chore: delete deprecated PostSetupUser API (#21709)

cmd/influx/setup.go

@@ -47,82 +47,9 @@ func cmdSetup(f *globalFlags, opt genericCLIOpts) *cobra.Command {
 	cmd.Flags().BoolVarP(&setupFlags.force, "force", "f", false, "skip confirmation prompt")
 	registerPrintOptions(opt.viper, cmd, &setupFlags.hideHeaders, &setupFlags.json)
 
-	cmd.AddCommand(
-		cmdSetupUser(f, opt),
-	)
 	return cmd
 }
 
-func cmdSetupUser(f *globalFlags, opt genericCLIOpts) *cobra.Command {
-	cmd := opt.newCmd("user", nil, true)
-	cmd.RunE = setupUserF
-	cmd.Short = "Setup instance with user, org, bucket [DEPRECATED]"
-	cmd.Long = `***************************************** WARNING *****************************************
-*** 'setup user' is not intended for public use, and will be removed in InfluxDB 2.1.0. ***
-*** Please migrate to using the 'bucket', 'org', and 'user' commands.                   ***
-*******************************************************************************************`
-	cmd.Hidden = true
-
-	f.registerFlags(opt.viper, cmd, "token")
-	cmd.Flags().StringVarP(&setupFlags.username, "username", "u", "", "primary username")
-	cmd.Flags().StringVarP(&setupFlags.password, "password", "p", "", "password for username")
-	cmd.Flags().StringVarP(&setupFlags.token, "token", "t", "", "token for username, else auto-generated")
-	cmd.Flags().StringVarP(&setupFlags.org, "org", "o", "", "primary organization name")
-	cmd.Flags().StringVarP(&setupFlags.bucket, "bucket", "b", "", "primary bucket name")
-	cmd.Flags().StringVarP(&setupFlags.name, "name", "n", "", "config name, only required if you already have existing configs")
-	cmd.Flags().StringVarP(&setupFlags.retention, "retention", "r", "", "Duration bucket will retain data. 0 is infinite. Default is 0.")
-	cmd.Flags().BoolVarP(&setupFlags.force, "force", "f", false, "skip confirmation prompt")
-	registerPrintOptions(opt.viper, cmd, &setupFlags.hideHeaders, &setupFlags.json)
-
-	return cmd
-}
-
-func setupUserF(cmd *cobra.Command, args []string) error {
-	_, _ = fmt.Fprintln(cmd.ErrOrStderr(), cmd.Long)
-
-	client, err := newHTTPClient()
-	if err != nil {
-		return err
-	}
-	s := tenant.OnboardClientService{
-		Client: client,
-	}
-
-	ui := input.UI{Reader: cmd.InOrStdin(), Writer: cmd.OutOrStdout()}
-	req, err := onboardingRequest(&ui)
-	if err != nil {
-		return fmt.Errorf("failed to retrieve data to setup instance: %v", err)
-	}
-
-	result, err := s.OnboardUser(context.Background(), req)
-	if err != nil {
-		return fmt.Errorf("failed to setup instance: %v", err)
-	}
-
-	w := ui.Writer
-	if setupFlags.json {
-		return writeJSON(w, map[string]interface{}{
-			"user":         result.User.Name,
-			"organization": result.Org.Name,
-			"bucket":       result.Bucket.Name,
-		})
-	}
-
-	tabW := internal.NewTabWriter(w)
-	defer tabW.Flush()
-
-	tabW.HideHeaders(setupFlags.hideHeaders)
-
-	tabW.WriteHeaders("User", "Organization", "Bucket")
-	tabW.Write(map[string]interface{}{
-		"User":         result.User.Name,
-		"Organization": result.Org.Name,
-		"Bucket":       result.Bucket.Name,
-	})
-
-	return nil
-}
-
 func setupF(cmd *cobra.Command, args []string) error {
 	dPath, dir := flags.filepath, filepath.Dir(flags.filepath)
 	if dPath == "" || dir == "" {

mock/onboarding_service.go

@@ -43,8 +43,3 @@ func (s *OnboardingService) IsOnboarding(ctx context.Context) (bool, error) {
 func (s *OnboardingService) OnboardInitialUser(ctx context.Context, req *platform.OnboardingRequest) (*platform.OnboardingResults, error) {
 	return s.OnboardInitialUserFn(ctx, req)
 }
-
-// OnboardUser OnboardingResults.
-func (s *OnboardingService) OnboardUser(ctx context.Context, req *platform.OnboardingRequest) (*platform.OnboardingResults, error) {
-	return s.OnboardUserFn(ctx, req)
-}

onboarding.go

@@ -12,11 +12,8 @@ type OnboardingService interface {
 	// IsOnboarding determine if onboarding request is allowed.
 	IsOnboarding(ctx context.Context) (bool, error)
 
-	// OnboardInitialUser OnboardingResults.
+	// OnboardInitialUser creates the initial org/user/bucket in the DB.
 	OnboardInitialUser(ctx context.Context, req *OnboardingRequest) (*OnboardingResults, error)
-
-	// OnboardUser creates a new user/org/buckets
-	OnboardUser(ctx context.Context, req *OnboardingRequest) (*OnboardingResults, error)
 }
 
 // OnboardingResults is a group of elements required for first run.

tenant/http_client_onboarding.go

@@ -2,7 +2,6 @@ package tenant
 
 import (
 	"context"
-	"path"
 
 	"github.com/influxdata/influxdb/v2"
 	"github.com/influxdata/influxdb/v2/pkg/httpc"
@@ -47,23 +46,3 @@ func (s *OnboardClientService) OnboardInitialUser(ctx context.Context, or *influ
 		Bucket: res.Bucket.toInfluxDB(),
 	}, nil
 }
-
-func (s *OnboardClientService) OnboardUser(ctx context.Context, or *influxdb.OnboardingRequest) (*influxdb.OnboardingResults, error) {
-	res := &onboardingResponse{}
-
-	err := s.Client.
-		PostJSON(or, path.Join(prefixOnboard, "user")).
-		DecodeJSON(res).
-		Do(ctx)
-
-	if err != nil {
-		return nil, err
-	}
-
-	return &influxdb.OnboardingResults{
-		Org:    &res.Organization.Organization,
-		User:   &res.User.User,
-		Auth:   res.Auth.toPlatform(),
-		Bucket: res.Bucket.toInfluxDB(),
-	}, nil
-}

tenant/http_server_onboarding.go

@@ -1,7 +1,6 @@
 package tenant
 
 import (
-	"context"
 	"encoding/json"
 	"fmt"
 	"net/http"
@@ -44,7 +43,6 @@ func NewHTTPOnboardHandler(log *zap.Logger, onboardSvc influxdb.OnboardingServic
 	r.Route("/", func(r chi.Router) {
 		r.Post("/", svr.handleInitialOnboardRequest)
 		r.Get("/", svr.handleIsOnboarding)
-		r.Post("/user", svr.handleOnboardRequest)
 
 	})
 
@@ -76,8 +74,8 @@ func (h *OnboardHandler) handleIsOnboarding(w http.ResponseWriter, r *http.Reque
 // handleInitialOnboardRequest is the HTTP handler for the GET /api/v2/setup route.
 func (h *OnboardHandler) handleInitialOnboardRequest(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
-	req, err := decodeOnboardRequest(ctx, r)
+	req := &influxdb.OnboardingRequest{}
-	if err != nil {
+	if err := json.NewDecoder(r.Body).Decode(req); err != nil {
 		h.api.Err(w, r, err)
 		return
 	}
@@ -91,24 +89,6 @@ func (h *OnboardHandler) handleInitialOnboardRequest(w http.ResponseWriter, r *h
 	h.api.Respond(w, r, http.StatusCreated, NewOnboardingResponse(results))
 }
 
-// isOnboarding is the HTTP handler for the POST /api/v2/setup route.
-func (h *OnboardHandler) handleOnboardRequest(w http.ResponseWriter, r *http.Request) {
-	ctx := r.Context()
-	req, err := decodeOnboardRequest(ctx, r)
-	if err != nil {
-		h.api.Err(w, r, err)
-		return
-	}
-	results, err := h.onboardingSvc.OnboardUser(ctx, req)
-	if err != nil {
-		h.api.Err(w, r, err)
-		return
-	}
-	h.log.Debug("Onboarding setup completed", zap.String("results", fmt.Sprint(results)))
-
-	h.api.Respond(w, r, http.StatusCreated, NewOnboardingResponse(results))
-}
-
 type onboardingResponse struct {
 	User         *UserResponse   `json:"user"`
 	Bucket       *bucketResponse `json:"bucket"`
@@ -125,15 +105,6 @@ func NewOnboardingResponse(results *influxdb.OnboardingResults) *onboardingRespo
 	}
 }
 
-func decodeOnboardRequest(ctx context.Context, r *http.Request) (*influxdb.OnboardingRequest, error) {
-	req := &influxdb.OnboardingRequest{}
-	if err := json.NewDecoder(r.Body).Decode(req); err != nil {
-		return nil, err
-	}
-
-	return req, nil
-}
-
 type authResponse struct {
 	influxdb.Authorization
 	Links map[string]string `json:"links"`

tenant/middleware_onboarding_auth.go

@@ -4,7 +4,6 @@ import (
 	"context"
 
 	"github.com/influxdata/influxdb/v2"
-	"github.com/influxdata/influxdb/v2/authorizer"
 )
 
 var _ influxdb.OnboardingService = (*AuthedOnboardSvc)(nil)
@@ -33,17 +32,3 @@ func (s *AuthedOnboardSvc) IsOnboarding(ctx context.Context) (bool, error) {
 func (s *AuthedOnboardSvc) OnboardInitialUser(ctx context.Context, req *influxdb.OnboardingRequest) (*influxdb.OnboardingResults, error) {
 	return s.s.OnboardInitialUser(ctx, req)
 }
-
-// OnboardUser needs to confirm this user has access to do global create for multiple resources
-func (s *AuthedOnboardSvc) OnboardUser(ctx context.Context, req *influxdb.OnboardingRequest) (*influxdb.OnboardingResults, error) {
-	if _, _, err := authorizer.AuthorizeWriteGlobal(ctx, influxdb.OrgsResourceType); err != nil {
-		return nil, err
-	}
-	if _, _, err := authorizer.AuthorizeWriteGlobal(ctx, influxdb.UsersResourceType); err != nil {
-		return nil, err
-	}
-	if _, _, err := authorizer.AuthorizeWriteGlobal(ctx, influxdb.BucketsResourceType); err != nil {
-		return nil, err
-	}
-	return s.s.OnboardUser(ctx, req)
-}

tenant/middleware_onboarding_logging.go

@@ -48,16 +48,3 @@ func (l *OnboardingLogger) OnboardInitialUser(ctx context.Context, req *influxdb
 	}(time.Now())
 	return l.onboardingService.OnboardInitialUser(ctx, req)
 }
-
-func (l *OnboardingLogger) OnboardUser(ctx context.Context, req *influxdb.OnboardingRequest) (res *influxdb.OnboardingResults, err error) {
-	defer func(start time.Time) {
-		dur := zap.Duration("took", time.Since(start))
-		if err != nil {
-			msg := fmt.Sprintf("failed to onboard user %s", req.User)
-			l.logger.Error(msg, zap.Error(err), dur)
-			return
-		}
-		l.logger.Debug("onboard user", dur)
-	}(time.Now())
-	return l.onboardingService.OnboardUser(ctx, req)
-}

tenant/middleware_onboarding_metrics.go

@@ -37,8 +37,3 @@ func (m *OnboardingMetrics) OnboardInitialUser(ctx context.Context, req *influxd
 	res, err := m.onboardingService.OnboardInitialUser(ctx, req)
 	return res, rec(err)
 }
-func (m *OnboardingMetrics) OnboardUser(ctx context.Context, req *influxdb.OnboardingRequest) (*influxdb.OnboardingResults, error) {
-	rec := m.rec.Record("onboard_user")
-	res, err := m.onboardingService.OnboardUser(ctx, req)
-	return res, rec(err)
-}

tenant/service_onboarding.go

@@ -83,13 +83,6 @@ func (s *OnboardService) OnboardInitialUser(ctx context.Context, req *influxdb.O
 	return s.onboardUser(ctx, req, func(platform.ID, platform.ID) []influxdb.Permission { return influxdb.OperPermissions() })
 }
 
-// OnboardUser allows us to onboard a new user if is onboarding is allowed
-func (s *OnboardService) OnboardUser(ctx context.Context, req *influxdb.OnboardingRequest) (*influxdb.OnboardingResults, error) {
-	return s.onboardUser(ctx, req, func(orgID, userID platform.ID) []influxdb.Permission {
-		return append(influxdb.OwnerPermissions(orgID), influxdb.MePermissions(userID)...)
-	})
-}
-
 // onboardUser allows us to onboard new users.
 func (s *OnboardService) onboardUser(ctx context.Context, req *influxdb.OnboardingRequest, permFn func(orgID, userID platform.ID) []influxdb.Permission) (*influxdb.OnboardingResults, error) {
 	if req == nil || req.User == "" || req.Org == "" || req.Bucket == "" {

tenant/service_onboarding_test.go

@@ -74,7 +74,7 @@ func TestOnboardURM(t *testing.T) {
 		UserID: 123,
 	})
 
-	onboard, err := svc.OnboardUser(ctx, &influxdb.OnboardingRequest{
+	onboard, err := svc.OnboardInitialUser(ctx, &influxdb.OnboardingRequest{
 		User:   "name",
 		Org:    "name",
 		Bucket: "name",
@@ -112,7 +112,7 @@ func TestOnboardAuth(t *testing.T) {
 		UserID: 123,
 	})
 
-	onboard, err := svc.OnboardUser(ctx, &influxdb.OnboardingRequest{
+	onboard, err := svc.OnboardInitialUser(ctx, &influxdb.OnboardingRequest{
 		User:   "name",
 		Org:    "name",
 		Bucket: "name",
@@ -124,48 +124,46 @@ func TestOnboardAuth(t *testing.T) {
 
 	auth := onboard.Auth
 	expectedPerm := []influxdb.Permission{
-		{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.AuthorizationsResourceType}},
+		{Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.AuthorizationsResourceType}},
-		{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.AuthorizationsResourceType}},
+		{Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.AuthorizationsResourceType}},
-		{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.BucketsResourceType}},
+		{Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.BucketsResourceType}},
-		{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.BucketsResourceType}},
+		{Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.BucketsResourceType}},
-		{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.DashboardsResourceType}},
+		{Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.DashboardsResourceType}},
-		{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.DashboardsResourceType}},
+		{Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.DashboardsResourceType}},
-		{Action: influxdb.ReadAction, Resource: influxdb.Resource{ID: &onboard.Org.ID, Type: influxdb.OrgsResourceType}},
+		{Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.OrgsResourceType}},
-		{Action: influxdb.WriteAction, Resource: influxdb.Resource{ID: &onboard.Org.ID, Type: influxdb.OrgsResourceType}},
+		{Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.OrgsResourceType}},
-		{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.SourcesResourceType}},
+		{Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.SourcesResourceType}},
-		{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.SourcesResourceType}},
+		{Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.SourcesResourceType}},
-		{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.TasksResourceType}},
+		{Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.TasksResourceType}},
-		{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.TasksResourceType}},
+		{Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.TasksResourceType}},
-		{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.TelegrafsResourceType}},
+		{Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.TelegrafsResourceType}},
-		{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.TelegrafsResourceType}},
+		{Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.TelegrafsResourceType}},
-		{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.UsersResourceType}},
+		{Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.UsersResourceType}},
-		{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.UsersResourceType}},
+		{Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.UsersResourceType}},
-		{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.VariablesResourceType}},
+		{Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.VariablesResourceType}},
-		{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.VariablesResourceType}},
+		{Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.VariablesResourceType}},
-		{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.ScraperResourceType}},
+		{Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.ScraperResourceType}},
-		{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.ScraperResourceType}},
+		{Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.ScraperResourceType}},
-		{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.SecretsResourceType}},
+		{Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.SecretsResourceType}},
-		{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.SecretsResourceType}},
+		{Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.SecretsResourceType}},
-		{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.LabelsResourceType}},
+		{Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.LabelsResourceType}},
-		{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.LabelsResourceType}},
+		{Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.LabelsResourceType}},
-		{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.ViewsResourceType}},
+		{Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.ViewsResourceType}},
-		{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.ViewsResourceType}},
+		{Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.ViewsResourceType}},
-		{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.DocumentsResourceType}},
+		{Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.DocumentsResourceType}},
-		{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.DocumentsResourceType}},
+		{Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.DocumentsResourceType}},
-		{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.NotificationRuleResourceType}},
+		{Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.NotificationRuleResourceType}},
-		{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.NotificationRuleResourceType}},
+		{Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.NotificationRuleResourceType}},
-		{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.NotificationEndpointResourceType}},
+		{Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.NotificationEndpointResourceType}},
-		{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.NotificationEndpointResourceType}},
+		{Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.NotificationEndpointResourceType}},
-		{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.ChecksResourceType}},
+		{Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.ChecksResourceType}},
-		{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.ChecksResourceType}},
+		{Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.ChecksResourceType}},
-		{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.DBRPResourceType}},
+		{Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.DBRPResourceType}},
-		{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.DBRPResourceType}},
+		{Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.DBRPResourceType}},
-		{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.NotebooksResourceType}},
+		{Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.NotebooksResourceType}},
-		{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.NotebooksResourceType}},
+		{Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.NotebooksResourceType}},
-		{Action: influxdb.ReadAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.AnnotationsResourceType}},
+		{Action: influxdb.ReadAction, Resource: influxdb.Resource{Type: influxdb.AnnotationsResourceType}},
-		{Action: influxdb.WriteAction, Resource: influxdb.Resource{OrgID: &onboard.Org.ID, Type: influxdb.AnnotationsResourceType}},
+		{Action: influxdb.WriteAction, Resource: influxdb.Resource{Type: influxdb.AnnotationsResourceType}},
-		{Action: influxdb.ReadAction, Resource: influxdb.Resource{ID: &onboard.User.ID, Type: influxdb.UsersResourceType}},
-		{Action: influxdb.WriteAction, Resource: influxdb.Resource{ID: &onboard.User.ID, Type: influxdb.UsersResourceType}},
 	}
 	if !cmp.Equal(auth.Permissions, expectedPerm) {
 		t.Fatalf("unequal permissions: \n %+v", cmp.Diff(auth.Permissions, expectedPerm))