From: Volker Theile <vtheile@suse.com>
Date: Thu, 21 Jun 2018 14:23:54 +0000 (+0200)
Subject: mgr/dashboard: Enhance check if configured RGW admin ID has a set system flag
X-Git-Tag: v14.0.1~743^2
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=9d12876a532c8d25eebdf409b96bc7c5762774b8;p=ceph.git

mgr/dashboard: Enhance check if configured RGW admin ID has a set system flag

Fixes https://tracker.ceph.com/issues/24574

Signed-off-by: Volker Theile <vtheile@suse.com>
---

diff --git a/src/pybind/mgr/dashboard/controllers/rgw.py b/src/pybind/mgr/dashboard/controllers/rgw.py
index e1b551aafe64e..a720f75a73c88 100644
--- a/src/pybind/mgr/dashboard/controllers/rgw.py
+++ b/src/pybind/mgr/dashboard/controllers/rgw.py
@@ -26,10 +26,15 @@ class Rgw(BaseController):
                 status['message'] = 'Failed to connect to the Object Gateway\'s Admin Ops API.'
                 raise RequestException(status['message'])
             # Ensure the API user ID is known by the RGW.
-            if not instance.is_system_user():
+            if not instance.user_exists():
                 status['message'] = 'The user "{}" is unknown to the Object Gateway.'.format(
                     instance.userid)
                 raise RequestException(status['message'])
+            # Ensure the system flag is set for the API user ID.
+            if not instance.is_system_user():
+                status['message'] = 'The system flag is not set for user "{}".'.format(
+                    instance.userid)
+                raise RequestException(status['message'])
             status['available'] = True
         except RequestException:
             pass
diff --git a/src/pybind/mgr/dashboard/services/rgw_client.py b/src/pybind/mgr/dashboard/services/rgw_client.py
index aa2bbf3e8ace1..2ba80dc8d32f1 100644
--- a/src/pybind/mgr/dashboard/services/rgw_client.py
+++ b/src/pybind/mgr/dashboard/services/rgw_client.py
@@ -2,6 +2,7 @@
 from __future__ import absolute_import
 
 import re
+from distutils.util import strtobool
 from ..awsauth import S3Auth
 from ..settings import Settings, Options
 from ..rest_client import RestClient, RequestException
@@ -206,13 +207,23 @@ class RgwClient(RestClient):
         return response['data']['user_id']
 
     @RestClient.api_get('/{admin_path}/metadata/user', resp_structure='[+]')
-    def _is_system_user(self, admin_path, request=None):
+    def _user_exists(self, admin_path, request=None):
         # pylint: disable=unused-argument
         response = request()
         return self.userid in response
 
+    def user_exists(self):
+        return self._user_exists(self.admin_path)
+
+    @RestClient.api_get('/{admin_path}/metadata/user?key={userid}',
+                        resp_structure='data > system')
+    def _is_system_user(self, admin_path, userid, request=None):
+        # pylint: disable=unused-argument
+        response = request()
+        return strtobool(response['data']['system'])
+
     def is_system_user(self):
-        return self._is_system_user(self.admin_path)
+        return self._is_system_user(self.admin_path, self.userid)
 
     @RestClient.api_get(
         '/{admin_path}/user',