diff options
author | Luke Hinds <lhinds@redhat.com> | 2016-12-21 13:57:47 +0000 |
---|---|---|
committer | lhinds <lhinds@redhat.com> | 2017-01-25 16:45:22 +0000 |
commit | 0e18ac5fdec4b9eeaef7f6aa83c466e86415e4e2 (patch) | |
tree | a0d6bcbfb0bfbc8c528fc65a530f0721b8c6b9e0 | |
parent | 6ec44d98b4a9aee3b469f31d08dd293bcff6db0e (diff) |
Manage password_validator regex
Horizon provides a password validation check, which OpenStack cloud
operators can use to enforce password complexity checks for users
within horizon.
A dictionary containing a regular expression can be used for
password validation with help text that is displayed if the password
does not pass validation.
HORIZON_CONFIG["password_validator"] = {
"regex": '.*',
"help_text": _("Your password does not meet the requirements."),
}
This change allows injection of the regex into horizons local_settings
file from a tripleo heat template
Change-Id: Ib6517c8f96148bea002b0e3442a26367b236928f
Depends-On: If82a80ed6a8e6e65aecc2a25ee6d60640ae03c9a
Closes-Bug: #1640800
-rw-r--r-- | capabilities-map.yaml | 12 | ||||
-rw-r--r-- | environments/horizon_password_validation.yaml | 5 | ||||
-rw-r--r-- | puppet/services/horizon.yaml | 10 |
3 files changed, 27 insertions, 0 deletions
diff --git a/capabilities-map.yaml b/capabilities-map.yaml index ae747621..085570e6 100644 --- a/capabilities-map.yaml +++ b/capabilities-map.yaml @@ -504,3 +504,15 @@ topics: description: requires: - overcloud-resource-registry-puppet.yaml + + - title: Security Options + description: Security Hardening Options + environment_groups: + - title: Horizon Password Validation + description: Enable Horizon Password validation + environments: + - file: environments/horizon_password_validation.yaml + title: Horizon Password Validation + description: + requires: + - overcloud-resource-registry-puppet.yaml diff --git a/environments/horizon_password_validation.yaml b/environments/horizon_password_validation.yaml new file mode 100644 index 00000000..1a0f92cc --- /dev/null +++ b/environments/horizon_password_validation.yaml @@ -0,0 +1,5 @@ +# Use this enviroment to pass in validation regex for horizons password +# validation checks +parameter_defaults: + HorizonPasswordValidator: '.*' + HorizonPasswordValidatorHelp: 'Your password does not meet the requirements.' diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index e59dc202..f31ca17c 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -27,6 +27,14 @@ parameters: description: A list of IP/Hostname for the server Horizon is running on. Used for header checks. type: comma_delimited_list + HorizonPasswordValidator: + description: Regex for password validation + type: string + default: '' + HorizonPasswordValidatorHelp: + description: Help text for password validation + type: string + default: '' HorizonSecret: description: Secret key for Django type: string @@ -70,6 +78,8 @@ outputs: options: ['FollowSymLinks','MultiViews'] horizon::bind_address: {get_param: [ServiceNetMap, HorizonNetwork]} horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri]} + horizon::password_validator: {get_param: [HorizonPasswordValidator]} + horizon::password_validator_help: {get_param: [HorizonPasswordValidatorHelp]} horizon::secret_key: yaql: expression: $.data.passwords.where($ != '').first() |