +```js +import "experimental" + +option now = () => 2022-01-01T12:00:00Z + +experimental.subDuration(d: 6h, from: -3h) + +// Returns 2022-01-01T03:00:00.000000000Z +``` diff --git a/content/flux/v0.x/stdlib/experimental/usage/limits.md b/content/flux/v0.x/stdlib/experimental/usage/limits.md index d743afc3f..83a2526a3 100644 --- a/content/flux/v0.x/stdlib/experimental/usage/limits.md +++ b/content/flux/v0.x/stdlib/experimental/usage/limits.md @@ -11,6 +11,8 @@ aliases: - /influxdb/v2.0/reference/flux/stdlib/experimental/usage/limits/ - /influxdb/cloud/reference/flux/stdlib/experimental/usage/limits/ weight: 401 +related: + - /flux/v0.x/stdlib/influxdata/influxdb/cardinality/ --- The `usage.limits()` function returns a record containing usage limits for an @@ -130,19 +132,20 @@ array.from( ##### Output current cardinality with your cardinality limit ```js -import "array" import "experimental/usage" import "influxdata/influxdb" -import "influxdata/influxdb/secrets" -host = "https://cloud2.influxdata.com" -orgID = "x000X0x0xx0X00x0" -token = secrets.get(key: "INFLUX_TOKEN") +limits = usage.limits() +bucketCardinality = (bucket) => + (influxdb.cardinality( + bucket: bucket, + start: time(v: 0), + ) + |> findColumn(fn: (key) => true, column: "_value"))[0] -cardinality = (influxdb.cardinality(bucket: "example-bucket", orgID: orgID, host: host, token: token) - |> findColumn(fn: (key) => true, column: "_value"))[0] - -limits = usage.limits(host: host, orgID: orgID, token: token) - -array.from(rows: [{cardinality: cardinality, cardinalityLimit: limits.rate.cardinality}]) +buckets() + |> filter(fn: (r) => not r.name =~ /^_/) + |> map(fn: (r) => ({bucket: r.name, Cardinality: bucketCardinality(bucket: r.name)})) + |> sum(column: "Cardinality") + |> map(fn: (r) => ({r with "Cardinality Limit": limits.rate.cardinality})) ``` \ No newline at end of file diff --git a/content/flux/v0.x/stdlib/influxdata/influxdb/cardinality.md b/content/flux/v0.x/stdlib/influxdata/influxdb/cardinality.md index 70346eb71..e5de731de 100644 --- a/content/flux/v0.x/stdlib/influxdata/influxdb/cardinality.md +++ b/content/flux/v0.x/stdlib/influxdata/influxdb/cardinality.md @@ -13,6 +13,7 @@ weight: 302 flux/v0.x/tags: [metadata] related: - /{{< latest "influxdb" "v1" >}}/query_language/spec/#show-cardinality, SHOW CARDINALITY in InfluxQL + - /flux/v0.x/stdlib/experimental/usage/limits/ introduced: 0.92.0 --- @@ -87,6 +88,11 @@ _Default is `(r) => true`_. ## Examples +- [Query series cardinality in a bucket](#query-series-cardinality-in-a-bucket) +- [Query series cardinality in a measurement](#query-series-cardinality-in-a-measurement) +- [Query series cardinality for a specific tag](#query-series-cardinality-for-a-specific-tag) +- [Query total cardinality across all buckets](#query-total-cardinality-across-all-buckets) + ##### Query series cardinality in a bucket ```js import "influxdata/influxdb" @@ -118,3 +124,20 @@ influxdb.cardinality( predicate: (r) => r.exampleTag == "foo" ) ``` + +##### Query total cardinality across all buckets +```js +import "influxdata/influxdb" + +bucketCardinality = (bucket) => + (influxdb.cardinality( + bucket: bucket, + start: time(v: 0), + ) + |> findColumn(fn: (key) => true, column: "_value"))[0] + +buckets() + |> filter(fn: (r) => not r.name =~ /^_/) + |> map(fn: (r) => ({bucket: r.name, "Total Cardinality": bucketCardinality(bucket: r.name)})) + |> sum(column: "Total Cardinality") +``` diff --git a/content/flux/v0.x/stdlib/influxdata/influxdb/monitor/statechangesonly.md b/content/flux/v0.x/stdlib/influxdata/influxdb/monitor/statechangesonly.md index 2f004b49c..3965f626e 100644 --- a/content/flux/v0.x/stdlib/influxdata/influxdb/monitor/statechangesonly.md +++ b/content/flux/v0.x/stdlib/influxdata/influxdb/monitor/statechangesonly.md @@ -6,6 +6,7 @@ description: > aliases: - /influxdb/v2.0/reference/flux/stdlib/monitor/statechangesonly/ - /influxdb/cloud/reference/flux/stdlib/monitor/statechangesonly/ + - /cloud/reference/flux/stdlib/monitor/statechangesonly/ menu: flux_0_x_ref: name: monitor.stateChangesOnly diff --git a/content/flux/v0.x/stdlib/sql/from.md b/content/flux/v0.x/stdlib/sql/from.md index 52af96c31..4b80c0694 100644 --- a/content/flux/v0.x/stdlib/sql/from.md +++ b/content/flux/v0.x/stdlib/sql/from.md @@ -42,7 +42,7 @@ The following drivers are available: - postgres - snowflake - sqlite3 – _Does not work with InfluxDB OSS or InfluxDB Cloud. For more information, see [Query SQLite](/flux/v0.x/query-data/sql/sqlite/)._ -- sqlserver, mssql +- sqlserver - vertica, vertigo ### dataSourceName {data-type="string"} diff --git a/content/flux/v0.x/stdlib/sql/to.md b/content/flux/v0.x/stdlib/sql/to.md index 2e4b1fb60..05df65cae 100644 --- a/content/flux/v0.x/stdlib/sql/to.md +++ b/content/flux/v0.x/stdlib/sql/to.md @@ -40,7 +40,7 @@ The following drivers are available: - postgres - snowflake - sqlite3 – _Does not work with InfluxDB OSS or InfluxDB Cloud. For more information, see [Write to SQLite](/flux/v0.x/write-data/sql/sqlite/)._ -- sqlserver, mssql +- sqlserver - vertica, vertigo {{% warn %}} diff --git a/content/flux/v0.x/stdlib/types/_index.md b/content/flux/v0.x/stdlib/types/_index.md new file mode 100644 index 000000000..cef9f3902 --- /dev/null +++ b/content/flux/v0.x/stdlib/types/_index.md @@ -0,0 +1,28 @@ +--- +title: Flux types package +list_title: types package +description: > + The Flux `types` package provides functions for working with + [Flux basic types](/flux/v0.x/data/data-types/basic/). + Import the `types` package. +menu: + flux_0_x_ref: + name: types + parent: Standard library +weight: 11 +flux/v0.x/tags: [types, functions, package] +cascade: + introduced: 0.140.0 +--- + +The Flux `types` package provides functions for working with +[Flux basic types](/flux/v0.x/data/data-types/basic/). +Import the `types` package. + +```js +import "types" +``` + +## Functions + +{{< children type="functions" show="pages" >}} diff --git a/content/flux/v0.x/stdlib/types/istype.md b/content/flux/v0.x/stdlib/types/istype.md new file mode 100644 index 000000000..adbf7ccde --- /dev/null +++ b/content/flux/v0.x/stdlib/types/istype.md @@ -0,0 +1,92 @@ +--- +title: types.isType() function +description: > + `types.isType()` tests if a value is a specified + [Flux basic type](/flux/v0.x/data-types/basic/) or + [regular expression type](/flux/v0.x/data-types/regexp/). +menu: + flux_0_x_ref: + name: types.isType + parent: types +weight: 101 +flux/v0.x/tags: [tests, types] +--- + +`types.isType()` tests if a value is a specified +[Flux basic type](/flux/v0.x/data-types/basic/) or +[regular expression type](/flux/v0.x/data-types/regexp/). + +```js +import "types" + +types.isType(v: 12, type: "int") + +// Returns true +``` + +## Parameters + +### v +({{< req >}}) +Value to test. + +### type {data-type="string"} +({{< req >}}) +Flux basic type. + +**Supported values:** + +- string +- bytes +- int +- uint +- float +- bool +- time +- duration +- regexp + +## Examples + +### Filter fields by type +```js +import "strings" + +data + |> filter(fn: (r) => types.isType(v: r._value, type: "string")) +``` + +{{< expand-wrapper >}} +{{% expand "View example input and output" %}} +{{< flex >}} +{{% flex-content %}} + +##### Input data + +| _time | _field | _value (int) | +| :------------------- | :----- | -------------------------------------------: | +| 2022-01-01T00:00:00Z | foo | 12 | +| 2022-01-01T00:01:00Z | foo | 15 | +| 2022-01-01T00:02:00Z | foo | 9 | + +| _time | _field | _value (string) | +| :------------------- | :----- | ----------------------------------------------: | +| 2022-01-01T00:00:00Z | bar | 0jCcsMYM | +| 2022-01-01T00:01:00Z | bar | jHvuDw35 | +| 2022-01-01T00:02:00Z | bar | HE5uCIC2 | + +{{% /flex-content %}} +{{% flex-content %}} + +##### Output data + +| _time | _field | _value (string) | +| :------------------- | :----- | ----------------------------------------------: | +| 2022-01-01T00:00:00Z | bar | 0jCcsMYM | +| 2022-01-01T00:01:00Z | bar | jHvuDw35 | +| 2022-01-01T00:02:00Z | bar | HE5uCIC2 | + +{{% /flex-content %}} +{{< /flex >}} +{{% /expand %}} +{{< /expand-wrapper >}} diff --git a/content/flux/v0.x/stdlib/universe/_index.md b/content/flux/v0.x/stdlib/universe/_index.md index 3f6e6105d..61feaf2b8 100644 --- a/content/flux/v0.x/stdlib/universe/_index.md +++ b/content/flux/v0.x/stdlib/universe/_index.md @@ -33,7 +33,7 @@ Function option that, by default, returns the current system time. The value of `now()` is cached at query time, so all instances of `now()` in a script return the same time value. -### location {data-type="string"} +### location {data-type="record"} Location used to determine timezone. Default is [`timezone.utc`](/flux/v0.x/stdlib/timezone/#constants). Flux uses the timezone information (commonly referred to as "tz" or "zoneinfo") diff --git a/content/flux/v0.x/write-data/sql/_index.md b/content/flux/v0.x/write-data/sql/_index.md index 6ac8d36f1..2c9dcf2c9 100644 --- a/content/flux/v0.x/write-data/sql/_index.md +++ b/content/flux/v0.x/write-data/sql/_index.md @@ -50,7 +50,7 @@ The following drivers are available: - `postgres` - `snowflake` - `sqlite3` -- `sqlserver`, `mssql` +- `sqlserver` ## Data source names Each [SQL driver](#drivers) supports unique data source name (DSN) syntaxes diff --git a/content/flux/v0.x/write-data/sql/bigquery.md b/content/flux/v0.x/write-data/sql/bigquery.md index ee4c1c8e8..fd5589e87 100644 --- a/content/flux/v0.x/write-data/sql/bigquery.md +++ b/content/flux/v0.x/write-data/sql/bigquery.md @@ -67,13 +67,6 @@ Provide your authentication credentials using one of the following methods: - Set the `GOOGLE_APPLICATION_CREDENTIALS` environment variable to identify the location of your credential JSON file. -- Provide your BigQuery API key using the **apiKey** URL parameter in your BigQuery DSN. - - ###### Example apiKey URL parameter - ``` - bigquery://projectid/?apiKey=AIzaSyB6XK8IO5AzKZXoioQOVNTFYzbDBjY5hy4 - ``` - - Provide your base-64 encoded service account, refresh token, or JSON credentials using the **credentials** URL parameter in your BigQuery DSN. diff --git a/content/flux/v0.x/write-data/sql/sql-server.md b/content/flux/v0.x/write-data/sql/sql-server.md index a6fc0517e..c713235e4 100644 --- a/content/flux/v0.x/write-data/sql/sql-server.md +++ b/content/flux/v0.x/write-data/sql/sql-server.md @@ -2,8 +2,8 @@ title: Write to SQL Server list_title: SQL Server description: > - Use [`sql.to()`](/flux/v0.x/stdlib/sql/to/) with the `sqlserver` or `mssql` - driver to write data to SQL Server. + Use [`sql.to()`](/flux/v0.x/stdlib/sql/to/) with the `sqlserver` driver to + write data to SQL Server. menu: flux_0_x: name: SQL Server @@ -31,7 +31,7 @@ To write data to [Microsoft SQL Server](https://www.microsoft.com/sql-server/) w 2. Pipe-forward data into [`sql.to()`](/flux/v0.x/stdlib/sql/to/) and provide the following parameters: - - **driverName**: sqlserver _or_ mssql + - **driverName**: sqlserver - **dataSourceName**: _See [data source name](#sql-server-data-source-name)_ - **table**: Table to write to - **batchSize**: Number of parameters or columns that can be queued within @@ -51,7 +51,7 @@ data --- ## SQL Server data source name -The `sqlserver` and `mssql` drivers use the following DSN syntaxes (also known as a **connection string**): +The `sqlserver` driver uses the following DSN syntaxes (also known as a **connection string**): ``` sqlserver://username:password@localhost:1433?database=examplebdb diff --git a/content/influxdb/cloud/account-management/offboarding.md b/content/influxdb/cloud/account-management/offboarding.md index 9242fc9bc..c2e3d4261 100644 --- a/content/influxdb/cloud/account-management/offboarding.md +++ b/content/influxdb/cloud/account-management/offboarding.md @@ -59,7 +59,7 @@ To request a backup of data in your {{< cloud-name "short" >}} instance, contact {{% note %}} Cancelling your usage-based plan will delete your organization. However, those in multi-user organizations must contact -[InfluxData Support](support@influxdata.com) to delete your organization. +[InfluxData Support](mailto:support@influxdata.com) to delete your organization. {{% /note %}} 1. Click the **user avatar** in the top right corner of your {{< cloud-name "short" >}} diff --git a/content/influxdb/cloud/account-management/pricing-plans.md b/content/influxdb/cloud/account-management/pricing-plans.md index 50081fb0e..0e881c676 100644 --- a/content/influxdb/cloud/account-management/pricing-plans.md +++ b/content/influxdb/cloud/account-management/pricing-plans.md @@ -65,7 +65,7 @@ _To request higher soft data limits, contact [InfluxData Support](mailto:support - **Series cardinality:** 1,000,000 initial limit (higher limits available; [contact InfluxData Support](mailto:support@influxdata.com)) - **Storage:** Unlimited retention {{% note %}} -Set your retention period to unlimited or up to 1 year by [updating a bucket’s retention period in the InfluxDB UI](/influxdb/cloud/organizations/buckets/update-bucket/#update-a-buckets-retention-period-in-the-influxdb-ui), or [set a custom retention period](/influxdb/cloud/organizations/buckets/update-bucket/#update-a-buckets-retention-period) using the [`influx` CLI](influxdb/cloud/reference/cli/influx/). +Set your retention period to unlimited or up to 1 year by [updating a bucket’s retention period in the InfluxDB UI](/influxdb/cloud/organizations/buckets/update-bucket/#update-a-buckets-retention-period-in-the-influxdb-ui), or [set a custom retention period](/influxdb/cloud/organizations/buckets/update-bucket/#update-a-buckets-retention-period) using the [`influx` CLI](/influxdb/cloud/reference/cli/influx/). {{% /note %}} ### Pricing vectors diff --git a/content/influxdb/cloud/api-guide/client-libraries/dart.md b/content/influxdb/cloud/api-guide/client-libraries/dart.md new file mode 100644 index 000000000..30bc56337 --- /dev/null +++ b/content/influxdb/cloud/api-guide/client-libraries/dart.md @@ -0,0 +1,13 @@ +--- +title: Dart client library +list_title: Dart +seotitle: Use the InfluxDB Dart client library +description: Use the InfluxDB Dart client library to interact with InfluxDB. +external_url: https://github.com/influxdata/influxdb-client-dart +menu: + influxdb_cloud: + name: Dart + parent: Client libraries + url: https://github.com/influxdata/influxdb-client-dart +weight: 201 +--- diff --git a/content/influxdb/cloud/api-guide/client-libraries/nodejs/query.md b/content/influxdb/cloud/api-guide/client-libraries/nodejs/query.md index 8a57f6fe2..2e4505a9d 100644 --- a/content/influxdb/cloud/api-guide/client-libraries/nodejs/query.md +++ b/content/influxdb/cloud/api-guide/client-libraries/nodejs/query.md @@ -6,7 +6,7 @@ menu: influxdb_cloud: name: Query parent: Node.js -influxdb/cloud/tags: [client libraries, Node.js, JavaScript] +influxdb/cloud/tags: [client libraries, nodejs, JavaScript] weight: 201 aliases: - /influxdb/cloud/reference/api/client-libraries/js/query diff --git a/content/influxdb/cloud/api-guide/client-libraries/nodejs/write.md b/content/influxdb/cloud/api-guide/client-libraries/nodejs/write.md index 961742dd3..e748b3893 100644 --- a/content/influxdb/cloud/api-guide/client-libraries/nodejs/write.md +++ b/content/influxdb/cloud/api-guide/client-libraries/nodejs/write.md @@ -6,7 +6,7 @@ menu: influxdb_cloud: name: Write parent: Node.js -influxdb/cloud/tags: [client libraries, Node.js, JavaScript] +influxdb/cloud/tags: [client libraries, nodejs, JavaScript] weight: 101 aliases: - /influxdb/cloud/reference/api/client-libraries/js/write diff --git a/content/influxdb/cloud/influxdb-templates/monitor.md b/content/influxdb/cloud/monitor-alert/templates/monitor.md similarity index 85% rename from content/influxdb/cloud/influxdb-templates/monitor.md rename to content/influxdb/cloud/monitor-alert/templates/monitor.md index d1109816c..0047231ab 100644 --- a/content/influxdb/cloud/influxdb-templates/monitor.md +++ b/content/influxdb/cloud/monitor-alert/templates/monitor.md @@ -12,6 +12,7 @@ influxdb/v2.0/tags: [templates, monitor] related: - /influxdb/v2.0/reference/cli/influx/apply/ - /influxdb/v2.0/reference/cli/influx/template/ + - /influxdb/cloud/influxdb-templates/monitor --- -{{< duplicate-oss >}} +{{< duplicate-oss >}} diff --git a/content/influxdb/v1.5/administration/config.md b/content/influxdb/v1.5/administration/config.md index 6f6151c80..040db4792 100644 --- a/content/influxdb/v1.5/administration/config.md +++ b/content/influxdb/v1.5/administration/config.md @@ -1,5 +1,7 @@ --- title: Configuring InfluxDB OSS +aliases: + - /influxdb/v1.5/administration/subscription-management/ menu: influxdb_1_5: name: Configuring InfluxDB diff --git a/content/influxdb/v1.8/tools/influx_inspect.md b/content/influxdb/v1.8/tools/influx_inspect.md index 6e48bcdfe..48841b378 100644 --- a/content/influxdb/v1.8/tools/influx_inspect.md +++ b/content/influxdb/v1.8/tools/influx_inspect.md @@ -430,13 +430,17 @@ The default location is `$HOME/.influxdb`. #### Syntax ``` -influx_inspect report [ options ] +influx_inspect report [ options ] ``` #### Options Optional arguments are in brackets. +##### `` + +The path to the InfluxDB [`data` directory](/influxdb/v1.8/concepts/file-system-layout/#file-system-layout). + ##### [ `-pattern ""` ] The regular expression or wildcard pattern to match included files. diff --git a/content/influxdb/v2.0/api-guide/client-libraries/dart.md b/content/influxdb/v2.0/api-guide/client-libraries/dart.md new file mode 100644 index 000000000..c2dad9c35 --- /dev/null +++ b/content/influxdb/v2.0/api-guide/client-libraries/dart.md @@ -0,0 +1,13 @@ +--- +title: Dart client library +list_title: Dart +seotitle: Use the InfluxDB Dart client library +description: Use the InfluxDB Dart client library to interact with InfluxDB. +external_url: https://github.com/influxdata/influxdb-client-dart +menu: + influxdb_2_0: + name: Dart + parent: Client libraries + url: https://github.com/influxdata/influxdb-client-dart +weight: 201 +--- diff --git a/content/influxdb/v2.0/backup-restore/_index.md b/content/influxdb/v2.0/backup-restore/_index.md index ff4df717f..7930de775 100644 --- a/content/influxdb/v2.0/backup-restore/_index.md +++ b/content/influxdb/v2.0/backup-restore/_index.md @@ -4,6 +4,8 @@ seotitle: Backup and restore data with InfluxDB description: > InfluxDB provides tools that let you back up and restore data and metadata stored in InfluxDB. +aliases: + - /influxdb/v2.0/administration/backup_and_restore/ influxdb/v2.0/tags: [backup, restore] menu: influxdb_2_0: diff --git a/content/influxdb/v2.0/query-data/_index.md b/content/influxdb/v2.0/query-data/_index.md index 9ff9bcd13..445670477 100644 --- a/content/influxdb/v2.0/query-data/_index.md +++ b/content/influxdb/v2.0/query-data/_index.md @@ -4,6 +4,8 @@ seotitle: Query data stored in InfluxDB description: > Learn to query data stored in InfluxDB using Flux and tools such as the InfluxDB user interface and the 'influx' command line interface. +aliases: + - /influxdb/v2.0/query_language/data_exploration/ menu: influxdb_2_0: name: Query data diff --git a/content/influxdb/v2.0/query-data/flux/group-data.md b/content/influxdb/v2.0/query-data/flux/group-data.md index eda57580d..ca424c1fa 100644 --- a/content/influxdb/v2.0/query-data/flux/group-data.md +++ b/content/influxdb/v2.0/query-data/flux/group-data.md @@ -11,6 +11,7 @@ menu: weight: 202 aliases: - /influxdb/v2.0/query-data/guides/group-data/ + - /influxdb/v2.0/query-data/flux/grouping-data/ related: - /{{< latest "flux" >}}/stdlib/universe/group - /{{< latest "flux" >}}/stdlib/experimental/group diff --git a/content/influxdb/v2.0/query-data/flux/window-aggregate.md b/content/influxdb/v2.0/query-data/flux/window-aggregate.md index 1d6d48743..13f43b958 100644 --- a/content/influxdb/v2.0/query-data/flux/window-aggregate.md +++ b/content/influxdb/v2.0/query-data/flux/window-aggregate.md @@ -13,6 +13,7 @@ weight: 204 influxdb/v2.0/tags: [flux, aggregates] aliases: - /influxdb/v2.0/query-data/guides/window-aggregate/ + - /influxdb/v2.0/query-data/flux/windowing-aggregating/ related: - /{{< latest "flux" >}}/stdlib/universe/aggregatewindow - /{{< latest "flux" >}}/stdlib/universe/window diff --git a/content/influxdb/v2.0/reference/syntax/line-protocol.md b/content/influxdb/v2.0/reference/syntax/line-protocol.md index 525aa281e..4eaa4dfc9 100644 --- a/content/influxdb/v2.0/reference/syntax/line-protocol.md +++ b/content/influxdb/v2.0/reference/syntax/line-protocol.md @@ -11,6 +11,8 @@ influxdb/v2.0/tags: [write, line protocol, syntax] aliases: - /influxdb/v2.0/reference/line-protocol - /influxdb/v2.0/write_protocols/line_protocol_tutorial/ + - /influxdb/v2.0/write_protocols/line/ + - /influxdb/v2.0/write_protocols/line_protocol_reference/ related: - /influxdb/v2.0/write-data/ --- diff --git a/content/influxdb/v2.1/api-guide/client-libraries/dart.md b/content/influxdb/v2.1/api-guide/client-libraries/dart.md new file mode 100644 index 000000000..b581e7204 --- /dev/null +++ b/content/influxdb/v2.1/api-guide/client-libraries/dart.md @@ -0,0 +1,13 @@ +--- +title: Dart client library +list_title: Dart +seotitle: Use the InfluxDB Dart client library +description: Use the InfluxDB Dart client library to interact with InfluxDB. +external_url: https://github.com/influxdata/influxdb-client-dart +menu: + influxdb_2_1: + name: Dart + parent: Client libraries + url: https://github.com/influxdata/influxdb-client-dart +weight: 201 +--- diff --git a/content/influxdb/v2.1/influxdb-templates/_index.md b/content/influxdb/v2.1/influxdb-templates/_index.md index 982ad31c8..7dfde83ad 100644 --- a/content/influxdb/v2.1/influxdb-templates/_index.md +++ b/content/influxdb/v2.1/influxdb-templates/_index.md @@ -1,16 +1,16 @@ --- title: InfluxDB templates description: > - InfluxDB templates are preconfigured InfluxDB resources and can contain everything + InfluxDB templates are prepackaged InfluxDB configurations that contain everything from dashboards and Telegraf configurations to notifications and alerts. menu: influxdb_2_1 weight: 9 influxdb/v2.1/tags: [templates] --- -InfluxDB templates are preconfigured InfluxDB resources and can contain everything +InfluxDB templates are prepackaged InfluxDB configurations that contain everything from dashboards and Telegraf configurations to notifications and alerts. -Use InfluxDB templates to quickly get set up monitoring a specific technology, +Use templates to monitor your technology stack, set up a fresh instance of InfluxDB, back up your dashboard configuration, or [share your configuration](https://github.com/influxdata/community-templates/) with the InfluxData community. @@ -26,7 +26,7 @@ set up a fresh instance of InfluxDB, back up your dashboard configuration, or ## Template manifests -A template consists of one or more files known as **manifests** that define the +A template **manifest** is a file that defines InfluxDB [resources](#template-resources). Template manifests support the following formats: @@ -41,25 +41,49 @@ Template manifests are compatible with The `metadata.name` field in manifests uniquely identifies each resource in the template. `metadata.name` values must be [DNS-1123](https://tools.ietf.org/html/rfc1123) compliant. -If resources in the template depend on other InfluxDB resources, all dependencies -should be included in the template, otherwise, the resources may not be usable. +The `spec` object contains the resource configuration. + +#### Example + +```yaml +# bucket-template.yml +# Template manifest that defines two buckets. +apiVersion: influxdata.com/v2alpha1 +kind: Bucket +metadata: + name: thirsty-shaw-91b005 +spec: + description: My IoT Center Bucket + name: iot-center + retentionRules: + - everySeconds: 86400 + type: expire +--- +apiVersion: influxdata.com/v2alpha1 +kind: Bucket +metadata: + name: upbeat-fermat-91b001 +spec: + name: air_sensor +--- +``` _See [Create an InfluxDB template](/influxdb/v2.1/influxdb-templates/create/) for information about generating template manifests._ ### Template resources -Include the following **resources** in a template: +Templates may contain the following InfluxDB resources: -- buckets -- checks -- dashboards -- dashboard variables -- labels -- notification endpoints -- notification rules -- tasks -- Telegraf configurations +- [buckets](/influxdb/v2.1/organizations/buckets/create-bucket/) +- [checks](/influxdb/v2.1/monitor-alert/checks/create/) +- [dashboards](/influxdb/v2.1/visualize-data/dashboards/create-dashboard/) +- [dashboard variables](/influxdb/v2.1/visualize-data/variables/create-variable/) +- [labels](/influxdb/v2.1/visualize-data/labels/) +- [notification endpoints](/influxdb/v2.1/monitor-alert/notification-endpoints/create/) +- [notification rules](/influxdb/v2.1/monitor-alert/notification-rules/create/) +- [tasks](/influxdb/v2.1/process-data/manage-tasks/create-task/) +- [Telegraf configurations](/influxdb/v2.1/write-data/no-code/use-telegraf/) ## Stacks diff --git a/content/influxdb/v2.1/influxdb-templates/create.md b/content/influxdb/v2.1/influxdb-templates/create.md index 8539997c7..3a3c2e581 100644 --- a/content/influxdb/v2.1/influxdb-templates/create.md +++ b/content/influxdb/v2.1/influxdb-templates/create.md @@ -14,77 +14,84 @@ related: - /influxdb/v2.1/reference/cli/influx/export/all/ --- -Use the InfluxDB user interface (UI) and the `influx export` command to -create InfluxDB templates. -Add resources (buckets, Telegraf configurations, tasks, and more) in the InfluxDB -UI and export the resources as a template. +Use the InfluxDB user interface (UI) and the [`influx export` command](/influxdb/v2.1/reference/cli/influx/export/) to +create InfluxDB templates from [resources](/influxdb/v2.1/influxdb-templates/#template-resources) in an organization. +Add buckets, Telegraf configurations, tasks, and more in the InfluxDB +UI and then export those resources as a template. {{< youtube 714uHkxKM6U >}} -{{% note %}} -Templatable resources are scoped to a single organization, so the simplest way to create a -template is to create a new organization, build the template within the organization, -and then [export all resources](#export-all-resources) as a template. -{{% /note %}} +- [Create a template](#create-a-template) +- [Export resources to a template](#export-resources-to-a-template) +- [Include user-definable resource names](#include-user-definable-resource-names) +- [Troubleshoot template results and permissions](#troubleshoot-template-results-and-permissions) +- [Share your InfluxDB templates](#share-your-influxdb-templates) -**To create a template:** +## Create a template + +Creating a new organization to contain only your template resources is an easy way +to ensure you export the resources you want. +Follow these steps to create a template from a new organization. 1. [Start InfluxDB](/influxdb/v2.1/get-started/). 2. [Create a new organization](/influxdb/v2.1/organizations/create-org/). -3. In the InfluxDB UI add one or more of the following templatable resources: +3. In the InfluxDB UI, add one or more [resources](/influxdb/v2.1/influxdb-templates/#template-resources). +4. [Create an **All-Access** API token](/influxdb/v2.1/security/tokens/create-token/) (or a token that has **read** access to the organization). +5. Use the API token from **Step 4** with the [`influx export all` subcommand](/influxdb/v2.1/reference/cli/influx/export/all/) to [export all resources]() in the organization to a template file. - - [buckets](/influxdb/v2.1/organizations/buckets/create-bucket/) - - [checks](/influxdb/v2.1/monitor-alert/checks/create/) - - [dashboards](/influxdb/v2.1/visualize-data/dashboards/create-dashboard/) - - [dashboard variables](/influxdb/v2.1/visualize-data/variables/create-variable/) - - [labels](/influxdb/v2.1/visualize-data/labels/) - - [notification endpoints](/influxdb/v2.1/monitor-alert/notification-endpoints/create/) - - [notification rules](/influxdb/v2.1/monitor-alert/notification-rules/create/) - - [tasks](/influxdb/v2.1/process-data/manage-tasks/create-task/) - - [Telegraf configurations](/influxdb/v2.1/write-data/no-code/use-telegraf/) + ```sh + influx export all \ + -o YOUR_INFLUX_ORG \ + -t YOUR_ALL_ACCESS_TOKEN \ + -f ~/templates/template.yml + ``` -4. Export the template _(see [below](#export-a-template))_. +## Export resources to a template -## Export a template +The [`influx export` command](/influxdb/v2.1/reference/cli/influx/export/) and subcommands let you +export [resources](#template-resources) from an organization to a template manifest. +Your [API token](/influxdb/v2.1/security/tokens/) must have **read** access to resources that you want to export. -Do one of the following to export a template: +If you want to export resources that depend on other resources, be sure to export the dependencies. -- [Export all resources in an organization](#export-all-resources) -- [Export specific resources in an organization](#export-specific-resources) -- [Export a stack and its associated resources](#export-a-stack) +{{< cli/influx-creds-note >}} + +To create a template that **adds, modifies, and deletes resources** when applied to an organization, use [InfluxDB stacks](/influxdb/v2.1/influxdb-templates/stacks/). +First, [initialize the stack](/influxdb/v2.1/influxdb-templates/stacks/init/) +and then [export the stack](#export-a-stack). + +To create a template that only **adds resources** when applied to an organization (and doesn't modify existing resources there), choose one of the following: +- [Export all resources](#export-all-resources) to export all resources or a filtered + subset of resources to a template. +- [Export specific resources](#export-specific-resources) by name or ID to a template. ### Export all resources -To export all templatable resources within an organization to a template manifest, -use the `influx export all` command. +To export all [resources](/influxdb/v2.1/influxdb-templates/#template-resources) +within an organization to a template manifest file, use the +[`influx export all` subcommand](/influxdb/v2.1/reference/cli/influx/export/all/) +with the `--file` (`-f`) option. + Provide the following: -- **Organization name** or **ID** -- **API token** with read access to the organization - **Destination path and filename** for the template manifest. - The filename extension determines the template format—both **YAML** (`.yml`) and - **JSON** (`.json`) are supported. - -###### Export all resources to a template + The filename extension determines the output format: + - `your-template.yml`: [YAML](https://yaml.org/) format + - `your-template.json`: [JSON](https://json.org/) format ```sh # Syntax -influx export all -o -f -t - -# Example -influx export all \ - -o my-org \ - -f ~/templates/awesome-template.yml \ - -t $INFLUX_TOKEN +influx export all -f ``` #### Export resources filtered by labelName or resourceKind -The `influx export all` command has an optional `--filter` flag that exports +The [`influx export all` subcommand](/influxdb/v2.1/reference/cli/influx/export/all/) +accepts a `--filter` option that exports only resources that match specified label names or resource kinds. -Provide multiple filters for both `labelName` and `resourceKind`. +To filter on label name *and* resource kind, provide a `--filter` for each. -###### Export only dashboards and buckets with specific labels +#### Export only dashboards and buckets with specific labels The following example exports resources that match this predicate logic: @@ -96,52 +103,51 @@ and ```sh influx export all \ - -o my-org \ - -f ~/templates/awesome-template.yml \ - -t $INFLUX_TOKEN \ + -f ~/templates/template.yml \ --filter=resourceKind=Bucket \ --filter=resourceKind=Dashboard \ --filter=labelName=Example1 \ --filter=labelName=Example2 ``` -For information about flags, see the -[`influx export all` documentation](/influxdb/v2.1/reference/cli/influx/export/all/). +For more options and examples, see the +[`influx export all` subcommand](/influxdb/v2.1/reference/cli/influx/export/all/). ### Export specific resources -To export specific resources within an organization to a template manifest, use the `influx export` with resource flags for each resource to include. +To export specific [resources](/influxdb/v2.1/influxdb-templates/#template-resources) by name or ID, use the **[`influx export` command](/influxdb/v2.1/reference/cli/influx/export/)** with one or more lists of resources to include. + Provide the following: -- **Organization name** or **ID** -- **API token** with read access to the organization - **Destination path and filename** for the template manifest. - The filename extension determines the template format—both **YAML** (`.yml`) and - **JSON** (`.json`) are supported. -- **Resource flags** with corresponding lists of resource IDs or resource names to include in the template. - For information about what resource flags are available, see the - [`influx export` documentation](/influxdb/v2.1/reference/cli/influx/export/). - -###### Export specific resources to a template + The filename extension determines the output format: + - `your-template.yml`: [YAML](https://yaml.org/) format + - `your-template.json`: [JSON](https://json.org/) format +- **Resource options** with corresponding lists of resource IDs or resource names to include in the template. + For information about what resource options are available, see the + [`influx export` command](/influxdb/v2.1/reference/cli/influx/export/). ```sh # Syntax -influx export all -o -f -t [resource-flags] +influx export -f [resource-flags] +``` -# Export specific resources by ID -influx export all \ - -o my-org \ - -f ~/templates/awesome-template.yml \ +#### Export specific resources by ID +```sh +influx export \ + --org-id ed32b47572a0137b \ + -f ~/templates/template.yml \ -t $INFLUX_TOKEN \ --buckets=00x000ooo0xx0xx,o0xx0xx00x000oo \ --dashboards=00000xX0x0X00x000 \ --telegraf-configs=00000x0x000X0x0X0 +``` -# Export specific resources by name -influx export all \ - -o my-org \ - -f ~/templates/awesome-template.yml \ - -t $INFLUX_TOKEN \ +#### Export specific resources by name +```sh +influx export \ + --org-id ed32b47572a0137b \ + -f ~/templates/template.yml \ --bucket-names=bucket1,bucket2 \ --dashboard-names=dashboard1,dashboard2 \ --telegraf-config-names=telegrafconfig1,telegrafconfig2 @@ -149,18 +155,19 @@ influx export all \ ### Export a stack -To export a stack and all its associated resources as a template, use the +To export an InfluxDB [stack](/influxdb/v2.1/influxdb-templates/stacks/) and all its associated resources as a template, use the `influx export stack` command. Provide the following: - **Organization name** or **ID** - **API token** with read access to the organization - **Destination path and filename** for the template manifest. - The filename extension determines the template format—both **YAML** (`.yml`) and - **JSON** (`.json`) are supported. + The filename extension determines the output format: + - `your-template.yml`: [YAML](https://yaml.org/) format + - `your-template.json`: [JSON](https://json.org/) format - **Stack ID** -###### Export a stack as a template +#### Export a stack as a template ```sh # Syntax @@ -183,14 +190,14 @@ influx export stack \ After exporting a template manifest, replace resource names with **environment references** to let users customize resource names when installing your template. -1. [Export a template](#export-a-template) -2. Select any of the following resource fields to update: +1. [Export a template](#export-a-template). +2. Select any of the following resource fields to update: - `metadata.name` - `associations[].name` - `endpointName` _(unique to `NotificationRule` resources)_ -3. Replace the resource field value with an `envRef` object with a `key` property +3. Replace the resource field value with an `envRef` object with a `key` property that references the key of a key-value pair the user provides when installing the template. During installation, the `envRef` object is replaced by the value of the referenced key-value pair. @@ -254,10 +261,31 @@ Only the following fields support environment references: - `spec.associations.name` {{% /note %}} +## Troubleshoot template results and permissions + +If you get unexpected results, missing resources, or errors when exporting +templates, check the following: +- [Ensure `read` access](#ensure-read-access) +- [Use Organization ID](#use-organization-id) +- [Check for resource dependencies](#check-for-resource-dependencies) + +### Ensure read access + +The [API token](/influxdb/v2.1/security/tokens/) must have **read** access to resources that you want to export. The `influx export all` command only exports resources that the API token can read. For example, to export all resources in an organization that has ID `abc123`, the API token must have the `read:/orgs/abc123` permission. + +To learn more about permissions, see [how to view authorizations](/influxdb/v2.1/security/tokens/view-tokens/) and [how to create a token](/influxdb/v2.1/security/tokens/create-token/) with specific permissions. + +### Use Organization ID + +If your token doesn't have **read** access to the organization and you want to [export specific resources](#export-specific-resources), use the `--org-id ` flag (instead of `-o ` or `--org `) to provide the organization. + +### Check for resource dependencies + +If you want to export resources that depend on other resources, be sure to export the dependencies as well. Otherwise, the resources may not be usable. + ## Share your InfluxDB templates Share your InfluxDB templates with the entire InfluxData community. -**Contribute your template to the [InfluxDB Community Templates](https://github.com/influxdata/community-templates/) -repository on GitHub.** +Contribute your template to the [InfluxDB Community Templates](https://github.com/influxdata/community-templates/) repository on GitHub. View InfluxDB Community Templates diff --git a/content/influxdb/v2.1/organizations/buckets/delete-bucket.md b/content/influxdb/v2.1/organizations/buckets/delete-bucket.md index 6924c5958..129da95bc 100644 --- a/content/influxdb/v2.1/organizations/buckets/delete-bucket.md +++ b/content/influxdb/v2.1/organizations/buckets/delete-bucket.md @@ -14,12 +14,26 @@ to delete a bucket. ## Delete a bucket in the InfluxDB UI +{{% oss-only %}} + 1. In the navigation menu on the left, select **Data (Load Data)** > **Buckets**. {{< nav-icon "data" >}} - 2. Hover over the bucket you would like to delete. -3. Click **{{< icon "delete" >}} Delete Bucket** and **Confirm** to delete the bucket. +3. Click the **{{< icon "delete" >}}** icon located far right of the bucket name. +4. Click **Delete** to delete the bucket. +{{% /oss-only %}} + +{{% cloud-only %}} + +1. In the navigation menu on the left, select **Load Data** > **Buckets**. + + {{< nav-icon "data" >}} + +2. Find the bucket that you would like to delete. +3. Click the **{{< icon "delete" >}}** icon located far right of the bucket name. +4. Click **{{< caps >}}Confirm{{< /caps >}}** to delete the bucket. +{{% /cloud-only %}} ## Delete a bucket using the influx CLI diff --git a/content/influxdb/v2.1/query-data/_index.md b/content/influxdb/v2.1/query-data/_index.md index 6c585d519..b6aa0bc9d 100644 --- a/content/influxdb/v2.1/query-data/_index.md +++ b/content/influxdb/v2.1/query-data/_index.md @@ -4,6 +4,8 @@ seotitle: Query data stored in InfluxDB description: > Learn to query data stored in InfluxDB using Flux and tools such as the InfluxDB user interface and the 'influx' command line interface. +aliases: + - /influxdb/v2.1/query_language/data_exploration/ menu: influxdb_2_1: name: Query data diff --git a/content/influxdb/v2.1/query-data/flux/group-data.md b/content/influxdb/v2.1/query-data/flux/group-data.md index b8e437391..2fe629922 100644 --- a/content/influxdb/v2.1/query-data/flux/group-data.md +++ b/content/influxdb/v2.1/query-data/flux/group-data.md @@ -11,6 +11,7 @@ menu: weight: 202 aliases: - /influxdb/v2.1/query-data/guides/group-data/ + - /influxdb/v2.1/query-data/flux/grouping-data/ related: - /{{< latest "flux" >}}/stdlib/universe/group - /{{< latest "flux" >}}/stdlib/experimental/group diff --git a/content/influxdb/v2.1/query-data/flux/window-aggregate.md b/content/influxdb/v2.1/query-data/flux/window-aggregate.md index a22aa682f..559699d20 100644 --- a/content/influxdb/v2.1/query-data/flux/window-aggregate.md +++ b/content/influxdb/v2.1/query-data/flux/window-aggregate.md @@ -13,6 +13,7 @@ weight: 204 influxdb/v2.1/tags: [flux, aggregates] aliases: - /influxdb/v2.1/query-data/guides/window-aggregate/ + - /influxdb/v2.1/query-data/flux/windowing-aggregating/ related: - /{{< latest "flux" >}}/stdlib/universe/aggregatewindow - /{{< latest "flux" >}}/stdlib/universe/window diff --git a/content/influxdb/v2.1/reference/cli/influx/restore/index.md b/content/influxdb/v2.1/reference/cli/influx/restore/index.md index 42921756c..4f20f142b 100644 --- a/content/influxdb/v2.1/reference/cli/influx/restore/index.md +++ b/content/influxdb/v2.1/reference/cli/influx/restore/index.md @@ -6,8 +6,9 @@ menu: influxdb_2_1_ref: parent: influx weight: 101 -alias: +aliases: - /influxdb/v2.1/reference/cli/influxd/restore/ + - /influxdb/v2.1/administration/backup_and_restore/ related: - /influxdb/v2.1/backup-restore/restore/ - /influxdb/v2.1/reference/cli/influx/backup/ diff --git a/content/influxdb/v2.1/reference/syntax/line-protocol.md b/content/influxdb/v2.1/reference/syntax/line-protocol.md index c2acbec5e..8e3c4b026 100644 --- a/content/influxdb/v2.1/reference/syntax/line-protocol.md +++ b/content/influxdb/v2.1/reference/syntax/line-protocol.md @@ -11,6 +11,7 @@ influxdb/v2.1/tags: [write, line protocol, syntax] aliases: - /influxdb/v2.1/reference/line-protocol - /influxdb/v2.1/write_protocols/line_protocol_tutorial/ + - /influxdb/v2.1/write_protocols/line_protocol_reference/ related: - /influxdb/v2.1/write-data/ --- diff --git a/content/influxdb/v2.1/security/tokens/create-token.md b/content/influxdb/v2.1/security/tokens/create-token.md index a124e174f..d6b90c8d2 100644 --- a/content/influxdb/v2.1/security/tokens/create-token.md +++ b/content/influxdb/v2.1/security/tokens/create-token.md @@ -15,25 +15,99 @@ Create API tokens using the InfluxDB user interface (UI), the `influx` command line interface (CLI), or the InfluxDB API. {{% note %}} -Tokens are visible to the user who created the token. -{{% oss-only %}}Users who own a token with Operator permissions also have access to all tokens.{{% /oss-only %}} + +{{% oss-only %}}Tokens are visible to the user who created the token. Users who own a token with Operator permissions also have access to all tokens. Tokens stop working when the user who created the token is deleted. + **We recommend creating a generic user to create and manage tokens for writing data.** +{{% /oss-only %}} + +{{% cloud-only %}} + +To follow best practices for secure API token generation and retrieval, InfluxDB Cloud enforces access restrictions on API tokens. + +- Tokens are visible to the user who created the token. +- InfluxDB Cloud UI only allows access to the API token value immediately after the token is created. +- You can't change access (**read/write**) permissions for an API token after it's created. +- Tokens stop working when the user who created the token is deleted. + +**We recommend the following for managing your tokens:** +- Create a generic user to create and manage tokens for writing data. +- Store your tokens in a secure password vault for future access. + +{{% /cloud-only %}} {{% /note %}} +- [Manage tokens in the InfluxDB UI](#manage-tokens-in-the-influxdb-ui) +- [Create a token in the InfluxDB UI](#create-a-token-in-the-influxdb-ui) +- [Create a token using the influx CLI](#create-a-token-using-the-influx-cli) +- [Create a token using the InfluxDB API](#create-a-token-using-the-influxdb-api) + +## Manage tokens in the InfluxDB UI + +To manage InfluxDB API Tokens in the InfluxDB UI, navigate to the **API Tokens** management page. + +{{% oss-only %}} + +In the navigation menu on the left, select **Data (Load Data)** > **Tokens**. + +{{% /oss-only %}} + +{{% cloud-only %}} + +In the navigation menu on the left, select **Load Data** > **API Tokens**. + +{{% /cloud-only %}} + +{{< nav-icon "load-data" >}} + ## Create a token in the InfluxDB UI -1. In the navigation menu on the left, select **Data (Load Data)** > **Tokens**. +{{% oss-only %}} - {{< nav-icon "load-data" >}} - -2. Click **{{< icon "plus" >}} Generate** and select a token type - (**Read/Write Token** or **All-Access Token**). -3. In the window that appears, enter a description for your token in the **Description** field. -4. If generating a **read/write token**: +1. From the [API Tokens management page](#manage-tokens-in-the-influxdb-ui), +click **{{< icon "plus" >}} Generate** and select a token type + (**Read/Write Token** or **All Access API Token**). +2. In the window that appears, enter a description for your token in the **Description** field. +3. If generating a **read/write token**: - Search for and select buckets to read from in the **Read** pane. - Search for and select buckets to write to in the **Write** pane. -5. Click **Save**. +4. Click **Save**. + +{{% /oss-only %}} + + +{{% cloud-only %}} + +### Create an All-Access token + +1. From the [API Tokens management page](#manage-tokens-in-the-influxdb-ui), +click the **{{< icon "plus" >}} {{< caps >}}Generate API Token{{< /caps >}}** button. +2. Select **All Access API Token**. + +### Create a Custom token + +1. From the [API Tokens management page](#manage-tokens-in-the-influxdb-ui), +click the **{{< icon "plus" >}} {{< caps >}}Generate API Token{{< /caps >}}** button. +2. Select **Custom API Token**. +3. When the **Generate a Personal API Token** window appears, enter a description. If you don't provide a description for the token, InfluxDB will generate a description from the permissions you assign. + For example, if you select **Read** for a bucket named "\_monitoring" and **Write** for a bucket named "\_tasks", InfluxDB will generate the description "Read buckets \_monitoring Write buckets \_tasks". +4. Select checkboxes in the **Read** and **Write** columns to assign access permissions for the token. You can enable access to all buckets, individual buckets, Telegraf configurations, and other InfluxDB resources. By default, the new token has no access permissions. +5. When you're finished, click **{{< caps >}}Generate{{< /caps >}}**. +6. When InfluxDB displays the token value, click **{{< caps >}}Copy to Clipboard{{< /caps >}}**. This is your only chance to access and copy the token value from InfluxDB. +7. (Optional) Store the API token value in a secure password vault. + +### Clone a token + +To create a token with the same authorizations as an existing token, clone the existing token. + +1. From the [API Tokens management page](#manage-tokens-in-the-influxdb-ui), +find the token you want to clone and click the **{{< icon "settings" >}}** icon located far right of the token description. +3. Select **Clone**. +3. When InfluxDB UI displays the created token, click **{{< caps >}}Copy to Clipboard{{< /caps >}}**. This is your only chance to access and copy the token value from InfluxDB. +4. (Optional) Store the API token value in a secure password vault. + +{{% /cloud-only %}} ## Create a token using the influx CLI @@ -85,13 +159,13 @@ influx auth create \ --read-user ``` -See the [`influx auth create` documentation](/influxdb/{{< latest "influxdb" >}}/reference/cli/influx/auth/create) for information about other available flags. +See the [`influx auth create` documentation](/{{< latest "influxdb" >}}/reference/cli/influx/auth/create) for information about other available flags. ## Create a token using the InfluxDB API Use the `/authorizations` endpoint of the InfluxDB API to create a token. -{{% api-endpoint method="POST" endpoint="http://localhost:8086/api/v2/authorizations" %}} +[{{< api-endpoint method="POST" endpoint="http://localhost:8086/api/v2/authorizations" >}}]((/influxdb/v2.1/api/#operation/PostAuthorizations)) Include the following in your request: diff --git a/content/influxdb/v2.1/security/tokens/delete-token.md b/content/influxdb/v2.1/security/tokens/delete-token.md index b3f90d7df..135958273 100644 --- a/content/influxdb/v2.1/security/tokens/delete-token.md +++ b/content/influxdb/v2.1/security/tokens/delete-token.md @@ -15,15 +15,37 @@ Delete API tokens from the InfluxDB user interface (UI) or the `influx` command Once deleted, all users and external integrations using the API token will no longer have access to your InfluxDB instance. +- [Delete tokens in the InfluxDB UI](#delete-tokens-in-the-influxdb-ui) +- [Delete a token using the influx CLI](#delete-a-token-using-the-influx-cli) +- [Delete a token using the InfluxDB API](#delete-a-token-using-the-influxdb-api) + ## Delete tokens in the InfluxDB UI +{{% oss-only %}} + 1. In the navigation menu on the left, select **Data (Load Data)** > **Tokens**. {{< nav-icon "load-data" >}} -2. Hover over the token you want to delete and click **Delete** and **Confirm**. +2. Hover over the token you want to delete. +3. Click the **{{< icon "delete" >}}** icon located far right of the token description. +3. Click **Delete** to delete the token. -## Delete tokens using the influx CLI +{{% /oss-only %}} + +{{% cloud-only %}} + +1. In the navigation menu on the left, select **Load Data** > **API Tokens**. + + {{< nav-icon "data" >}} + +2. Find the token that you would like to delete. +3. Click the **{{< icon "delete" >}}** icon located far right of the token description. +4. Click **{{< caps >}}Confirm{{< /caps >}}** to delete the token. + +{{% /cloud-only %}} + +## Delete a token using the influx CLI Use the [`influx auth delete` command](/influxdb/v2.1/reference/cli/influx/auth/delete) to delete a token. @@ -37,3 +59,29 @@ influx auth delete -i # Example influx auth delete -i 03a2bee5a9c9a000 ``` + +## Delete a token using the InfluxDB API + +Use the `/authorizations` endpoint of the InfluxDB API to delete a token. + +[{{< api-endpoint method="DELETE" endpoint="http://localhost:8086/api/v2/authorizations/AUTH_ID" >}}](/influxdb/v2.1/api/#operation/DeleteAuthorizationsID) + +Include the following in your request: + +| Requirement | Include by | +|:----------- |:---------- | +| API token with the [`write: authorizations`](/influxdb/v2.1/api/#operation/PostAuthorizations) permission | Use the `Authorization: Token YOUR_API_TOKEN` header. | +| Authorization ID | URL path parameter. | + +```sh +# Delete the first authorization listed for the user. +curl --request GET \ + "http://localhost:8086/api/v2/authorizations?user=user2" \ + --header "Authorization: Token ${INFLUX_OP_TOKEN}" \ + --header 'Content-type: application/json' \ +| jq .authorizations[0].id \ +| xargs -I authid curl --request DELETE \ + http://localhost:8086/api/v2/authorizations/authid \ + --header "Authorization: Token ${INFLUX_OP_TOKEN}" \ + --header 'Content-type: application/json' +``` diff --git a/content/influxdb/v2.1/security/tokens/update-tokens.md b/content/influxdb/v2.1/security/tokens/update-tokens.md index 82e1950d9..f4181cad1 100644 --- a/content/influxdb/v2.1/security/tokens/update-tokens.md +++ b/content/influxdb/v2.1/security/tokens/update-tokens.md @@ -11,7 +11,14 @@ menu: weight: 203 --- -Update an API token's description using the InfluxDB user interface (UI). +Update an API token's description and status. +using the InfluxDB user interface (UI). + +- [Update a token in the InfluxDB UI](#update-a-token-in-the-influxdb-ui) +- [Enable or disable a token in the InfluxDB UI](#enable-or-disable-a-token-in-the-influxdb-ui) +- [Enable a token using the influx CLI](#enable-a-token-using-the-influx-cli) +- [Disable a token using the influx CLI](#disable-a-token-using-the-influx-cli) +- [Update a token using the InfluxDB API](#update-a-token-using-the-influxdb-api) ## Update a token in the InfluxDB UI @@ -22,10 +29,101 @@ Update an API token's description using the InfluxDB user interface (UI). 2. Click the pencil icon {{< icon "pencil" >}} next to the token's name in the **Description** column. 3. Update the token description, then click anywhere else to save. -## Enable or disable a token +## Enable or disable a token in the InfluxDB UI + +{{% oss-only %}} 1. In the navigation menu on the left, select **Data (Load Data)** > **Tokens**. {{< nav-icon "load-data" >}} 2. Click the **{{< icon "toggle-green" >}} Status** toggle. + +{{% /oss-only %}} + +{{% cloud-only %}} + +1. In the navigation menu on the left, select **Load Data** > **API Tokens**. + + {{< nav-icon "data" >}} + +2. Find the token that you would like to enable or disable. +3. Click the token description. +4. Click the **{{< icon "toggle-blue" >}} Status** toggle. + +{{% /cloud-only %}} + +## Enable a token using the influx CLI + +Use the [`influx auth active` command](/influxdb/v2.1/reference/cli/influx/auth/active) +to activate a token. + +_This command requires an authorization ID, which is available in the output of `influx auth find`._ + +```sh +# Syntax +influx auth active -i + +# Example +influx auth active -i 0804f74142bbf000 +``` +To get the current status of a token, use the JSON output of the [`influx auth list` command](/influxdb/v2.1/reference/cli/influx/auth/list). + +```sh +influx auth find --json +``` + +### Disable a token using the influx CLI + +Use the [`influx auth inactive` command](/influxdb/v2.1/reference/cli/influx/auth/active) +to deactivate a token. + +_This command requires an authorization ID, which is available in the output of `influx auth find`._ + +```sh +# Syntax +influx auth inactive -i + +# Example +influx auth inactive -i 0804f74142bbf000 +``` + +To get the current status of a token, use the JSON output of the [`influx auth list` command](/influxdb/v2.1/reference/cli/influx/auth/list). + +```sh +influx auth find --json +``` + +## Update a token using the InfluxDB API + +Use the `/authorizations` endpoint of the InfluxDB API to update the description and status of a token. + +[{{< api-endpoint method="PATCH" endpoint="http://localhost:8086/api/v2/authorizations/AUTH_ID" >}}](/influxdb/v2.1/api/#operation/PatchAuthorizationsID) + +Include the following in your request: + +| Requirement | Include by | +|:----------- |:---------- | +| API token with the [`write: authorizations`](/influxdb/v2.1/api/#operation/PostAuthorizations) permission | Use the `Authorization: Token YOUR_API_TOKEN` header. | +| Authorization ID | URL path parameter. | +| Description and/or Status | Pass as `description`, `status` in the request body. | + +### Disable a token + +```sh +# Update the description and status of the first authorization listed for the user. + +curl --request GET \ + "http://localhost:8086/api/v2/authorizations?user=user2" \ + --header "Authorization: Token ${INFLUX_TOKEN}" \ + --header 'Content-type: application/json' \ +| jq .authorizations[0].id \ +| xargs -I authid curl --request PATCH \ + http://localhost:8086/api/v2/authorizations/authid \ + --header "Authorization: Token ${INFLUX_TOKEN}" \ + --header 'Content-type: application/json' \ + --data '{ + "description": "deactivated_auth", + "status": "inactive" + }' | jq . +``` diff --git a/content/influxdb/v2.1/security/tokens/view-tokens.md b/content/influxdb/v2.1/security/tokens/view-tokens.md index 11cabaa83..a295f523e 100644 --- a/content/influxdb/v2.1/security/tokens/view-tokens.md +++ b/content/influxdb/v2.1/security/tokens/view-tokens.md @@ -15,17 +15,46 @@ View API tokens and permissions using the InfluxDB user interface (UI), the `influx` command line interface (CLI), or the InfluxDB API. {{% note %}} -Tokens are visible only to the user who created them and stop working when the user is deactivated. -We recommend creating a generic IT user to create and manage tokens for writing data. + +{{% oss-only %}}Tokens are visible to the user who created the token. Users who own a token with Operator permissions also have access to all tokens. +Tokens stop working when the user who created the token is deleted. + +**We recommend creating a generic user to create and manage tokens for writing data.** +{{% /oss-only %}} + +{{% cloud-only %}} +To follow best practices for secure API token generation and retrieval, InfluxDB Cloud enforces access restrictions on API tokens. + - InfluxDB Cloud UI only allows access to the API token value immediately after the token is created. + - You can't change access (**read/write**) permissions for an API token after it's created. + - Tokens stop working when the user who created the token is deleted. + +We recommend the following for managing your tokens: +- Create a generic user to create and manage tokens for writing data. +- Store your tokens in a secure password vault for future access. +{{% /cloud-only %}} {{% /note %}} ## View tokens in the InfluxDB UI -1. In the navigation menu on the left, select **Data (Load Data)** > **Tokens**. +{{% oss-only %}} + +1. In the navigation menu on the left, select **Data (Load Data)** > **API Tokens**. {{< nav-icon "load-data" >}} -2. Click a token name from the list to view the token and a summary of access permissions. +2. Click a token name in the list to view the token and a summary of access permissions. + +{{% /oss-only %}} + +{{% cloud-only %}} + +1. In the navigation menu on the left, select **Load Data** > **API Tokens**. + + {{< nav-icon "load-data" >}} + +2. Click a token description in the list to view the token status and a list of access permissions. + +{{% /cloud-only %}} ## View tokens using the influx CLI @@ -44,7 +73,7 @@ for information about other available flags. Use the `/authorizations` endpoint of the InfluxDB API to view tokens and permissions. -{{% api-endpoint method="GET" endpoint="/api/v2/authorizations" %}} +[{{< api-endpoint method="GET" endpoint="/api/v2/authorizations" >}}](/influxdb/cloud/api/#operation/GetAuthorizations) Include the following in your request: diff --git a/content/influxdb/v2.1/tools/influx-cli.md b/content/influxdb/v2.1/tools/influx-cli.md index 0e1b03d9f..c1bf4b968 100644 --- a/content/influxdb/v2.1/tools/influx-cli.md +++ b/content/influxdb/v2.1/tools/influx-cli.md @@ -220,6 +220,8 @@ influx config create --config-name \ For more information about managing CLI configurations, see the [`influx config` documentation](/influxdb/v2.1/reference/cli/influx/config/). +For instructions on how to create API tokens, see [Create a token](/influxdb/v2.1/security/tokens/create-token/). + ### Enable shell completion (Optional) To install `influx` shell completion scripts, see diff --git a/content/telegraf/v1.21/data_formats/input/_index.md b/content/telegraf/v1.21/data_formats/input/_index.md index 3ccba2a7f..a9e1a4153 100644 --- a/content/telegraf/v1.21/data_formats/input/_index.md +++ b/content/telegraf/v1.21/data_formats/input/_index.md @@ -3,7 +3,7 @@ title: Telegraf input data formats description: Telegraf supports parsing input data formats into Telegraf metrics. menu: telegraf_1_21: - + name: Input data formats weight: 1 parent: Data formats @@ -31,7 +31,7 @@ desired parser: ## Each data format has its own unique set of configuration options, read ## more about them here: ## https://github.com/influxdata/telegraf/blob/master/docs/DATA_FORMATS_INPUT.md - data_format = "json" + data_format = "json_v2" ``` [metrics]: /telegraf/v1.15/concepts/metrics/ diff --git a/content/telegraf/v1.21/data_formats/input/json.md b/content/telegraf/v1.21/data_formats/input/json.md index 5dc1d318e..63c1d88cf 100644 --- a/content/telegraf/v1.21/data_formats/input/json.md +++ b/content/telegraf/v1.21/data_formats/input/json.md @@ -3,12 +3,15 @@ title: JSON input data format description: Use the JSON input data format to parse [JSON][json] objects, or an array of objects, into Telegraf metric fields. menu: telegraf_1_21: - + name: JSON input weight: 70 parent: Input data formats --- +{{% note %}} +The following information applies to the legacy JSON input data format. For most cases, we recommend using the [JSON v2 input data format](/{{< latest "telegraf" >}}/data_formats/input/json_v2/) instead. +{{% /note %}} The JSON input data format parses a [JSON][json] object or an array of objects into Telegraf metric fields. @@ -189,7 +192,7 @@ Config: ```toml [[inputs.file]] files = ["example"] - data_format = "json" + data_format = "json_v2" tag_keys = ["first"] json_string_fields = ["last"] json_query = "obj.friends" diff --git a/content/telegraf/v1.21/data_formats/input/json_v2.md b/content/telegraf/v1.21/data_formats/input/json_v2.md index a3e72c414..1e3855dde 100644 --- a/content/telegraf/v1.21/data_formats/input/json_v2.md +++ b/content/telegraf/v1.21/data_formats/input/json_v2.md @@ -3,11 +3,10 @@ title: JSON v2 input data format description: Use the JSON v2 input data format to parse [JSON][json] objects, or an array of objects, into Telegraf metric fields. menu: telegraf_1_21: - + name: JSON v2 input weight: 70 parent: Input data formats -draft: true --- The JSON v2 input data format parses a [JSON][json] object or an array of objects into Telegraf metric fields. diff --git a/content/telegraf/v1.21/guides/using_http.md b/content/telegraf/v1.21/guides/using_http.md index dec90c72a..c3d842080 100644 --- a/content/telegraf/v1.21/guides/using_http.md +++ b/content/telegraf/v1.21/guides/using_http.md @@ -3,7 +3,7 @@ title: Using the HTTP input plugin with Citi Bike data description: Collect live metrics on Citi Bike stations in New York City with the HTTP input plugin. menu: telegraf_1_21: - + name: Using the HTTP plugin weight: 30 parent: Guides @@ -66,7 +66,7 @@ The timezone We'll set this to the Unix TZ value where our bike data takes place tagexclude = ["url", "host"] #Data from HTTP in JSON format - data_format = "json" + data_format = "json_v2" #Parse `stationBeanList` array only json_query = "stationBeanList" diff --git a/deploy/edge.js b/deploy/edge.js index bffd1175f..ce92b5f48 100644 --- a/deploy/edge.js +++ b/deploy/edge.js @@ -97,6 +97,9 @@ exports.handler = (event, context, callback) => { //////////////////////////// v2 subdomain redirect /////////////////////////// permanentRedirect(request.headers.host[0].value === 'v2.docs.influxdata.com', `https://docs.influxdata.com${request.uri}`); + ///////////////////////// Force v in version numbers ///////////////////////// + permanentRedirect(/(^\/[\w]*\/)(\d\.)/.test(request.uri), request.uri.replace(/(^\/[\w]*\/)(\d\.)/, `$1v$2`)); + ////////////////////////// Latest version redirects ////////////////////////// temporaryRedirect(/\/influxdb\/latest/.test(request.uri), request.uri.replace(/\/latest/, `/${latestVersions['influxdb']}`)); temporaryRedirect(/\/telegraf\/latest/.test(request.uri), request.uri.replace(/\/latest/, `/${latestVersions['telegraf']}`)); @@ -130,6 +133,15 @@ exports.handler = (event, context, callback) => { temporaryRedirect(/\/influxdb\/(?:v2\.[0-9]{1,2}|cloud)\/reference\/flux\/stdlib\/built-in\/transformations\/$/.test(request.uri), `/flux/${latestVersions['flux']}/function-types/`); temporaryRedirect(/\/influxdb\/(v2\.[0-9]{1,2}|cloud)\/reference\/flux\/stdlib\/built-in\/$/.test(request.uri), `/flux/${latestVersions['flux']}/stdlib/universe/`); + temporaryRedirect(/\/flux\/v0\.x\/stdlib\/built-in\/(?:inputs\/|outputs\/|misc\/|tests\/)(\w+\/$)/.test(request.uri), request.uri.replace(/\/flux\/v0\.x\/stdlib\/built-in\/(?:inputs\/|outputs\/|misc\/|tests\/)(\w+\/$)/, `/flux/${latestVersions['flux']}/stdlib/universe/$1`)); + temporaryRedirect(/\/flux\/v0\.x\/stdlib\/built-in\/(?:inputs\/|outputs\/|misc\/|tests\/)$/.test(request.uri), `/flux/${latestVersions['flux']}/function-types/`); + temporaryRedirect(/\/flux\/v0\.x\/stdlib\/built-in\/transformations\/(?:aggregates\/|selectors\/|stream-table\/|type-conversions\/)(\w+\/$)/.test(request.uri), request.uri.replace(/\/flux\/v0\.x\/stdlib\/built-in\/transformations\/(?:aggregates\/|selectors\/|stream-table\/|type-conversions\/)(\w+\/$)/, `/flux/${latestVersions['flux']}/stdlib/universe/$1`)); + temporaryRedirect(/\/flux\/v0\.x\/stdlib\/built-in\/transformations\/(?:aggregates\/|selectors\/|stream-table\/|type-conversions\/)/.test(request.uri), `/flux/${latestVersions['flux']}/function-types/`); + temporaryRedirect(/\/flux\/v0\.x\/stdlib\/built-in\/transformations\/(\w+\/$)/.test(request.uri), request.uri.replace(/\/flux\/v0\.x\/stdlib\/built-in\/transformations\/(\w+\/$)/, `/flux/${latestVersions['flux']}/stdlib/universe/$1`)); + temporaryRedirect(/\/flux\/v0\.x\/stdlib\/built-in\/transformations\/$/.test(request.uri), `/flux/${latestVersions['flux']}/function-types/`); + temporaryRedirect(/\/flux\/v0\.x\/stdlib\/built-in\/$/.test(request.uri), `/flux/${latestVersions['flux']}/stdlib/universe/`); + temporaryRedirect(/\/flux\/v0\.x\/stdlib\/universe\/(?:inputs\/|outputs\/|misc\/|tests\/|transformations\/|selectors\/|aggregates\/)$/.test(request.uri), `/flux/${latestVersions['flux']}/function-types/`); + // Redirect Flux stdlib/influxdb sections to Flux stdlib/influxdata docs temporaryRedirect(/\/influxdb\/(v2\.[0-9]{1,2}|cloud)\/reference\/flux\/stdlib\/influxdb\//.test(request.uri), request.uri.replace(/\/influxdb\/(?:v2\.[0-9]{1,2}|cloud)\/reference\/flux\/stdlib\/influxdb\//, `/flux/${latestVersions['flux']}/stdlib/influxdata/influxdb/`)); temporaryRedirect(/\/influxdb\/(v2\.[0-9]{1,2}|cloud)\/reference\/flux\/stdlib\/monitor\//.test(request.uri), request.uri.replace(/\/influxdb\/(?:v2\.[0-9]{1,2}|cloud)\/reference\/flux\/stdlib\/monitor\//, `/flux/${latestVersions['flux']}/stdlib/influxdata/influxdb/monitor/`)); @@ -157,6 +169,8 @@ exports.handler = (event, context, callback) => { // Generic Flux stdlib redirect temporaryRedirect(/\/influxdb\/(v2\.[0-9]{1,2}|cloud)\/reference\/flux\/stdlib\//.test(request.uri), request.uri.replace(/\/influxdb\/(?:v2\.[0-9]{1,2}|cloud)\/reference\/flux\/stdlib\//, `/flux/${latestVersions['flux']}/stdlib/`)); + temporaryRedirect(/\/flux\/v0\.x\/functions\//.test(request.uri), request.uri.replace(/(\/flux\/v0\.x\/)functions\/(.*)/, `$1stdlib/$2`)); + temporaryRedirect(/\/flux\/v0\.x\/stdlib\/experimental\/to\/.+/.test(request.uri), request.uri.replace(/(\/flux\/v0\.x\/stdlib\/experimental\/)to\/(.+)/, `$1$2`)); // Redirect outdated Chronograf links temporaryRedirect(/\/flux\/v[0,1]\.x\/stdlib\/built-in\/(?:inputs\/|outputs\/|misc\/|tests\/)(\w+\/$)/.test(request.uri), request.uri.replace(/\/flux\/v[0,1]\.x\/stdlib\/built-in\/(?:inputs\/|outputs\/|misc\/|tests\/)(\w+\/$)/, `/flux/${latestVersions['flux']}/stdlib/universe/$1`)); diff --git a/layouts/shortcodes/enterprise-warning-authn-b4-authz.md b/layouts/shortcodes/enterprise-warning-authn-b4-authz.md new file mode 100644 index 000000000..c5c01ae40 --- /dev/null +++ b/layouts/shortcodes/enterprise-warning-authn-b4-authz.md @@ -0,0 +1,20 @@ + +{{ if eq .Page.Title "Configure authentication" }} +
+ +**Important** +Authentication _must be enabled **before**_ authorization can be managed. +If authentication is not enabled, *permissions will not be enforced*. + +
+{{ else }} +
+ +**Important** +Authentication _must be enabled **before**_ authorization can be managed. +If authentication is not enabled, *permissions will not be enforced*. +See ["Enable authentication"](/enterprise_influxdb/v1.9/administration/configure/security/authentication/). + +
+{{ end }}