From 99e0f8a3a0684954465b299408e48071ca47c77b Mon Sep 17 00:00:00 2001
From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com>
Date: Mon, 17 May 2021 19:18:46 +0000
Subject: [PATCH] influxdb_user: allow creation of first user with auth enabled
 (#2364) (#2368) (#2547)

* influxdb_user: allow creation of first user with auth enabled (#2364)

* handle potential exceptions while parsing influxdb client error

* fix changelog

Co-authored-by: Felix Fontein <felix@fontein.de>

* influxdb_user: use generic exceptions to be compatible with python 2.7

Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit b89eb87ad6872dcfed1bd2a7969ba5ce091ddf9e)

Co-authored-by: Xabier Napal <xabiernapal@pm.me>
---
 .../2364-influxdb_user-first_user.yml         |  5 ++++
 .../database/influxdb/influxdb_user.py        | 25 +++++++++++++++++--
 2 files changed, 28 insertions(+), 2 deletions(-)
 create mode 100644 changelogs/fragments/2364-influxdb_user-first_user.yml

diff --git a/changelogs/fragments/2364-influxdb_user-first_user.yml b/changelogs/fragments/2364-influxdb_user-first_user.yml
new file mode 100644
index 0000000000..905688643b
--- /dev/null
+++ b/changelogs/fragments/2364-influxdb_user-first_user.yml
@@ -0,0 +1,5 @@
+bugfixes:
+  - influxdb_user - allow creation of admin users when InfluxDB authentication
+    is enabled but no other user exists on the database. In this scenario,
+    InfluxDB 1.x allows only ``CREATE USER`` queries and rejects any other query
+    (https://github.com/ansible-collections/community.general/issues/2364).
diff --git a/plugins/modules/database/influxdb/influxdb_user.py b/plugins/modules/database/influxdb/influxdb_user.py
index 8aec04533b..d9e6b58051 100644
--- a/plugins/modules/database/influxdb/influxdb_user.py
+++ b/plugins/modules/database/influxdb/influxdb_user.py
@@ -100,6 +100,8 @@ RETURN = r'''
 #only defaults
 '''
 
+import json
+
 from ansible.module_utils.urls import ConnectionError
 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils._text import to_native
@@ -115,7 +117,7 @@ def find_user(module, client, user_name):
             if user['user'] == user_name:
                 user_result = user
                 break
-    except (ConnectionError, influx.exceptions.InfluxDBClientError) as e:
+    except ConnectionError as e:
         module.fail_json(msg=to_native(e))
     return user_result
 
@@ -198,6 +200,9 @@ def set_user_grants(module, client, user_name, grants):
     return changed
 
 
+INFLUX_AUTH_FIRST_USER_REQUIRED = "error authorizing query: create admin user first or disable authentication"
+
+
 def main():
     argument_spec = influx.InfluxDb.influxdb_argument_spec()
     argument_spec.update(
@@ -219,7 +224,23 @@ def main():
     grants = module.params['grants']
     influxdb = influx.InfluxDb(module)
     client = influxdb.connect_to_influxdb()
-    user = find_user(module, client, user_name)
+
+    user = None
+    try:
+        user = find_user(module, client, user_name)
+    except influx.exceptions.InfluxDBClientError as e:
+        if e.code == 403:
+            reason = None
+            try:
+                msg = json.loads(e.content)
+                reason = msg["error"]
+            except (KeyError, ValueError):
+                module.fail_json(msg=to_native(e))
+
+            if reason != INFLUX_AUTH_FIRST_USER_REQUIRED:
+                module.fail_json(msg=to_native(e))
+        else:
+            module.fail_json(msg=to_native(e))
 
     changed = False