Merge PR #33552 into master

* refs/pull/33552/head:
	mgr/dashboard: Enhance user create CLI command to force password change

Reviewed-by: Stephan Müller <smueller@suse.com>
Reviewed-by: Ernesto Puerta <epuertat@redhat.com>
This commit is contained in:
Sage Weil 2020-02-26 17:13:02 -06:00
commit f83f38a26e
3 changed files with 24 additions and 4 deletions

View File

@ -690,7 +690,11 @@ We provide a set of CLI commands to manage user accounts:
- *Create User*::
$ ceph dashboard ac-user-create [--force-password] <username> [<password>] [<rolename>] [<name>] [<email>] [--enabled] [<pwd_expiration_date>]
$ ceph dashboard ac-user-create [--enabled] [--force-password] [--pwd_update_required] <username> [<password>] [<rolename>] [<name>] [<email>] [<pwd_expiration_date>]
To bypass the password policy checks use the `force-password` option.
Use the option `pwd_update_required` so that a newly created user has
to change their password after the first login.
- *Delete User*::

View File

@ -539,3 +539,17 @@ class UserTest(DashboardTestCase):
'credits': 0,
'valuation': 'Password must not be the same as the previous one.'
})
def test_create_user_pwd_update_required(self):
exit_code = self._ceph_cmd_result([
'dashboard', 'ac-user-create', '--force-password',
'--pwd_update_required', 'foo', 'bar'
])
self.assertEqual(exit_code, 0)
self._get('/api/user/foo')
self.assertStatus(200)
self.assertJsonSubset({
'username': 'foo',
'pwdUpdateRequired': True
})
self.delete_user('foo')

View File

@ -708,11 +708,12 @@ def ac_user_show_cmd(_, username=None):
'name=email,type=CephString,req=false '
'name=enabled,type=CephBool,req=false '
'name=force_password,type=CephBool,req=false '
'name=pwd_expiration_date,type=CephInt,req=false',
'name=pwd_expiration_date,type=CephInt,req=false '
'name=pwd_update_required,type=CephBool,req=false',
'Create a user')
def ac_user_create_cmd(_, username, password=None, rolename=None, name=None,
email=None, enabled=True, force_password=False,
pwd_expiration_date=None):
pwd_expiration_date=None, pwd_update_required=False):
try:
role = mgr.ACCESS_CTRL_DB.get_role(rolename) if rolename else None
except RoleDoesNotExist as ex:
@ -725,7 +726,8 @@ def ac_user_create_cmd(_, username, password=None, rolename=None, name=None,
pw_check = PasswordPolicy(password, username)
pw_check.check_all()
user = mgr.ACCESS_CTRL_DB.create_user(username, password, name, email,
enabled, pwd_expiration_date)
enabled, pwd_expiration_date,
pwd_update_required)
except PasswordPolicyException as ex:
return -errno.EINVAL, '', str(ex)
except UserAlreadyExists as ex: