Details
-
Improvement
-
Resolution: Fixed
-
Major
-
6.5.0
-
CAO 2.0
Description
The Operator runs on the model read/modify/write. We create an XDCR remote with the following:
xdcr:
|
managed: true
|
remoteClusters:
|
- authenticationSecret: cb-example-auth
|
hostname: cb-example-srv.remote
|
name: remote
|
replications: {}
|
tls:
|
secret: my-xdcr-tls-secret
|
uuid: 5192c4cbba3cf377f3d6fec6ad0ec80d
|
Note the hostname is cb-example-srv.remote, for which an SRV lookup will succeed. Sadly when we read later on we get this:
kubectl exec -ti cb-example-0000 -- curl http://localhost:8091/pools/default/remoteClusters -u Administrator:password | python -m json.tool
|
[
|
{
|
"certificate": "-----BEGIN CERTIFICATE-----\nMIIDSzCCAjOgAwIBAgIUcRQrjrN594tT5DXA+ydesY80LNkwDQYJKoZIhvcNAQEL\nBQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjAwMTE2MTQxMzQxWhcNMzAw\nMTEzMTQxMzQxWjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN\nAQEBBQADggEPADCCAQoCggEBANmzAlRCM5NGalxECWoDkVYqArGIikJfs13WF7OE\n+rGdhS23fsv9lPYidPTUcugP8WZgoWL3YQd1Nti+Ef28AtYK3quBKgxZmh4sEMpj\nyB0QFI1gLARcdiU1c9VVb81CFDgH32yBMvLoANXBDn/45hJTHUDagA3lkhc1BYBx\nBiuh8fWo9jEOstPWpzVYeV5F5qBQlPe+Wt8grMLNU6h7zSaUoYKRTMoxghS1Gi4J\nI79seyixqTGiBhFhznYMABDzqEtWdl3ZFattPp/F6SyThjJHwNFFHCymYeL5Nfia\nahUC1OsehdFIooP9fUgnDDAvMDidGIhWRmwKCY4FNI0+ve8CAwEAAaOBkDCBjTAd\nBgNVHQ4EFgQUU84bfmAz4Q4MaKyX77ejhJ/Xt0wwUQYDVR0jBEowSIAUU84bfmAz\n4Q4MaKyX77ejhJ/Xt0yhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghRxFCuO\ns3n3i1PkNcD7J16xjzQs2TAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq\nhkiG9w0BAQsFAAOCAQEARlPDR9XeHEKRdTe3AfNlEvHcdMpbfNv2WgOId3QgIJSr\nMTPZTsdBnibpIHmlZ4Snpk9lyrYboX45CcjwROpPeqNKlCJYxBDLOzbDD/Qw8E8j\nocg+wGwh2ZXfs1PuqUDi0NZWbbYM9jxXxxnQh+Q9GyXXtELNDuw5jIkNpQGPkYZQ\nP4BKSTpcbvECoz2lRtBdH1YzWpIVkWB9b8V8X4SEdGB/jxVKxw7ZgJRq96uRI4fd\n1/5OG40XUXClY25YW3wbVSfobqaIr1dNGUL2WeOIzhzI5zi10oV5fGEy7+dlid9q\nygMp7GqExlD3Jwo4imndvY1wftWZJdASDAzM63NbeA==\n-----END CERTIFICATE-----\n",
|
"deleted": false,
|
"demandEncryption": true,
|
"encryptionType": "full",
|
"hostname": "cb-example-0003.cb-example.remote.svc:18091",
|
"name": "remote",
|
"secureType": "full",
|
"uri": "/pools/default/remoteClusters/remote",
|
"username": "Administrator",
|
"uuid": "5192c4cbba3cf377f3d6fec6ad0ec80d",
|
"validateURI": "/pools/default/remoteClusters/remote?just_validate=1"
|
}
|
]
|
Obviously cb-example-0003.cb-example.remote.svc:18091 isn't cb-example-srv.remote so we would constantly try to update. I say would because there is no way to get the password field out to ensure that hasn't changed wither, so we just don't bother trying to update at present.
So I guess the request is two-fold, figure out a way for us to check if the password matches that stored in NS server, and secondly idempotency.
