MB-69379 Add --stage to xdcr-setup

Adds secondary credentials for if the primary ones start failing.

Change-Id: I6a6a636c9dd61fa63ef6065e46991cd60da6fb73
Reviewed-on: https://review.couchbase.org/c/couchbase-cli/+/236609
Tested-by: Build Bot <build@couchbase.com>
Reviewed-by: Safian Ali <safian.ali@couchbase.com>

Author: matthallcb

cbmgr.py

@@ -5297,6 +5297,8 @@ def __init__(self):
                            default=False, help="Set the local read-only user")
         group.add_argument("--list", dest="list", action="store_true",
                            default=False, help="List all XDCR remote references")
+        group.add_argument("--stage", dest="stage", action="store_true",
+                           default=False, help="Set the staged credentials")
         group.add_argument("--xdcr-cluster-name", dest="name", metavar="<name>",
                            help="The name for the remote cluster reference")
         group.add_argument("--xdcr-hostname", dest="hostname", metavar="<hostname>",
@@ -5322,13 +5324,16 @@ def __init__(self):
 
     @rest_initialiser(cluster_init_check=True, version_check=True)
     def execute(self, opts):
-        actions = sum([opts.create, opts.delete, opts.edit, opts.list])
+        actions = sum([opts.create, opts.delete, opts.edit, opts.list, opts.stage])
         if actions == 0:
-            _exit_if_errors(["Must specify one of --create, --delete, --edit, --list"])
+            _exit_if_errors(["Must specify one of --create, --delete, --edit, --stage, --list"])
         elif actions > 1:
-            _exit_if_errors(["The --create, --delete, --edit, --list flags may not be specified at the same time"])
+            _exit_if_errors(
+                ["The --create, --delete, --edit, --stage, --list flags may not be specified at the same time"])
         elif opts.create or opts.edit:
             self._set(opts)
+        elif opts.stage:
+            self._stage(opts)
         elif opts.delete:
             self._delete(opts)
         elif opts.list:
@@ -5397,6 +5402,33 @@ def _set(self, opts):
             _exit_if_errors(errors)
             _success("Cluster reference edited")
 
+    def _stage(self, opts):
+        if opts.name is None:
+            _exit_if_errors(['--xdcr-cluster-name is required to stage credentials on a cluster connection'])
+
+        total = sum(1 if x else 0 for x in [opts.r_username, opts.r_password, opts.r_key, opts.r_certificate])
+        if total != 2:
+            _exit_if_errors(['exactly one of --xdcr-username/--xdcr-password and ' +
+                             '--xdcr-user-certificate/--xdcr-user-key must be specified'])
+
+        if (opts.r_username and opts.r_password is None) or (opts.r_username is None and opts.r_password):
+            _exit_if_errors(['-xdcr-username and --xdcr-password must be specified together'])
+
+        if (opts.r_key and opts.r_certificate is None) or (opts.r_key is None and opts.r_certificate):
+            _exit_if_errors(['-xdcr-user-certificate and --xdcr-user-key must be specified together'])
+
+        raw_user_key = None
+        if opts.r_key:
+            raw_user_key = _exit_on_file_read_failure(opts.r_key)
+        raw_user_cert = None
+        if opts.r_certificate:
+            raw_user_cert = _exit_on_file_read_failure(opts.r_certificate)
+
+        _, errors = self.rest.stage_creds_on_xdcr_reference(opts.name, opts.r_username, opts.r_password, raw_user_cert,
+                                                            raw_user_key)
+        _exit_if_errors(errors)
+        _success("Credentials for cluster reference staged")
+
     def _delete(self, opts):
         if opts.name is None:
             _exit_if_errors(["--xdcr-cluster-name is required to delete a cluster connection"])

cluster_manager.py

@@ -92,6 +92,12 @@ def __init__(self, service):
         Exception.__init__(self, f'Service {service} not available in target cluster')
 
 
+class SetXDCRReferenceMode(Enum):
+    CREATE = 1
+    EDIT = 2
+    STAGE = 3
+
+
 class ClusterManager(object):
     """A set of REST API's for managing a Couchbase cluster"""
 
@@ -2104,25 +2110,31 @@ def retrieve_client_cert_auth(self):
 
     def create_xdcr_reference(self, name, hostname, hostname_external, username, password, encrypted,
                               encryption_type, certificate, client_certificate, client_key):
-        return self._set_xdcr_reference(False, name, hostname, hostname_external, username,
+        return self._set_xdcr_reference(SetXDCRReferenceMode.CREATE, name, hostname, hostname_external, username,
                                         password, encrypted, encryption_type,
                                         certificate, client_certificate, client_key)
 
     def edit_xdcr_reference(self, name, hostname, hostname_external, username, password, encrypted,
                             encryption_type, certificate, client_certificate, client_key):
-        return self._set_xdcr_reference(True, name, hostname, hostname_external, username,
+        return self._set_xdcr_reference(SetXDCRReferenceMode.EDIT, name, hostname, hostname_external, username,
                                         password, encrypted, encryption_type,
                                         certificate, client_certificate, client_key)
 
-    def _set_xdcr_reference(self, edit, name, hostname, hostname_external, username, password,
+    def stage_creds_on_xdcr_reference(self, name, username, password, client_certificate, client_key):
+        return self._set_xdcr_reference(SetXDCRReferenceMode.STAGE, name, None, None, username, password, None, None,
+                                        None, client_certificate, client_key)
+
+    def _set_xdcr_reference(self, mode, name, hostname, hostname_external, username, password,
                             encrypted, encryption_type, certificate, client_certificate, client_key):
         url = f'{self.hostname}/pools/default/remoteClusters'
         params = {}
 
-        if edit:
+        if mode == SetXDCRReferenceMode.EDIT or mode == SetXDCRReferenceMode.STAGE:
             url += f'/{urllib.parse.quote(name)}'
+        if mode == SetXDCRReferenceMode.STAGE:
+            params["stage"] = 'true'
 
-        if name is not None:
+        if name is not None and mode != SetXDCRReferenceMode.STAGE:
             params["name"] = name
         if hostname is not None:
             params["hostname"] = hostname

docs/modules/cli/pages/cbcli/couchbase-cli-xdcr-setup.adoc

@@ -14,7 +14,7 @@ Manage references to remote clusters
 [verse]
 _couchbase-cli xdcr-setup_ [--cluster <url>] [--username <user>] [--password <password>]
     [--client-cert <path>] [--client-cert-password <password>] [--client-key <path>]
-    [--client-key-password <password>] [--create] [--delete] [--edit] [--list]
+    [--client-key-password <password>] [--create] [--delete] [--edit] [--list] [--stage]
     [--xdcr-cluster-name <name>] [--xdcr-hostname <hostname>] [--xdcr-hostname-external]
     [--xdcr-username <username>] [--xdcr-password <password>]
     [--xdcr-user-certificate <path>] [--xdcr-user-key <path>]
@@ -38,6 +38,9 @@ include::{partialsdir}/cbcli/part-common-options.adoc[]
 --edit::
   Edits an XDCR remote reference.
 
+--stage::
+  Adds staged credentials to the XDCR remote reference.
+
 --list::
   List all XDCR remote references.
 
@@ -84,7 +87,7 @@ To create a new remote reference to a Couchbase cluster named "east" run the
 following command.
 
   $ couchbase-cli xdcr-setup -c 192.168.1.5 -u Administrator \
-   -p password --create --xdcr-cluster-name east --xdcr-hostname 192.168.1.6
+   -p password --create --xdcr-cluster-name east --xdcr-hostname 192.168.1.6 \
    --xdcr-username Administrator --xdcr-password password
 
 If the new remote reference should always be encrypted then make sure to enable
@@ -104,12 +107,20 @@ If you need to edit a cluster references named "east" and change the password
 run the following command.
 
   $ couchbase-cli xdcr-setup -c 192.168.1.5 -u Administrator \
-   -p password --edit --xdcr-cluster-name east --xdcr-hostname 192.168.1.6
+   -p password --edit --xdcr-cluster-name east --xdcr-hostname 192.168.1.6 \
    --xdcr-username Administrator --xdcr-password new_password
 
 Note in the above example that you need to specify all of the current unchanging
 configuration parameters also to avoid them being reset to defaults.
 
+Remote references can have "staged" credentials which are used if the first set
+start failing. Username and password or client certificate and key can be passed.
+These can be set like so.
+
+  $ couchbase-cli xdcr-setup -c 192.168.1.5 -u Administrator \
+   -p password --stage --xdcr-cluster-name east \
+   --xdcr-username Admin2 --xdcr-password password
+
 If you no longer need an XDCR remote reference then you can delete it. We should
 this below using the "east" remote reference as an example.
 

test/test_cli.py

@@ -3133,6 +3133,12 @@ def test_edit_xdcr_cert(self):
                            f'clientCertificate={contents}', f'clientKey={contents}', f'certificate={contents}']
         self.rest_parameter_match(expected_params)
 
+    def test_stage_xdcr(self):
+        self.no_error_run(self.command + ['--stage'] + self.cmd_args_without_hostname, self.server_args)
+        self.assertIn('POST:/pools/default/remoteClusters/name', self.server.trace)
+        expected_params = ['stage=true', 'username=username', 'password=pwd']
+        self.rest_parameter_match(expected_params)
+
     def test_list_xdcr(self):
         self.server_args['remote-clusters'] = [{'name': 'name', 'uuid': '1', 'hostname': 'host', 'username': 'user',
                                                 'uri': 'uri', 'deleted': False, 'stage': {'username': 'other-user'}}]