Add a 'pwd_expiration_date' field to the User object to be able
to set password expiration date per user.
There are two options to set a password expiration date for a
user:
1. Set the 'USER_PWD_EXPIRATION_SPAN' setting. If defined
the expiration date of the password will be calculated
automatically based on the given value. It will also be
updated automatically when the user changes the password.
2. Set an expiration date by setting the 'pwdExpirationDate'
field when creating a user.
Add two more settings in addition: USER_PWD_EXPIRATION_WARNING_1
and USER_PWD_EXPIRATION_WARNING_2. These two settings are
defining the amount of days to notify the user that his password
will expiration soon.
It's not possible to set the 'pwd_expiration_date' field to a
date in the past.
If the password of a user is already expired he is no longer
allowed to log into the dashboard.
Fixes: https://tracker.ceph.com/issues/40329
Signed-off-by: Tatjana Dehler <tdehler@suse.com>
by adding the previously added monitoring related features as well as
the newest feature addition. Extends the documentation where necessary
to describe the Prometheus' alert configuration.
Fixes: https://tracker.ceph.com/issues/42877
Signed-off-by: Patrick Seidensal <pseidensal@suse.com>
- Refactor parts of the existing password complexity code.
- Check password complexity when setting password via Dashboard CLI commands.
- Add ability to force setting a password via CLI. This is useful in vstart environments or wherever it is necessary to disable the password complexity check.
Signed-off-by: Volker Theile <vtheile@suse.com>
To configure SSL certificate verification use the following command:
$ ceph dashboard set-grafana-api-ssl-verify true|false
Fixes: https://tracker.ceph.com/issues/42445
Signed-off-by: Volker Theile <vtheile@suse.com>
On my test box I get as far as
NO_SUPPORT(153): SCSI VPD page 0x83 is not supported
because my hardware doesn't support this. The same command works
on another box that does.
Signed-off-by: Sage Weil <sage@redhat.com>
Commit 712987d533 changed the default interval to 24h;
updating the docs to match (this also should go to
the Nautilus branch as that commit landed there too
in https://github.com/ceph/ceph/pull/27709)
Signed-off-by: Tim Serong <tserong@suse.com>
* refs/pull/30738/head:
mgr/alerts: raise health alert if smtplib has a problem
mgr/alerts: simple module to send health alerts
Reviewed-by: Tim Serong <tserong@suse.com>
Initialy SMTP support is implemented; nothing else.
This is just smart enough for me to get emails from my home cluster when
something goes wrong. No bells and whistled at this point.
Signed-off-by: Sage Weil <sage@redhat.com>
Currently dashboard provides a Ceph command to specify location or
contents of SAML2 IdP XML (`idp_metadata` argument). This loose
interface is implemented by trying to:
- First, opens HTTPS connection to whatever that argument contains (it
might be a proper remote URL, a local file or XML contents).
- Then, tries to open the local file
- Finally, assumes the input argument is an XML and proceeds to parse
it.
However, as the XML can have an undefined length, when fed as a filename
it results in FreeBSD raising a OSError exception (`Max filename length
exceeded`, 1K). This essentially means that this handling results in
unexpected behaviour, as it pushes the validation & error handling to
the underlying methods.
In this fix, some preliminary validation is performed. Especifically:
- Is the input argument a potential filename?
- Is the input argument complying with URL syntax?
Only if the above checks fail, the input argument is fed into the XML
parser.
Additionally, previous syntax is deprecated, so now, `idp_metadata`
enforces 2 syntaxes:
- Raw XML contents
- URL specification (http, https, and file schemas accepted). For local
file, URL 'file://<path>' should be used instead.
Fixes: https://tracker.ceph.com/issues/41358
Signed-off-by: Ernesto Puerta <epuertat@redhat.com>
