Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

influx secret list returns misleading error message when user isn't authorized to view secrets #20054

Closed
tarainfluxd opened this issue Nov 16, 2020 · 10 comments · Fixed by #20387
Closed

influx secret list returns misleading error message when user isn't authorized to view secrets #20054

tarainfluxd opened this issue Nov 16, 2020 · 10 comments · Fixed by #20387
Assignees
@danxmoran
Labels
area/auth area/2.x OSS 2.0 related issues and PRs internal/bug-bash InfluxData Employee Bug Bashing Activities

Comments

@tarainfluxd
Copy link
Member

Steps to reproduce:
I have a configuration listed under influx config, and its organization exists / has been verified to exist in-browser.

  1. influx secret list

Expected behavior:
Secrets to be listed.

Actual behavior:

Error: Organization not found.
See 'influx secret list -h' for help

Environment info:

  • System info: Darwin 18.7.0 x86_64
  • InfluxDB version: InfluxDB 2.0.1 (git: 37cc047) build_date: 2020-11-11T03:53:31Z
@tarainfluxd tarainfluxd added area/cli area/2.x OSS 2.0 related issues and PRs labels Nov 16, 2020
@docmerlin
Copy link
Contributor

@tara-influxdata
I'm not able to reproduce this, can you try again with influx secret list --org "thename of your org"

@tarainfluxd
Copy link
Member Author

@docmerlin

I tried again and get the same "Error: Organization not found." result.

@timhallinflux timhallinflux added the internal/bug-bash InfluxData Employee Bug Bashing Activities label Dec 4, 2020
@timhallinflux
Copy link
Contributor

I can't reproduce this.

@tarainfluxd
Copy link
Member Author

tarainfluxd commented Dec 7, 2020
edited
Loading 

○ → influx  config ls
Active	Name		URL			Org
*	tara-config	http://localhost:8086	Taraness
	default		http://localhost:8086	<email address>

 2020-12-07 09:10:42 ⌚  tara-influxdata in ~
○ → influx secret list --org "Taraness"
Error: Organization not found.
See 'influx secret list -h' for help

@timhallinflux
Copy link
Contributor

Still running 2.0.1? or can you repro on 2.0.2?

@tarainfluxd
Copy link
Member Author

I can repro on 2.0.2.

@timhallinflux
Copy link
Contributor

You must use an all access token in order to access the secrets. If you do not have an all access token -- you receive the organization not found error message.

@danxmoran
Copy link
Contributor

@timhallinflux is the current behavior a bug? It looks we could at least improve the error message

@timhallinflux
Copy link
Contributor

yes, error message needs improvement. It's not that the org isn't found it's that the user isn't authorized to make that API call, I believe.

@danxmoran danxmoran assigned danxmoran and unassigned psteinbachs Dec 18, 2020
@danxmoran danxmoran changed the title InfluxDB 2.0.1 OSS; influx secret list influx secret list returns misleading error message when user isn't authorized to view secrets Dec 18, 2020
This was referenced Dec 18, 2020
Closed
Closed
@danxmoran
Copy link
Contributor

danxmoran commented Dec 18, 2020
edited
Loading

This is trickier than I expected. The secrets API is never even being called in this case because:

  1. The secrets API only accepts org IDs, not org names
  2. Given an org name, the CLI first makes a request to the org API to get the matching ID
  3. The org API rejects tokens that don't have org-level read access

IMO the ideal fix would be to extend the secrets API (and others) to accept either org ID or org name, so the server could provide relevant & specific error messages for these cases without compromising on auth for direct uses of the org APIs, but that would be a significant chunk of work & require coordination with cloud. In the short-term, I think we can add more context to the CLI-side error to make the source of the error more clear.

@danxmoran danxmoran mentioned this issue Dec 18, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@danxmoran danxmoran

Labels
area/auth area/2.x OSS 2.0 related issues and PRs internal/bug-bash InfluxData Employee Bug Bashing Activities
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(cmd/influx): improve CLI error returned on org-not-found influxdata/influxdb
5 participants
@docmerlin @psteinbachs @danxmoran @timhallinflux @tarainfluxd