Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-40294

Unauthorised user access to /analytics/service API is throwing internal server error

    XMLWordPrintable

    Details

      Description

      curl -v http://10.112.200.104:8095/analytics/service -u data_dcp_reader
      Enter host password for user 'data_dcp_reader':
      *   Trying 10.112.200.104...
      * TCP_NODELAY set
      * Connected to 10.112.200.104 (10.112.200.104) port 8095 (#0)
      * Server auth using Basic with user 'data_dcp_reader'
      > GET /analytics/service HTTP/1.1
      > Host: 10.112.200.104:8095
      > Authorization: Basic ZGF0YV9kY3BfcmVhZGVyOnBhc3N3b3Jk
      > User-Agent: curl/7.64.1
      > Accept: */*
      > 
      < HTTP/1.1 500 Internal Server Error
      < connection: keep-alive
      < content-type: application/json; charset=UTF-8
      < content-length: 291
      < 
      {
      	"errors": [{ 
      		"code": 20001,		"msg": "User must have permission (cluster.bucket[.].analytics!select)"	} 
      	],
      	"status": "fatal",
      	"metrics": {
      		"elapsedTime": "3.25096ms",
      		"executionTime": "0ns",
      		"resultCount": 0,
      		"resultSize": 0,
      		"processedObjects": 0,
      		"errorCount": 1
      	}
      }

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

          Hide
          till Till Westmann added a comment -

          Umang, I've set up build 7861 for (macOS) and ran

          % curl -v -u dcp_user http://localhost:8095/analytics/service 

          (where dcp_user is actually a Data DCP Reader) and I got

          Enter host password for user 'dcp_user':
          *   Trying ::1...
          * TCP_NODELAY set
          * Connection failed
          * connect to ::1 port 8095 failed: Connection refused
          *   Trying 127.0.0.1...
          * TCP_NODELAY set
          * Connected to localhost (127.0.0.1) port 8095 (#0)
          * Server auth using Basic with user 'dcp_user'
          > GET /analytics/service HTTP/1.1
          > Host: localhost:8095
          > Authorization: Basic ZGNwX3VzZXI6ZGNwX3VzZXI=
          > User-Agent: curl/7.64.1
          > Accept: */*
          >
          < HTTP/1.1 401 Unauthorized
          < connection: keep-alive
          * Authentication problem. Ignoring this.
          < www-authenticate: Basic
          < content-length: 70
          <
          {
          	"errors": [{
          		"code": 20000,
          		"msg": "Unauthorized user."	}
          	]}
          * Connection #0 to host localhost left intact
          * Closing connection 0
          

          which yielded the expected HTTP status code.

          Do you have some logs for the execution that yielded the Internal Server Error?

          Show
          till Till Westmann added a comment - Umang , I've set up build 7861 for (macOS) and ran % curl -v -u dcp_user http://localhost:8095/analytics/service (where dcp_user is actually a Data DCP Reader) and I got Enter host password for user 'dcp_user': * Trying ::1... * TCP_NODELAY set * Connection failed * connect to ::1 port 8095 failed: Connection refused * Trying 127.0.0.1... * TCP_NODELAY set * Connected to localhost (127.0.0.1) port 8095 (#0) * Server auth using Basic with user 'dcp_user' > GET /analytics/service HTTP/1.1 > Host: localhost:8095 > Authorization: Basic ZGNwX3VzZXI6ZGNwX3VzZXI= > User-Agent: curl/7.64.1 > Accept: */* > < HTTP/1.1 401 Unauthorized < connection: keep-alive * Authentication problem. Ignoring this. < www-authenticate: Basic < content-length: 70 < { "errors": [{ "code": 20000, "msg": "Unauthorized user." } ]} * Connection #0 to host localhost left intact * Closing connection 0 which yielded the expected HTTP status code. Do you have some logs for the execution that yielded the Internal Server Error?
          Show
          umang.agrawal Umang added a comment - https://cb-jira.s3.us-east-2.amazonaws.com/logs/MB-40294/internal_error.zip
          Hide
          build-team Couchbase Build Team added a comment -

          Build couchbase-server-6.6.0-7869 contains cbas-core commit 1bc521f with commit message:
          MB-40294: Return 401 HTTP reponse on unauthorized user error

          Show
          build-team Couchbase Build Team added a comment - Build couchbase-server-6.6.0-7869 contains cbas-core commit 1bc521f with commit message: MB-40294 : Return 401 HTTP reponse on unauthorized user error
          Hide
          umang.agrawal Umang added a comment -

          verified with couchbase server build 6.6.0-7873

          Show
          umang.agrawal Umang added a comment - verified with couchbase server build 6.6.0-7873
          Hide
          build-team Couchbase Build Team added a comment -

          Build couchbase-server-7.0.0-2640 contains cbas-core commit 1bc521f with commit message:
          MB-40294: Return 401 HTTP reponse on unauthorized user error

          Show
          build-team Couchbase Build Team added a comment - Build couchbase-server-7.0.0-2640 contains cbas-core commit 1bc521f with commit message: MB-40294 : Return 401 HTTP reponse on unauthorized user error
          Hide
          build-team Couchbase Build Team added a comment -

          Build couchbase-server-6.6.2-9599 contains cbas-core commit 1bc521f with commit message:
          MB-40294: Return 401 HTTP reponse on unauthorized user error

          Show
          build-team Couchbase Build Team added a comment - Build couchbase-server-6.6.2-9599 contains cbas-core commit 1bc521f with commit message: MB-40294 : Return 401 HTTP reponse on unauthorized user error

            People

            Assignee:
            umang.agrawal Umang
            Reporter:
            umang.agrawal Umang
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Due:
              Created:
              Updated:
              Resolved:

                Gerrit Reviews

                There are no open Gerrit changes

                  PagerDuty