Telegraf user requires ALL PRIVILEGES else it gets "not authorized to execute statement CREATE DATABASE"

[Robpol86]

Bug report

Telegraf (master @ 1074464) using a user with only WRITE privileges on an already-existing "telegraf" database cannot add data due to this error:

2017-03-06T05:10:22Z E! Database creation failed: Response Error: Status Code [403], expected [200], [error authorizing query: telegraf_filesrv not authorized to execute statement 'CREATE DATABASE telegraf', requires admin privilege]

This worked back in July 2016 when I last setup InfluxDB+Telegraf but since then it appears CREATE DATABASE is run every time by Telegraf. The only way to let Telegraf write to my database is to GRANT ALL TO telegraf_filesrv.

Perhaps #2231 ran into this but failed to include any details? I wouldn't mind having such a configuration option in Telegraf.

Relevant telegraf.conf:

[[outputs.influxdb]]
  urls = ["https://filesrv.rob86.net:8086"] # required
  database = "telegraf" # required
  retention_policy = ""
  write_consistency = "any"
  timeout = "5s"
  username = "telegraf_filesrv"
  password = "REPLACE_ME"
  ssl_ca = "/etc/filesrv.rob86.net.cert.pem"

System info:

Telegraf vdev-72-g1074464 (git: master 1074464)
Connected to https://localhost:8086 version 1.2.0
Linux filesrv.rob86.net 4.9.10-200.fc25.x86_64 #1 SMP Wed Feb 15 23:28:59 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
Fedora release 25 (Twenty Five)

Steps to reproduce:

CREATE DATABASE telegraf
CREATE USER telegraf_filesrv WITH PASSWORD 'REPLACE_ME'
GRANT WRITE ON telegraf TO telegraf_filesrv

Expected behavior:

Telegraf is able to add metrics to the database with only WRITE privileges if the "telegraf" database has already been created.

Actual behavior:

Telegraf fails to execute query to add data due to no permission to run "CREATE DATABASE telegraf"

Feature Request

Add option to prevent Telegraf from trying to execute "CREATE DATABASE" and just write data.

Use case:

Allows Telegraf users to be locked down to just WRITE vs ALL PRIVILEGES.

[sparrc]

sure, seems reasonable

[WaterByWind]

This seems perhaps also related to #1655

I haven't found that further writes are broken if the database already exists despite the CREATE failure, but it does create a log entry each time Telegraf starts.

[samcraigjohnson]

Hello, is this being actively worked on? I would be happy to implement this as it is a blocker to some work I am doing.

[danielnelson]

@sjohnson540 My understanding of the current state of this issue is that Telegraf always tries to create a database on startup, but if it fails then it will continue and write successfully. I would still like to add an option to not create the database but it shouldn't affect operation.

[samcraigjohnson]

@danielnelson oh interesting, I see that now, sorry for the confusion.

[JeffAshton]

@danielnelson Are you going to do the work for this one? I have a interest. :)

[danielnelson]

Yes, should be ready in the next few days.

[danielnelson]

You can now use skip_database_creation = true in the influxdb output.