Sending a Query Across All Buckets and Organizations

Is there any way to send a query that would read data across all buckets and organizations?

For instance, I can send a query like this:

from(bucket: "Test Bucket")
    |> range(start: -30d)
    |> last()

But, suppose I wanted to get the most recent reading from each bucket in every organization.
The query below does not work because bucket is a required argument, but I imagine that what I want to do might look something like this:

    |> range(start: -30d)
    |> last()

Is such a thing possible, or will it be necessary to send a separate query for every bucket and every organization?

Short answer:
It will be necessary to send a separate query for every bucket and every organization.

You will also have a permission “problem” as everything is organization scoped, meaning you can’t use the same user on multiple orgs, unless you use the super-admin user (I forgot the actual name)… which is not recommended at all

Thank you, @Giovanni_Luisotto. That’s what I expected.

What I didn’t expect is that users were organization-scoped. I’m testing against OSS InfluxDB, and was creating per-bucket authorizations in external orgs using, e.g.:

authorizationsAPI.postAuthorizations({body: {userID: user.influxId, orgID: user.orgId, permissions: [{action: 'read', resource: {id: device.bucketId, type: 'buckets'}}]}});

Looking at this again, this code seems suspect to me though somehow I’d convinced myself that this was indeed correctly allowing cross-organization permissions to specific buckets. I will double-check this code. If indeed I can’t have cross-organization users, that will require a major re-architecting of our systems.

as a reference…

Thank you for that information. I think that I can work around this limitation with some refactoring.

One more question: The API documentation I have around the AuthorizationsAPI, and indeed around permissions in general, is pretty limited. Are you aware of detailed documentation about what is possible permissions-wise?

If not, maybe you could sanity-check my expectations:

  • Users within an org do not, by default, have read access to all buckets in that org. So, if I created a bucket for a user, I would use BucketsAPI.postBucketsIDOwners to set that user as the owner and the bucket would by default not be accessible to other users.
  • AuthorizationsAPI.postAuthorizations with userID specified can grant read-only access to specific users.
  • AuthorizationsAPI.postAuthorizations without userID specified can grant read-only access to the entire org, if desired.

I’m unable to find a “clean” list and I’ve never used the API before, but from here you might get the idea of existing permissions even if some info are missing, I’ve found a more complete list here but I’m not sure it’s fully supported. (as it’s meant for API usage, it sure is for read/write operations)

I’d create the user and grant them proper permission, be it read/write on a single, multiple, or all buckets (all read/write has his own syntax)

Thank you for your guidance, @Giovanni_Luisotto. I appreciate it!