From 55c222d088b7ca15a20e0440bd52d1c94b035a93 Mon Sep 17 00:00:00 2001 From: Dimitri Savineau Date: Wed, 18 Mar 2020 10:53:40 -0400 Subject: [PATCH] dashboard: allow to set read-only admin user This commit allows one to set the role for the admin user as read-only. This can be controlled via the dashboard_admin_user_ro variable but the default value is false for backward compatibility. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1810176 Signed-off-by: Dimitri Savineau (cherry picked from commit fb69f6990ce0bf4c9cd4caf9ce7a29e15ab07cfd) --- group_vars/all.yml.sample | 1 + group_vars/rhcs.yml.sample | 1 + roles/ceph-dashboard/tasks/configure_dashboard.yml | 2 +- roles/ceph-defaults/defaults/main.yml | 1 + tests/functional/collocation/container/group_vars/all | 1 + tests/functional/collocation/group_vars/all | 1 + 6 files changed, 6 insertions(+), 1 deletion(-) diff --git a/group_vars/all.yml.sample b/group_vars/all.yml.sample index a4cc2ddd0..f42f35c31 100644 --- a/group_vars/all.yml.sample +++ b/group_vars/all.yml.sample @@ -749,6 +749,7 @@ dummy: #dashboard_protocol: http #dashboard_port: 8443 #dashboard_admin_user: admin +#dashboard_admin_user_ro: false # This variable must be set with a strong custom password when dashboard_enabled is True #dashboard_admin_password: p@ssw0rd # We only need this for SSL (https) connections diff --git a/group_vars/rhcs.yml.sample b/group_vars/rhcs.yml.sample index 1c8f0b5e9..f69151007 100644 --- a/group_vars/rhcs.yml.sample +++ b/group_vars/rhcs.yml.sample @@ -749,6 +749,7 @@ ceph_docker_registry_auth: true #dashboard_protocol: http #dashboard_port: 8443 #dashboard_admin_user: admin +#dashboard_admin_user_ro: false # This variable must be set with a strong custom password when dashboard_enabled is True #dashboard_admin_password: p@ssw0rd # We only need this for SSL (https) connections diff --git a/roles/ceph-dashboard/tasks/configure_dashboard.yml b/roles/ceph-dashboard/tasks/configure_dashboard.yml index b361b40fb..90dda7668 100644 --- a/roles/ceph-dashboard/tasks/configure_dashboard.yml +++ b/roles/ceph-dashboard/tasks/configure_dashboard.yml @@ -84,7 +84,7 @@ if {{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-show {{ dashboard_admin_user | quote }}; then {{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-set-password {{ dashboard_admin_user | quote }} {{ dashboard_admin_password | quote }} else - {{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-create {{ dashboard_admin_user | quote }} {{ dashboard_admin_password | quote }} administrator + {{ container_exec_cmd }} ceph --cluster {{ cluster }} dashboard ac-user-create {{ dashboard_admin_user | quote }} {{ dashboard_admin_password | quote }} {{ 'read-only' if dashboard_admin_user_ro | bool else 'administrator' }} fi retries: 6 delay: 5 diff --git a/roles/ceph-defaults/defaults/main.yml b/roles/ceph-defaults/defaults/main.yml index 71023d530..9f8634760 100644 --- a/roles/ceph-defaults/defaults/main.yml +++ b/roles/ceph-defaults/defaults/main.yml @@ -741,6 +741,7 @@ dashboard_enabled: True dashboard_protocol: http dashboard_port: 8443 dashboard_admin_user: admin +dashboard_admin_user_ro: false # This variable must be set with a strong custom password when dashboard_enabled is True #dashboard_admin_password: p@ssw0rd # We only need this for SSL (https) connections diff --git a/tests/functional/collocation/container/group_vars/all b/tests/functional/collocation/container/group_vars/all index 4bbc40f26..347ef3dcb 100644 --- a/tests/functional/collocation/container/group_vars/all +++ b/tests/functional/collocation/container/group_vars/all @@ -20,4 +20,5 @@ ceph_conf_overrides: handler_health_mon_check_delay: 10 handler_health_osd_check_delay: 10 dashboard_admin_password: $sX!cD$rYU6qR^B! +dashboard_admin_user_ro: true grafana_admin_password: +xFRe+RES@7vg24n \ No newline at end of file diff --git a/tests/functional/collocation/group_vars/all b/tests/functional/collocation/group_vars/all index 1ab45fba5..b1e30375b 100644 --- a/tests/functional/collocation/group_vars/all +++ b/tests/functional/collocation/group_vars/all @@ -17,4 +17,5 @@ ceph_conf_overrides: handler_health_mon_check_delay: 10 handler_health_osd_check_delay: 10 dashboard_admin_password: $sX!cD$rYU6qR^B! +dashboard_admin_user_ro: true grafana_admin_password: +xFRe+RES@7vg24n \ No newline at end of file