From f5ee1c5aa533c47f93b091eafb366c4185b4ab49 Mon Sep 17 00:00:00 2001 From: Krzysztof Opasiak Date: Tue, 25 Aug 2020 23:22:53 +0200 Subject: [PATCH] [COMMON] Allow to set default password complexity With the introduction of common secret template many of ONAP passwords started being automatically generated. The algorithm that we use for this purpose allows to choose the complexity of generated password. By default we use "long" which contains special characters. Unfortunately this turns out to often cause some issue. To make our deployment more stable and user friendly lets allow the deployer to choose the desired password complexity. Issue-ID: OOM-2328 Signed-off-by: Krzysztof Opasiak Change-Id: Ib7a412e19f6b44f20c8ac388393936cf5d967d4e --- kubernetes/common/common/templates/_createPassword.tpl | 15 ++++++++++++++- kubernetes/onap/values.yaml | 5 +++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/kubernetes/common/common/templates/_createPassword.tpl b/kubernetes/common/common/templates/_createPassword.tpl index 8b2f1e274d..bfa96daf64 100644 --- a/kubernetes/common/common/templates/_createPassword.tpl +++ b/kubernetes/common/common/templates/_createPassword.tpl @@ -37,6 +37,18 @@ {{ end }} {{- end -}} +{{- define "common._defaultPasswordStrength" -}} + {{ if .Values.passwordStrengthOverride }} + {{- printf "%s" .Values.passwordStrengthOverride -}} + {{ else if .Values.global.passwordStrength }} + {{- printf "%s" .Values.global.passwordStrength -}} + {{ else if .Values.passwordStrength }} + {{- printf "%s" .Values.passwordStrength -}} + {{ else }} + {{- printf "long" }} + {{ end }} +{{- end -}} + {{/* Generate a new password based on masterPassword. The new password is not random, it is derived from masterPassword, fully qualified chart name and @@ -59,7 +71,8 @@ {{- define "common.createPassword" -}} {{- $dot := default . .dot -}} {{- $uid := default "onap" .uid -}} - {{- $strength := default "long" .strength -}} + {{- $defaultStrength := include "common._defaultPasswordStrength" $dot | trim -}} + {{- $strength := default $defaultStrength .strength -}} {{- $mp := include "common.masterPassword" $dot -}} {{- derivePassword 1 $strength $mp (include "common.fullname" $dot) $uid -}} {{- end -}} diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index dd80323216..e1a999aa3d 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -90,6 +90,11 @@ global: # flag to enable debugging - application support required debugEnabled: false + # default password complexity + # available options: phrase, name, pin, basic, short, medium, long, maximum security + # More datails: https://masterpassword.app/masterpassword-algorithm.pdf + passwordStrength: long + # configuration to set log level to all components (the one that are using # "common.log.level" to set this) # can be overrided per components by setting logConfiguration.logLevelOverride -- 2.16.6