Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-7381

[2.0.1RN]REST API for flush requires admin credentials while it makes sense to allow it with bucket credentials


    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.0
    • Fix Version/s: 2.0.1
    • Component/s: ns_server
    • Security Level: Public
    • Labels:
    • Flagged:
      Release Note



      Matt convinced me that indeed we did it wrong:

      <alkby> I believe 1.7 and 1.6 always demanded admin
      <alkby> and 1.8 too
      <ingenthr> that's a real problem from a client perspective, since someone using a client is just using a bucket
      <alkby> right but flush is a very destructive operation
      <ingenthr> if buckets are in fact about multitenancy, then the tenant should be able to throw away their contents
      <ingenthr> yep, I know.
      <alkby> for unit tests you set it up for bucket with admin credentials
      <alkby> well, tenant is good argument
      <ingenthr> this means it's not functionally equivalent to memcached flush though, and that was the whole point of MB-5170
      <ingenthr> that we couldn't do memcached flush safely, so we'd replace it with RESTful flush
      <alkby> you're right
      <alkby> lets file a bug and address it asap. Thanks for raising this
      <ingenthr> but if restful flush is different semantically (you can flush this only with super creds)
      <ingenthr> okay, will do, thanks
      <alkby> I'll file bug

        Issue Links

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.



            • Assignee:
              Aliaksey Artamonau Aliaksey Artamonau
              alkondratenko Aleksey Kondratenko (Inactive)
            • Votes:
              0 Vote for this issue
              4 Start watching this issue


              • Created:

                Gerrit Reviews

                There are no open Gerrit changes