Sync Gateway querying roles returns "not_found" "reason":"missing"

I have been trying to query the roles on my sync gateway and I think something happened with one of my commands. I can still authenticate ok with the existing roles, but when I try to query them for details I get an error.

I was able to successfully query roles with:

GET <hostname>/<db>/_role/<role name>

which would return the role name, admin_channels, and all_channels. I added a new role as a test, was able to query it with the above GET request, then tried deleting it with:

DELETE <hostname>/<db>/_role

This seemed to work since when I did the GET request again it said {“error”:“not_found”, “reason”:“missing”}. I then tried to query a list of user roles with:

GET <hostname>/<db>/_role

There isn’t any real documentation on the _role urls, so I was just guessing with this one and figured a GET request couldn’t cause anything to happen on the server. But the result was:

<a href="/todos/_role/">Moved Permanently</a>

I then tried querying one of our normal roles that I knew still existed with the first GET request above and got {“error”:“not_found”, “reason”:“missing”}. I can see that new users are still being created ok with the role I queried though, and our authentication is still all working fine. So does anyone know what happened to make the normal GET request URL for roles not work, and how I query user roles now?

Your call to delete the role above didn’t include the role name, I assume you actually used something like this, which would work as you described:

DELETE <hostname>/<db>/_role/<role name>

The ‘moved permanently’ response is because the request to get all roles expects the trailing slash (as seen in the link provided in the response) - try:

GET <hostname>/<db>/_role/

I can’t say for sure why the subsequent query for one of the ‘normal’ roles failed, though. As you say, it sounds like the role still exists based on your other functionality. I tried the following sequence (using httpie) against a sync gateway running on localhost, and everything worked as expected:

http PUT localhost:4985/default/_role/role1 name=role1
http PUT localhost:4985/default/_role/role2 name=role2
http GET localhost:4985/default/_role/
  response: ["role1","role2"]
http DELETE localhost:4985/default/_role/role1
http GET localhost:4985/default/_role/
  response: ["role2"]
http GET localhost:4985/default/_role/role2
  response: {"name":"role2","all_channels":["!"]}

Let me know if there’s something about your use case different than what I’ve got above.

Thanks,
Adam

Sorry, I had a typo in my question. The delete command had the role name specified after the slash. I tried GET <hostname>/<db>/_role/ and it returned an empty array. I can see that users all still have the correct roles though, and that new users are created with the correct roles.

I tested on my local DB and then realized that I never explicitly created those roles when I setup my local DB. So I checked with another dev and we realized we never created the roles on the server I was working on. Everything worked properly without the roles created though. We were able to assign those roles to users and check if they had the role with requireRole() in our sync function.

Thanks for the help and sorry for the false alarm!