Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-7381

[2.0.1RN]REST API for flush requires admin credentials while it makes sense to allow it with bucket credentials

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.0
    • Fix Version/s: 2.0.1
    • Component/s: ns_server
    • Security Level: Public
    • Labels:
      None
    • Flagged:
      Release Note

      Description

      SUBJ.

      Matt convinced me that indeed we did it wrong:

      <alkby> I believe 1.7 and 1.6 always demanded admin
      <alkby> and 1.8 too
      <ingenthr> that's a real problem from a client perspective, since someone using a client is just using a bucket
      <alkby> right but flush is a very destructive operation
      <ingenthr> if buckets are in fact about multitenancy, then the tenant should be able to throw away their contents
      <ingenthr> yep, I know.
      <alkby> for unit tests you set it up for bucket with admin credentials
      <alkby> well, tenant is good argument
      <ingenthr> this means it's not functionally equivalent to memcached flush though, and that was the whole point of MB-5170
      <ingenthr> that we couldn't do memcached flush safely, so we'd replace it with RESTful flush
      <alkby> you're right
      <alkby> lets file a bug and address it asap. Thanks for raising this
      <ingenthr> but if restful flush is different semantically (you can flush this only with super creds)
      <ingenthr> okay, will do, thanks
      <alkby> I'll file bug

        Issue Links

        # Subject Project Status CR V
        For Gerrit Dashboard: &For+MB-7381=message:MB-7381

          Activity

          alkondratenko Aleksey Kondratenko (Inactive) created issue -
          ingenthr Matt Ingenthron made changes -
          Field Original Value New Value
          Link This issue blocks JCBC-173 [ JCBC-173 ]
          Hide
          farshid Farshid Ghods (Inactive) added a comment -

          per bug scrub - deferring to 2.1

          Show
          farshid Farshid Ghods (Inactive) added a comment - per bug scrub - deferring to 2.1
          farshid Farshid Ghods (Inactive) made changes -
          Fix Version/s 2.1 [ 10414 ]
          Fix Version/s 2.0.1 [ 10399 ]
          Hide
          ingenthr Matt Ingenthron added a comment -

          2.1? So we'll leave this broken for the remainder of 2.0.x? There's no API breakage in fixing it in 2.0.x that I'm aware of.

          Show
          ingenthr Matt Ingenthron added a comment - 2.1? So we'll leave this broken for the remainder of 2.0.x? There's no API breakage in fixing it in 2.0.x that I'm aware of.
          Hide
          alkondratenko Aleksey Kondratenko (Inactive) added a comment -

          IMHO clearly not 2.0.1 but good fit for 2.0.2

          Show
          alkondratenko Aleksey Kondratenko (Inactive) added a comment - IMHO clearly not 2.0.1 but good fit for 2.0.2
          alkondratenko Aleksey Kondratenko (Inactive) made changes -
          Fix Version/s 2.0.2 [ 10418 ]
          Fix Version/s 2.1 [ 10414 ]
          Hide
          ingenthr Matt Ingenthron added a comment -

          Note that there was a request around this area and a workaround mentioned for the Java client mentioned here:

          http://www.couchbase.com/forums/thread/flush-gui-works-not-spy-memcached

          Show
          ingenthr Matt Ingenthron added a comment - Note that there was a request around this area and a workaround mentioned for the Java client mentioned here: http://www.couchbase.com/forums/thread/flush-gui-works-not-spy-memcached
          dipti Dipti Borkar made changes -
          Fix Version/s 2.0.1 [ 10399 ]
          Fix Version/s 2.0.2 [ 10418 ]
          Hide
          dipti Dipti Borkar added a comment -

          Karen, Note that we will need a documentation change for this bug in 2.0.1.

          Show
          dipti Dipti Borkar added a comment - Karen, Note that we will need a documentation change for this bug in 2.0.1.
          Hide
          kzeller kzeller added a comment -

          Nominating for 2.0.1 RN

          Show
          kzeller kzeller added a comment - Nominating for 2.0.1 RN
          kzeller kzeller made changes -
          Flagged [Release Note]
          Hide
          alkondratenko Aleksey Kondratenko (Inactive) added a comment -

          Dipti said it's a good to have for 2.0.1, please help me with backporting.

          Show
          alkondratenko Aleksey Kondratenko (Inactive) added a comment - Dipti said it's a good to have for 2.0.1, please help me with backporting.
          alkondratenko Aleksey Kondratenko (Inactive) made changes -
          Assignee Aleksey Kondratenko [ alkondratenko ] Aliaksey Artamonau [ aliaksey artamonau ]
          Hide
          Aliaksey Artamonau Aliaksey Artamonau added a comment -
          Show
          Aliaksey Artamonau Aliaksey Artamonau added a comment - http://review.couchbase.org/23930 Merged to 2.0.1.
          Aliaksey Artamonau Aliaksey Artamonau made changes -
          Status Open [ 1 ] Resolved [ 5 ]
          Resolution Fixed [ 1 ]
          Hide
          kzeller kzeller added a comment -

          Note: Add to 2.0.1 Release Notes

          Show
          kzeller kzeller added a comment - Note: Add to 2.0.1 Release Notes
          kzeller kzeller made changes -
          Summary REST API for flush requires admin credentials while it makes sense to allow it with bucket credentials [2.0.1RN]REST API for flush requires admin credentials while it makes sense to allow it with bucket credentials

            People

            • Assignee:
              Aliaksey Artamonau Aliaksey Artamonau
              Reporter:
              alkondratenko Aleksey Kondratenko (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Gerrit Reviews

                There are no open Gerrit changes