From: Volker Theile <vtheile@suse.com>
Date: Fri, 22 Jun 2018 10:08:39 +0000 (+0200)
Subject: mgr/dashboard: Prevent RGW API user deletion
X-Git-Tag: v13.2.2~77^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=ff6acf1a5ab8bacfe0e64ae9f77ba02ce8382856;p=ceph.git

mgr/dashboard: Prevent RGW API user deletion

Fixes https://tracker.ceph.com/issues/24080

It's not possible to cherry-pick the changes from master because the issue has been implemented totally different there. Additionally there is no special PR for this issue in master, too. See PR #22470 if you want to see the changes in Nautilus.

Signed-off-by: Volker Theile <vtheile@suse.com>
---

diff --git a/src/pybind/mgr/dashboard/controllers/rgw.py b/src/pybind/mgr/dashboard/controllers/rgw.py
index 41a054033cd..0bc0daf0236 100644
--- a/src/pybind/mgr/dashboard/controllers/rgw.py
+++ b/src/pybind/mgr/dashboard/controllers/rgw.py
@@ -121,3 +121,25 @@ class RgwBucket(RESTController):
             cherrypy.response.headers['Content-Type'] = 'application/json'
             cherrypy.response.status = 500
             return {'detail': str(e)}
+
+
+@ApiController('rgw/user')
+@AuthRequired()
+class RgwUser(RESTController):
+
+    def delete(self, uid):
+        try:
+            rgw_client = RgwClient.admin_instance()
+
+            # Ensure the user is not configured to access the Object Gateway.
+            if rgw_client.userid == uid:
+                raise RequestException('Unable to delete "{}" - this user '
+                                       'account is required for managing the '
+                                       'Object Gateway'.format(uid))
+
+            # Finally redirect request to the RGW proxy.
+            return rgw_client.proxy('DELETE', 'user', cherrypy.request.params, None)
+        except RequestException as e:
+            cherrypy.response.headers['Content-Type'] = 'application/json'
+            cherrypy.response.status = 500
+            return {'detail': str(e)}
diff --git a/src/pybind/mgr/dashboard/frontend/src/app/shared/api/rgw-user.service.ts b/src/pybind/mgr/dashboard/frontend/src/app/shared/api/rgw-user.service.ts
index 3fa913067a7..ec5f851a357 100644
--- a/src/pybind/mgr/dashboard/frontend/src/app/shared/api/rgw-user.service.ts
+++ b/src/pybind/mgr/dashboard/frontend/src/app/shared/api/rgw-user.service.ts
@@ -75,9 +75,7 @@ export class RgwUserService {
   }
 
   delete(uid: string) {
-    let params = new HttpParams();
-    params = params.append('uid', uid);
-    return this.http.delete(this.url, {params: params});
+    return this.http.delete(`api/rgw/user/${uid}`);
   }
 
   addSubuser(uid: string, subuser: string, permissions: string,