feat: added initial password creation to portal

- randomize passwords according to password policies 2 Uppercase Characters 2 Lowercase Characters 2 Special Characters 1 Digits
4 years ago · 00ca2bc3f1
parent 8c69471639
commit 00ca2bc3f1
13 changed files with 390 additions and 107 deletions
--- a/group_vars/management/plain.yml
+++ b/group_vars/management/plain.yml
@ -4,8 +4,8 @@ hetzner_server_type: cx21

 connect_image_version: "9.0"

-connect_admin_username: "{{ management_admin_username }}"
-connect_admin_password: "{{ management_admin_password }}"
+connect_client_admin_username: "{{ management_admin_username }}"
+connect_client_admin_password: "{{ management_admin_password }}"
 connect_workflow_env: "stage:{{ stage }};smardigoUserToken:{{ smardigo_auth_token_value }}"
 connect_process_search_module: "external"
 connect_oidc_client_secret: "{{ management_oidc_client_secret }}"
--- a/roles/connect/vars/main.yml
+++ b/roles/connect/vars/main.yml
@ -20,8 +20,8 @@ connect_labels: [
 connect_environment: [
  "TENANT_ID: \"{{ connect_client_id }}\"",

-  "ADMIN_LOGIN: \"{{ connect_admin_username | default('connect-admin') }}\"",
-  "ADMIN_PASSWORD: \"{{ connect_admin_password | default('connect-admin') }}\"",
+  "ADMIN_LOGIN: \"{{ connect_client_admin_username }}\"",
+  "ADMIN_PASSWORD: \"{{ connect_client_admin_password }}\"",
  "SMA_JWT_ENABLED: \"{{ connect_jwt_enabled | default('false') }}\"",
  "SMA_JWT_SECRET: \"{{ connect_jwt_secret | default('') }}\"",
  "SMA_CSRF_TOKEN_NAME: \"{{ connect_csrf_token_name | default('') }}\"",
--- a/roles/connect_realm/defaults/main.yml
+++ b/roles/connect_realm/defaults/main.yml
@ -44,6 +44,9 @@ current_realm_users: >-
  [{{ current_realm_users_base }}]
  {%- endif -%}

-current_realm_admin_user:
-  username: "{{ connect_realm_admin_username }}"
-  password: "{{ connect_realm_admin_password }}"
+current_realm_admin_users: [
+  {
+    "username": "{{ connect_realm_admin_username }}",
+    "password": "{{ connect_realm_admin_password }}",
+  }
+]
--- a/roles/connect_realm/tasks/main.yml
+++ b/roles/connect_realm/tasks/main.yml
@ -17,7 +17,7 @@
    name: keycloak
    tasks_from: _create_realm_users

- name: "Create realm admin"
+- name: "Create realm admin users"
  include_role:
    name: keycloak
    tasks_from: _create_realm_admin
--- a/roles/connect_wordpress/tasks/main.yml
+++ b/roles/connect_wordpress/tasks/main.yml
@ -6,7 +6,7 @@
 - name: "Creating smardigo user token"
  smardigo_user_token:
    secret:  "{{ connect_jwt_secret }}"
-    user_id: "{{ connect_admin_username }}"
+    user_id: "{{ connect_client_admin_username }}"
  register: smardigo_user_token_result
  delegate_to: 127.0.0.1
  become: false
--- a/roles/keycloak/tasks/_create_realm_admin.yml
+++ b/roles/keycloak/tasks/_create_realm_admin.yml
@ -58,7 +58,7 @@
      Content-Type: "application/json"
      Authorization: "Bearer {{ access_token }}"
    status_code: [201]
-  loop: "[{{ current_realm_admin_user }}]"
+  loop: "{{ current_realm_admin_users }}"
  loop_control:
    loop_var: current_realm_user
  when: current_realm_user.username not in realm_user_usernames
--- a/roles/management/tasks/main.yaml
+++ b/roles/management/tasks/main.yaml
@ -7,7 +7,7 @@
 - name: "Creating smardigo user token"
  smardigo_user_token:
    secret:  "{{ connect_jwt_secret }}"
-    user_id: "{{ connect_admin_username }}"
+    user_id: "{{ connect_client_admin_username }}"
  register: smardigo_user_token_result
  delegate_to: 127.0.0.1
  become: false
--- a/smardigo/provisioning/form/simple-connect.json
+++ b/smardigo/provisioning/form/simple-connect.json
@ -47,111 +47,362 @@
      "logic" : [ ],
      "reorder" : false
    }, {
-      "label" : "HTML",
-      "labelPosition" : "left-left",
-      "className" : "",
-      "attrs" : [ {
-        "attr" : "",
-        "value" : ""
-      } ],
-      "content" : "<div>\n  connect-admin:connect-admin\n</div>\n<div class=\"h3\">\n  <a\n    target=\"_blank\"\n    href=\"{{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-connect.smardigo.digital' }}\">\n    {{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-connect.smardigo.digital' }}\n  </a>\n</div>",
-      "refreshOnChange" : true,
-      "mask" : false,
-      "tableView" : true,
-      "alwaysEnabled" : false,
-      "type" : "htmlelement",
-      "input" : false,
-      "key" : "html2",
-      "validate" : {
-        "customMessage" : "",
-        "json" : ""
-      },
-      "conditional" : {
-        "show" : "",
-        "when" : "",
-        "json" : ""
-      },
-      "tabs" : null,
-      "encrypted" : false,
-      "properties" : { },
-      "tags" : null,
-      "customConditional" : "",
-      "logic" : [ ],
-      "refreshOn" : "data",
-      "reorder" : false
-    }, {
-      "label" : "HTML",
-      "labelPosition" : "left-left",
-      "className" : "",
-      "attrs" : [ {
-        "attr" : "",
-        "value" : ""
-      } ],
-      "content" : "\n<div class=\"h3\">\n  <a\n    target=\"_blank\"\n    href=\"{{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-wordpress.smardigo.digital' }}\">\n    {{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-wordpress.smardigo.digital' }}\n  </a>\n</div>\n<div>\n  wordpress-admin:wordpress-admin\n</div>\n<div class=\"h3\">\n  <a\n    target=\"_blank\"\n    href=\"{{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-wordpress.smardigo.digital/wp-admin' }}\">\n    {{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-wordpress.smardigo.digital/wp-admin' }}\n  </a>\n</div>",
-      "refreshOnChange" : true,
-      "mask" : false,
-      "tableView" : true,
-      "alwaysEnabled" : false,
-      "type" : "htmlelement",
-      "input" : false,
-      "key" : "html4",
-      "validate" : {
-        "customMessage" : "",
-        "json" : ""
-      },
-      "conditional" : {
-        "show" : "",
-        "when" : "",
-        "json" : ""
-      },
-      "tabs" : null,
-      "encrypted" : false,
-      "properties" : { },
-      "tags" : null,
-      "customConditional" : "show = data['connect-features'].includes(\"connect_wordpress\")  ",
-      "logic" : [ ],
-      "refreshOn" : "data",
-      "reorder" : false
-    }, {
-      "label" : "HTML",
-      "labelPosition" : "left-left",
-      "className" : "",
-      "attrs" : [ {
-        "attr" : "",
-        "value" : ""
+      "label" : "Columns",
+      "columns" : [ {
+        "components" : [ {
+          "label" : "connect_client_admin_password",
+          "hideLabel" : true,
+          "labelPosition" : "left-left",
+          "showWordCount" : false,
+          "showCharCount" : false,
+          "clearOnHide" : false,
+          "disabled" : true,
+          "tableView" : true,
+          "alwaysEnabled" : false,
+          "type" : "textfield",
+          "input" : true,
+          "key" : "connect_client_admin_password",
+          "defaultValue" : "",
+          "validate" : {
+            "customMessage" : "",
+            "json" : ""
+          },
+          "conditional" : {
+            "show" : "",
+            "when" : "",
+            "json" : ""
+          },
+          "tabs" : null,
+          "inputFormat" : "plain",
+          "encrypted" : false,
+          "properties" : { },
+          "tags" : [ ],
+          "customConditional" : "",
+          "logic" : [ ],
+          "widget" : {
+            "type" : ""
+          },
+          "reorder" : false
+        } ],
+        "width" : 3,
+        "offset" : 0,
+        "push" : 0,
+        "pull" : 0,
+        "type" : "column",
+        "input" : false,
+        "hideOnChildrenHidden" : false,
+        "key" : "column",
+        "tableView" : true,
+        "label" : "Column"
+      }, {
+        "components" : [ {
+          "label" : "HTML",
+          "labelPosition" : "left-left",
+          "className" : "",
+          "attrs" : [ {
+            "attr" : "",
+            "value" : ""
+          } ],
+          "content" : "<div class=\"h5\">\n  <a\n    target=\"_blank\"\n    href=\"{{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-connect.smardigo.digital' }}\">\n    {{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-connect.smardigo.digital' }}\n  </a>\n</div>",
+          "refreshOnChange" : true,
+          "mask" : false,
+          "tableView" : true,
+          "alwaysEnabled" : false,
+          "type" : "htmlelement",
+          "input" : false,
+          "key" : "html2",
+          "validate" : {
+            "customMessage" : "",
+            "json" : ""
+          },
+          "conditional" : {
+            "show" : "",
+            "when" : "",
+            "json" : ""
+          },
+          "tabs" : null,
+          "encrypted" : false,
+          "properties" : { },
+          "tags" : null,
+          "customConditional" : "",
+          "logic" : [ ],
+          "refreshOn" : "data",
+          "reorder" : false
+        } ],
+        "width" : 9,
+        "offset" : 0,
+        "push" : 0,
+        "pull" : 0,
+        "type" : "column",
+        "input" : false,
+        "hideOnChildrenHidden" : false,
+        "key" : "column",
+        "tableView" : true,
+        "label" : "Column"
+      }, {
+        "width" : 3,
+        "offset" : 0,
+        "push" : 0,
+        "pull" : 0,
+        "type" : "column",
+        "input" : false,
+        "hideOnChildrenHidden" : false,
+        "key" : "column",
+        "tableView" : true,
+        "label" : "Column",
+        "components" : [ ]
+      }, {
+        "width" : 9,
+        "offset" : 0,
+        "push" : 0,
+        "pull" : 0,
+        "type" : "column",
+        "input" : false,
+        "hideOnChildrenHidden" : false,
+        "key" : "column",
+        "tableView" : true,
+        "label" : "Column",
+        "components" : [ {
+          "label" : "HTML",
+          "labelPosition" : "left-left",
+          "className" : "",
+          "attrs" : [ {
+            "attr" : "",
+            "value" : ""
+          } ],
+          "content" : "<div class=\"h5\">\n  <a\n    target=\"_blank\"\n    href=\"{{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-wordpress.smardigo.digital' }}\">\n    {{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-wordpress.smardigo.digital' }}\n  </a>\n</div>",
+          "refreshOnChange" : true,
+          "mask" : false,
+          "tableView" : true,
+          "alwaysEnabled" : false,
+          "type" : "htmlelement",
+          "input" : false,
+          "key" : "html4",
+          "validate" : {
+            "customMessage" : "",
+            "json" : ""
+          },
+          "conditional" : {
+            "show" : "",
+            "when" : "",
+            "json" : ""
+          },
+          "tabs" : null,
+          "encrypted" : false,
+          "properties" : { },
+          "tags" : null,
+          "customConditional" : "show = data['connect-features'].includes(\"connect_wordpress\")  ",
+          "logic" : [ ],
+          "refreshOn" : "data",
+          "reorder" : false
+        } ]
+      }, {
+        "width" : 3,
+        "offset" : 0,
+        "push" : 0,
+        "pull" : 0,
+        "type" : "column",
+        "input" : false,
+        "hideOnChildrenHidden" : false,
+        "key" : "column",
+        "tableView" : true,
+        "label" : "Column",
+        "components" : [ {
+          "label" : "wordpress_admin_password",
+          "hideLabel" : true,
+          "labelPosition" : "left-left",
+          "showWordCount" : false,
+          "showCharCount" : false,
+          "clearOnHide" : false,
+          "disabled" : true,
+          "tableView" : true,
+          "alwaysEnabled" : false,
+          "type" : "textfield",
+          "input" : true,
+          "key" : "wordpress_admin_password",
+          "defaultValue" : "",
+          "validate" : {
+            "customMessage" : "",
+            "json" : ""
+          },
+          "conditional" : {
+            "show" : "",
+            "when" : "",
+            "json" : ""
+          },
+          "tabs" : null,
+          "properties" : { },
+          "tags" : [ ],
+          "inputFormat" : "plain",
+          "encrypted" : false,
+          "customConditional" : "show = data['connect-features'].includes(\"connect_wordpress\")  ",
+          "logic" : [ ],
+          "widget" : {
+            "type" : ""
+          },
+          "reorder" : false
+        } ]
+      }, {
+        "width" : 9,
+        "offset" : 0,
+        "push" : 0,
+        "pull" : 0,
+        "type" : "column",
+        "input" : false,
+        "hideOnChildrenHidden" : false,
+        "key" : "column",
+        "tableView" : true,
+        "label" : "Column",
+        "components" : [ {
+          "label" : "HTML",
+          "labelPosition" : "left-left",
+          "className" : "",
+          "attrs" : [ {
+            "attr" : "",
+            "value" : ""
+          } ],
+          "content" : "<div class=\"h5\">\n  <a\n    target=\"_blank\"\n    href=\"{{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-wordpress.smardigo.digital/wp-admin' }}\">\n    {{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-wordpress.smardigo.digital/wp-admin' }}\n  </a>\n</div>",
+          "refreshOnChange" : true,
+          "mask" : false,
+          "tableView" : true,
+          "alwaysEnabled" : false,
+          "type" : "htmlelement",
+          "input" : false,
+          "key" : "html5",
+          "validate" : {
+            "customMessage" : "",
+            "json" : ""
+          },
+          "conditional" : {
+            "show" : "",
+            "when" : "",
+            "json" : ""
+          },
+          "tabs" : null,
+          "encrypted" : false,
+          "properties" : { },
+          "tags" : null,
+          "customConditional" : "show = data['connect-features'].includes(\"connect_wordpress\")  ",
+          "logic" : [ ],
+          "refreshOn" : "data",
+          "reorder" : false
+        } ]
+      }, {
+        "width" : 3,
+        "offset" : 0,
+        "push" : 0,
+        "pull" : 0,
+        "type" : "column",
+        "input" : false,
+        "hideOnChildrenHidden" : false,
+        "key" : "column",
+        "tableView" : true,
+        "label" : "Column",
+        "components" : [ {
+          "label" : "keycloak_admin_password",
+          "hideLabel" : true,
+          "labelPosition" : "left-left",
+          "showWordCount" : false,
+          "showCharCount" : false,
+          "clearOnHide" : false,
+          "disabled" : true,
+          "tableView" : true,
+          "alwaysEnabled" : false,
+          "type" : "textfield",
+          "input" : true,
+          "key" : "keycloak_admin_password",
+          "defaultValue" : "",
+          "validate" : {
+            "customMessage" : "",
+            "json" : ""
+          },
+          "conditional" : {
+            "show" : "",
+            "when" : "",
+            "json" : ""
+          },
+          "tabs" : null,
+          "properties" : { },
+          "tags" : [ ],
+          "inputFormat" : "plain",
+          "encrypted" : false,
+          "customConditional" : "",
+          "logic" : [ ],
+          "widget" : {
+            "type" : ""
+          },
+          "reorder" : false
+        } ]
+      }, {
+        "width" : 9,
+        "offset" : 0,
+        "push" : 0,
+        "pull" : 0,
+        "type" : "column",
+        "input" : false,
+        "hideOnChildrenHidden" : false,
+        "key" : "column",
+        "tableView" : true,
+        "label" : "Column",
+        "components" : [ {
+          "label" : "HTML",
+          "labelPosition" : "left-left",
+          "className" : "",
+          "attrs" : [ {
+            "attr" : "",
+            "value" : ""
+          } ],
+          "content" : "<div class=\"h5\">\n  <a\n    target=\"_blank\"\n    href=\"{{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-keycloak-01.smardigo.digital/auth/admin/' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '/console' }}\">\n    {{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-keycloak-01.smardigo.digital/auth/admin/' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '/console' }}\n  </a>\n</div>",
+          "refreshOnChange" : true,
+          "mask" : false,
+          "tableView" : true,
+          "alwaysEnabled" : false,
+          "type" : "htmlelement",
+          "input" : false,
+          "key" : "html3",
+          "validate" : {
+            "customMessage" : "",
+            "json" : ""
+          },
+          "conditional" : {
+            "show" : "",
+            "when" : "",
+            "json" : ""
+          },
+          "tabs" : null,
+          "encrypted" : false,
+          "properties" : { },
+          "tags" : null,
+          "customConditional" : "",
+          "logic" : [ ],
+          "refreshOn" : "data",
+          "reorder" : false
+        } ]
      } ],
-      "content" : "<div>\n  connect-realm-admin:connect-realm-admin\n</div>\n<div class=\"h3\">\n  <a\n    target=\"_blank\"\n    href=\"{{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-keycloak-01.smardigo.digital/auth/admin/' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '/console' }}\">\n    {{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-keycloak-01.smardigo.digital/auth/admin/' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '/console' }}\n  </a>\n</div>",
-      "refreshOnChange" : true,
      "mask" : false,
-      "tableView" : true,
+      "tableView" : false,
      "alwaysEnabled" : false,
-      "type" : "htmlelement",
+      "type" : "columns",
      "input" : false,
-      "key" : "html3",
-      "validate" : {
-        "customMessage" : "",
-        "json" : ""
-      },
+      "key" : "columns2",
      "conditional" : {
        "show" : "",
        "when" : "",
        "json" : ""
      },
      "tabs" : null,
-      "encrypted" : false,
      "properties" : { },
      "tags" : null,
      "customConditional" : "",
      "logic" : [ ],
-      "refreshOn" : "data",
      "reorder" : false
    } ],
    "tabs" : null,
-    "reorder" : false,
    "properties" : { },
    "tags" : null,
    "customConditional" : "",
-    "logic" : [ ]
+    "logic" : [ ],
+    "reorder" : false
  }, {
    "label" : "Status",
    "mask" : false,
--- a/smardigo/provisioning/process-variable-declaration/simple-connect.json
+++ b/smardigo/provisioning/process-variable-declaration/simple-connect.json
@ -23,6 +23,10 @@
      "type" : "object",
      "classification" : "PRIVATE"
    },
+    "connect_client_admin_password" : {
+      "type" : "string",
+      "classification" : "PRIVATE"
+    },
    "connect-features" : {
      "type" : "object",
      "classification" : "PRIVATE"
@ -55,6 +59,10 @@
      "type" : "string",
      "classification" : "PRIVATE"
    },
+    "keycloak_admin_password" : {
+      "type" : "string",
+      "classification" : "PRIVATE"
+    },
    "name" : {
      "type" : "string",
      "classification" : "PRIVATE"
@ -110,6 +118,10 @@
    "wizard_selection" : {
      "type" : "string",
      "classification" : "PRIVATE"
+    },
+    "wordpress_admin_password" : {
+      "type" : "string",
+      "classification" : "PRIVATE"
    }
  }
 }
--- a/smardigo/provisioning/process/simple-connect.bpmn
+++ b/smardigo/provisioning/process/simple-connect.bpmn
@ -76,6 +76,13 @@
          <camunda:outputParameter name="jobs">
            <camunda:list />
          </camunda:outputParameter>
+          <camunda:outputParameter name="connect_client_admin_password">
+            <camunda:script scriptFormat="groovy" resource="create-password.groovy" />
+          </camunda:outputParameter>
+          <camunda:outputParameter name="wordpress_admin_password">wordpress-admin</camunda:outputParameter>
+          <camunda:outputParameter name="keycloak_admin_password">
+            <camunda:script scriptFormat="groovy" resource="create-password.groovy" />
+          </camunda:outputParameter>
        </camunda:inputOutput>
      </bpmn2:extensionElements>
      <bpmn2:incoming>Flow_1rtcnw8</bpmn2:incoming>
--- a/smardigo/provisioning/script/ansible-start.groovy
+++ b/smardigo/provisioning/script/ansible-start.groovy
@ -12,7 +12,9 @@ def env = [
  scope_id: contextScopeId,
  smardigo_management_action: smardigoManagementAction,
  stage: cluster.stage,
-  tenant_id: tenant.key
+  tenant_id: tenant.key,
+  connect_client_admin_password: connect_client_admin_password,
+  connect_realm_admin_password: keycloak_admin_password
 ]
 if (binding.hasVariable('extraVariables')) {
  env << extraVariables
--- a/smardigo/provisioning/script/create-awx-paramaters.groovy
+++ b/smardigo/provisioning/script/create-awx-paramaters.groovy
@ -12,7 +12,9 @@ def env = [
  scope_id: contextScopeId,
  smardigo_management_action: smardigoManagementAction,
  stage: cluster.stage,
-  tenant_id: tenant.key
+  tenant_id: tenant.key,
+  connect_client_admin_password: connect_client_admin_password,
+  connect_realm_admin_password: keycloak_admin_password
 ]
 if (binding.hasVariable('extraVariables')) {
  env << extraVariables
--- a/smardigo/provisioning/script/create-password.groovy
+++ b/smardigo/provisioning/script/create-password.groovy
@ -7,14 +7,20 @@ def special = ['~','!','#','%','&','(',')','{','}','[',']','-','+']
 def pool = digits + upperCase + lowerCase + special

 Random rand = new Random(System.currentTimeMillis());
-def passChars = (0..pool_length - 1).collect { pool[rand.nextInt(pool.size)] };
-passChars[0] = special[rand.nextInt(special.size)]
-passChars[pool_length - 0] = special[rand.nextInt(special.size)]
-passChars[1] = upperCase[rand.nextInt(upperCase.size)]
-passChars[pool_length - 1] = upperCase[rand.nextInt(upperCase.size)]
-passChars[2] = lowerCase[rand.nextInt(lowerCase.size)]
-passChars[pool_length - 2] = lowerCase[rand.nextInt(lowerCase.size)]
-
-def PASSWORD = passChars.join();
+def passChars = (0..pool_length - 1).collect { pool[rand.nextInt(pool.size())] };
+
+passChars[0] = special[rand.nextInt(special.size())]
+passChars[pool_length - 0] = special[rand.nextInt(special.size())]
+
+passChars[1] = upperCase[rand.nextInt(upperCase.size())]
+passChars[pool_length - 1] = upperCase[rand.nextInt(upperCase.size())]
+
+passChars[2] = lowerCase[rand.nextInt(lowerCase.size())]
+passChars[pool_length - 2] = lowerCase[rand.nextInt(lowerCase.size())]
+
+passChars[3] = digits[rand.nextInt(digits.size())]
+passChars[pool_length - 3] = digits[rand.nextInt(digits.size())]
+
+def PASSWORD = passChars.join('');

 PASSWORD