Support non-interactive user password update
Currently user password update require interactive prompting of user's original password. This is problematic because we can't support non-interactive applications and therefore hinders automation. This patch make it possible by optionally accepting an '--original-password' argument. If specified, we would use it instead of prompting. DocImpact Change-Id: I2d994e8c2be949f7ae616ac1d1594fb94e1a27cd Closes-Bug: 1531360
This commit is contained in:
parent
ee1a4774dd
commit
5cbecc130e
@ -392,12 +392,39 @@ class SetPasswordUser(command.Command):
|
|||||||
metavar='<new-password>',
|
metavar='<new-password>',
|
||||||
help='New user password'
|
help='New user password'
|
||||||
)
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
'--original-password',
|
||||||
|
metavar='<original-password>',
|
||||||
|
help='Original user password'
|
||||||
|
)
|
||||||
return parser
|
return parser
|
||||||
|
|
||||||
@utils.log_method(log)
|
@utils.log_method(log)
|
||||||
def take_action(self, parsed_args):
|
def take_action(self, parsed_args):
|
||||||
identity_client = self.app.client_manager.identity
|
identity_client = self.app.client_manager.identity
|
||||||
|
|
||||||
|
# FIXME(gyee): there are two scenarios:
|
||||||
|
#
|
||||||
|
# 1. user update password for himself
|
||||||
|
# 2. admin update password on behalf of the user. This is an unlikely
|
||||||
|
# scenario because that will require admin knowing the user's
|
||||||
|
# original password which is forbidden under most security
|
||||||
|
# policies.
|
||||||
|
#
|
||||||
|
# Of the two scenarios above, user either authenticate using its
|
||||||
|
# original password or an authentication token. For scenario #1,
|
||||||
|
# if user is authenticating with its original password (i.e. passing
|
||||||
|
# --os-password argument), we can just make use of it instead of using
|
||||||
|
# --original-password or prompting. For scenario #2, admin will need
|
||||||
|
# to specify --original-password option or this won't work because
|
||||||
|
# --os-password is the admin's own password. In the future if we stop
|
||||||
|
# supporting scenario #2 then we can just do this.
|
||||||
|
#
|
||||||
|
# current_password = (parsed_args.original_password or
|
||||||
|
# self.app.cloud.password)
|
||||||
|
#
|
||||||
|
current_password = parsed_args.original_password
|
||||||
|
if current_password is None:
|
||||||
current_password = utils.get_password(
|
current_password = utils.get_password(
|
||||||
self.app.stdin, prompt="Current Password:", confirm=False)
|
self.app.stdin, prompt="Current Password:", confirm=False)
|
||||||
|
|
||||||
|
@ -1095,6 +1095,25 @@ class TestUserSetPassword(TestUser):
|
|||||||
current_pass, new_pass
|
current_pass, new_pass
|
||||||
)
|
)
|
||||||
|
|
||||||
|
def test_user_password_change_no_prompt(self):
|
||||||
|
current_pass = 'old_pass'
|
||||||
|
new_pass = 'new_pass'
|
||||||
|
arglist = [
|
||||||
|
'--password', new_pass,
|
||||||
|
'--original-password', current_pass,
|
||||||
|
]
|
||||||
|
verifylist = [
|
||||||
|
('password', new_pass),
|
||||||
|
('original_password', current_pass),
|
||||||
|
]
|
||||||
|
parsed_args = self.check_parser(self.cmd, arglist, verifylist)
|
||||||
|
|
||||||
|
self.cmd.take_action(parsed_args)
|
||||||
|
|
||||||
|
self.users_mock.update_password.assert_called_with(
|
||||||
|
current_pass, new_pass
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
class TestUserShow(TestUser):
|
class TestUserShow(TestUser):
|
||||||
|
|
||||||
|
5
releasenotes/notes/bug-1531360-0f5c62d18088e5b5.yaml
Normal file
5
releasenotes/notes/bug-1531360-0f5c62d18088e5b5.yaml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
Support non-interactive user password update
|
||||||
|
[Bug `1531360 <https://bugs.launchpad.net/bugs/1531360>`_]
|
Loading…
Reference in New Issue
Block a user