From d7a746b014598f18535b533f8a0c096ca953f6b4 Mon Sep 17 00:00:00 2001 From: Aashish Sharma Date: Mon, 8 Mar 2021 15:14:00 +0530 Subject: [PATCH] mgr/dashboard: Remove username, password fileds from -Cluster/Manager Modules/dashboard Username, password fields are empty in Cluster/Manager Modules/dashboard.Since this functionality is when dashboard supported single user-password, now we need to remove these fields from here. Fixes: https://tracker.ceph.com/issues/49645 Signed-off-by: Aashish Sharma (cherry picked from commit d8fba40d982bb1ad824961aa210475bd7aa51524) --- src/pybind/mgr/dashboard/module.py | 2 - .../mgr/dashboard/services/access_control.py | 41 ------ .../dashboard/tests/test_access_control.py | 128 ------------------ 3 files changed, 171 deletions(-) diff --git a/src/pybind/mgr/dashboard/module.py b/src/pybind/mgr/dashboard/module.py index 75df998a9293d..69b158f696a20 100644 --- a/src/pybind/mgr/dashboard/module.py +++ b/src/pybind/mgr/dashboard/module.py @@ -251,9 +251,7 @@ class Module(MgrModule, CherryPyConfig): Option(name='server_port', type='int', default=8080), Option(name='ssl_server_port', type='int', default=8443), Option(name='jwt_token_ttl', type='int', default=28800), - Option(name='password', type='str', default=''), Option(name='url_prefix', type='str', default=''), - Option(name='username', type='str', default=''), Option(name='key_file', type='str', default=''), Option(name='crt_file', type='str', default=''), Option(name='ssl', type='bool', default=True), diff --git a/src/pybind/mgr/dashboard/services/access_control.py b/src/pybind/mgr/dashboard/services/access_control.py index bb44bad9e9aa3..88e94f51f179e 100644 --- a/src/pybind/mgr/dashboard/services/access_control.py +++ b/src/pybind/mgr/dashboard/services/access_control.py @@ -515,45 +515,6 @@ class AccessControlDB(object): version = cls.VERSION return "{}{}".format(cls.ACDB_CONFIG_KEY, version) - def check_and_update_db(self): - logger.debug("Checking for previews DB versions") - - def check_migrate_v0_to_current(): - # check if there is username/password from previous version - username = mgr.get_module_option('username', None) - password = mgr.get_module_option('password', None) - if username and password: - logger.debug("Found single user credentials: user=%s", username) - # found user credentials - user = self.create_user(username, "", None, None) - # password is already hashed, so setting manually - user.password = password - user.add_roles([ADMIN_ROLE]) - self.save() - - def check_migrate_v1_to_current(): - # Check if version 1 exists in the DB and migrate it to current version - v1_db = mgr.get_store(self.accessdb_config_key(1)) - if v1_db: - logger.debug("Found database v1 credentials") - v1_db = json.loads(v1_db) - - for user, _ in v1_db['users'].items(): - v1_db['users'][user]['enabled'] = True - v1_db['users'][user]['pwdExpirationDate'] = None - v1_db['users'][user]['pwdUpdateRequired'] = False - - self.roles = {rn: Role.from_dict(r) for rn, r in v1_db.get('roles', {}).items()} - self.users = {un: User.from_dict(u, dict(self.roles, **SYSTEM_ROLES)) - for un, u in v1_db.get('users', {}).items()} - - self.save() - else: - # If version 1 does not exist, check if migration of VERSION "0" needs to be done - check_migrate_v0_to_current() - - check_migrate_v1_to_current() - @classmethod def load(cls): logger.info("Loading user roles DB version=%s", cls.VERSION) @@ -562,8 +523,6 @@ class AccessControlDB(object): if json_db is None: logger.debug("No DB v%s found, creating new...", cls.VERSION) db = cls(cls.VERSION, {}, {}) - # check if we can update from a previous version database - db.check_and_update_db() return db dict_db = json.loads(json_db) diff --git a/src/pybind/mgr/dashboard/tests/test_access_control.py b/src/pybind/mgr/dashboard/tests/test_access_control.py index 622880d8369d3..c9b79a2a1c5f8 100644 --- a/src/pybind/mgr/dashboard/tests/test_access_control.py +++ b/src/pybind/mgr/dashboard/tests/test_access_control.py @@ -685,134 +685,6 @@ class AccessControlTest(unittest.TestCase, CLICommandTestMixin): self.validate_persistent_user('admin', ['read-only'], pass_hash, 'admin User', 'admin@user.com') - def test_load_v1(self): - self.CONFIG_KEY_DICT['accessdb_v1'] = ''' - {{ - "users": {{ - "admin": {{ - "username": "admin", - "password": - "$2b$12$sd0Az7mm3FaJl8kN3b/xwOuztaN0sWUwC1SJqjM4wcDw/s5cmGbLK", - "roles": ["block-manager", "test_role"], - "name": "admin User", - "email": "admin@user.com", - "lastUpdate": {} - }} - }}, - "roles": {{ - "test_role": {{ - "name": "test_role", - "description": "Test Role", - "scopes_permissions": {{ - "{}": ["{}", "{}"], - "{}": ["{}"] - }} - }} - }}, - "version": 1 - }} - '''.format(int(round(time.time())), Scope.ISCSI, Permission.READ, - Permission.UPDATE, Scope.POOL, Permission.CREATE) - - load_access_control_db() - role = self.exec_cmd('ac-role-show', rolename="test_role") - self.assertDictEqual(role, { - 'name': 'test_role', - 'description': "Test Role", - 'scopes_permissions': { - Scope.ISCSI: [Permission.READ, Permission.UPDATE], - Scope.POOL: [Permission.CREATE] - } - }) - user = self.exec_cmd('ac-user-show', username="admin") - self.assertDictEqual(user, { - 'username': 'admin', - 'lastUpdate': user['lastUpdate'], - 'password': - "$2b$12$sd0Az7mm3FaJl8kN3b/xwOuztaN0sWUwC1SJqjM4wcDw/s5cmGbLK", - 'pwdExpirationDate': None, - 'pwdUpdateRequired': False, - 'name': 'admin User', - 'email': 'admin@user.com', - 'roles': ['block-manager', 'test_role'], - 'enabled': True - }) - - def test_load_v2(self): - self.CONFIG_KEY_DICT['accessdb_v2'] = ''' - {{ - "users": {{ - "admin": {{ - "username": "admin", - "password": - "$2b$12$sd0Az7mm3FaJl8kN3b/xwOuztaN0sWUwC1SJqjM4wcDw/s5cmGbLK", - "pwdExpirationDate": null, - "pwdUpdateRequired": false, - "roles": ["block-manager", "test_role"], - "name": "admin User", - "email": "admin@user.com", - "lastUpdate": {}, - "enabled": true - }} - }}, - "roles": {{ - "test_role": {{ - "name": "test_role", - "description": "Test Role", - "scopes_permissions": {{ - "{}": ["{}", "{}"], - "{}": ["{}"] - }} - }} - }}, - "version": 2 - }} - '''.format(int(round(time.time())), Scope.ISCSI, Permission.READ, - Permission.UPDATE, Scope.POOL, Permission.CREATE) - - load_access_control_db() - role = self.exec_cmd('ac-role-show', rolename="test_role") - self.assertDictEqual(role, { - 'name': 'test_role', - 'description': "Test Role", - 'scopes_permissions': { - Scope.ISCSI: [Permission.READ, Permission.UPDATE], - Scope.POOL: [Permission.CREATE] - } - }) - user = self.exec_cmd('ac-user-show', username="admin") - self.assertDictEqual(user, { - 'username': 'admin', - 'lastUpdate': user['lastUpdate'], - 'password': - "$2b$12$sd0Az7mm3FaJl8kN3b/xwOuztaN0sWUwC1SJqjM4wcDw/s5cmGbLK", - 'pwdExpirationDate': None, - 'pwdUpdateRequired': False, - 'name': 'admin User', - 'email': 'admin@user.com', - 'roles': ['block-manager', 'test_role'], - 'enabled': True - }) - - def test_update_from_previous_version_v1(self): - self.CONFIG_KEY_DICT['username'] = 'admin' - self.CONFIG_KEY_DICT['password'] = \ - '$2b$12$sd0Az7mm3FaJl8kN3b/xwOuztaN0sWUwC1SJqjM4wcDw/s5cmGbLK' - load_access_control_db() - user = self.exec_cmd('ac-user-show', username="admin") - self.assertDictEqual(user, { - 'username': 'admin', - 'lastUpdate': user['lastUpdate'], - 'password': - "$2b$12$sd0Az7mm3FaJl8kN3b/xwOuztaN0sWUwC1SJqjM4wcDw/s5cmGbLK", - 'pwdExpirationDate': None, - 'pwdUpdateRequired': False, - 'name': None, - 'email': None, - 'roles': ['administrator'], - 'enabled': True - }) - def test_password_policy_pw_length(self): Settings.PWD_POLICY_CHECK_LENGTH_ENABLED = True Settings.PWD_POLICY_MIN_LENGTH = 3 -- 2.39.5