Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-49566

Eventing RBAC: Function creation via REST should fail if owner does not have read permission for bucket binding

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Do
    • Major
    • 7.1.0
    • 7.1.0
    • eventing
    • Enterprise Edition 7.1.0 build 1707

    Description

      STEPS
      Create user bucketop having following set of roles.

      Manage Scope Functions [src_bucket:_default] , Data Writer [metadata:*:*] , Data Writer [dst_bucket2:*:*] , Data Writer [dst_bucket:*:*] , Data Reader [metadata:*:*] , Data DCP Reader [src_bucket:*:*]

      user has only write permission for dst_bucket.
      Import/ Create attached handler having dst_bucket bucket binding using rbac user.

      OBSERVATION
      Function creation fails via UI.
      Function creation succeeds via REST API.

      curl -XPOST -d @./test-19.json http://bucketop:password@10.112.190.102:8096/api/v1/functions     
      [
      		 
       {
      		 
        "code": 0,
      		 
        "info": {
      		 
         "status": "Stored function: 'test' in metakv",
      		 
         "warnings": null
      		 
        }
      		 
       }
      		 
      ]

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            ankit.prabhu Ankit Prabhu
            sujay.gad Sujay Gad
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty