Details
-
Improvement
-
Resolution: Unresolved
-
Major
-
None
-
6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.5.1, 6.6.0, 6.6.1, 6.6.2, 6.5.2, 6.5.0, 6.6.3, 6.6.4, 6.6.5, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.1.0, 7.1.1
-
None
-
1
Description
Problem
There have been a few cases where users have misconfigured RBAC for the XDCR users. To debug these cases the logs have to be view and in some cases Support has to help out.
Expectation
XDCR fails to create the replication and provides a useful and actionable error message to the user. Of course if RBAC is changed during replication then a error should also be throw to the UI.
We should also be aware of compatibility between versions of Couchbase
Suggestion
The cluster manager already today provided a way of checking the RBAC of a user:
curl -u patrick:password localhost:8091/whoami
|
{"roles":[{"role":"replication_target","bucket_name":"*"}],"id":"patrick","domain":"local","name":"","password_change_date":"2022-10-13T11:37:02.000Z"}
|
Maybe XDCR can use this. It might also be useful to have a hidden (unsupported) option to override this check just incase compatibility bites us.