Description
user-manage does not create a user as I would expect.
First, I create a clusterAdmin group with the UI, and assign the cluster_admin role to the group.
Then, I create a local user with the UI, and assign them membership of the clusterAdmin group - that is their only role. This succeeds. The underlying REST appears to be:
Request URL: http://10.143.192.101:8091/settings/rbac/users/local/jsmith
Request Method: PUT
roles=cluster_admin&name=&groups=clusterAdmin&password=jsmith
Next, I attempt to create another local user and make them a member of the same group, this time with the CLI, as follows:
/opt/couchbase/bin/couchbase-cli user-manage --cluster http://10.143.192.101 \
--username Administrator \
--password password \
--rbac-username djones \
--rbac-password dj0n3S3482 \
--auth-domain local \
--edit-users-groups \
--user-groups clusterAdmin -d
This fails with
ERROR: password - Password is required for new user.
The underlying REST appears to be:
PUT http://10.143.192.101:8091/settings/rbac/users/local/djones groups=clusterAdmin
I then add the user with a single directly assigned role, as follows:
/opt/couchbase/bin/couchbase-cli user-manage --cluster http://10.143.192.101 \
--username Administrator \
--password password \
--set \
--rbac-username djones \
--rbac-password dj0n3S3482 \
--roles query_external_access \
--auth-domain local
This succeeds:
SUCCESS: User djones was created
Then, I try to add their group membership again:
/opt/couchbase/bin/couchbase-cli user-manage --cluster http://10.143.192.101 \
--username Administrator \
--password password \
--rbac-username djones \
--rbac-password dj0n3S3482 \
--auth-domain local \
--edit-users-groups \
--user-groups clusterAdmin -d
This gives me:
SUCCESS: User 'djones' group memberships were updated
The underlying REST is:
PUT http://10.143.192.101:8091/settings/rbac/users/local/djones groups=clusterAdmin
This overwrites the previous djones.
I would have expected the --edit-users-groups call to create the user the first time around, passing the password at REST level.
Attachments
Issue Links
- duplicates
-
MB-34413 cli - update group membership for user creates a new external user
- Closed