Skip to content

Add support for Couchbase's role based access #16389

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 9 commits into from
Closed

Add support for Couchbase's role based access #16389

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
7f81cc1
#16388 couchbase 5.x and later auth
Mar 29, 2019
91c798b
#16388 javadoc added
Mar 29, 2019
67270fd
#16388 checkstyle fixs
Mar 29, 2019
74f8f57
#16388 rolebaseacces properties added for new couchbase client
Mar 30, 2019
e0aeb65
#16388 review fixs
Apr 9, 2019
e772ad0
Merge remote-tracking branch 'upstream/master' into feature/16388
Apr 9, 2019
f098f02
#16388 null check fix
Apr 9, 2019
38df10b
#16388 fix openbucket on RBAC
Apr 10, 2019
8e19ebd
Merge remote-tracking branch 'upstream/master' into feature/16388
Apr 10, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 8 additions & 1 deletion ...rc/main/java/org/springframework/boot/autoconfigure/couchbase/CouchbaseConfiguration.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,14 @@ public DefaultCouchbaseEnvironment couchbaseEnvironment() {
@Bean
@Primary
public Cluster couchbaseCluster() {
return CouchbaseCluster.create(couchbaseEnvironment(), determineBootstrapHosts());
CouchbaseCluster couchbaseCluster = CouchbaseCluster
.create(couchbaseEnvironment(), determineBootstrapHosts());
CouchbaseProperties.Bucket bucket = this.properties.getBucket();
if (bucket.isRoleBaseAccessEnabled()) {
return couchbaseCluster.authenticate(bucket.getUserName(),
bucket.getPassword());
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also need to change CouchbaseConfiguration.couchbaseClient() to call openBucket(bucket.name) if RBAC is enabled or openBucket(bucket.name, bucket.password) if RBAC is disabled. Otherwise the client will throw MixedAuthenticationException.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right thanks :)
added also here with RBAC control.

}
return couchbaseCluster;
}

/**
Expand Down
27 changes: 26 additions & 1 deletion ...e/src/main/java/org/springframework/boot/autoconfigure/couchbase/CouchbaseProperties.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package org.springframework.boot.autoconfigure.couchbase;

import java.time.Duration;
Expand Down Expand Up @@ -70,6 +69,16 @@ public static class Bucket {
*/
private String password = "";

/**
* Username of the bucket.
*/
private String userName = "";
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

RBAC credentials are for the whole cluster, not just one bucket. Instead of adding the username to the bucket, please add username and password as top level properties of CouchbaseProperties. Note the capitalization; "username" is one word in this context, and should be all lowercase.

Please keep the separate bucket password for backwards compatibility with non-RBAC clusters.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

moved username and password to top level of properties.


/**
* RoleBaseAccessEnable for support Couchbase bucket after version 5.0.
*/
private boolean roleBaseAccessEnabled = false;
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rather than requiring the user to explicitly enable RBAC, RABC should automtatically be enabled when the username is set.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

removed roleBaseAccessEnabled properties.


public String getName() {
return this.name;
}
Expand All @@ -86,6 +95,22 @@ public void setPassword(String password) {
this.password = password;
}

public String getUserName() {
return this.userName;
}

public void setUserName(String userName) {
this.userName = userName;
}

public boolean isRoleBaseAccessEnabled() {
return this.roleBaseAccessEnabled;
}

public void setRoleBaseAccessEnabled(boolean roleBaseAccessEnabled) {
this.roleBaseAccessEnabled = roleBaseAccessEnabled;
}

}

public static class Env {
Expand Down