Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-34587

user-manage fails to create user with group-based role

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Major
    • 6.5.0
    • 6.5.0
    • tools
    • None
    • build 3469
    • Untriaged
    • Unknown

    Description

      user-manage does not create a user as I would expect. 

      First, I create a clusterAdmin group with the UI, and assign the cluster_admin role to the group. 

      Then, I create a local user with the UI, and assign them membership of the clusterAdmin group - that is their only role. This succeeds. The underlying REST appears to be: 

      Request URL: http://10.143.192.101:8091/settings/rbac/users/local/jsmith
      Request Method: PUT
      roles=cluster_admin&name=&groups=clusterAdmin&password=jsmith

      Next, I attempt to create another local user and make them a member of the same group, this time with the CLI, as follows:

      /opt/couchbase/bin/couchbase-cli user-manage --cluster http://10.143.192.101 \
      --username Administrator \
      --password password \
      --rbac-username djones \
      --rbac-password dj0n3S3482 \
      --auth-domain local \
      --edit-users-groups \
      --user-groups clusterAdmin -d

      This fails with 

      ERROR: password - Password is required for new user.

      The underlying REST appears to be: 

      PUT http://10.143.192.101:8091/settings/rbac/users/local/djones groups=clusterAdmin

       

      I then add the user with a single directly assigned role, as follows:

      /opt/couchbase/bin/couchbase-cli user-manage --cluster http://10.143.192.101 \
      --username Administrator \
      --password password \
      --set \
      --rbac-username djones \
      --rbac-password dj0n3S3482 \
      --roles query_external_access \
      --auth-domain local

      This succeeds:

      SUCCESS: User djones was created

      Then, I try to add their group membership again: 

      /opt/couchbase/bin/couchbase-cli user-manage --cluster http://10.143.192.101 \
      --username Administrator \
      --password password \
      --rbac-username djones \
      --rbac-password dj0n3S3482 \
      --auth-domain local \
      --edit-users-groups \
      --user-groups clusterAdmin -d

      This gives me:

      SUCCESS: User 'djones' group memberships were updated

      The underlying REST is:

      PUT http://10.143.192.101:8091/settings/rbac/users/local/djones groups=clusterAdmin

      This overwrites the previous djones. 

      I would have expected the --edit-users-groups call to create the user the first time around, passing the password at REST level.

       

       

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. MB-34413 cli - update group membership for user creates a new external user

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              pvarley Patrick Varley (Inactive)
              tony.hillman Tony Hillman (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty