Rbac Fails with client cert - Build - Enterprise Edition 5.5.0 build 1898
Client_conf.json
{"state" : "enable","prefixes" : [\{ "path" : "subject.cn", "prefix" : "www.cb-", "delimiter" : "." }]}
Client config:
[ req ]
default_bits = 1024
distinguished_name = req_distinguished_name
req_extensions = req_ext
prompt = no
[ req_distinguished_name ]
countryName = UA
stateOrProvinceName = California
localityName = Mountain View
organizationName = My Company
commonName = www.cb-cbadminbucket.com
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1 = us.travel-agent1.com
URI.1 = www.travel-agent2.com
a) Created a user cbadminbucket on Couchbase server, as an admin
2018-02-15 11:28:57,936 - root - INFO - **** add 'admin' role to 'cbadminbucket' user ****
b) Create server and client cert. SSL handshake is successful but fails on authorization.
('{\n"requestID": "baefa052-a0b5-4cc8-b315-3810eec530f8",\n"signature": null,\n"results": [\n],\n"errors": [\{"code":13014,"msg":"User does not have credentials to run index operations. Add role query_manage_index on default to allow the query to run."}],\n"status": "stopped",\n"metrics": {"elapsedTime": "37.14568ms","executionTime": "37.11862ms","resultCount": 0,"resultSize": 0,"errorCount": 1}
Login to UI via the same user, user is able to create index.
For Setup use -
https://docs.google.com/document/d/1sC_He6DZdiZBw63jIvOdwqD_2uGAkELzSA1BqxGuNCA/edit#
https://developer.couchbase.com/documentation/server/current/security/security-x509certsintro.html
Test -
curl --cacert ./root/ca.pem --cert-type PEM --cert ./client/client/chain.pem --key-type PEM --key ./client/client/client.key https://localhost:18093/query/service -d "statement=select 1"