[COMMON] Allow to set default password complexity

With the introduction of common secret template many of ONAP passwords
started being automatically generated.

The algorithm that we use for this purpose allows to choose the
complexity of generated password. By default we use "long" which
contains special characters. Unfortunately this turns out to often
cause some issue. To make our deployment more stable and user friendly
lets allow the deployer to choose the desired password complexity.

Issue-ID: OOM-2328
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ib7a412e19f6b44f20c8ac388393936cf5d967d4e
(cherry picked from commit f5ee1c5aa533c47f93b091eafb366c4185b4ab49)

diff --git a/kubernetes/common/common/templates/_createPassword.tpl b/kubernetes/common/common/templates/_createPassword.tpl
index 8b2f1e2..bfa96da 100644 (file)
--- a/kubernetes/common/common/templates/_createPassword.tpl
+++ b/kubernetes/common/common/templates/_createPassword.tpl
@@ -37,6 +37,18 @@
   {{ end }}
 {{- end -}}
 
+{{- define "common._defaultPasswordStrength" -}}
+  {{ if .Values.passwordStrengthOverride }}
+    {{- printf "%s" .Values.passwordStrengthOverride -}}
+  {{ else if .Values.global.passwordStrength }}
+    {{- printf "%s" .Values.global.passwordStrength -}}
+  {{ else if .Values.passwordStrength }}
+    {{- printf "%s" .Values.passwordStrength -}}
+  {{ else }}
+    {{- printf "long" }}
+  {{ end }}
+{{- end -}}
+
 {{/*
   Generate a new password based on masterPassword. The new password is not
   random, it is derived from masterPassword, fully qualified chart name and
@@ -59,7 +71,8 @@
 {{- define "common.createPassword" -}}
   {{- $dot := default . .dot -}}
   {{- $uid := default "onap" .uid -}}
-  {{- $strength := default "long" .strength -}}
+  {{- $defaultStrength := include "common._defaultPasswordStrength" $dot | trim -}}
+  {{- $strength := default $defaultStrength .strength -}}
   {{- $mp := include "common.masterPassword" $dot -}}
   {{- derivePassword 1 $strength $mp (include "common.fullname" $dot) $uid -}}
 {{- end -}}

diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 1723ad5..cfe04d9 100755 (executable)
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -75,6 +75,11 @@ global:
   # flag to enable debugging - application support required
   debugEnabled: false
 
+  # default password complexity
+  # available options: phrase, name, pin, basic, short, medium, long, maximum security
+  # More datails: https://masterpassword.app/masterpassword-algorithm.pdf
+  passwordStrength: long
+
   #Global ingress configuration
   ingress:
     enabled: false