Gocb/v2 v2.1.0 UpsertUser malformed or underfined role parameters

Couchbase Server
1

Hi,
I am trying to create a user with the ro_admin role using the latest gocb client.

I can see the ro_admin role when I call UserManager.GetRoles and I can also create a user using the cli john doe example with just the single global role.

	user := gocb.User{
		Username: username,
		DisplayName: usernameConfig.DisplayName,
		Password: password,
		Roles: []gocb.Role{
			{
				Name: "ro_admin",
			},
		},
	}
		
	err = mgr.UpsertUser(user,
		&gocb.UpsertUserOptions{
			DomainName: "local",
		})

I always get the error…

couchbase_test.go:140: err: {"errors":{"roles":"Cannot assign roles to user because the following roles are unknown, malformed or role parameters are undefined: [ro_admin[]]"}} | {"unique_id":"157521e8-de25-4a23-b76b-fb7164a6b006","endpoint":"http://localhost:8091"}

If I create a user with a role that requires a bucket: name such as “bucket_admin” everything works fine.

Any pointers as to what I am doing wrong? I am using Enterprise Edition 6.5.1 build 6299 ‧ IPv4 © 2020 Couchbase, Inc.

2

After a bit of Wiresharking I have come to the conclusion that it is a bug in the gocb client. The cluster_usermgr.go UpsertUser code just does not handle the case where the Role does not need a bucket and always appends an empty “”.

So instead of just

                    reqRoleStrs = append(reqRoleStrs, fmt.Sprintf("%s[%s]", roleData.Name, roleData.Bucket))

There should be a check to see if the Bucket: is empty…

            if roleData.Bucket == "" {
                reqRoleStrs = append(reqRoleStrs, fmt.Sprintf("%s", roleData.Name))
            } else {
                reqRoleStrs = append(reqRoleStrs, fmt.Sprintf("%s[%s]", roleData.Name, roleData.Bucket))
         }

This is not a full fix as it won’t handle a Role structure where there are a combination of multiple global roles and bucket specific Roles.

3

Sorry for missing this @Francis_Hitchens, thank you for both finding and fixing the issue. I’ve updated testing to upsert a user with a combination of global and bucket specific roles :slight_smile: