aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLuke Hinds <lhinds@redhat.com>2016-12-21 13:57:47 +0000
committerlhinds <lhinds@redhat.com>2017-01-25 16:45:22 +0000
commit0e18ac5fdec4b9eeaef7f6aa83c466e86415e4e2 (patch)
treea0d6bcbfb0bfbc8c528fc65a530f0721b8c6b9e0
parent6ec44d98b4a9aee3b469f31d08dd293bcff6db0e (diff)
Manage password_validator regex
Horizon provides a password validation check, which OpenStack cloud operators can use to enforce password complexity checks for users within horizon. A dictionary containing a regular expression can be used for password validation with help text that is displayed if the password does not pass validation. HORIZON_CONFIG["password_validator"] = { "regex": '.*', "help_text": _("Your password does not meet the requirements."), } This change allows injection of the regex into horizons local_settings file from a tripleo heat template Change-Id: Ib6517c8f96148bea002b0e3442a26367b236928f Depends-On: If82a80ed6a8e6e65aecc2a25ee6d60640ae03c9a Closes-Bug: #1640800
-rw-r--r--capabilities-map.yaml12
-rw-r--r--environments/horizon_password_validation.yaml5
-rw-r--r--puppet/services/horizon.yaml10
3 files changed, 27 insertions, 0 deletions
diff --git a/capabilities-map.yaml b/capabilities-map.yaml
index ae747621..085570e6 100644
--- a/capabilities-map.yaml
+++ b/capabilities-map.yaml
@@ -504,3 +504,15 @@ topics:
description:
requires:
- overcloud-resource-registry-puppet.yaml
+
+ - title: Security Options
+ description: Security Hardening Options
+ environment_groups:
+ - title: Horizon Password Validation
+ description: Enable Horizon Password validation
+ environments:
+ - file: environments/horizon_password_validation.yaml
+ title: Horizon Password Validation
+ description:
+ requires:
+ - overcloud-resource-registry-puppet.yaml
diff --git a/environments/horizon_password_validation.yaml b/environments/horizon_password_validation.yaml
new file mode 100644
index 00000000..1a0f92cc
--- /dev/null
+++ b/environments/horizon_password_validation.yaml
@@ -0,0 +1,5 @@
+# Use this enviroment to pass in validation regex for horizons password
+# validation checks
+parameter_defaults:
+ HorizonPasswordValidator: '.*'
+ HorizonPasswordValidatorHelp: 'Your password does not meet the requirements.'
diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml
index e59dc202..f31ca17c 100644
--- a/puppet/services/horizon.yaml
+++ b/puppet/services/horizon.yaml
@@ -27,6 +27,14 @@ parameters:
description: A list of IP/Hostname for the server Horizon is running on.
Used for header checks.
type: comma_delimited_list
+ HorizonPasswordValidator:
+ description: Regex for password validation
+ type: string
+ default: ''
+ HorizonPasswordValidatorHelp:
+ description: Help text for password validation
+ type: string
+ default: ''
HorizonSecret:
description: Secret key for Django
type: string
@@ -70,6 +78,8 @@ outputs:
options: ['FollowSymLinks','MultiViews']
horizon::bind_address: {get_param: [ServiceNetMap, HorizonNetwork]}
horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ horizon::password_validator: {get_param: [HorizonPasswordValidator]}
+ horizon::password_validator_help: {get_param: [HorizonPasswordValidatorHelp]}
horizon::secret_key:
yaql:
expression: $.data.passwords.where($ != '').first()