Project

General

Profile

Bug #50818

mgr/dashboard: No longer able to add SSO dashboard users from the cli

Added by Matt Wilder about 1 month ago. Updated about 1 month ago.

Status:
Need More Info
Priority:
Low
Category:
Component - Users & Roles
Target version:
% Done:

0%

Source:
Community (user)
Tags:
Backport:
Regression:
Yes
Severity:
4 - irritation
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

With Ceph octopus (specifically we were running v15.2.7, but I did not check
other versions), it was possible to programmatically add users to our ceph
dashboard with saml2 sso integration using the following command:

ceph dashboard ac-user-create -o /dev/null $n "" administrator "" "" --enabled --force-password

However with the release of Ceph Pacific this is no longer possible. The ceph
dashboard ac-user-create
command no longer takes a password on the command line,
instead requiring it be stored in a file and passed in with -i /path/to/passfile.

Unfortunately, you can no longer pass in an empty password using this mechanism, even with --force-password

# echo "" > /tmp/emptypass
# ceph dashboard ac-user-create test-empty-pw administrator --enabled --force-password -i /tmp/emptypass
Error EINVAL: Empty content: please add a password/secret to the file.

While it is possible to work around this by just generating a random password
string, doing so is cumbersome and could lead to confusion in the future.

It would be great if support for adding users without passwords was re-added to the cli.
Another option is to implement better support for saml2 sso integration so that the dashboard
understands the difference between both user types.

History

#1 Updated by Ernesto Puerta about 1 month ago

  • Status changed from New to Need More Info
  • Assignee set to Alfonso Martínez
  • Priority changed from Normal to Low
  • Target version set to v16.2.5
  • Severity changed from 3 - minor to 4 - irritation

Also available in: Atom PDF