Permalink
Browse files

Manage password_validator with puppet manifest

Horizon provides a password validation check, which OpenStack cloud
operators can use to enforce password complexity checks for users
within horizon.

A dictionary containing a regular expression can be used for
password validation with help text that is displayed if the password
does not pass validation.

HORIZON_CONFIG["password_validator"] = {
   "regex": '.*', ]
   "help_text": _("Your password does not meet the requirements."),
   }

This change allows injection of the regex and help text into horizons
local_settings file.

Change-Id: If82a80ed6a8e6e65aecc2a25ee6d60640ae03c9a
Related-Bug: #1640800
  • Loading branch information...
lukehinds committed Dec 21, 2016
1 parent 5f9423f commit 047e3b5c329427a45a33d6f575f295bea56636d3
Showing with 27 additions and 0 deletions.
  1. +11 −0 manifests/init.pp
  2. +6 −0 releasenotes/notes/password_validator-fdb08ff1d27aa652.yaml
  3. +10 −0 templates/local_settings.py.erb
View
@@ -343,6 +343,15 @@
# 'acme_saml2' => ['acme', 'saml2'],
# }
#
# [*password_validator*]
# (optional) Horizon provides a password validation check, which OpenStack cloud
# operators can use to enforce password complexity checks for users within horizon.
# A dictionary containing a regular expression can be used for password validation
# with help text that is displayed if the password does not pass validation.
#
# [*password_validator_help*]
# (optional) Help text to display when password validation fails in horizon.
#
# === DEPRECATED group/name
#
# [*fqdn*]
@@ -447,6 +456,8 @@
$websso_initial_choice = undef,
$websso_choices = undef,
$websso_idp_mapping = undef,
$password_validator = undef,
$password_validator_help = undef,
# DEPRECATED PARAMETERS
$custom_theme_path = undef,
$fqdn = undef,
@@ -0,0 +1,6 @@
features:
- Making password_validator a configurable value
password_validator allows operators to use a
regular express to insure passwords are validated
for a certain criterion, which in turn allows
stronger security over password complexity
@@ -127,6 +127,16 @@ HORIZON_CONFIG = {
# "regex": '.*',
# "help_text": _("Your password does not meet the requirements."),
#}
<%if @password_validator %>
HORIZON_CONFIG["password_validator"] = {
"regex": '<%= @password_validator %>',
<%- if @password_validator_help -%>
"help_text": _("<%= @password_validator_help -%>"),
<%- else -%>
"help_text": _("Your password does not meet the requirements."),
<%- end -%>
}
<% end %>
# Disable simplified floating IP address management for deployments with
# multiple floating IP pools or complex network requirements.

0 comments on commit 047e3b5

Please sign in to comment.