summary |
shortlog |
log |
commit | commitdiff |
review |
tree
raw |
patch |
inline | side by side (from parent 1:
23e0d79)
With the introduction of common secret template many of ONAP passwords
started being automatically generated.
The algorithm that we use for this purpose allows to choose the
complexity of generated password. By default we use "long" which
contains special characters. Unfortunately this turns out to often
cause some issue. To make our deployment more stable and user friendly
lets allow the deployer to choose the desired password complexity.
Issue-ID: OOM-2328
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ib7a412e19f6b44f20c8ac388393936cf5d967d4e
+{{- define "common._defaultPasswordStrength" -}}
+ {{ if .Values.passwordStrengthOverride }}
+ {{- printf "%s" .Values.passwordStrengthOverride -}}
+ {{ else if .Values.global.passwordStrength }}
+ {{- printf "%s" .Values.global.passwordStrength -}}
+ {{ else if .Values.passwordStrength }}
+ {{- printf "%s" .Values.passwordStrength -}}
+ {{ else }}
+ {{- printf "long" }}
+ {{ end }}
+{{- end -}}
+
{{/*
Generate a new password based on masterPassword. The new password is not
random, it is derived from masterPassword, fully qualified chart name and
{{/*
Generate a new password based on masterPassword. The new password is not
random, it is derived from masterPassword, fully qualified chart name and
{{- define "common.createPassword" -}}
{{- $dot := default . .dot -}}
{{- $uid := default "onap" .uid -}}
{{- define "common.createPassword" -}}
{{- $dot := default . .dot -}}
{{- $uid := default "onap" .uid -}}
- {{- $strength := default "long" .strength -}}
+ {{- $defaultStrength := include "common._defaultPasswordStrength" $dot | trim -}}
+ {{- $strength := default $defaultStrength .strength -}}
{{- $mp := include "common.masterPassword" $dot -}}
{{- derivePassword 1 $strength $mp (include "common.fullname" $dot) $uid -}}
{{- end -}}
{{- $mp := include "common.masterPassword" $dot -}}
{{- derivePassword 1 $strength $mp (include "common.fullname" $dot) $uid -}}
{{- end -}}
# flag to enable debugging - application support required
debugEnabled: false
# flag to enable debugging - application support required
debugEnabled: false
+ # default password complexity
+ # available options: phrase, name, pin, basic, short, medium, long, maximum security
+ # More datails: https://masterpassword.app/masterpassword-algorithm.pdf
+ passwordStrength: long
+
# configuration to set log level to all components (the one that are using
# "common.log.level" to set this)
# can be overrided per components by setting logConfiguration.logLevelOverride
# configuration to set log level to all components (the one that are using
# "common.log.level" to set this)
# can be overrided per components by setting logConfiguration.logLevelOverride