mgr/dashboard: Prevent RGW API user deletion

Fixes https://tracker.ceph.com/issues/24080

It's not possible to cherry-pick the changes from master because the issue has been implemented totally different there. Additionally there is no special PR for this issue in master, too. See PR #22470 if you want to see the changes in Nautilus.

Signed-off-by: Volker Theile <vtheile@suse.com>

diff --git a/src/pybind/mgr/dashboard/controllers/rgw.py b/src/pybind/mgr/dashboard/controllers/rgw.py
index 41a054033cd3e07f5f692b4b23f205f109b0e731..0bc0daf02367c942709d92c743c476956edf7430 100644 (file)
--- a/src/pybind/mgr/dashboard/controllers/rgw.py
+++ b/src/pybind/mgr/dashboard/controllers/rgw.py
@@ -121,3 +121,25 @@ class RgwBucket(RESTController):
             cherrypy.response.headers['Content-Type'] = 'application/json'
             cherrypy.response.status = 500
             return {'detail': str(e)}
+
+
+@ApiController('rgw/user')
+@AuthRequired()
+class RgwUser(RESTController):
+
+    def delete(self, uid):
+        try:
+            rgw_client = RgwClient.admin_instance()
+
+            # Ensure the user is not configured to access the Object Gateway.
+            if rgw_client.userid == uid:
+                raise RequestException('Unable to delete "{}" - this user '
+                                       'account is required for managing the '
+                                       'Object Gateway'.format(uid))
+
+            # Finally redirect request to the RGW proxy.
+            return rgw_client.proxy('DELETE', 'user', cherrypy.request.params, None)
+        except RequestException as e:
+            cherrypy.response.headers['Content-Type'] = 'application/json'
+            cherrypy.response.status = 500
+            return {'detail': str(e)}

diff --git a/src/pybind/mgr/dashboard/frontend/src/app/shared/api/rgw-user.service.ts b/src/pybind/mgr/dashboard/frontend/src/app/shared/api/rgw-user.service.ts
index 3fa913067a75687f758b10cdba0cefb1529e3aff..ec5f851a357efeca36cb8d8c7df2cdc60b3975eb 100644 (file)
--- a/src/pybind/mgr/dashboard/frontend/src/app/shared/api/rgw-user.service.ts
+++ b/src/pybind/mgr/dashboard/frontend/src/app/shared/api/rgw-user.service.ts
@@ -75,9 +75,7 @@ export class RgwUserService {
   }
 
   delete(uid: string) {
-    let params = new HttpParams();
-    params = params.append('uid', uid);
-    return this.http.delete(this.url, {params: params});
+    return this.http.delete(`api/rgw/user/${uid}`);
   }
 
   addSubuser(uid: string, subuser: string, permissions: string,