Bug #50818
openmgr/dashboard: No longer able to add SSO dashboard users from the cli
0%
Description
With Ceph octopus (specifically we were running v15.2.7, but I did not check
other versions), it was possible to programmatically add users to our ceph
dashboard with saml2 sso integration using the following command:
ceph dashboard ac-user-create -o /dev/null $n "" administrator "" "" --enabled --force-password
However with the release of Ceph Pacific this is no longer possible. The ceph
command no longer takes a password on the command line,
dashboard ac-user-create
instead requiring it be stored in a file and passed in with -i /path/to/passfile
.
Unfortunately, you can no longer pass in an empty password using this mechanism, even with --force-password
# echo "" > /tmp/emptypass # ceph dashboard ac-user-create test-empty-pw administrator --enabled --force-password -i /tmp/emptypass Error EINVAL: Empty content: please add a password/secret to the file.
While it is possible to work around this by just generating a random password
string, doing so is cumbersome and could lead to confusion in the future.
It would be great if support for adding users without passwords was re-added to the cli.
Another option is to implement better support for saml2 sso integration so that the dashboard
understands the difference between both user types.
Updated by Ernesto Puerta almost 3 years ago
- Status changed from New to Need More Info
- Assignee set to Alfonso Martínez
- Priority changed from Normal to Low
- Target version set to v16.2.5
- Severity changed from 3 - minor to 4 - irritation