Bug #50818
openmgr/dashboard: No longer able to add SSO dashboard users from the cli
0%
Description
With Ceph octopus (specifically we were running v15.2.7, but I did not check
other versions), it was possible to programmatically add users to our ceph
dashboard with saml2 sso integration using the following command:
ceph dashboard ac-user-create -o /dev/null $n "" administrator "" "" --enabled --force-password
However with the release of Ceph Pacific this is no longer possible. The ceph
command no longer takes a password on the command line,
dashboard ac-user-create
instead requiring it be stored in a file and passed in with -i /path/to/passfile
.
Unfortunately, you can no longer pass in an empty password using this mechanism, even with --force-password
# echo "" > /tmp/emptypass # ceph dashboard ac-user-create test-empty-pw administrator --enabled --force-password -i /tmp/emptypass Error EINVAL: Empty content: please add a password/secret to the file.
While it is possible to work around this by just generating a random password
string, doing so is cumbersome and could lead to confusion in the future.
It would be great if support for adding users without passwords was re-added to the cli.
Another option is to implement better support for saml2 sso integration so that the dashboard
understands the difference between both user types.