Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-51496

[BP 7.0.4-49706]: Eventing functions lose auth on save



    • Bug
    • Resolution: Fixed
    • Major
    • 7.0.4
    • 7.0.2
    • eventing
    • Couchbase 7.0.2 in Docker and Kubernetes using CAO
    • Untriaged
    • MacOSX 64-bit
    • 1
    • Unknown


      Eventing credentials for url bindings are lost in a few different ways.
      The first way i observed them being lost is when upgrading a cluster from 6.6.2 to 7.0.2. Upon upgrading, all the credentials are changed to '*****'. The upgrade was done while the eventing function was undeployed because of MB-49429 so it hasn't been observed with an upgrade whilst eventing is running.
      With eventing functions on 7.0.2, changing any of the credentials with the function paused will only change that credential (one issue with this is if you don't delete the existing text such as when adding text to the end, the credential will have 5 *'s in it). It could be beneficial to clear the box when it is clicked the first time so a new credential can be input.
      The main issue comes with when the function is undeployed. Editing any credentials whilst it is undeployed will cause all other credentials to change to '*****'. This means you need to input all credentials again when changing one of them.

      An easy way to test this is to create an eventing function on a bucket with 1 document, create 2 url bindings both on `https://httpbin.org/anything/test`. One will be called 'bearer_hello` and the other `bearer_world`. Enable bearer authentication on both and put `hello` and `world` as the bearer token respectively. Then add the following code and test the above issues.

      function OnUpdate(doc, meta) {
          log('Testing hello curl request');
          log('Testing world curl request');
      function testRequest(url_binding) {
          const request = {
              path: '',
              headers: {
                  Accept: 'application/json',
                  'Content-Type': 'application/json',
          const response = curl('GET', url_binding, request);
          if (response.status !== 200) {
              log('Error fetching:', request, '-> Status:', response.status); //, response.headers)
              return false;
          log(`Got response with bearer '${response.body.headers.Authorization}'`);


        Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.



              sujay.gad Sujay Gad
              ankit.prabhu Ankit Prabhu
              0 Vote for this issue
              3 Start watching this issue



                Gerrit Reviews

                  There are no open Gerrit changes