Permalink
Browse files

Manage password_validator regex

Horizon provides a password validation check, which OpenStack cloud
operators can use to enforce password complexity checks for users
within horizon.

A dictionary containing a regular expression can be used for
password validation with help text that is displayed if the password
does not pass validation.

HORIZON_CONFIG["password_validator"] = {
    "regex": '.*',
      "help_text": _("Your password does not meet the requirements."),

}

This change allows injection of the regex into horizons local_settings
file from a tripleo heat template

Change-Id: Ib6517c8f96148bea002b0e3442a26367b236928f
Depends-On: If82a80ed6a8e6e65aecc2a25ee6d60640ae03c9a
Closes-Bug: #1640800
  • Loading branch information...
lukehinds committed Dec 21, 2016
1 parent 6ec44d9 commit 0e18ac5fdec4b9eeaef7f6aa83c466e86415e4e2
Showing with 27 additions and 0 deletions.
  1. +12 −0 capabilities-map.yaml
  2. +5 −0 environments/horizon_password_validation.yaml
  3. +10 −0 puppet/services/horizon.yaml
View
@@ -504,3 +504,15 @@ topics:
description:
requires:
- overcloud-resource-registry-puppet.yaml
- title: Security Options
description: Security Hardening Options
environment_groups:
- title: Horizon Password Validation
description: Enable Horizon Password validation
environments:
- file: environments/horizon_password_validation.yaml
title: Horizon Password Validation
description:
requires:
- overcloud-resource-registry-puppet.yaml
@@ -0,0 +1,5 @@
# Use this enviroment to pass in validation regex for horizons password
# validation checks
parameter_defaults:
HorizonPasswordValidator: '.*'
HorizonPasswordValidatorHelp: 'Your password does not meet the requirements.'
@@ -27,6 +27,14 @@ parameters:
description: A list of IP/Hostname for the server Horizon is running on.
Used for header checks.
type: comma_delimited_list
HorizonPasswordValidator:
description: Regex for password validation
type: string
default: ''
HorizonPasswordValidatorHelp:
description: Help text for password validation
type: string
default: ''
HorizonSecret:
description: Secret key for Django
type: string
@@ -70,6 +78,8 @@ outputs:
options: ['FollowSymLinks','MultiViews']
horizon::bind_address: {get_param: [ServiceNetMap, HorizonNetwork]}
horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri]}
horizon::password_validator: {get_param: [HorizonPasswordValidator]}
horizon::password_validator_help: {get_param: [HorizonPasswordValidatorHelp]}
horizon::secret_key:
yaql:
expression: $.data.passwords.where($ != '').first()

0 comments on commit 0e18ac5

Please sign in to comment.