mirror of
https://github.com/ceph/ceph
synced 2024-12-31 16:12:42 +00:00
Merge PR #33552 into master
* refs/pull/33552/head: mgr/dashboard: Enhance user create CLI command to force password change Reviewed-by: Stephan Müller <smueller@suse.com> Reviewed-by: Ernesto Puerta <epuertat@redhat.com>
This commit is contained in:
commit
f83f38a26e
@ -690,7 +690,11 @@ We provide a set of CLI commands to manage user accounts:
|
||||
|
||||
- *Create User*::
|
||||
|
||||
$ ceph dashboard ac-user-create [--force-password] <username> [<password>] [<rolename>] [<name>] [<email>] [--enabled] [<pwd_expiration_date>]
|
||||
$ ceph dashboard ac-user-create [--enabled] [--force-password] [--pwd_update_required] <username> [<password>] [<rolename>] [<name>] [<email>] [<pwd_expiration_date>]
|
||||
|
||||
To bypass the password policy checks use the `force-password` option.
|
||||
Use the option `pwd_update_required` so that a newly created user has
|
||||
to change their password after the first login.
|
||||
|
||||
- *Delete User*::
|
||||
|
||||
|
@ -539,3 +539,17 @@ class UserTest(DashboardTestCase):
|
||||
'credits': 0,
|
||||
'valuation': 'Password must not be the same as the previous one.'
|
||||
})
|
||||
|
||||
def test_create_user_pwd_update_required(self):
|
||||
exit_code = self._ceph_cmd_result([
|
||||
'dashboard', 'ac-user-create', '--force-password',
|
||||
'--pwd_update_required', 'foo', 'bar'
|
||||
])
|
||||
self.assertEqual(exit_code, 0)
|
||||
self._get('/api/user/foo')
|
||||
self.assertStatus(200)
|
||||
self.assertJsonSubset({
|
||||
'username': 'foo',
|
||||
'pwdUpdateRequired': True
|
||||
})
|
||||
self.delete_user('foo')
|
||||
|
@ -708,11 +708,12 @@ def ac_user_show_cmd(_, username=None):
|
||||
'name=email,type=CephString,req=false '
|
||||
'name=enabled,type=CephBool,req=false '
|
||||
'name=force_password,type=CephBool,req=false '
|
||||
'name=pwd_expiration_date,type=CephInt,req=false',
|
||||
'name=pwd_expiration_date,type=CephInt,req=false '
|
||||
'name=pwd_update_required,type=CephBool,req=false',
|
||||
'Create a user')
|
||||
def ac_user_create_cmd(_, username, password=None, rolename=None, name=None,
|
||||
email=None, enabled=True, force_password=False,
|
||||
pwd_expiration_date=None):
|
||||
pwd_expiration_date=None, pwd_update_required=False):
|
||||
try:
|
||||
role = mgr.ACCESS_CTRL_DB.get_role(rolename) if rolename else None
|
||||
except RoleDoesNotExist as ex:
|
||||
@ -725,7 +726,8 @@ def ac_user_create_cmd(_, username, password=None, rolename=None, name=None,
|
||||
pw_check = PasswordPolicy(password, username)
|
||||
pw_check.check_all()
|
||||
user = mgr.ACCESS_CTRL_DB.create_user(username, password, name, email,
|
||||
enabled, pwd_expiration_date)
|
||||
enabled, pwd_expiration_date,
|
||||
pwd_update_required)
|
||||
except PasswordPolicyException as ex:
|
||||
return -errno.EINVAL, '', str(ex)
|
||||
except UserAlreadyExists as ex:
|
||||
|
Loading…
Reference in New Issue
Block a user