Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use RBAC credentials for Couchbase cluster info #19393

Closed
ideskov opened this issue Dec 18, 2019 · 0 comments
Closed

Use RBAC credentials for Couchbase cluster info #19393

ideskov opened this issue Dec 18, 2019 · 0 comments
Assignees
@bclozel
Labels
type: bug A general bug
Milestone
2.2.3

Comments

@ideskov
Copy link

ideskov commented Dec 18, 2019
edited

Hey,

Autoconfiguration for Couchbase driver with RBAC on server side fails. After providing the following configuration:

spring:
  couchbase:
    bootstrap-hosts:
      - 127.0.0.1:8091
    username: test
    password: super_secret
    bucket:
      name: test

I get the error below:

Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.couchbase.client.java.cluster.ClusterInfo]: Factory method 'couchbaseClusterInfo' threw exception; nested exception is com.couchbase.client.java.error.InvalidPasswordException

I think the problem lies in the fact that CouchbaseConfiguration.couchbaseClusterInfo() passes bucket level credentials to CouchbaseCluster's clusterManager(String username, String password). The javadoc for this method explicitly states:

Provides access to the ClusterManager to perform cluster-wide operations. Note that the credentials provided here are different from bucket-level credentials. As a rule of thumb, the "Administrator" credentials need to be passed in here or any credentials with enough permissions to perform the underlying operations. Bucket level credentials will not work.

In CouchbaseConfiguration.couchbaseCluster() we check whether RBAC is used and then we authenticate:

@Bean
@Primary
public Cluster couchbaseCluster() {
	CouchbaseCluster couchbaseCluster = CouchbaseCluster.create(couchbaseEnvironment(), determineBootstrapHosts());
	if (isRoleBasedAccessControlEnabled()) {
		return couchbaseCluster.authenticate(this.properties.getUsername(), this.properties.getPassword());
	}
	return couchbaseCluster;
}

This would mean that we can safely use couchbaseCluster().clusterManager().info() inside couchbaseClusterInfo() if RBAC is enabled.

I am happy to raise a PR for this change if that would help.

Thanks!
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Dec 18, 2019
@snicoll snicoll changed the title Couchbase autoconfiguration fails Wrong credentials with Couchbase RBAC Dec 18, 2019
@bclozel bclozel added type: bug A general bug and removed status: waiting-for-triage An issue we've not yet triaged labels Dec 18, 2019
@bclozel bclozel added this to the 2.2.x milestone Dec 18, 2019
@bclozel bclozel self-assigned this Dec 18, 2019
@bclozel bclozel changed the title Wrong credentials with Couchbase RBAC Use RBAC credentials for Couchbase cluster info Jan 2, 2020
@bclozel bclozel mentioned this issue Jan 3, 2020
Closed
@bclozel bclozel closed this as completed in 1320c44 Jan 3, 2020
@bclozel bclozel modified the milestones: 2.2.x, 2.2.3 Jan 3, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bclozel bclozel

Labels
type: bug A general bug
Projects
None yet
Milestone
2.2.3
Development

No branches or pull requests
3 participants
@bclozel @ideskov @spring-projects-issues