Sample Code

The Go SDK now lets you create users, assign them roles and associated privileges, and remove them from the system.

User-Management APIs

Users who have been assigned the Admin role for the cluster are able to create, edit, and remove users. The Go SDK provides APIs to support these activities. A high-level summary of the APIs can be found in User-Management.

Go User-Management Example

The following code-example demonstrates how the user-management APIs can be used. It assumes that Couchbase Server is established on localhost; that the Full Administrator username and password are Administrator and password respectively; and that the travel-sample bucket is installed. For information on installing the travel-sample bucket, see Sample Buckets.

Use of the Full Administrator username and password gives an application complete access to all resources within the Couchbase Server-environment: use of the Full Administrator username and password may therefore be useful during code-development. However, for production purposes, the Full Administrator username and password should only be used when absolutely essential: in all other circumstances, the specified username and password should correspond to some lesser role, which appropriately delimits access to server-resources. Creation of such a role, and the establishment of its associated username and password, is demonstrated in the following code-example.
package main

import (
    "github.com/couchbase/gocb"
    "log"
    "time"
)

func main() {
    // Access the cluster that is running on the local host, authenticating with
    // the username and password of the Full Administrator. This
    // provides all privileges.
    cluster, err := gocb.Connect("couchbase://localhost")
    if err != nil {
        panic(err)
}

    // Authenticate to the cluster
    log.Printf("Authenticating as administrator.")
    cluster.Authenticate(gocb.PasswordAuthenticator{
    "Administrator",
    "password"})

    // Create a user and assign roles.
    log.Printf("Upserting new user.")
    userSettings := gocb.UserSettings{
        Password: "cbtestuserpwd",
        Roles: []gocb.UserRole{
            // Roles required for the reading of data from the bucket.
            {"data_reader", "travel-sample"},
            {"query_select", "travel-sample"},
            // Roles required for the writing data into the bucket.
            {"data_writer", "travel-sample"},
            {"query_insert", "travel-sample"},
            {"query_delete", "travel-sample"},
            // Role required for the creation of indexes on the bucket.
            {"query_manage_index", "travel-sample"},
        },
    }
    err = cluster.Manager("", "").UpsertUser("cbtestuser", &userSettings)
    if err != nil {
        panic(err)
    }

    time.Sleep(100 * time.Millisecond)

    // List current users
    users, err := cluster.Manager("","").GetUsers()
    if err != nil {
        panic(err)
    }
    for i, user := range users {
        log.Printf("")
        log.Printf("USER # %d", i)

        if user.Name != "" {
            log.Printf("Users name is: %s", user.Name)
        }

        log.Printf("Users id is: %s", user.Id)
        //log.Printf("Users domain is: %s", user.Domain)

        for _, role := range user.Roles {
            log.Printf("User has the role: %s, for bucket %s", role.Role, role.BucketName)
        }
        log.Printf("")
    }

    // Access the cluster that is running on the local host, specifying
    // the username and password already assigned by the administrator
    log.Printf("Authenticating as user")
    cluster.Authenticate(gocb.PasswordAuthenticator{
        "cbtestuser",
        "cbtestuserpwd",
    })

    // Open a known, existing bucket (created by the administrator).
    log.Printf("Opening travel-sample bucket as user")
    travelSample, err := cluster.OpenBucket("travel-sample", "")
    if err != nil {
        panic(err)
    }

    // Create a N1QL Primary Index (but ignore if one already exists).
    err = travelSample.Manager("", "").CreatePrimaryIndex("", true, false)
    if err != nil {
        panic(err)
    }

    // Read out a known, existing document within the bucket (created
    // by the administrator).
    log.Printf("Reading out airline_10 document")
    var airline10doc interface{}
    _, err = travelSample.Get("airline_10", &airline10doc)
    if err != nil {
        panic(err)
    }
    log.Printf("Found: %+v", airline10doc)

    // Create a new document.
    log.Printf("Creating new document as user.")
    airlineObj := map[string]interface{}{
        "callsign": "MILE-AIR",
        "iata": "Q5",
        "icao": "MLA",
        "id": 11,
        "name": "40-Mile Air",
        "type": "airline",
    }

    // Upsert the document to the bucket
    log.Printf("Upserting new document as user.")
    _, err = travelSample.Upsert("airline_11", airlineObj, 0)
    if err != nil {
        panic(err)
    }

    log.Printf("Reading out ariline11 document as user.")
    var airline11doc interface{}
    _, err = travelSample.Get("airline_11", &airline11doc)
    if err != nil {
        panic(err)
    }
    log.Printf("Found: %+v", airline11doc)


    // Perform a N1QL Query.
    log.Printf("Performing query as user.")
    q := gocb.NewN1qlQuery("SELECT * FROM `travel-sample` LIMIT 5")
    rows, err := travelSample.ExecuteN1qlQuery(q, nil)
    if err != nil {
        panic(err)
    }

    log.Printf("Query-results are:")
    // Print each row returned by the query.
    var row interface{}
    for rows.Next(&row) {
        log.Printf("%+v", row)
}

    // Access the cluster that is running on the local host, authenticating with
    // the username and password of the Full Administrator. This
    // provides all privileges.
    log.Printf("Re-authenticating as administrator.")
    cluster.Authenticate(gocb.PasswordAuthenticator{
        "Administrator",
        "password"})

    // Remove known user.
    log.Printf("Removing user as administrator.")
    userToBeRemoved := "cbtestuser"
    err = cluster.Manager("", "").RemoveUser(userToBeRemoved)
    if err != nil {
        log.Printf("Could not delete user %s: %s", userToBeRemoved, err)
    } else {
        log.Printf("Deleted user %s", userToBeRemoved)
    }

}