After reading through the documentation, there doesnt appear to be a way to get a list of active_connections by user. We are working on some password rotation automation, and it would be very useful to ensure there are no active connections for a given user before rotating the password.
Currently mcstat or cbstats only give curr_connections , but there is no breakdown by user
/settings/rbac/users via the REST API gives password_change_date, but not active connections
If not available via any API currently, is there a N1QL command that would get this information?
Hey @marzlarz, unfortunately I don’t think it’s going to be possible to get this. Mainly because there isn’t really a notion of “active connections” in Couchbase…everything is stateless.
One exception to this is on the data service where most SDKs maintain an open TCP connection to the data service nodes in order to avoid the network overhead of opening a new connection each time. (I say most because it depends a bit on your application implementation as well as the SDK itself. Java does it very well, PHP not so much )
It’s not a perfect solution, but one approach to your question might be to get a list of IP addresses that are connected to your dataservice nodes on either port 11210 (non-TLS) or 11207 (TLS) and then review the applications that are running on those clients. Unfortunately this also won’t give you a specific user because it’s possible to have multiple users running over the same TCP connection.
Another approach would be to enable auditing for some/all activity and reviewing after a little while to see which users have performed activity recently. I believe you could also use this to audit failed authentication attempts which would give you some visibility into any issues after you do rotate the passwords. Auditing | Couchbase Docs