Add support for Couchbase's role based access #16389
Conversation
|
@enesacikoglu Please sign the Contributor License Agreement! Click here to manually synchronize the status of this Pull Request. See the FAQ for frequently asked questions. |
|
@enesacikoglu Thank you for signing the Contributor License Agreement! |
snicoll
changed the title
spring-projects-issues
added
the
status: waiting-for-triage
|
@bsubhashni wondering if you have a bit of time to look at this one. |
|
Adding @dnault |
|
Hello, Waiting for review. Thanks |
|
@enesacikoglu please be patient, I've already triaged your PR and asked for some feedback from the Couchbase team. |
There was a problem hiding this comment.
@enesacikoglu Thank you. Support for Role Based Access Control (RBAC) is a much needed feature. Here are some notes.
| /** | ||
| * RoleBaseAccessEnable for support Couchbase bucket after version 5.0. | ||
| */ | ||
| private boolean roleBaseAccessEnabled = false; |
There was a problem hiding this comment.
Rather than requiring the user to explicitly enable RBAC, RABC should automtatically be enabled when the username is set.
There was a problem hiding this comment.
removed roleBaseAccessEnabled properties.
| /** | ||
| * Username of the bucket. | ||
| */ | ||
| private String userName = ""; |
There was a problem hiding this comment.
RBAC credentials are for the whole cluster, not just one bucket. Instead of adding the username to the bucket, please add username and password as top level properties of CouchbaseProperties. Note the capitalization; "username" is one word in this context, and should be all lowercase.
Please keep the separate bucket password for backwards compatibility with non-RBAC clusters.
There was a problem hiding this comment.
moved username and password to top level of properties.
| CouchbaseProperties.Bucket bucket = this.properties.getBucket(); | ||
| if (bucket.isRoleBaseAccessEnabled()) { | ||
| return couchbaseCluster.authenticate(bucket.getUserName(), | ||
| bucket.getPassword()); |
There was a problem hiding this comment.
Also need to change CouchbaseConfiguration.couchbaseClient() to call openBucket(bucket.name) if RBAC is enabled or openBucket(bucket.name, bucket.password) if RBAC is disabled. Otherwise the client will throw MixedAuthenticationException.
There was a problem hiding this comment.
Right thanks :)
added also here with RBAC control.
@dnault thanks for your kindly review and comments. Could you review again ? |
| CouchbaseCluster couchbaseCluster = CouchbaseCluster | ||
| .create(couchbaseEnvironment(), determineBootstrapHosts()); | ||
| if (this.properties.getUsername() != null | ||
| && this.properties.getPassword() != null) { |
There was a problem hiding this comment.
The username and password properties are initialized to empty string (""). Will they ever be null? A better check might be .isEmpty().
There was a problem hiding this comment.
Opps how can ı miss 👎 Thanks for your awesome attention
| @@ -79,6 +86,10 @@ public ClusterInfo couchbaseClusterInfo() { | |||
| @Bean | |||
| @Primary | |||
| public Bucket couchbaseClient() { | |||
| if (this.properties.getUsername().isEmpty() | |||
| || this.properties.getPassword().isEmpty()) { | |||
| return couchbaseCluster().openBucket(this.properties.getBucket().getName()); | |||
There was a problem hiding this comment.
This condition should be inverted. If RBAC username or password are empty we should call the openBucket method that takes a bucket password.
Sorry if I missed this earlier.
There was a problem hiding this comment.
This condition should be inverted. If RBAC
usernameorpasswordare empty we should call the openBucket method that takes a bucket password.Sorry if I missed this earlier.
Thanks. I inverted it. 👍
There was a problem hiding this comment.
@enesacikoglu Thank you, nice work.
@snicoll Couchbase approves the code change. Is there documentation that needs to be updated?
snicoll
added
type: enhancement
snicoll
changed the title
* pr/16389: Polish "Add support for Couchbase's role-based access" Add support for Couchbase's role-based access
|
@enesacikoglu thanks for making your first contribution to Spring Boot. This is now merged with a polish commit. In particular, I didn't like that username and password are set to blank and that the condition that checks if RBA is enabled wasn't shared. There are now
|
@dnault in the future, please feel free to reach out to us if there are changes in Couchbase that require a change on our side. Thanks! |
|
Congrats @enesacikoglu |
Couchbase role-based access for bucket released after version 5.X.But ,there is no configuration support for Spring Data Couchbase auto configuration after couchbase version 5.X takes username for authentication.
Related problem as linked below;
https://stackoverflow.com/questions/47169384/couchbase-bucket-authentication-error
So, I added username to couchbase properties to solve problem.