Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-51496

[BP 7.0.4-49706]: Eventing functions lose auth on save

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 7.0.4
    • 7.0.2
    • eventing
    • Couchbase 7.0.2 in Docker and Kubernetes using CAO
    • Untriaged
    • MacOSX 64-bit
    • 1
    • Unknown

    Description

      Eventing credentials for url bindings are lost in a few different ways.
      The first way i observed them being lost is when upgrading a cluster from 6.6.2 to 7.0.2. Upon upgrading, all the credentials are changed to '*****'. The upgrade was done while the eventing function was undeployed because of MB-49429 so it hasn't been observed with an upgrade whilst eventing is running.
      With eventing functions on 7.0.2, changing any of the credentials with the function paused will only change that credential (one issue with this is if you don't delete the existing text such as when adding text to the end, the credential will have 5 *'s in it). It could be beneficial to clear the box when it is clicked the first time so a new credential can be input.
      The main issue comes with when the function is undeployed. Editing any credentials whilst it is undeployed will cause all other credentials to change to '*****'. This means you need to input all credentials again when changing one of them.

      An easy way to test this is to create an eventing function on a bucket with 1 document, create 2 url bindings both on `https://httpbin.org/anything/test`. One will be called 'bearer_hello` and the other `bearer_world`. Enable bearer authentication on both and put `hello` and `world` as the bearer token respectively. Then add the following code and test the above issues.

      function OnUpdate(doc, meta) {
      		 
          log('Testing hello curl request');
      		 
          testRequest(bearer_hello);
      		 
          log('Testing world curl request');
      		 
          testRequest(bearer_world);
      		 
      }
      		 
       
      		 
      function testRequest(url_binding) {
      		 
          const request = {
      		 
              path: '',
      		 
              headers: {
      		 
                  Accept: 'application/json',
      		 
                  'Content-Type': 'application/json',
      		 
              },
      		 
          };
      		 
       
      		 
          const response = curl('GET', url_binding, request);
      		 
       
      		 
          if (response.status !== 200) {
      		 
              log('Error fetching:', request, '-> Status:', response.status); //, response.headers)
      		 
              return false;
      		 
          }
      		 
       
      		 
          log(`Got response with bearer '${response.body.headers.Authorization}'`);
      		 
      }

      Attachments

        Issue Links

          is a backport of

          Bug - A problem which impairs or prevents the functions of the product. MB-49706 Eventing functions lose auth on save

          • Major - Major loss of function.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              sujay.gad Sujay Gad
              ankit.prabhu Ankit Prabhu
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty