Sample Code
The Go SDK now lets you create users, assign them roles and associated privileges, and remove them from the system.
User-Management APIs
Users who have been assigned the Admin role for the cluster are able to create, edit, and remove users. The Go SDK provides APIs to support these activities. A high-level summary of the APIs can be found in User-Management.
Go User-Management Example
The following code-example demonstrates how the user-management APIs can be used.
It assumes that Couchbase Server is established on localhost
; that the Full Administrator username and password are Administrator
and password
respectively; and that the travel-sample
bucket is installed.
For information on installing the travel-sample
bucket, see Sample Buckets.
Use of the Full Administrator username and password gives an application complete access to all resources within the Couchbase Server-environment: use of the Full Administrator username and password may therefore be useful during code-development. However, for production purposes, the Full Administrator username and password should only be used when absolutely essential: in all other circumstances, the specified username and password should correspond to some lesser role, which appropriately delimits access to server-resources. Creation of such a role, and the establishment of its associated username and password, is demonstrated in the following code-example. |
package main
import (
"github.com/couchbase/gocb"
"log"
"time"
)
func main() {
// Access the cluster that is running on the local host, authenticating with
// the username and password of the Full Administrator. This
// provides all privileges.
cluster, err := gocb.Connect("couchbase://localhost")
if err != nil {
panic(err)
}
// Authenticate to the cluster
log.Printf("Authenticating as administrator.")
cluster.Authenticate(gocb.PasswordAuthenticator{
"Administrator",
"password"})
// Create a user and assign roles.
log.Printf("Upserting new user.")
userSettings := gocb.UserSettings{
Password: "cbtestuserpwd",
Roles: []gocb.UserRole{
// Roles required for the reading of data from the bucket.
{"data_reader", "travel-sample"},
{"query_select", "travel-sample"},
// Roles required for the writing data into the bucket.
{"data_writer", "travel-sample"},
{"query_insert", "travel-sample"},
{"query_delete", "travel-sample"},
// Role required for the creation of indexes on the bucket.
{"query_manage_index", "travel-sample"},
},
}
err = cluster.Manager("", "").UpsertUser("cbtestuser", &userSettings)
if err != nil {
panic(err)
}
time.Sleep(100 * time.Millisecond)
// List current users
users, err := cluster.Manager("","").GetUsers()
if err != nil {
panic(err)
}
for i, user := range users {
log.Printf("")
log.Printf("USER # %d", i)
if user.Name != "" {
log.Printf("Users name is: %s", user.Name)
}
log.Printf("Users id is: %s", user.Id)
//log.Printf("Users domain is: %s", user.Domain)
for _, role := range user.Roles {
log.Printf("User has the role: %s, for bucket %s", role.Role, role.BucketName)
}
log.Printf("")
}
// Access the cluster that is running on the local host, specifying
// the username and password already assigned by the administrator
log.Printf("Authenticating as user")
cluster.Authenticate(gocb.PasswordAuthenticator{
"cbtestuser",
"cbtestuserpwd",
})
// Open a known, existing bucket (created by the administrator).
log.Printf("Opening travel-sample bucket as user")
travelSample, err := cluster.OpenBucket("travel-sample", "")
if err != nil {
panic(err)
}
// Create a N1QL Primary Index (but ignore if one already exists).
err = travelSample.Manager("", "").CreatePrimaryIndex("", true, false)
if err != nil {
panic(err)
}
// Read out a known, existing document within the bucket (created
// by the administrator).
log.Printf("Reading out airline_10 document")
var airline10doc interface{}
_, err = travelSample.Get("airline_10", &airline10doc)
if err != nil {
panic(err)
}
log.Printf("Found: %+v", airline10doc)
// Create a new document.
log.Printf("Creating new document as user.")
airlineObj := map[string]interface{}{
"callsign": "MILE-AIR",
"iata": "Q5",
"icao": "MLA",
"id": 11,
"name": "40-Mile Air",
"type": "airline",
}
// Upsert the document to the bucket
log.Printf("Upserting new document as user.")
_, err = travelSample.Upsert("airline_11", airlineObj, 0)
if err != nil {
panic(err)
}
log.Printf("Reading out ariline11 document as user.")
var airline11doc interface{}
_, err = travelSample.Get("airline_11", &airline11doc)
if err != nil {
panic(err)
}
log.Printf("Found: %+v", airline11doc)
// Perform a N1QL Query.
log.Printf("Performing query as user.")
q := gocb.NewN1qlQuery("SELECT * FROM `travel-sample` LIMIT 5")
rows, err := travelSample.ExecuteN1qlQuery(q, nil)
if err != nil {
panic(err)
}
log.Printf("Query-results are:")
// Print each row returned by the query.
var row interface{}
for rows.Next(&row) {
log.Printf("%+v", row)
}
// Access the cluster that is running on the local host, authenticating with
// the username and password of the Full Administrator. This
// provides all privileges.
log.Printf("Re-authenticating as administrator.")
cluster.Authenticate(gocb.PasswordAuthenticator{
"Administrator",
"password"})
// Remove known user.
log.Printf("Removing user as administrator.")
userToBeRemoved := "cbtestuser"
err = cluster.Manager("", "").RemoveUser(userToBeRemoved)
if err != nil {
log.Printf("Could not delete user %s: %s", userToBeRemoved, err)
} else {
log.Printf("Deleted user %s", userToBeRemoved)
}
}