fix: do not allow operator token from being deleted (#26418) by praveen-influx · Pull Request #26420 · influxdata/influxdb

praveen-influx · 2025-05-15T10:36:07Z

fix: do not allow operator token from being deleted

closes: https://github.com/influxdata/influxdb_pro/issues/819

refactor: address PR feedback
fix: add a word and clarifying colon
fix: failing test

Co-authored-by: Peter Barnett peter.barnett03@gmail.com

commit hash in main: b404e84

* fix: do not allow operator token from being deleted closes: influxdata/influxdb_pro#819 * refactor: address PR feedback * fix: add a word and clarifying colon * fix: failing test --------- Co-authored-by: Peter Barnett <peter.barnett03@gmail.com> commit hash in main: b404e84

hiltontj

I think it is worth having this released in a 3.0.3:

it prevents someone from cutting themselves
keeps core/enterprise at the same version

jdstrand · 2025-05-15T14:56:04Z

influxdb3/src/commands/delete.rs

+            if token_name == "_admin" {
+                println!(
+                    "The operator token \"_admin\" is required and cannot be deleted. To regenerate an operator token, use: influxdb3 create token --admin --regenerate --token [TOKEN]"
+                );


@praveen-influx - the spec does not say whether the 'name' of a token is immutable or mutable. I recall thinking that since the actual operations under the hood would be on the immutable 'id', then names would be mutable.

If names are immutable, this if token_name == "_admin" is ok. If they are not, or we plan to change them in the future, this could be a problem. If they are (or we want them to become) mutable, we should:

not allow the operator token (named _admin) to be renamed

not allow duplicate token names (do we already enforce this?)

not allow duplicate token names (do we already enforce this?)

Yes this is enforced.

If they are (or we want them to become) mutable, we should:

not allow the operator token (named _admin) to be renamed

When we allow changing the token names (i.e update feature issue), operator token will not be mutable

not allow duplicate token names (do we already enforce this?)

This is already enforced in the model (names are unique)

praveen-influx requested a review from a team May 15, 2025 10:36

hiltontj approved these changes May 15, 2025

View reviewed changes

praveen-influx merged commit 4383a60 into 3.0 May 15, 2025
12 checks passed

jdstrand reviewed May 15, 2025

View reviewed changes

hiltontj deleted the 3_0/praveen/fix-operator-token-delete branch May 15, 2025 17:43

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: do not allow operator token from being deleted (#26418)#26420

fix: do not allow operator token from being deleted (#26418)#26420
praveen-influx merged 1 commit into3.0from
3_0/praveen/fix-operator-token-delete

praveen-influx commented May 15, 2025

Uh oh!

hiltontj left a comment

Uh oh!

Uh oh!

jdstrand May 15, 2025 •

edited

Loading

Uh oh!

hiltontj May 15, 2025

Uh oh!

praveen-influx May 15, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

praveen-influx commented May 15, 2025

Uh oh!

hiltontj left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

jdstrand May 15, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

hiltontj May 15, 2025

Choose a reason for hiding this comment

Uh oh!

praveen-influx May 15, 2025

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

jdstrand May 15, 2025 •

edited

Loading