Uploaded image for project: 'Couchbase Kubernetes'
  1. Couchbase Kubernetes
  2. K8S-1809

Helm Users cannot be created when bucket is blank or not specified

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • None
    • kubernetes
    • None
    • 1

    Description

      Background
      Create a user in helm chart like so:

        # (requires couchbase server 6.5.0 and higher)
        users:
          # creates an example user named 'developer'
          test-user:
            # password to use for user authentication
            # (alternatively use authSecret)
            password: password
            # optional secret to use containing user password
            authDomain: local
            #      authSecret: "my-password-secret" 
            # roles attributed to group
            roles:
              - name: bucket_admin
              - name: cluster_admin
      
      

      if `bucket` is not defined, the operator will throw this error:

      {"level":"info","ts":1606858833.1786308,"logger":"cluster","msg":"Reconcile completed","cluster":"default/cb-helm"}
      {"level":"error","ts":1606858834.0520496,"logger":"cluster","msg":"Reconciliation failed","cluster":"default/cb-helm","error":"[request failed PUT http://cb-helm-0000.cb-helm.default.svc:8091/settings/rbac/groups/test-user-cb-helm 400 Bad Request: {\"errors\":{\"roles\":\"Cannot assign roles to user because the following roles are unknown, malformed or role parameters are undefined:
      

      If the bucket is left blank, the Admission will reject it:

      ⋊> ~/d/o/2.0.3 helm install --values values.yaml cb-test couchbase/couchbase-operator                                                      13:42:20
      Error: CouchbaseGroup.couchbase.com "test-user-cb-helm" is invalid: spec.roles.bucket: Invalid value: "null": spec.roles.bucket in body must be of type string: "null"
      

      The bucket will have to specified like so:

      bucket: "*"

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          Thanks Tin Tran ,

          Looks like the bucket is being created before the admission controller starts.  Verified that creating bucket with DAC running does provide default '*'.

          From helm perspective, I will fix by providing the default in template _helper function.

          tommie Tommie McAfee added a comment - Thanks Tin Tran , Looks like the bucket is being created before the admission controller starts.  Verified that creating bucket with DAC running does provide default '*'. From helm perspective, I will fix by providing the default in template _helper function.

          Fix is pushed.  Official release will be in 2.1 but if you want to run the chart from github that will work as well.

           

          https://github.com/couchbase-partners/helm-charts/commit/3ed6497c3ecbf84ee6b9a9a6d4173ce0be35c588

          tommie Tommie McAfee added a comment - Fix is pushed.  Official release will be in 2.1 but if you want to run the chart from github that will work as well.   https://github.com/couchbase-partners/helm-charts/commit/3ed6497c3ecbf84ee6b9a9a6d4173ce0be35c588

          People

            tommie Tommie McAfee
            tin.tran Tin Tran
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty