I am setting up InfluxDB 2.0 on a server which will receive data from multiple untrusted telegraf endpoints.
Each telegraf endpoint will have its own token which can only write to the telegraf_data bucket.
Is there a way to filter what data telegraf is allowed to send back such that the token t1 for host h1 can only write data to the telegraf_bucket with the host field set to h1.
If this is not doable is there a way to attribute data to a token so this can be audited later?
From the documentation the only way I can think of doing something like this would be to create a bucket for each host.
Hello @reshadp,
Yes, you can only scope tokens to specific buckets at the moment. I think higher granularity auth will be provided in the future.
However, you might also be interested in this,