From 00ca2bc3f1ddfa69264842c984793f50ac5aa808 Mon Sep 17 00:00:00 2001
From: Sven Ketelsen <sven.ketelsen@netgo.de>
Date: Tue, 24 May 2022 13:12:14 +0200
Subject: [PATCH] feat: added initial password creation to portal

- randomize passwords according to password policies
  2 Uppercase Characters
  2 Lowercase Characters
  2 Special Characters
  1 Digits
---
 group_vars/management/plain.yml               |   4 +-
 roles/connect/vars/main.yml                   |   4 +-
 roles/connect_realm/defaults/main.yml         |   9 +-
 roles/connect_realm/tasks/main.yml            |   2 +-
 roles/connect_wordpress/tasks/main.yml        |   2 +-
 roles/keycloak/tasks/_create_realm_admin.yml  |   2 +-
 roles/management/tasks/main.yaml              |   2 +-
 .../provisioning/form/simple-connect.json     | 421 ++++++++++++++----
 .../simple-connect.json                       |  12 +
 .../provisioning/process/simple-connect.bpmn  |   7 +
 .../provisioning/script/ansible-start.groovy  |   4 +-
 .../script/create-awx-paramaters.groovy       |   4 +-
 .../script/create-password.groovy             |  24 +-
 13 files changed, 390 insertions(+), 107 deletions(-)

diff --git a/group_vars/management/plain.yml b/group_vars/management/plain.yml
index 32b1a06..b0e5681 100644
--- a/group_vars/management/plain.yml
+++ b/group_vars/management/plain.yml
@@ -4,8 +4,8 @@ hetzner_server_type: cx21
 
 connect_image_version: "9.0"
 
-connect_admin_username: "{{ management_admin_username }}"
-connect_admin_password: "{{ management_admin_password }}"
+connect_client_admin_username: "{{ management_admin_username }}"
+connect_client_admin_password: "{{ management_admin_password }}"
 connect_workflow_env: "stage:{{ stage }};smardigoUserToken:{{ smardigo_auth_token_value }}"
 connect_process_search_module: "external"
 connect_oidc_client_secret: "{{ management_oidc_client_secret }}"
diff --git a/roles/connect/vars/main.yml b/roles/connect/vars/main.yml
index 0237e8d..056cda4 100644
--- a/roles/connect/vars/main.yml
+++ b/roles/connect/vars/main.yml
@@ -20,8 +20,8 @@ connect_labels: [
 connect_environment: [
   "TENANT_ID: \"{{ connect_client_id }}\"",
 
-  "ADMIN_LOGIN: \"{{ connect_admin_username | default('connect-admin') }}\"",
-  "ADMIN_PASSWORD: \"{{ connect_admin_password | default('connect-admin') }}\"",
+  "ADMIN_LOGIN: \"{{ connect_client_admin_username }}\"",
+  "ADMIN_PASSWORD: \"{{ connect_client_admin_password }}\"",
   "SMA_JWT_ENABLED: \"{{ connect_jwt_enabled | default('false') }}\"",
   "SMA_JWT_SECRET: \"{{ connect_jwt_secret | default('') }}\"",
   "SMA_CSRF_TOKEN_NAME: \"{{ connect_csrf_token_name | default('') }}\"",
diff --git a/roles/connect_realm/defaults/main.yml b/roles/connect_realm/defaults/main.yml
index 2bea3ce..4e59976 100644
--- a/roles/connect_realm/defaults/main.yml
+++ b/roles/connect_realm/defaults/main.yml
@@ -44,6 +44,9 @@ current_realm_users: >-
   [{{ current_realm_users_base }}]
   {%- endif -%}
 
-current_realm_admin_user:
-  username: "{{ connect_realm_admin_username }}"
-  password: "{{ connect_realm_admin_password }}"
+current_realm_admin_users: [
+  {
+    "username": "{{ connect_realm_admin_username }}",
+    "password": "{{ connect_realm_admin_password }}",
+  }
+]
\ No newline at end of file
diff --git a/roles/connect_realm/tasks/main.yml b/roles/connect_realm/tasks/main.yml
index 795609f..dfe9684 100644
--- a/roles/connect_realm/tasks/main.yml
+++ b/roles/connect_realm/tasks/main.yml
@@ -17,7 +17,7 @@
     name: keycloak
     tasks_from: _create_realm_users
 
-- name: "Create realm admin"
+- name: "Create realm admin users"
   include_role:
     name: keycloak
     tasks_from: _create_realm_admin
diff --git a/roles/connect_wordpress/tasks/main.yml b/roles/connect_wordpress/tasks/main.yml
index 7c95e37..c884ad4 100644
--- a/roles/connect_wordpress/tasks/main.yml
+++ b/roles/connect_wordpress/tasks/main.yml
@@ -6,7 +6,7 @@
 - name: "Creating smardigo user token"
   smardigo_user_token:
     secret:  "{{ connect_jwt_secret }}"
-    user_id: "{{ connect_admin_username }}"
+    user_id: "{{ connect_client_admin_username }}"
   register: smardigo_user_token_result
   delegate_to: 127.0.0.1
   become: false
diff --git a/roles/keycloak/tasks/_create_realm_admin.yml b/roles/keycloak/tasks/_create_realm_admin.yml
index 5a0f00b..84b9361 100644
--- a/roles/keycloak/tasks/_create_realm_admin.yml
+++ b/roles/keycloak/tasks/_create_realm_admin.yml
@@ -58,7 +58,7 @@
       Content-Type: "application/json"
       Authorization: "Bearer {{ access_token }}"
     status_code: [201]
-  loop: "[{{ current_realm_admin_user }}]"
+  loop: "{{ current_realm_admin_users }}"
   loop_control:
     loop_var: current_realm_user
   when: current_realm_user.username not in realm_user_usernames
diff --git a/roles/management/tasks/main.yaml b/roles/management/tasks/main.yaml
index edc9273..05a5fc5 100644
--- a/roles/management/tasks/main.yaml
+++ b/roles/management/tasks/main.yaml
@@ -7,7 +7,7 @@
 - name: "Creating smardigo user token"
   smardigo_user_token:
     secret:  "{{ connect_jwt_secret }}"
-    user_id: "{{ connect_admin_username }}"
+    user_id: "{{ connect_client_admin_username }}"
   register: smardigo_user_token_result
   delegate_to: 127.0.0.1
   become: false
diff --git a/smardigo/provisioning/form/simple-connect.json b/smardigo/provisioning/form/simple-connect.json
index 9f3a2b5..5859d4a 100644
--- a/smardigo/provisioning/form/simple-connect.json
+++ b/smardigo/provisioning/form/simple-connect.json
@@ -47,111 +47,362 @@
       "logic" : [ ],
       "reorder" : false
     }, {
-      "label" : "HTML",
-      "labelPosition" : "left-left",
-      "className" : "",
-      "attrs" : [ {
-        "attr" : "",
-        "value" : ""
-      } ],
-      "content" : "<div>\n  connect-admin:connect-admin\n</div>\n<div class=\"h3\">\n  <a\n    target=\"_blank\"\n    href=\"{{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-connect.smardigo.digital' }}\">\n    {{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-connect.smardigo.digital' }}\n  </a>\n</div>",
-      "refreshOnChange" : true,
-      "mask" : false,
-      "tableView" : true,
-      "alwaysEnabled" : false,
-      "type" : "htmlelement",
-      "input" : false,
-      "key" : "html2",
-      "validate" : {
-        "customMessage" : "",
-        "json" : ""
-      },
-      "conditional" : {
-        "show" : "",
-        "when" : "",
-        "json" : ""
-      },
-      "tabs" : null,
-      "encrypted" : false,
-      "properties" : { },
-      "tags" : null,
-      "customConditional" : "",
-      "logic" : [ ],
-      "refreshOn" : "data",
-      "reorder" : false
-    }, {
-      "label" : "HTML",
-      "labelPosition" : "left-left",
-      "className" : "",
-      "attrs" : [ {
-        "attr" : "",
-        "value" : ""
-      } ],
-      "content" : "\n<div class=\"h3\">\n  <a\n    target=\"_blank\"\n    href=\"{{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-wordpress.smardigo.digital' }}\">\n    {{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-wordpress.smardigo.digital' }}\n  </a>\n</div>\n<div>\n  wordpress-admin:wordpress-admin\n</div>\n<div class=\"h3\">\n  <a\n    target=\"_blank\"\n    href=\"{{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-wordpress.smardigo.digital/wp-admin' }}\">\n    {{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-wordpress.smardigo.digital/wp-admin' }}\n  </a>\n</div>",
-      "refreshOnChange" : true,
-      "mask" : false,
-      "tableView" : true,
-      "alwaysEnabled" : false,
-      "type" : "htmlelement",
-      "input" : false,
-      "key" : "html4",
-      "validate" : {
-        "customMessage" : "",
-        "json" : ""
-      },
-      "conditional" : {
-        "show" : "",
-        "when" : "",
-        "json" : ""
-      },
-      "tabs" : null,
-      "encrypted" : false,
-      "properties" : { },
-      "tags" : null,
-      "customConditional" : "show = data['connect-features'].includes(\"connect_wordpress\")  ",
-      "logic" : [ ],
-      "refreshOn" : "data",
-      "reorder" : false
-    }, {
-      "label" : "HTML",
-      "labelPosition" : "left-left",
-      "className" : "",
-      "attrs" : [ {
-        "attr" : "",
-        "value" : ""
+      "label" : "Columns",
+      "columns" : [ {
+        "components" : [ {
+          "label" : "connect_client_admin_password",
+          "hideLabel" : true,
+          "labelPosition" : "left-left",
+          "showWordCount" : false,
+          "showCharCount" : false,
+          "clearOnHide" : false,
+          "disabled" : true,
+          "tableView" : true,
+          "alwaysEnabled" : false,
+          "type" : "textfield",
+          "input" : true,
+          "key" : "connect_client_admin_password",
+          "defaultValue" : "",
+          "validate" : {
+            "customMessage" : "",
+            "json" : ""
+          },
+          "conditional" : {
+            "show" : "",
+            "when" : "",
+            "json" : ""
+          },
+          "tabs" : null,
+          "inputFormat" : "plain",
+          "encrypted" : false,
+          "properties" : { },
+          "tags" : [ ],
+          "customConditional" : "",
+          "logic" : [ ],
+          "widget" : {
+            "type" : ""
+          },
+          "reorder" : false
+        } ],
+        "width" : 3,
+        "offset" : 0,
+        "push" : 0,
+        "pull" : 0,
+        "type" : "column",
+        "input" : false,
+        "hideOnChildrenHidden" : false,
+        "key" : "column",
+        "tableView" : true,
+        "label" : "Column"
+      }, {
+        "components" : [ {
+          "label" : "HTML",
+          "labelPosition" : "left-left",
+          "className" : "",
+          "attrs" : [ {
+            "attr" : "",
+            "value" : ""
+          } ],
+          "content" : "<div class=\"h5\">\n  <a\n    target=\"_blank\"\n    href=\"{{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-connect.smardigo.digital' }}\">\n    {{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-connect.smardigo.digital' }}\n  </a>\n</div>",
+          "refreshOnChange" : true,
+          "mask" : false,
+          "tableView" : true,
+          "alwaysEnabled" : false,
+          "type" : "htmlelement",
+          "input" : false,
+          "key" : "html2",
+          "validate" : {
+            "customMessage" : "",
+            "json" : ""
+          },
+          "conditional" : {
+            "show" : "",
+            "when" : "",
+            "json" : ""
+          },
+          "tabs" : null,
+          "encrypted" : false,
+          "properties" : { },
+          "tags" : null,
+          "customConditional" : "",
+          "logic" : [ ],
+          "refreshOn" : "data",
+          "reorder" : false
+        } ],
+        "width" : 9,
+        "offset" : 0,
+        "push" : 0,
+        "pull" : 0,
+        "type" : "column",
+        "input" : false,
+        "hideOnChildrenHidden" : false,
+        "key" : "column",
+        "tableView" : true,
+        "label" : "Column"
+      }, {
+        "width" : 3,
+        "offset" : 0,
+        "push" : 0,
+        "pull" : 0,
+        "type" : "column",
+        "input" : false,
+        "hideOnChildrenHidden" : false,
+        "key" : "column",
+        "tableView" : true,
+        "label" : "Column",
+        "components" : [ ]
+      }, {
+        "width" : 9,
+        "offset" : 0,
+        "push" : 0,
+        "pull" : 0,
+        "type" : "column",
+        "input" : false,
+        "hideOnChildrenHidden" : false,
+        "key" : "column",
+        "tableView" : true,
+        "label" : "Column",
+        "components" : [ {
+          "label" : "HTML",
+          "labelPosition" : "left-left",
+          "className" : "",
+          "attrs" : [ {
+            "attr" : "",
+            "value" : ""
+          } ],
+          "content" : "<div class=\"h5\">\n  <a\n    target=\"_blank\"\n    href=\"{{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-wordpress.smardigo.digital' }}\">\n    {{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-wordpress.smardigo.digital' }}\n  </a>\n</div>",
+          "refreshOnChange" : true,
+          "mask" : false,
+          "tableView" : true,
+          "alwaysEnabled" : false,
+          "type" : "htmlelement",
+          "input" : false,
+          "key" : "html4",
+          "validate" : {
+            "customMessage" : "",
+            "json" : ""
+          },
+          "conditional" : {
+            "show" : "",
+            "when" : "",
+            "json" : ""
+          },
+          "tabs" : null,
+          "encrypted" : false,
+          "properties" : { },
+          "tags" : null,
+          "customConditional" : "show = data['connect-features'].includes(\"connect_wordpress\")  ",
+          "logic" : [ ],
+          "refreshOn" : "data",
+          "reorder" : false
+        } ]
+      }, {
+        "width" : 3,
+        "offset" : 0,
+        "push" : 0,
+        "pull" : 0,
+        "type" : "column",
+        "input" : false,
+        "hideOnChildrenHidden" : false,
+        "key" : "column",
+        "tableView" : true,
+        "label" : "Column",
+        "components" : [ {
+          "label" : "wordpress_admin_password",
+          "hideLabel" : true,
+          "labelPosition" : "left-left",
+          "showWordCount" : false,
+          "showCharCount" : false,
+          "clearOnHide" : false,
+          "disabled" : true,
+          "tableView" : true,
+          "alwaysEnabled" : false,
+          "type" : "textfield",
+          "input" : true,
+          "key" : "wordpress_admin_password",
+          "defaultValue" : "",
+          "validate" : {
+            "customMessage" : "",
+            "json" : ""
+          },
+          "conditional" : {
+            "show" : "",
+            "when" : "",
+            "json" : ""
+          },
+          "tabs" : null,
+          "properties" : { },
+          "tags" : [ ],
+          "inputFormat" : "plain",
+          "encrypted" : false,
+          "customConditional" : "show = data['connect-features'].includes(\"connect_wordpress\")  ",
+          "logic" : [ ],
+          "widget" : {
+            "type" : ""
+          },
+          "reorder" : false
+        } ]
+      }, {
+        "width" : 9,
+        "offset" : 0,
+        "push" : 0,
+        "pull" : 0,
+        "type" : "column",
+        "input" : false,
+        "hideOnChildrenHidden" : false,
+        "key" : "column",
+        "tableView" : true,
+        "label" : "Column",
+        "components" : [ {
+          "label" : "HTML",
+          "labelPosition" : "left-left",
+          "className" : "",
+          "attrs" : [ {
+            "attr" : "",
+            "value" : ""
+          } ],
+          "content" : "<div class=\"h5\">\n  <a\n    target=\"_blank\"\n    href=\"{{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-wordpress.smardigo.digital/wp-admin' }}\">\n    {{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-wordpress.smardigo.digital/wp-admin' }}\n  </a>\n</div>",
+          "refreshOnChange" : true,
+          "mask" : false,
+          "tableView" : true,
+          "alwaysEnabled" : false,
+          "type" : "htmlelement",
+          "input" : false,
+          "key" : "html5",
+          "validate" : {
+            "customMessage" : "",
+            "json" : ""
+          },
+          "conditional" : {
+            "show" : "",
+            "when" : "",
+            "json" : ""
+          },
+          "tabs" : null,
+          "encrypted" : false,
+          "properties" : { },
+          "tags" : null,
+          "customConditional" : "show = data['connect-features'].includes(\"connect_wordpress\")  ",
+          "logic" : [ ],
+          "refreshOn" : "data",
+          "reorder" : false
+        } ]
+      }, {
+        "width" : 3,
+        "offset" : 0,
+        "push" : 0,
+        "pull" : 0,
+        "type" : "column",
+        "input" : false,
+        "hideOnChildrenHidden" : false,
+        "key" : "column",
+        "tableView" : true,
+        "label" : "Column",
+        "components" : [ {
+          "label" : "keycloak_admin_password",
+          "hideLabel" : true,
+          "labelPosition" : "left-left",
+          "showWordCount" : false,
+          "showCharCount" : false,
+          "clearOnHide" : false,
+          "disabled" : true,
+          "tableView" : true,
+          "alwaysEnabled" : false,
+          "type" : "textfield",
+          "input" : true,
+          "key" : "keycloak_admin_password",
+          "defaultValue" : "",
+          "validate" : {
+            "customMessage" : "",
+            "json" : ""
+          },
+          "conditional" : {
+            "show" : "",
+            "when" : "",
+            "json" : ""
+          },
+          "tabs" : null,
+          "properties" : { },
+          "tags" : [ ],
+          "inputFormat" : "plain",
+          "encrypted" : false,
+          "customConditional" : "",
+          "logic" : [ ],
+          "widget" : {
+            "type" : ""
+          },
+          "reorder" : false
+        } ]
+      }, {
+        "width" : 9,
+        "offset" : 0,
+        "push" : 0,
+        "pull" : 0,
+        "type" : "column",
+        "input" : false,
+        "hideOnChildrenHidden" : false,
+        "key" : "column",
+        "tableView" : true,
+        "label" : "Column",
+        "components" : [ {
+          "label" : "HTML",
+          "labelPosition" : "left-left",
+          "className" : "",
+          "attrs" : [ {
+            "attr" : "",
+            "value" : ""
+          } ],
+          "content" : "<div class=\"h5\">\n  <a\n    target=\"_blank\"\n    href=\"{{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-keycloak-01.smardigo.digital/auth/admin/' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '/console' }}\">\n    {{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-keycloak-01.smardigo.digital/auth/admin/' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '/console' }}\n  </a>\n</div>",
+          "refreshOnChange" : true,
+          "mask" : false,
+          "tableView" : true,
+          "alwaysEnabled" : false,
+          "type" : "htmlelement",
+          "input" : false,
+          "key" : "html3",
+          "validate" : {
+            "customMessage" : "",
+            "json" : ""
+          },
+          "conditional" : {
+            "show" : "",
+            "when" : "",
+            "json" : ""
+          },
+          "tabs" : null,
+          "encrypted" : false,
+          "properties" : { },
+          "tags" : null,
+          "customConditional" : "",
+          "logic" : [ ],
+          "refreshOn" : "data",
+          "reorder" : false
+        } ]
       } ],
-      "content" : "<div>\n  connect-realm-admin:connect-realm-admin\n</div>\n<div class=\"h3\">\n  <a\n    target=\"_blank\"\n    href=\"{{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-keycloak-01.smardigo.digital/auth/admin/' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '/console' }}\">\n    {{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-keycloak-01.smardigo.digital/auth/admin/' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '/console' }}\n  </a>\n</div>",
-      "refreshOnChange" : true,
       "mask" : false,
-      "tableView" : true,
+      "tableView" : false,
       "alwaysEnabled" : false,
-      "type" : "htmlelement",
+      "type" : "columns",
       "input" : false,
-      "key" : "html3",
-      "validate" : {
-        "customMessage" : "",
-        "json" : ""
-      },
+      "key" : "columns2",
       "conditional" : {
         "show" : "",
         "when" : "",
         "json" : ""
       },
       "tabs" : null,
-      "encrypted" : false,
       "properties" : { },
       "tags" : null,
       "customConditional" : "",
       "logic" : [ ],
-      "refreshOn" : "data",
       "reorder" : false
     } ],
     "tabs" : null,
-    "reorder" : false,
     "properties" : { },
     "tags" : null,
     "customConditional" : "",
-    "logic" : [ ]
+    "logic" : [ ],
+    "reorder" : false
   }, {
     "label" : "Status",
     "mask" : false,
diff --git a/smardigo/provisioning/process-variable-declaration/simple-connect.json b/smardigo/provisioning/process-variable-declaration/simple-connect.json
index 7528552..d7b0c07 100644
--- a/smardigo/provisioning/process-variable-declaration/simple-connect.json
+++ b/smardigo/provisioning/process-variable-declaration/simple-connect.json
@@ -23,6 +23,10 @@
       "type" : "object",
       "classification" : "PRIVATE"
     },
+    "connect_client_admin_password" : {
+      "type" : "string",
+      "classification" : "PRIVATE"
+    },
     "connect-features" : {
       "type" : "object",
       "classification" : "PRIVATE"
@@ -55,6 +59,10 @@
       "type" : "string",
       "classification" : "PRIVATE"
     },
+    "keycloak_admin_password" : {
+      "type" : "string",
+      "classification" : "PRIVATE"
+    },
     "name" : {
       "type" : "string",
       "classification" : "PRIVATE"
@@ -110,6 +118,10 @@
     "wizard_selection" : {
       "type" : "string",
       "classification" : "PRIVATE"
+    },
+    "wordpress_admin_password" : {
+      "type" : "string",
+      "classification" : "PRIVATE"
     }
   }
 }
\ No newline at end of file
diff --git a/smardigo/provisioning/process/simple-connect.bpmn b/smardigo/provisioning/process/simple-connect.bpmn
index d37298f..2880a69 100644
--- a/smardigo/provisioning/process/simple-connect.bpmn
+++ b/smardigo/provisioning/process/simple-connect.bpmn
@@ -76,6 +76,13 @@
           <camunda:outputParameter name="jobs">
             <camunda:list />
           </camunda:outputParameter>
+          <camunda:outputParameter name="connect_client_admin_password">
+            <camunda:script scriptFormat="groovy" resource="create-password.groovy" />
+          </camunda:outputParameter>
+          <camunda:outputParameter name="wordpress_admin_password">wordpress-admin</camunda:outputParameter>
+          <camunda:outputParameter name="keycloak_admin_password">
+            <camunda:script scriptFormat="groovy" resource="create-password.groovy" />
+          </camunda:outputParameter>
         </camunda:inputOutput>
       </bpmn2:extensionElements>
       <bpmn2:incoming>Flow_1rtcnw8</bpmn2:incoming>
diff --git a/smardigo/provisioning/script/ansible-start.groovy b/smardigo/provisioning/script/ansible-start.groovy
index eb47d52..d5d9b74 100644
--- a/smardigo/provisioning/script/ansible-start.groovy
+++ b/smardigo/provisioning/script/ansible-start.groovy
@@ -12,7 +12,9 @@ def env = [
   scope_id: contextScopeId,
   smardigo_management_action: smardigoManagementAction,
   stage: cluster.stage,
-  tenant_id: tenant.key
+  tenant_id: tenant.key,
+  connect_client_admin_password: connect_client_admin_password,
+  connect_realm_admin_password: keycloak_admin_password
 ]
 if (binding.hasVariable('extraVariables')) {
   env << extraVariables
diff --git a/smardigo/provisioning/script/create-awx-paramaters.groovy b/smardigo/provisioning/script/create-awx-paramaters.groovy
index 471b7c2..f9323e1 100644
--- a/smardigo/provisioning/script/create-awx-paramaters.groovy
+++ b/smardigo/provisioning/script/create-awx-paramaters.groovy
@@ -12,7 +12,9 @@ def env = [
   scope_id: contextScopeId,
   smardigo_management_action: smardigoManagementAction,
   stage: cluster.stage,
-  tenant_id: tenant.key
+  tenant_id: tenant.key,
+  connect_client_admin_password: connect_client_admin_password,
+  connect_realm_admin_password: keycloak_admin_password
 ]
 if (binding.hasVariable('extraVariables')) {
   env << extraVariables
diff --git a/smardigo/provisioning/script/create-password.groovy b/smardigo/provisioning/script/create-password.groovy
index 49a9dcc..935f273 100644
--- a/smardigo/provisioning/script/create-password.groovy
+++ b/smardigo/provisioning/script/create-password.groovy
@@ -7,14 +7,20 @@ def special = ['~','!','#','%','&','(',')','{','}','[',']','-','+']
 def pool = digits + upperCase + lowerCase + special
 
 Random rand = new Random(System.currentTimeMillis());
-def passChars = (0..pool_length - 1).collect { pool[rand.nextInt(pool.size)] };
-passChars[0] = special[rand.nextInt(special.size)]
-passChars[pool_length - 0] = special[rand.nextInt(special.size)]
-passChars[1] = upperCase[rand.nextInt(upperCase.size)]
-passChars[pool_length - 1] = upperCase[rand.nextInt(upperCase.size)]
-passChars[2] = lowerCase[rand.nextInt(lowerCase.size)]
-passChars[pool_length - 2] = lowerCase[rand.nextInt(lowerCase.size)]
-
-def PASSWORD = passChars.join();
+def passChars = (0..pool_length - 1).collect { pool[rand.nextInt(pool.size())] };
+
+passChars[0] = special[rand.nextInt(special.size())]
+passChars[pool_length - 0] = special[rand.nextInt(special.size())]
+
+passChars[1] = upperCase[rand.nextInt(upperCase.size())]
+passChars[pool_length - 1] = upperCase[rand.nextInt(upperCase.size())]
+
+passChars[2] = lowerCase[rand.nextInt(lowerCase.size())]
+passChars[pool_length - 2] = lowerCase[rand.nextInt(lowerCase.size())]
+
+passChars[3] = digits[rand.nextInt(digits.size())]
+passChars[pool_length - 3] = digits[rand.nextInt(digits.size())]
+
+def PASSWORD = passChars.join('');
 
 PASSWORD
\ No newline at end of file