Malformed creation statements are not caught.

[fhitchen]

If you create a role with a malformed creation statement, the plugin does not reject it. Subsequent requests to retrieve credentials result in the creation of an account with no roles. This example is wrong...

vault write database/roles/my-couchbase-admin-role db_name=my-couchbase default_ttl="5m" max_ttl="1h" \
         creation_statements='{"roles":[{"name":"ro_admin"}]}'

It should be formatted like so...

vault write database/roles/my-couchbase-admin-role db_name=my-couchbase default_ttl="5m" max_ttl="1h" 
         creation_statements='{"roles":[{"role":"ro_admin"}]}'

[raskchanky]

The \ at the end of the first line signals to the shell that the second line is a continuation of the first. As far as I know, most shells require a \ to be present in a multi-line statement, otherwise the second line is treated like an independent command, which in this case isn't valid. I'm guessing the \ is present so you can copy/paste the example into your terminal and expect it to work.

I'm going to close this for now, as I don't think there's anything for us to do here, but feel free to reopen it if you have additional information to add.

[fhitchen]

No please don't close. I was going to fix this, it is a real bug, nothing to do with backslashes. The JSON creation statement creation_statements='{"roles":[{"role":"ro_admin"}]}' is incorrect and the plugin does not catch it. Please leave it open and assign to me to fix, ok?

[raskchanky]

Ah, my mistake. I didn't realize there was a legitimate bug here - I thought the only issue was the formatting of the example code. You're most welcome to work on fixing the issue.

[fairclothjm]

@fhitchen

I copied the creation statement creation_statements='{"roles":[{"name":"ro_admin"}]}' and tested this out but I am not able to reproduce the issue. If you are still seeing issues can you please reopen and provide more information?