Creating RBAC user via Go SDK against Couchbase Server 5.0.0 build 2958

Go SDK
1

I’m trying to create an RBAC user with this code:

	roles := []gocb.UserRole{
		gocb.UserRole{
			Role:       "admin",
			BucketName: "test_data_bucket",
		},
	}
	userSettings := &gocb.UserSettings{
		Name: "test_data_bucket",
		Password: "password",
		Roles:    roles,
	}

	err = tbm.ClusterManager.UpsertUser(username, userSettings)
	if err != nil {
		log.Printf("Error UpsertUser: %v", err)
		return err
	}

and it’s giving me an error:

2017/05/30 14:47:33 Error UpsertUser: "Unknown user domain."

any idea how to pass a user domain?

When I create an RBAC user manually via the Couchbase Web UI, I see the user as shown with an “Authentication Domain” of “Couchbase”

2

Also, somewhat related question – is this code safe to run on Couchbase 4.X? If not, is there anything in the SDK to check the capabilities or version to see if RBAC users are supported?

3

What version of gocb are you using?

Looking at https://github.com/couchbase/gocb/blob/master/clustermgr.go#L302 all users created are ‘local’ users. However, quite recently the domain names were changed from ‘builtin’ to ‘local’ and ‘saslauthd’ to ‘external’ - see https://github.com/couchbase/ns_server/commit/f3ef314aa0b6e68da6558efcc6e320a4f232e3fe.

We can then see the relevant changes were made to gocb in https://github.com/couchbase/gocb/commit/f6b4cda035251147c4424668020c24fafdbddbca. If you’re using a version earlier than 1.2.3 (the tag for this commit) I would expect gocb to still be trying to create a ‘builtin’ user which the server would reject as it does not understand what ‘builtin’ is.

4

Oops, I forgot to mention the gocb version.

gocb: commit d5a64dd7982b3c07cb0675e995e249fa58cd92ff

gocb-core: 0dfef9335fa13e903afb34eec66471f1ba48fce2

I’ll retest on the 1.2.3 tag and post my results.

5

I bumped to:

gocb commit: bf740f17ea6cd6a1bbd5ca3583266c8f74692524 (v 1.2.3 tag)

gocb-core commit: 0dfef9335fa13e903afb34eec66471f1ba48fce2

and the error has changed to:

2017/05/31 10:10:39 Error UpsertUser: "Cannot assign roles to user because the following roles are unknown, malformed or role parameters are undefined: [admin[test_data_bucket]]"
--- FAIL: TestWriteCasXattrSimple (0.24s)
panic: Could not create bucket.  Spec: {Server:http://192.168.33.10:8091 PoolName: BucketName:test_data_bucket FeedType: Auth:{Username:test_data_bucket Password:password BucketName:test_data_bucket} CouchbaseDriver:GoCBCustomSGTranscoder MaxNumRetries:0 InitialRetrySleepTimeMS:0 UseXattrs:true} Err: "Cannot assign roles to user because the following roles are unknown, malformed or role parameters are undefined: [admin[test_data_bucket]]" [recovered]
	panic: Could not create bucket.  Spec: {Server:http://192.168.33.10:8091 PoolName: BucketName:test_data_bucket FeedType: Auth:{Username:test_data_bucket Password:password BucketName:test_data_bucket} CouchbaseDriver:GoCBCustomSGTranscoder MaxNumRetries:0 InitialRetrySleepTimeMS:0 UseXattrs:true} Err: "Cannot assign roles to user because the following roles are unknown, malformed or role parameters are undefined: [admin[test_data_bucket]]"

I should also mention that this is being called immediately after calling ClusterManager.InsertBucket()

I tried changing the role to “Admin” and go pretty much the same error:

2017/05/31 10:20:41 Error UpsertUser: "Cannot assign roles to user because the following roles are unknown, malformed or role parameters are undefined: [Admin[test_data_bucket]]"

6

Admin is a cluster-wide role and can’t be assigned to a bucket. You probably want bucket_admin[test_data_bucket].

7

Ok, thanks! I’ll give that a shot.