Unable to connect V1 Clients to InfluxDBV2

Having difficulty connecting V1 clients to V2. Following this Doc: InfluxDB 1.x compatibility API | InfluxDB Cloud Documentation but doesn’t still seeing auth errors.

@Haim_L, what error exactly do you receive?

Tried basic auth with both endpoints but nothing works.

curl -X POST http://localhost/query -u “admin:password!” --data-urlencode ‘q=SHOW DATABASES’
{“code”:“unauthorized”,“message”:“Unauthorized”}

curl -X POST http://localhost/api/v2/query -u “admin:password!” --data-urlencode ‘q=SHOW DATABASES’
{“code”:“unauthorized”,“message”:“unauthorized access”}

Hello @Haim_L,
Can you please try the health endpoint instead?

also please see the second row:

Health comes back fine.

curl -X POST http://localhost/health  -u "admin:password!"
{"name":"influxdb", "message":"ready for queries and writes", "status":"pass", "checks":[], "version": "2.0.7", "commit": "2a45f0c037"}

curl -X POST 'http://localhost/health?u=admin:password!'
{"name":"influxdb", "message":"ready for queries and writes", "status":"pass", "checks":[], "version": "2.0.7", "commit": "2a45f0c037"}

Using query string still doesn’t work:

curl -XPOST 'http://localhost/query?u=admin&p=password!' --data-urlencode 'q=show DATABASES'
{"code":"unauthorized","message":"Unauthorized"}

@Haim_L, how did you create bucket(s) and user(s) in V2? Manually or by the upgrade process?

In order to use v2 buckets using v1 API, you need DBRP mappings and in order to authorize using HTTP Basic scheme, as v1 clients use, you need a v1 authorization.
These are automatically created during the upgrade.
If you didn’t go through the upgrade process, you have to create them manually using Influx CLI or API.

How to create them using influx CLI:

I have org my-org, bucket my-bucket, V2 authorization token my-token.

You need to know a bucket ID:

> influx bucket list -t my-token -o my-org
ID                      Name            Retention       Shard group duration    Organization ID
8a86c88bdb311d3d        _monitoring     168h0m0s        24h0m0s                 e2e2d84ffb3c4f85
e0f636e0e399b0cf        _tasks          72h0m0s         24h0m0s                 e2e2d84ffb3c4f85
d98ced31b2232519        my-bucket       infinite        168h0m0s                e2e2d84ffb3c4f85

So my-bucket ID is d98ced31b2232519.

Create v1 authorization:

> influx v1 auth create -o my-org --username userv1 --password password1 -t my-token --read-bucket d98ced31b2232519 --write-bucket d98ced31b2232519
ID                      Description     Name / Token    User Name       User ID                 Permissions
0824b948a1b21000                        userv1          my-user         0801faee4cc36000        [read:orgs\e2e2d84ffb3c4f85\buckets\d98ced31b2232519 write:orgs\e2e2d84ffb3c4f85\buckets\d98ced31b2232519]

userv1 is new username for authenticating using v1 API and password1 is her password.

Now the query works, but it returns an empty results set:

> curl -X POST http://localhost:8086/query -u "userv1:password1" --data-urlencode 'q=SHOW DATABASES'
{"results":[{"statement_id":0,"series":[{"name":"databases","columns":["name"]}]}]}

DBRP mapping is needed to see v2 bucket using v1 API:

> influx v1 dbrp create --db mydb --rp default --bucket-id d98ced31b2232519 -o my-org -t my-token
ID                      Database        Bucket ID               Retention Policy        Default Organization ID
082432e71e721000        mydb            d98ced31b2232519        default                 false   e2e2d84ffb3c4f85

mydb and default are new names for database and retention policy for v1 API.

Now the query finally works ok:

> curl -X POST http://localhost:8086/query -u "userv1:password1" --data-urlencode 'q=SHOW DATABASES'
{"results":[{"statement_id":0,"series":[{"name":"databases","columns":["name"],"values":[["mydb"]]}]}]}

Makes sense but unfortunately still not working. Did I miss anything?

# influx bucket list -t mytoken
ID                      Name            Retention       Shard group duration    Organization ID
89a301ec8f65da93        MYDB            infinite        168h0m0s                ecb2649ec8fcb9dc
663ba60454ad1b72        _monitoring     168h0m0s        24h0m0s                 ecb2649ec8fcb9dc
91c2bf23b2119552        _tasks          72h0m0s         24h0m0s                 ecb2649ec8fcb9dc

# influx v1 auth create -o myorg --username user1  --password password2 -t mytoken --read-bucket 082583167868b000 --write-bucket 082583167868b000
ID                      Description     Name / Token    User Name       User ID           Permissions
082584cb9da8b000                        user1           admin           0823169ba7987000  [read:orgs/ecb2649ec8fcb9dc/buckets/082583167868b000 write:orgs/ecb2649ec8fcb9dc/buckets/082583167868b000]

#  influx v1 dbrp create --db MYDB --rp default --bucket-id 89a301ec8f65da93  -o org1 -t mytoken
ID                      Database        Bucket ID               Retention Policy        Default    Organization ID
082583167868b000        MYDB      89a301ec8f65da93        default                 false      ecb2649ec8fcb9dc
# curl -X POST http://localhost/query  -u "user1:password2"   --data-urlencode 'q=SHOW DATABASES'
{"code":"unauthorized","message":"Unauthorized"}

The influx tool connects by default to localhost:8086, but your query request goes to localhost:80. Is it the same server?
Try, please, curl -X POST http://localhost:8086/query -u "user1:password2" --data-urlencode 'q=SHOW DATABASES'

Yes I’m using a docker container which exposes 80external -->8086 internal connection.
Besides, I wouldn’t have gotten a response from the health endpoint if it wasn’t configured correctly since no other webservice is running on localhost.

So, you run influx command inside the docker container, right?

I don’t see a reason why it doesn’t work for you. Creating v1 auth should give you permission.
The only weird thing I see is the bucket ID 082583167868b000 in command creating authorization. It doesn’t correspond to any ID shown above. But it shouldn’t be a problem for authentication, even the tool doesn’t validate ID.
Could you, please, run influx v1 auth list -t mytoken to verify the authorization is created?
It yes, could you try it from scratch? Launch a new docker instance and try those commands again?

# influx v1 auth list -t mytoken
ID                      Description     Name / Token    User Name       User ID           Permissions
08258238a5a8b000                        user1            admin           0823169ba7987000  [read:orgs/ecb2649ec8fcb9dc/buckets/99f7ab19a4264172 write:orgs/ecb2649ec8fcb9dc/buckets/99f7ab19a4264172]
082584cb9da8b000                        user2           admin           0823169ba7987000  [read:orgs/ecb2649ec8fcb9dc/buckets/082583167868b000 write:orgs/ecb2649ec8fcb9dc/buckets/082583167868b000]

BTW user1 & user2 have the same password.

I believe you have to create the users and grant their access…after you’ve established the bucket and DBRP mapping…

Also, as Vlasta points out, you do not point the v1 user auth at the DBRP mapping id. You should be using the underlying bucket id when you grant permissions in the auth create.

#influx v1 auth create -o myorg --username user1 --password password2 -t mytoken --read-bucket 082583167868b000 --write-bucket 082583167868b000

should be:
influx v1 auth create -o myorg --username user1 --password password2 -t mytoken --read-bucket 89a301ec8f65da93 --write-bucket 89a301ec8f65da93

Also what OSS version are you running? 2.0.x what is x?