[MB-7381] [2.0.1RN]REST API for flush requires admin credentials while it makes sense to allow it with bucket credentials Created: 07/Dec/12  Updated: 14/Jan/13  Resolved: 14/Jan/13

Status: Resolved
Project: Couchbase Server
Component/s: ns_server
Affects Version/s: 2.0
Fix Version/s: 2.0.1
Security Level: Public

Type: Bug Priority: Critical
Reporter: Aleksey Kondratenko Assignee: Aliaksey Artamonau
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Dependency
blocks JCBC-173 flush will not work owing to MB-7381 Resolved
Flagged:
Release Note

 Description   
SUBJ.

Matt convinced me that indeed we did it wrong:

<alkby> I believe 1.7 and 1.6 always demanded admin
<alkby> and 1.8 too
<ingenthr> that's a real problem from a client perspective, since someone using a client is just using a bucket
<alkby> right but flush is a very destructive operation
<ingenthr> if buckets are in fact about multitenancy, then the tenant should be able to throw away their contents
<ingenthr> yep, I know. :)
<alkby> for unit tests you set it up for bucket with admin credentials
<alkby> well, tenant is good argument
<ingenthr> this means it's not functionally equivalent to memcached flush though, and that was the whole point of MB-5170
<ingenthr> that we couldn't do memcached flush safely, so we'd replace it with RESTful flush
<alkby> you're right
<alkby> lets file a bug and address it asap. Thanks for raising this
<ingenthr> but if restful flush is different semantically (you can flush this only with super creds)
<ingenthr> okay, will do, thanks
<alkby> I'll file bug



 Comments   
Comment by Farshid Ghods (Inactive) [ 10/Dec/12 ]
per bug scrub - deferring to 2.1
Comment by Matt Ingenthron [ 10/Dec/12 ]
2.1? So we'll leave this broken for the remainder of 2.0.x? There's no API breakage in fixing it in 2.0.x that I'm aware of.
Comment by Aleksey Kondratenko [ 10/Dec/12 ]
IMHO clearly not 2.0.1 but good fit for 2.0.2
Comment by Matt Ingenthron [ 21/Dec/12 ]
Note that there was a request around this area and a workaround mentioned for the Java client mentioned here:

http://www.couchbase.com/forums/thread/flush-gui-works-not-spy-memcached
Comment by Dipti Borkar [ 10/Jan/13 ]
Karen, Note that we will need a documentation change for this bug in 2.0.1.

Comment by kzeller [ 11/Jan/13 ]
Nominating for 2.0.1 RN
Comment by Aleksey Kondratenko [ 14/Jan/13 ]
Dipti said it's a good to have for 2.0.1, please help me with backporting.
Comment by Aliaksey Artamonau [ 14/Jan/13 ]
http://review.couchbase.org/23930
Merged to 2.0.1.
Comment by kzeller [ 14/Jan/13 ]
Note: Add to 2.0.1 Release Notes
Generated at Mon Jul 14 04:57:54 CDT 2014 using JIRA 5.2.4#845-sha1:c9f4cc41abe72fb236945343a1f485c2c844dac9.