Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-56321

[CLI] Rest client initialiser doesn't handle cases where authentication is optional

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 7.2.1
    • 7.1.4, 7.1.0, 7.1.1, 7.1.2, 7.1.3
    • tools
    • None
    • Untriaged
    • 0
    • Yes

    Description

      What's the issue?
      In 7.1.0 we introduced the ability to authenticate with the cluster using client certificate authentication (mTLS).

      Part of this change, was that users could now either supply a username/password pair, or mTLS related flags (e.g. client cert/key).

      Given these flags are all used when we create a REST client, the natural home for this validation was our rest_initiliser decorator (source).

      We missed the case where it's valid to not supply any credentials at all; this results in the false positive where flag validation kicks in, requiring the user to supply a username/password when it's not necessary.

      What's the fix?

      1. We should add a condition to the initializer that allows certain sub-commands to not have any authentication flags provided.
      2. We should verify that we haven't made any new assumptions that at least one of these authentication methods will be provided.
      3. We should go through the supported commands and make sure that - where required - authentication flags are made optional.

      Is there a workaround?
      Prior to the cluster being initialized, you can use placeholders for the username/password.

      $ couchbase-cli node-init -c 172.20.1.1:8091 --node-init-data-path /opt/couchbase/var/lib/couchbase/data --node-init-index-path /opt/couchbase/var/lib/couchbase/data --node-init-eventing-path /opt/couchbase/var/lib/couchbase/data --node-init-analytics-path /opt/couchbase/var/lib/couchbase/data --node-init-hostname 127.0.0.1 --ipv4 --username asdf --password asdf
      		 
      WARNING: Could not import cb_version, setting VERSION to 0.0.0-0000-community
      		 
      SUCCESS: Node initialized

      After the cluster has been initialized, the actual username/password must be supplied.

      $ couchbase-cli ./couchbase-cli node-init -c 172.20.1.1:8091 --node-init-data-path /opt/couchbase/var/lib/couchbase/data --node-init-index-path /opt/couchbase/var/lib/couchbase/data --node-init-eventing-path /opt/couchbase/var/lib/couchbase/data --node-init-analytics-path /opt/couchbase/var/lib/couchbase/data --node-init-hostname 127.0.0.1 --ipv4 --username Administrator --password asdasd
      		 
      WARNING: Could not import cb_version, setting VERSION to 0.0.0-0000-community
      		 
      SUCCESS: Node initialized

      Affected sub-commands

      1. node-init

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            safian.ali Safian Ali
            james.lee James Lee
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty