From 9773e14bdeb50ee1b68328701add9376ab639c8c Mon Sep 17 00:00:00 2001 From: Ricardo Dias Date: Thu, 13 Dec 2018 15:46:12 +0000 Subject: [PATCH] mgr/dashboard: remove static global variables Signed-off-by: Ricardo Dias --- src/pybind/mgr/dashboard/controllers/auth.py | 7 +- src/pybind/mgr/dashboard/controllers/role.py | 21 ++--- src/pybind/mgr/dashboard/controllers/saml2.py | 18 ++-- src/pybind/mgr/dashboard/controllers/user.py | 21 ++--- src/pybind/mgr/dashboard/module.py | 3 + .../mgr/dashboard/services/access_control.py | 83 +++++++++---------- src/pybind/mgr/dashboard/services/sso.py | 29 +++---- .../dashboard/tests/test_access_control.py | 4 +- 8 files changed, 89 insertions(+), 97 deletions(-) diff --git a/src/pybind/mgr/dashboard/controllers/auth.py b/src/pybind/mgr/dashboard/controllers/auth.py index d1c6d7943ed8b..7d145adcfedde 100644 --- a/src/pybind/mgr/dashboard/controllers/auth.py +++ b/src/pybind/mgr/dashboard/controllers/auth.py @@ -5,11 +5,10 @@ import cherrypy import jwt from . import ApiController, RESTController -from .. import logger +from .. import logger, mgr from ..exceptions import DashboardException from ..services.auth import AuthManager, JwtManager from ..services.access_control import UserDoesNotExist -from ..services.sso import SSO_DB @ApiController('/auth', secure=False) @@ -43,14 +42,14 @@ class Auth(RESTController): token = JwtManager.get_token_from_header() JwtManager.blacklist_token(token) redirect_url = '#/login' - if SSO_DB.protocol == 'saml2': + if mgr.SSO_DB.protocol == 'saml2': redirect_url = 'auth/saml2/slo' return { 'redirect_url': redirect_url } def _get_login_url(self): - if SSO_DB.protocol == 'saml2': + if mgr.SSO_DB.protocol == 'saml2': return 'auth/saml2/login' return '#/login' diff --git a/src/pybind/mgr/dashboard/controllers/role.py b/src/pybind/mgr/dashboard/controllers/role.py index 4e5bc596705e1..f87eff7bc3c55 100644 --- a/src/pybind/mgr/dashboard/controllers/role.py +++ b/src/pybind/mgr/dashboard/controllers/role.py @@ -4,10 +4,11 @@ from __future__ import absolute_import import cherrypy from . import ApiController, RESTController, UiApiController +from .. import mgr from ..exceptions import RoleDoesNotExist, DashboardException,\ RoleIsAssociatedWithUser, RoleAlreadyExists from ..security import Scope as SecurityScope, Permission -from ..services.access_control import ACCESS_CTRL_DB, SYSTEM_ROLES +from ..services.access_control import SYSTEM_ROLES @ApiController('/role', SecurityScope.USER) @@ -41,7 +42,7 @@ class Role(RESTController): role.set_scope_permissions(scope, permissions) def list(self): - roles = dict(ACCESS_CTRL_DB.roles) + roles = dict(mgr.ACCESS_CTRL_DB.roles) roles.update(SYSTEM_ROLES) roles = sorted(roles.values(), key=lambda role: role.name) return [Role._role_to_dict(r) for r in roles] @@ -50,7 +51,7 @@ class Role(RESTController): role = SYSTEM_ROLES.get(name) if not role: try: - role = ACCESS_CTRL_DB.get_role(name) + role = mgr.ACCESS_CTRL_DB.get_role(name) except RoleDoesNotExist: raise cherrypy.HTTPError(404) return Role._role_to_dict(role) @@ -62,18 +63,18 @@ class Role(RESTController): component='role') Role._validate_permissions(scopes_permissions) try: - role = ACCESS_CTRL_DB.create_role(name, description) + role = mgr.ACCESS_CTRL_DB.create_role(name, description) except RoleAlreadyExists: raise DashboardException(msg='Role already exists', code='role_already_exists', component='role') Role._set_permissions(role, scopes_permissions) - ACCESS_CTRL_DB.save() + mgr.ACCESS_CTRL_DB.save() return Role._role_to_dict(role) def set(self, name, description=None, scopes_permissions=None): try: - role = ACCESS_CTRL_DB.get_role(name) + role = mgr.ACCESS_CTRL_DB.get_role(name) except RoleDoesNotExist: if name in SYSTEM_ROLES: raise DashboardException(msg='Cannot update system role', @@ -83,13 +84,13 @@ class Role(RESTController): Role._validate_permissions(scopes_permissions) Role._set_permissions(role, scopes_permissions) role.description = description - ACCESS_CTRL_DB.update_users_with_roles(role) - ACCESS_CTRL_DB.save() + mgr.ACCESS_CTRL_DB.update_users_with_roles(role) + mgr.ACCESS_CTRL_DB.save() return Role._role_to_dict(role) def delete(self, name): try: - ACCESS_CTRL_DB.delete_role(name) + mgr.ACCESS_CTRL_DB.delete_role(name) except RoleDoesNotExist: if name in SYSTEM_ROLES: raise DashboardException(msg='Cannot delete system role', @@ -100,7 +101,7 @@ class Role(RESTController): raise DashboardException(msg='Role is associated with user', code='role_is_associated_with_user', component='role') - ACCESS_CTRL_DB.save() + mgr.ACCESS_CTRL_DB.save() @UiApiController('/scope', SecurityScope.USER) diff --git a/src/pybind/mgr/dashboard/controllers/saml2.py b/src/pybind/mgr/dashboard/controllers/saml2.py index b3f9147234a3f..3c78c05bbf430 100644 --- a/src/pybind/mgr/dashboard/controllers/saml2.py +++ b/src/pybind/mgr/dashboard/controllers/saml2.py @@ -16,8 +16,6 @@ except ImportError: from .. import mgr, logger from ..exceptions import UserDoesNotExist from ..services.auth import JwtManager -from ..services.access_control import ACCESS_CTRL_DB -from ..services.sso import SSO_DB from ..tools import prepare_url_prefix from . import Controller, Endpoint, BaseController @@ -43,7 +41,7 @@ class Saml2(BaseController): raise cherrypy.HTTPError(400, 'Required library not found: `{}`'.format(python_saml_name)) try: - OneLogin_Saml2_Settings(SSO_DB.saml2.onelogin_settings) + OneLogin_Saml2_Settings(mgr.SSO_DB.saml2.onelogin_settings) except OneLogin_Saml2_Error: raise cherrypy.HTTPError(400, 'Single Sign-On is not configured.') @@ -51,23 +49,23 @@ class Saml2(BaseController): def auth_response(self, **kwargs): Saml2._check_python_saml() req = Saml2._build_req(self._request, kwargs) - auth = OneLogin_Saml2_Auth(req, SSO_DB.saml2.onelogin_settings) + auth = OneLogin_Saml2_Auth(req, mgr.SSO_DB.saml2.onelogin_settings) auth.process_response() errors = auth.get_errors() if auth.is_authenticated(): JwtManager.reset_user() - username_attribute = auth.get_attribute(SSO_DB.saml2.get_username_attribute()) + username_attribute = auth.get_attribute(mgr.SSO_DB.saml2.get_username_attribute()) if username_attribute is None: raise cherrypy.HTTPError(400, 'SSO error - `{}` not found in auth attributes. ' 'Received attributes: {}' .format( - SSO_DB.saml2.get_username_attribute(), + mgr.SSO_DB.saml2.get_username_attribute(), auth.get_attributes())) username = username_attribute[0] try: - ACCESS_CTRL_DB.get_user(username) + mgr.ACCESS_CTRL_DB.get_user(username) except UserDoesNotExist: raise cherrypy.HTTPError(400, 'SSO error - Username `{}` does not exist.' @@ -89,21 +87,21 @@ class Saml2(BaseController): @Endpoint(xml=True) def metadata(self): Saml2._check_python_saml() - saml_settings = OneLogin_Saml2_Settings(SSO_DB.saml2.onelogin_settings) + saml_settings = OneLogin_Saml2_Settings(mgr.SSO_DB.saml2.onelogin_settings) return saml_settings.get_sp_metadata() @Endpoint(json_response=False) def login(self): Saml2._check_python_saml() req = Saml2._build_req(self._request, {}) - auth = OneLogin_Saml2_Auth(req, SSO_DB.saml2.onelogin_settings) + auth = OneLogin_Saml2_Auth(req, mgr.SSO_DB.saml2.onelogin_settings) raise cherrypy.HTTPRedirect(auth.login()) @Endpoint(json_response=False) def slo(self): Saml2._check_python_saml() req = Saml2._build_req(self._request, {}) - auth = OneLogin_Saml2_Auth(req, SSO_DB.saml2.onelogin_settings) + auth = OneLogin_Saml2_Auth(req, mgr.SSO_DB.saml2.onelogin_settings) raise cherrypy.HTTPRedirect(auth.logout()) @Endpoint(json_response=False) diff --git a/src/pybind/mgr/dashboard/controllers/user.py b/src/pybind/mgr/dashboard/controllers/user.py index d3cff95543aa9..d99dead317075 100644 --- a/src/pybind/mgr/dashboard/controllers/user.py +++ b/src/pybind/mgr/dashboard/controllers/user.py @@ -4,10 +4,11 @@ from __future__ import absolute_import import cherrypy from . import ApiController, RESTController +from .. import mgr from ..exceptions import DashboardException, UserAlreadyExists, \ UserDoesNotExist from ..security import Scope -from ..services.access_control import ACCESS_CTRL_DB, SYSTEM_ROLES +from ..services.access_control import SYSTEM_ROLES from ..services.auth import JwtManager @@ -21,7 +22,7 @@ class User(RESTController): @staticmethod def _get_user_roles(roles): - all_roles = dict(ACCESS_CTRL_DB.roles) + all_roles = dict(mgr.ACCESS_CTRL_DB.roles) all_roles.update(SYSTEM_ROLES) try: return [all_roles[rolename] for rolename in roles] @@ -31,13 +32,13 @@ class User(RESTController): component='user') def list(self): - users = ACCESS_CTRL_DB.users + users = mgr.ACCESS_CTRL_DB.users result = [User._user_to_dict(u) for _, u in users.items()] return result def get(self, username): try: - user = ACCESS_CTRL_DB.get_user(username) + user = mgr.ACCESS_CTRL_DB.get_user(username) except UserDoesNotExist: raise cherrypy.HTTPError(404) return User._user_to_dict(user) @@ -51,14 +52,14 @@ class User(RESTController): if roles: user_roles = User._get_user_roles(roles) try: - user = ACCESS_CTRL_DB.create_user(username, password, name, email) + user = mgr.ACCESS_CTRL_DB.create_user(username, password, name, email) except UserAlreadyExists: raise DashboardException(msg='Username already exists', code='username_already_exists', component='user') if user_roles: user.set_roles(user_roles) - ACCESS_CTRL_DB.save() + mgr.ACCESS_CTRL_DB.save() return User._user_to_dict(user) def delete(self, username): @@ -68,14 +69,14 @@ class User(RESTController): code='cannot_delete_current_user', component='user') try: - ACCESS_CTRL_DB.delete_user(username) + mgr.ACCESS_CTRL_DB.delete_user(username) except UserDoesNotExist: raise cherrypy.HTTPError(404) - ACCESS_CTRL_DB.save() + mgr.ACCESS_CTRL_DB.save() def set(self, username, password=None, name=None, email=None, roles=None): try: - user = ACCESS_CTRL_DB.get_user(username) + user = mgr.ACCESS_CTRL_DB.get_user(username) except UserDoesNotExist: raise cherrypy.HTTPError(404) user_roles = [] @@ -86,5 +87,5 @@ class User(RESTController): user.name = name user.email = email user.set_roles(user_roles) - ACCESS_CTRL_DB.save() + mgr.ACCESS_CTRL_DB.save() return User._user_to_dict(user) diff --git a/src/pybind/mgr/dashboard/module.py b/src/pybind/mgr/dashboard/module.py index f4671d381098b..051c0e729497f 100644 --- a/src/pybind/mgr/dashboard/module.py +++ b/src/pybind/mgr/dashboard/module.py @@ -267,6 +267,9 @@ class Module(MgrModule, CherryPyConfig): self._stopping = threading.Event() self.shutdown_event = threading.Event() + self.ACCESS_CTRL_DB = None + self.SSO_DB = None + @classmethod def can_run(cls): if cherrypy is None: diff --git a/src/pybind/mgr/dashboard/services/access_control.py b/src/pybind/mgr/dashboard/services/access_control.py index 812d7a6c91f76..1a0f0168ecfeb 100644 --- a/src/pybind/mgr/dashboard/services/access_control.py +++ b/src/pybind/mgr/dashboard/services/access_control.py @@ -350,13 +350,8 @@ class AccessControlDB(object): return cls(db['version'], users, roles) -ACCESS_CTRL_DB = None - - def load_access_control_db(): - # pylint: disable=W0603 - global ACCESS_CTRL_DB - ACCESS_CTRL_DB = AccessControlDB.load() + mgr.ACCESS_CTRL_DB = AccessControlDB.load() # CLI dashboard access control scope commands @@ -367,13 +362,13 @@ def load_access_control_db(): 'Set the login credentials') def set_login_credentials_cmd(_, username, password): try: - user = ACCESS_CTRL_DB.get_user(username) + user = mgr.ACCESS_CTRL_DB.get_user(username) user.set_password(password) except UserDoesNotExist: - user = ACCESS_CTRL_DB.create_user(username, password, None, None) + user = mgr.ACCESS_CTRL_DB.create_user(username, password, None, None) user.set_roles([ADMIN_ROLE]) - ACCESS_CTRL_DB.save() + mgr.ACCESS_CTRL_DB.save() return 0, '''\ ****************************************************************** @@ -388,12 +383,12 @@ Username and password updated''', '' 'Show role info') def ac_role_show_cmd(_, rolename=None): if not rolename: - roles = dict(ACCESS_CTRL_DB.roles) + roles = dict(mgr.ACCESS_CTRL_DB.roles) roles.update(SYSTEM_ROLES) roles_list = [name for name, _ in roles.items()] return 0, json.dumps(roles_list), '' try: - role = ACCESS_CTRL_DB.get_role(rolename) + role = mgr.ACCESS_CTRL_DB.get_role(rolename) except RoleDoesNotExist as ex: if rolename not in SYSTEM_ROLES: return -errno.ENOENT, '', str(ex) @@ -407,8 +402,8 @@ def ac_role_show_cmd(_, rolename=None): 'Create a new access control role') def ac_role_create_cmd(_, rolename, description=None): try: - role = ACCESS_CTRL_DB.create_role(rolename, description) - ACCESS_CTRL_DB.save() + role = mgr.ACCESS_CTRL_DB.create_role(rolename, description) + mgr.ACCESS_CTRL_DB.save() return 0, json.dumps(role.to_dict()), '' except RoleAlreadyExists as ex: return -errno.EEXIST, '', str(ex) @@ -419,8 +414,8 @@ def ac_role_create_cmd(_, rolename, description=None): 'Delete an access control role') def ac_role_delete_cmd(_, rolename): try: - ACCESS_CTRL_DB.delete_role(rolename) - ACCESS_CTRL_DB.save() + mgr.ACCESS_CTRL_DB.delete_role(rolename) + mgr.ACCESS_CTRL_DB.save() return 0, "Role '{}' deleted".format(rolename), "" except RoleDoesNotExist as ex: if rolename in SYSTEM_ROLES: @@ -438,11 +433,11 @@ def ac_role_delete_cmd(_, rolename): 'Add the scope permissions for a role') def ac_role_add_scope_perms_cmd(_, rolename, scopename, permissions): try: - role = ACCESS_CTRL_DB.get_role(rolename) + role = mgr.ACCESS_CTRL_DB.get_role(rolename) perms_array = [perm.strip() for perm in permissions] role.set_scope_permissions(scopename, perms_array) - ACCESS_CTRL_DB.update_users_with_roles(role) - ACCESS_CTRL_DB.save() + mgr.ACCESS_CTRL_DB.update_users_with_roles(role) + mgr.ACCESS_CTRL_DB.save() return 0, json.dumps(role.to_dict()), '' except RoleDoesNotExist as ex: if rolename in SYSTEM_ROLES: @@ -464,10 +459,10 @@ def ac_role_add_scope_perms_cmd(_, rolename, scopename, permissions): 'Delete the scope permissions for a role') def ac_role_del_scope_perms_cmd(_, rolename, scopename): try: - role = ACCESS_CTRL_DB.get_role(rolename) + role = mgr.ACCESS_CTRL_DB.get_role(rolename) role.del_scope_permissions(scopename) - ACCESS_CTRL_DB.update_users_with_roles(role) - ACCESS_CTRL_DB.save() + mgr.ACCESS_CTRL_DB.update_users_with_roles(role) + mgr.ACCESS_CTRL_DB.save() return 0, json.dumps(role.to_dict()), '' except RoleDoesNotExist as ex: if rolename in SYSTEM_ROLES: @@ -483,11 +478,11 @@ def ac_role_del_scope_perms_cmd(_, rolename, scopename): 'Show user info') def ac_user_show_cmd(_, username=None): if not username: - users = ACCESS_CTRL_DB.users + users = mgr.ACCESS_CTRL_DB.users users_list = [name for name, _ in users.items()] return 0, json.dumps(users_list), '' try: - user = ACCESS_CTRL_DB.get_user(username) + user = mgr.ACCESS_CTRL_DB.get_user(username) return 0, json.dumps(user.to_dict()), '' except UserDoesNotExist as ex: return -errno.ENOENT, '', str(ex) @@ -503,20 +498,20 @@ def ac_user_show_cmd(_, username=None): def ac_user_create_cmd(_, username, password=None, rolename=None, name=None, email=None): try: - role = ACCESS_CTRL_DB.get_role(rolename) if rolename else None + role = mgr.ACCESS_CTRL_DB.get_role(rolename) if rolename else None except RoleDoesNotExist as ex: if rolename not in SYSTEM_ROLES: return -errno.ENOENT, '', str(ex) role = SYSTEM_ROLES[rolename] try: - user = ACCESS_CTRL_DB.create_user(username, password, name, email) + user = mgr.ACCESS_CTRL_DB.create_user(username, password, name, email) except UserAlreadyExists as ex: return -errno.EEXIST, '', str(ex) if role: user.set_roles([role]) - ACCESS_CTRL_DB.save() + mgr.ACCESS_CTRL_DB.save() return 0, json.dumps(user.to_dict()), '' @@ -525,8 +520,8 @@ def ac_user_create_cmd(_, username, password=None, rolename=None, name=None, 'Delete user') def ac_user_delete_cmd(_, username): try: - ACCESS_CTRL_DB.delete_user(username) - ACCESS_CTRL_DB.save() + mgr.ACCESS_CTRL_DB.delete_user(username) + mgr.ACCESS_CTRL_DB.save() return 0, "User '{}' deleted".format(username), "" except UserDoesNotExist as ex: return -errno.ENOENT, '', str(ex) @@ -541,15 +536,15 @@ def ac_user_set_roles_cmd(_, username, roles): roles = [] for rolename in rolesname: try: - roles.append(ACCESS_CTRL_DB.get_role(rolename)) + roles.append(mgr.ACCESS_CTRL_DB.get_role(rolename)) except RoleDoesNotExist as ex: if rolename not in SYSTEM_ROLES: return -errno.ENOENT, '', str(ex) roles.append(SYSTEM_ROLES[rolename]) try: - user = ACCESS_CTRL_DB.get_user(username) + user = mgr.ACCESS_CTRL_DB.get_user(username) user.set_roles(roles) - ACCESS_CTRL_DB.save() + mgr.ACCESS_CTRL_DB.save() return 0, json.dumps(user.to_dict()), '' except UserDoesNotExist as ex: return -errno.ENOENT, '', str(ex) @@ -564,15 +559,15 @@ def ac_user_add_roles_cmd(_, username, roles): roles = [] for rolename in rolesname: try: - roles.append(ACCESS_CTRL_DB.get_role(rolename)) + roles.append(mgr.ACCESS_CTRL_DB.get_role(rolename)) except RoleDoesNotExist as ex: if rolename not in SYSTEM_ROLES: return -errno.ENOENT, '', str(ex) roles.append(SYSTEM_ROLES[rolename]) try: - user = ACCESS_CTRL_DB.get_user(username) + user = mgr.ACCESS_CTRL_DB.get_user(username) user.add_roles(roles) - ACCESS_CTRL_DB.save() + mgr.ACCESS_CTRL_DB.save() return 0, json.dumps(user.to_dict()), '' except UserDoesNotExist as ex: return -errno.ENOENT, '', str(ex) @@ -587,15 +582,15 @@ def ac_user_del_roles_cmd(_, username, roles): roles = [] for rolename in rolesname: try: - roles.append(ACCESS_CTRL_DB.get_role(rolename)) + roles.append(mgr.ACCESS_CTRL_DB.get_role(rolename)) except RoleDoesNotExist as ex: if rolename not in SYSTEM_ROLES: return -errno.ENOENT, '', str(ex) roles.append(SYSTEM_ROLES[rolename]) try: - user = ACCESS_CTRL_DB.get_user(username) + user = mgr.ACCESS_CTRL_DB.get_user(username) user.del_roles(roles) - ACCESS_CTRL_DB.save() + mgr.ACCESS_CTRL_DB.save() return 0, json.dumps(user.to_dict()), '' except UserDoesNotExist as ex: return -errno.ENOENT, '', str(ex) @@ -609,10 +604,10 @@ def ac_user_del_roles_cmd(_, username, roles): 'Set user password') def ac_user_set_password(_, username, password): try: - user = ACCESS_CTRL_DB.get_user(username) + user = mgr.ACCESS_CTRL_DB.get_user(username) user.set_password(password) - ACCESS_CTRL_DB.save() + mgr.ACCESS_CTRL_DB.save() return 0, json.dumps(user.to_dict()), '' except UserDoesNotExist as ex: return -errno.ENOENT, '', str(ex) @@ -625,12 +620,12 @@ def ac_user_set_password(_, username, password): 'Set user info') def ac_user_set_info(_, username, name, email): try: - user = ACCESS_CTRL_DB.get_user(username) + user = mgr.ACCESS_CTRL_DB.get_user(username) if name: user.name = name if email: user.email = email - ACCESS_CTRL_DB.save() + mgr.ACCESS_CTRL_DB.save() return 0, json.dumps(user.to_dict()), '' except UserDoesNotExist as ex: return -errno.ENOENT, '', str(ex) @@ -641,11 +636,11 @@ class LocalAuthenticator(object): load_access_control_db() def get_user(self, username): - return ACCESS_CTRL_DB.get_user(username) + return mgr.ACCESS_CTRL_DB.get_user(username) def authenticate(self, username, password): try: - user = ACCESS_CTRL_DB.get_user(username) + user = mgr.ACCESS_CTRL_DB.get_user(username) if user.password: pass_hash = password_hash(password, user.password) if pass_hash == user.password: @@ -655,5 +650,5 @@ class LocalAuthenticator(object): return None def authorize(self, username, scope, permissions): - user = ACCESS_CTRL_DB.get_user(username) + user = mgr.ACCESS_CTRL_DB.get_user(username) return user.authorize(scope, permissions) diff --git a/src/pybind/mgr/dashboard/services/sso.py b/src/pybind/mgr/dashboard/services/sso.py index 05ced27d7cd2f..492a6e596344d 100644 --- a/src/pybind/mgr/dashboard/services/sso.py +++ b/src/pybind/mgr/dashboard/services/sso.py @@ -85,13 +85,8 @@ class SsoDB(object): return cls(db['version'], db.get('protocol'), Saml2.from_dict(db.get('saml2'))) -SSO_DB = None - - def load_sso_db(): - # pylint: disable=W0603 - global SSO_DB - SSO_DB = SsoDB.load() + mgr.SSO_DB = SsoDB.load() SSO_COMMANDS = [ @@ -150,27 +145,27 @@ def handle_sso_command(cmd): if cmd['prefix'] == 'dashboard sso enable saml2': try: - OneLogin_Saml2_Settings(SSO_DB.saml2.onelogin_settings) + OneLogin_Saml2_Settings(mgr.SSO_DB.saml2.onelogin_settings) except OneLogin_Saml2_Error: return -errno.EPERM, '', 'Single Sign-On is not configured: ' \ 'use `ceph dashboard sso setup saml2`' - SSO_DB.protocol = 'saml2' - SSO_DB.save() + mgr.SSO_DB.protocol = 'saml2' + mgr.SSO_DB.save() return 0, 'SSO is "enabled" with "SAML2" protocol.', '' if cmd['prefix'] == 'dashboard sso disable': - SSO_DB.protocol = '' - SSO_DB.save() + mgr.SSO_DB.protocol = '' + mgr.SSO_DB.save() return 0, 'SSO is "disabled".', '' if cmd['prefix'] == 'dashboard sso status': - if SSO_DB.protocol == 'saml2': + if mgr.SSO_DB.protocol == 'saml2': return 0, 'SSO is "enabled" with "SAML2" protocol.', '' return 0, 'SSO is "disabled".', '' if cmd['prefix'] == 'dashboard sso show saml2': - return 0, json.dumps(SSO_DB.saml2.to_dict()), '' + return 0, json.dumps(mgr.SSO_DB.saml2.to_dict()), '' if cmd['prefix'] == 'dashboard sso setup saml2': ceph_dashboard_base_url = cmd['ceph_dashboard_base_url'] @@ -261,9 +256,9 @@ def handle_sso_command(cmd): } } settings = OneLogin_Saml2_IdPMetadataParser.merge_settings(settings, idp_settings) - SSO_DB.saml2.onelogin_settings = settings - SSO_DB.protocol = 'saml2' - SSO_DB.save() - return 0, json.dumps(SSO_DB.saml2.onelogin_settings), '' + mgr.SSO_DB.saml2.onelogin_settings = settings + mgr.SSO_DB.protocol = 'saml2' + mgr.SSO_DB.save() + return 0, json.dumps(mgr.SSO_DB.saml2.onelogin_settings), '' return -errno.ENOSYS, '', '' diff --git a/src/pybind/mgr/dashboard/tests/test_access_control.py b/src/pybind/mgr/dashboard/tests/test_access_control.py index b66afd8bc371f..e4fb7ea916a8e 100644 --- a/src/pybind/mgr/dashboard/tests/test_access_control.py +++ b/src/pybind/mgr/dashboard/tests/test_access_control.py @@ -33,6 +33,7 @@ class AccessControlTest(unittest.TestCase): # kludge below mgr.set_store.side_effect = cls.mock_set_module_option mgr.get_store.side_effect = cls.mock_get_module_option + mgr.ACCESS_CONTROL_DB = None def setUp(self): self.CONFIG_KEY_DICT.clear() @@ -66,8 +67,7 @@ class AccessControlTest(unittest.TestCase): # not be needed unless we're testing very specific behaviors. # def setup_and_load_persistent_db(self): - from ..services.access_control import ACCESS_CTRL_DB - ACCESS_CTRL_DB.save() + mgr.ACCESS_CTRL_DB.save() self.load_persistent_db() def validate_persistent_role(self, rolename, scopes_permissions, -- 2.39.5