Details
-
Bug
-
Resolution: Fixed
-
Critical
-
Cheshire-Cat
-
Untriaged
-
1
-
Unknown
Description
The old bucket sasl_password is no longer needed or used and should be effectively removed.
I say "effectively removed" as I think the most reasonable way to remove it for now is just set it to the empty string on upgraded clusters. (Removing it entirely is likely to break a bunch of tests, and I think we can do that work later.) In summary, I think the work should be:
- when the sasl_password is set to some non-empty string when a bucket is created, just silently set it to an empty string (it's can't be used for anything anyway - it certainly doesn't allow you access the bucket, so there's no harm in silently ignoring it)
- on upgraded clusters, as part of the online upgrader we should set the password to the empty string
In the long distant past the bucket password did grant one access to the bucket, but that is true no longer - ever since 5.0 the only way to access a bucket was via user credentials. Moxi used the bucket password, but this is no longer supported. XDCR used in 4.6; but again no longer. And certain CLI / backup commands used it too back in 4.6. Nonetheless, we should probably release note this change.
Attachments
Issue Links
| For Gerrit Dashboard: MB-44777 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 148428,2 | MB-44777 Don't move sasl_password to chronicle | master | ns_server | Status: ABANDONED | 0 | +1 |
| 148429,11 | MB-44777 Remove unused ns_bucket:sasl_password | master | ns_server | Status: MERGED | +2 | +1 |
| 148430,21 | MB-44777 Deprecate sasl_password in REST APIs | master | ns_server | Status: MERGED | +2 | +1 |
| 148431,15 | MB-44777 Enforce sasl_password assumptions | master | ns_server | Status: ABANDONED | 0 | +1 |
| 148432,4 | MB-44777 Use "" for sasl_password (memcached_passwords) | master | ns_server | Status: ABANDONED | 0 | 0 |
| 148433,22 | MB-44777 Minor sasl_password and bucket cred changes | master | ns_server | Status: MERGED | +2 | +1 |
| 148434,10 | MB-44777 Remove sasl_password bucket authentication | master | ns_server | Status: ABANDONED | 0 | 0 |
| 148654,5 | MB-44777: Remove support for legacy bucket users | master | kv_engine | Status: MERGED | +2 | +1 |
| 148777,1 | MB-44777 Remove legacy bucket users | master | ns_server | Status: ABANDONED | 0 | 0 |
| 148778,7 | MB-44777 Remove permissions for legacy bucket users | master | ns_server | Status: ABANDONED | 0 | 0 |
| 148779,23 | MB-44777 Remove use of auth_type bucket property | master | ns_server | Status: MERGED | +2 | +1 |
| 148782,12 | MB-44777 Don't move auth_type to chronicle | master | ns_server | Status: ABANDONED | 0 | 0 |
| 148995,19 | MB-44777 Remove bucket password related permissions | master | ns_server | Status: MERGED | +2 | +1 |
| 149105,3 | MB-44777 Minimize support for sasl_password | master | ns_server | Status: MERGED | +2 | +1 |
| 149106,4 | MB-44777 Don't move sasl_password to chronicle | master | ns_server | Status: MERGED | +2 | +1 |
| 149403,5 | MB-44777 Remove saslPassword and authType from UI | master | ns_server | Status: MERGED | +2 | +1 |
| 149404,16 | MB-44777 Remove saslPassword and authType from cluster_run | master | ns_server | Status: MERGED | +2 | +1 |
| 149405,17 | MB-44777 Remove saslPassword and authType from ruby scripts | master | ns_server | Status: MERGED | +2 | +1 |
| 150266,1 | MB-44777 Temporary workaround | master | ns_server | Status: ABANDONED | 0 | 0 |