Code Review / apex-tripleo-heat-templates.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 6ec44d9)
Manage password_validator regex
authorLuke Hinds <lhinds@redhat.com>
Wed, 21 Dec 2016 13:57:47 +0000 (13:57 +0000)
committerlhinds <lhinds@redhat.com>
Wed, 25 Jan 2017 16:45:22 +0000 (16:45 +0000)
Horizon provides a password validation check, which OpenStack cloud
operators can use to enforce password complexity checks for users
within horizon.

A dictionary containing a regular expression can be used for
password validation with help text that is displayed if the password
does not pass validation.

HORIZON_CONFIG["password_validator"] = {
    "regex": '.*',
      "help_text": _("Your password does not meet the requirements."),

}

This change allows injection of the regex into horizons local_settings
file from a tripleo heat template

Change-Id: Ib6517c8f96148bea002b0e3442a26367b236928f
Depends-On: If82a80ed6a8e6e65aecc2a25ee6d60640ae03c9a
Closes-Bug: #1640800

capabilities-map.yaml patch | blob | history
environments/horizon_password_validation.yaml [new file with mode: 0644] patch | blob
puppet/services/horizon.yaml patch | blob | history

diff --git a/capabilities-map.yaml b/capabilities-map.yaml
index ae74762..085570e 100644 (file)
--- a/capabilities-map.yaml
+++ b/capabilities-map.yaml
@@ -504,3 +504,15 @@ topics:
             description:
             requires:
               - overcloud-resource-registry-puppet.yaml
+
+  - title: Security Options
+    description: Security Hardening Options
+    environment_groups:
+      - title: Horizon Password Validation
+        description: Enable Horizon Password validation
+        environments:
+          - file: environments/horizon_password_validation.yaml
+            title: Horizon Password Validation
+            description:
+            requires:
+              - overcloud-resource-registry-puppet.yaml
diff --git a/environments/horizon_password_validation.yaml b/environments/horizon_password_validation.yaml
new file mode 100644 (file)
index 0000000..1a0f92c
--- /dev/null
+++ b/environments/horizon_password_validation.yaml
@@ -0,0 +1,5 @@
+# Use this enviroment to pass in validation regex for horizons password
+# validation checks
+parameter_defaults:
+  HorizonPasswordValidator: '.*'
+  HorizonPasswordValidatorHelp: 'Your password does not meet the requirements.'
diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml
index e59dc20..f31ca17 100644 (file)
--- a/puppet/services/horizon.yaml
+++ b/puppet/services/horizon.yaml
@@ -27,6 +27,14 @@ parameters:
     description: A list of IP/Hostname for the server Horizon is running on.
                  Used for header checks.
     type: comma_delimited_list
+  HorizonPasswordValidator:
+    description: Regex for password validation
+    type: string
+    default: ''
+  HorizonPasswordValidatorHelp:
+    description: Help text for password validation
+    type: string
+    default: ''
   HorizonSecret:
     description: Secret key for Django
     type: string
@@ -70,6 +78,8 @@ outputs:
             options: ['FollowSymLinks','MultiViews']
           horizon::bind_address: {get_param: [ServiceNetMap, HorizonNetwork]}
           horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri]}
+          horizon::password_validator: {get_param: [HorizonPasswordValidator]}
+          horizon::password_validator_help: {get_param: [HorizonPasswordValidatorHelp]}
           horizon::secret_key:
             yaql:
               expression: $.data.passwords.where($ != '').first()