gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: added initial password creation to portal

Browse Source 
- randomize passwords according to password policies
  2 Uppercase Characters
  2 Lowercase Characters
  2 Special Characters
  1 Digits
feature/DEV-470_2nd
Sven Ketelsen 4 years ago
parent 8c69471639
commit 00ca2bc3f1
13 changed files with 390 additions and 107 deletions
Show Stats Download Patch File Download Diff File

4
group_vars/management/plain.yml
Unescape Escape View File

@ -4,8 +4,8 @@ hetzner_server_type: cx21
connect_image_version: "9.0" connect_image_version: "9.0"
connect_admin_username: "{{ management_admin_username }}" connect_client_admin_username: "{{ management_admin_username }}"
connect_admin_password: "{{ management_admin_password }}" connect_client_admin_password: "{{ management_admin_password }}"
connect_workflow_env: "stage:{{ stage }};smardigoUserToken:{{ smardigo_auth_token_value }}" connect_workflow_env: "stage:{{ stage }};smardigoUserToken:{{ smardigo_auth_token_value }}"
connect_process_search_module: "external" connect_process_search_module: "external"
connect_oidc_client_secret: "{{ management_oidc_client_secret }}" connect_oidc_client_secret: "{{ management_oidc_client_secret }}"

4
roles/connect/vars/main.yml
Unescape Escape View File

@ -20,8 +20,8 @@ connect_labels: [
connect_environment: [ connect_environment: [
"TENANT_ID: \"{{ connect_client_id }}\"", "TENANT_ID: \"{{ connect_client_id }}\"",
"ADMIN_LOGIN: \"{{ connect_admin_username | default('connect-admin') }}\"", "ADMIN_LOGIN: \"{{ connect_client_admin_username }}\"",
"ADMIN_PASSWORD: \"{{ connect_admin_password | default('connect-admin') }}\"", "ADMIN_PASSWORD: \"{{ connect_client_admin_password }}\"",
"SMA_JWT_ENABLED: \"{{ connect_jwt_enabled | default('false') }}\"", "SMA_JWT_ENABLED: \"{{ connect_jwt_enabled | default('false') }}\"",
"SMA_JWT_SECRET: \"{{ connect_jwt_secret | default('') }}\"", "SMA_JWT_SECRET: \"{{ connect_jwt_secret | default('') }}\"",
"SMA_CSRF_TOKEN_NAME: \"{{ connect_csrf_token_name | default('') }}\"", "SMA_CSRF_TOKEN_NAME: \"{{ connect_csrf_token_name | default('') }}\"",

9
roles/connect_realm/defaults/main.yml
Unescape Escape View File

@ -44,6 +44,9 @@ current_realm_users: >-
[{{ current_realm_users_base }}] [{{ current_realm_users_base }}]
{%- endif -%} {%- endif -%}
current_realm_admin_user: current_realm_admin_users: [
username: "{{ connect_realm_admin_username }}" {
password: "{{ connect_realm_admin_password }}" "username": "{{ connect_realm_admin_username }}",
"password": "{{ connect_realm_admin_password }}",
}
]

2
roles/connect_realm/tasks/main.yml
Unescape Escape View File

@ -17,7 +17,7 @@
name: keycloak name: keycloak
tasks_from: _create_realm_users tasks_from: _create_realm_users
- name: "Create realm admin" - name: "Create realm admin users"
include_role: include_role:
name: keycloak name: keycloak
tasks_from: _create_realm_admin tasks_from: _create_realm_admin

2
roles/connect_wordpress/tasks/main.yml
Unescape Escape View File

@ -6,7 +6,7 @@
- name: "Creating smardigo user token" - name: "Creating smardigo user token"
smardigo_user_token: smardigo_user_token:
secret: "{{ connect_jwt_secret }}" secret: "{{ connect_jwt_secret }}"
user_id: "{{ connect_admin_username }}" user_id: "{{ connect_client_admin_username }}"
register: smardigo_user_token_result register: smardigo_user_token_result
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1
become: false become: false

2
roles/keycloak/tasks/_create_realm_admin.yml
Unescape Escape View File

@ -58,7 +58,7 @@
Content-Type: "application/json" Content-Type: "application/json"
Authorization: "Bearer {{ access_token }}" Authorization: "Bearer {{ access_token }}"
status_code: [201] status_code: [201]
loop: "[{{ current_realm_admin_user }}]" loop: "{{ current_realm_admin_users }}"
loop_control: loop_control:
loop_var: current_realm_user loop_var: current_realm_user
when: current_realm_user.username not in realm_user_usernames when: current_realm_user.username not in realm_user_usernames

2
roles/management/tasks/main.yaml
Unescape Escape View File

@ -7,7 +7,7 @@
- name: "Creating smardigo user token" - name: "Creating smardigo user token"
smardigo_user_token: smardigo_user_token:
secret: "{{ connect_jwt_secret }}" secret: "{{ connect_jwt_secret }}"
user_id: "{{ connect_admin_username }}" user_id: "{{ connect_client_admin_username }}"
register: smardigo_user_token_result register: smardigo_user_token_result
delegate_to: 127.0.0.1 delegate_to: 127.0.0.1
become: false become: false

261
smardigo/provisioning/form/simple-connect.json
Unescape Escape View File

@ -47,6 +47,55 @@
"logic" : [ ], "logic" : [ ],
"reorder" : false "reorder" : false
}, { }, {
"label" : "Columns",
"columns" : [ {
"components" : [ {
"label" : "connect_client_admin_password",
"hideLabel" : true,
"labelPosition" : "left-left",
"showWordCount" : false,
"showCharCount" : false,
"clearOnHide" : false,
"disabled" : true,
"tableView" : true,
"alwaysEnabled" : false,
"type" : "textfield",
"input" : true,
"key" : "connect_client_admin_password",
"defaultValue" : "",
"validate" : {
"customMessage" : "",
"json" : ""
},
"conditional" : {
"show" : "",
"when" : "",
"json" : ""
},
"tabs" : null,
"inputFormat" : "plain",
"encrypted" : false,
"properties" : { },
"tags" : [ ],
"customConditional" : "",
"logic" : [ ],
"widget" : {
"type" : ""
},
"reorder" : false
} ],
"width" : 3,
"offset" : 0,
"push" : 0,
"pull" : 0,
"type" : "column",
"input" : false,
"hideOnChildrenHidden" : false,
"key" : "column",
"tableView" : true,
"label" : "Column"
}, {
"components" : [ {
"label" : "HTML", "label" : "HTML",
"labelPosition" : "left-left", "labelPosition" : "left-left",
"className" : "", "className" : "",
@ -54,7 +103,7 @@
"attr" : "", "attr" : "",
"value" : "" "value" : ""
} ], } ],
"content" : "<div>\n connect-admin:connect-admin\n</div>\n<div class=\"h3\">\n <a\n target=\"_blank\"\n href=\"{{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-connect.smardigo.digital' }}\">\n {{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-connect.smardigo.digital' }}\n </a>\n</div>", "content" : "<div class=\"h5\">\n <a\n target=\"_blank\"\n href=\"{{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-connect.smardigo.digital' }}\">\n {{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-connect.smardigo.digital' }}\n </a>\n</div>",
"refreshOnChange" : true, "refreshOnChange" : true,
"mask" : false, "mask" : false,
"tableView" : true, "tableView" : true,
@ -79,7 +128,41 @@
"logic" : [ ], "logic" : [ ],
"refreshOn" : "data", "refreshOn" : "data",
"reorder" : false "reorder" : false
} ],
"width" : 9,
"offset" : 0,
"push" : 0,
"pull" : 0,
"type" : "column",
"input" : false,
"hideOnChildrenHidden" : false,
"key" : "column",
"tableView" : true,
"label" : "Column"
}, { }, {
"width" : 3,
"offset" : 0,
"push" : 0,
"pull" : 0,
"type" : "column",
"input" : false,
"hideOnChildrenHidden" : false,
"key" : "column",
"tableView" : true,
"label" : "Column",
"components" : [ ]
}, {
"width" : 9,
"offset" : 0,
"push" : 0,
"pull" : 0,
"type" : "column",
"input" : false,
"hideOnChildrenHidden" : false,
"key" : "column",
"tableView" : true,
"label" : "Column",
"components" : [ {
"label" : "HTML", "label" : "HTML",
"labelPosition" : "left-left", "labelPosition" : "left-left",
"className" : "", "className" : "",
@ -87,7 +170,7 @@
"attr" : "", "attr" : "",
"value" : "" "value" : ""
} ], } ],
"content" : "\n<div class=\"h3\">\n <a\n target=\"_blank\"\n href=\"{{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-wordpress.smardigo.digital' }}\">\n {{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-wordpress.smardigo.digital' }}\n </a>\n</div>\n<div>\n wordpress-admin:wordpress-admin\n</div>\n<div class=\"h3\">\n <a\n target=\"_blank\"\n href=\"{{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-wordpress.smardigo.digital/wp-admin' }}\">\n {{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-wordpress.smardigo.digital/wp-admin' }}\n </a>\n</div>", "content" : "<div class=\"h5\">\n <a\n target=\"_blank\"\n href=\"{{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-wordpress.smardigo.digital' }}\">\n {{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-wordpress.smardigo.digital' }}\n </a>\n</div>",
"refreshOnChange" : true, "refreshOnChange" : true,
"mask" : false, "mask" : false,
"tableView" : true, "tableView" : true,
@ -112,7 +195,65 @@
"logic" : [ ], "logic" : [ ],
"refreshOn" : "data", "refreshOn" : "data",
"reorder" : false "reorder" : false
} ]
}, {
"width" : 3,
"offset" : 0,
"push" : 0,
"pull" : 0,
"type" : "column",
"input" : false,
"hideOnChildrenHidden" : false,
"key" : "column",
"tableView" : true,
"label" : "Column",
"components" : [ {
"label" : "wordpress_admin_password",
"hideLabel" : true,
"labelPosition" : "left-left",
"showWordCount" : false,
"showCharCount" : false,
"clearOnHide" : false,
"disabled" : true,
"tableView" : true,
"alwaysEnabled" : false,
"type" : "textfield",
"input" : true,
"key" : "wordpress_admin_password",
"defaultValue" : "",
"validate" : {
"customMessage" : "",
"json" : ""
},
"conditional" : {
"show" : "",
"when" : "",
"json" : ""
},
"tabs" : null,
"properties" : { },
"tags" : [ ],
"inputFormat" : "plain",
"encrypted" : false,
"customConditional" : "show = data['connect-features'].includes(\"connect_wordpress\") ",
"logic" : [ ],
"widget" : {
"type" : ""
},
"reorder" : false
} ]
}, { }, {
"width" : 9,
"offset" : 0,
"push" : 0,
"pull" : 0,
"type" : "column",
"input" : false,
"hideOnChildrenHidden" : false,
"key" : "column",
"tableView" : true,
"label" : "Column",
"components" : [ {
"label" : "HTML", "label" : "HTML",
"labelPosition" : "left-left", "labelPosition" : "left-left",
"className" : "", "className" : "",
@ -120,7 +261,98 @@
"attr" : "", "attr" : "",
"value" : "" "value" : ""
} ], } ],
"content" : "<div>\n connect-realm-admin:connect-realm-admin\n</div>\n<div class=\"h3\">\n <a\n target=\"_blank\"\n href=\"{{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-keycloak-01.smardigo.digital/auth/admin/' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '/console' }}\">\n {{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-keycloak-01.smardigo.digital/auth/admin/' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '/console' }}\n </a>\n</div>", "content" : "<div class=\"h5\">\n <a\n target=\"_blank\"\n href=\"{{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-wordpress.smardigo.digital/wp-admin' }}\">\n {{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '-' + (!!(data.cluster)?data.cluster.name:'cluster.name') + '-01-wordpress.smardigo.digital/wp-admin' }}\n </a>\n</div>",
"refreshOnChange" : true,
"mask" : false,
"tableView" : true,
"alwaysEnabled" : false,
"type" : "htmlelement",
"input" : false,
"key" : "html5",
"validate" : {
"customMessage" : "",
"json" : ""
},
"conditional" : {
"show" : "",
"when" : "",
"json" : ""
},
"tabs" : null,
"encrypted" : false,
"properties" : { },
"tags" : null,
"customConditional" : "show = data['connect-features'].includes(\"connect_wordpress\") ",
"logic" : [ ],
"refreshOn" : "data",
"reorder" : false
} ]
}, {
"width" : 3,
"offset" : 0,
"push" : 0,
"pull" : 0,
"type" : "column",
"input" : false,
"hideOnChildrenHidden" : false,
"key" : "column",
"tableView" : true,
"label" : "Column",
"components" : [ {
"label" : "keycloak_admin_password",
"hideLabel" : true,
"labelPosition" : "left-left",
"showWordCount" : false,
"showCharCount" : false,
"clearOnHide" : false,
"disabled" : true,
"tableView" : true,
"alwaysEnabled" : false,
"type" : "textfield",
"input" : true,
"key" : "keycloak_admin_password",
"defaultValue" : "",
"validate" : {
"customMessage" : "",
"json" : ""
},
"conditional" : {
"show" : "",
"when" : "",
"json" : ""
},
"tabs" : null,
"properties" : { },
"tags" : [ ],
"inputFormat" : "plain",
"encrypted" : false,
"customConditional" : "",
"logic" : [ ],
"widget" : {
"type" : ""
},
"reorder" : false
} ]
}, {
"width" : 9,
"offset" : 0,
"push" : 0,
"pull" : 0,
"type" : "column",
"input" : false,
"hideOnChildrenHidden" : false,
"key" : "column",
"tableView" : true,
"label" : "Column",
"components" : [ {
"label" : "HTML",
"labelPosition" : "left-left",
"className" : "",
"attrs" : [ {
"attr" : "",
"value" : ""
} ],
"content" : "<div class=\"h5\">\n <a\n target=\"_blank\"\n href=\"{{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-keycloak-01.smardigo.digital/auth/admin/' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '/console' }}\">\n {{ 'https://' + (!!(data.cluster)?data.cluster.stage:'cluster.stage') + '-keycloak-01.smardigo.digital/auth/admin/' + (!!(data.tenant)?data.tenant.key:'tenant.key') + '/console' }}\n </a>\n</div>",
"refreshOnChange" : true, "refreshOnChange" : true,
"mask" : false, "mask" : false,
"tableView" : true, "tableView" : true,
@ -145,13 +377,32 @@
"logic" : [ ], "logic" : [ ],
"refreshOn" : "data", "refreshOn" : "data",
"reorder" : false "reorder" : false
} ]
} ], } ],
"mask" : false,
"tableView" : false,
"alwaysEnabled" : false,
"type" : "columns",
"input" : false,
"key" : "columns2",
"conditional" : {
"show" : "",
"when" : "",
"json" : ""
},
"tabs" : null, "tabs" : null,
"reorder" : false,
"properties" : { }, "properties" : { },
"tags" : null, "tags" : null,
"customConditional" : "", "customConditional" : "",
"logic" : [ ] "logic" : [ ],
"reorder" : false
} ],
"tabs" : null,
"properties" : { },
"tags" : null,
"customConditional" : "",
"logic" : [ ],
"reorder" : false
}, { }, {
"label" : "Status", "label" : "Status",
"mask" : false, "mask" : false,

12
smardigo/provisioning/process-variable-declaration/simple-connect.json
Unescape Escape View File

@ -23,6 +23,10 @@
"type" : "object", "type" : "object",
"classification" : "PRIVATE" "classification" : "PRIVATE"
}, },
"connect_client_admin_password" : {
"type" : "string",
"classification" : "PRIVATE"
},
"connect-features" : { "connect-features" : {
"type" : "object", "type" : "object",
"classification" : "PRIVATE" "classification" : "PRIVATE"
@ -55,6 +59,10 @@
"type" : "string", "type" : "string",
"classification" : "PRIVATE" "classification" : "PRIVATE"
}, },
"keycloak_admin_password" : {
"type" : "string",
"classification" : "PRIVATE"
},
"name" : { "name" : {
"type" : "string", "type" : "string",
"classification" : "PRIVATE" "classification" : "PRIVATE"
@ -110,6 +118,10 @@
"wizard_selection" : { "wizard_selection" : {
"type" : "string", "type" : "string",
"classification" : "PRIVATE" "classification" : "PRIVATE"
},
"wordpress_admin_password" : {
"type" : "string",
"classification" : "PRIVATE"
} }
} }
} }

7
smardigo/provisioning/process/simple-connect.bpmn
Unescape Escape View File

@ -76,6 +76,13 @@
<camunda:outputParameter name="jobs"> <camunda:outputParameter name="jobs">
<camunda:list /> <camunda:list />
</camunda:outputParameter> </camunda:outputParameter>
<camunda:outputParameter name="connect_client_admin_password">
<camunda:script scriptFormat="groovy" resource="create-password.groovy" />
</camunda:outputParameter>
<camunda:outputParameter name="wordpress_admin_password">wordpress-admin</camunda:outputParameter>
<camunda:outputParameter name="keycloak_admin_password">
<camunda:script scriptFormat="groovy" resource="create-password.groovy" />
</camunda:outputParameter>
</camunda:inputOutput> </camunda:inputOutput>
</bpmn2:extensionElements> </bpmn2:extensionElements>
<bpmn2:incoming>Flow_1rtcnw8</bpmn2:incoming> <bpmn2:incoming>Flow_1rtcnw8</bpmn2:incoming>

4
smardigo/provisioning/script/ansible-start.groovy
Unescape Escape View File

@ -12,7 +12,9 @@ def env = [
scope_id: contextScopeId, scope_id: contextScopeId,
smardigo_management_action: smardigoManagementAction, smardigo_management_action: smardigoManagementAction,
stage: cluster.stage, stage: cluster.stage,
tenant_id: tenant.key tenant_id: tenant.key,
connect_client_admin_password: connect_client_admin_password,
connect_realm_admin_password: keycloak_admin_password
] ]
if (binding.hasVariable('extraVariables')) { if (binding.hasVariable('extraVariables')) {
env << extraVariables env << extraVariables

4
smardigo/provisioning/script/create-awx-paramaters.groovy
Unescape Escape View File

@ -12,7 +12,9 @@ def env = [
scope_id: contextScopeId, scope_id: contextScopeId,
smardigo_management_action: smardigoManagementAction, smardigo_management_action: smardigoManagementAction,
stage: cluster.stage, stage: cluster.stage,
tenant_id: tenant.key tenant_id: tenant.key,
connect_client_admin_password: connect_client_admin_password,
connect_realm_admin_password: keycloak_admin_password
] ]
if (binding.hasVariable('extraVariables')) { if (binding.hasVariable('extraVariables')) {
env << extraVariables env << extraVariables

24
smardigo/provisioning/script/create-password.groovy
Unescape Escape View File

@ -7,14 +7,20 @@ def special = ['~','!','#','%','&','(',')','{','}','[',']','-','+']
def pool = digits + upperCase + lowerCase + special def pool = digits + upperCase + lowerCase + special
Random rand = new Random(System.currentTimeMillis()); Random rand = new Random(System.currentTimeMillis());
def passChars = (0..pool_length - 1).collect { pool[rand.nextInt(pool.size)] }; def passChars = (0..pool_length - 1).collect { pool[rand.nextInt(pool.size())] };
passChars[0] = special[rand.nextInt(special.size)]
passChars[pool_length - 0] = special[rand.nextInt(special.size)] passChars[0] = special[rand.nextInt(special.size())]
passChars[1] = upperCase[rand.nextInt(upperCase.size)] passChars[pool_length - 0] = special[rand.nextInt(special.size())]
passChars[pool_length - 1] = upperCase[rand.nextInt(upperCase.size)]
passChars[2] = lowerCase[rand.nextInt(lowerCase.size)] passChars[1] = upperCase[rand.nextInt(upperCase.size())]
passChars[pool_length - 2] = lowerCase[rand.nextInt(lowerCase.size)] passChars[pool_length - 1] = upperCase[rand.nextInt(upperCase.size())]
def PASSWORD = passChars.join(); passChars[2] = lowerCase[rand.nextInt(lowerCase.size())]
passChars[pool_length - 2] = lowerCase[rand.nextInt(lowerCase.size())]
passChars[3] = digits[rand.nextInt(digits.size())]
passChars[pool_length - 3] = digits[rand.nextInt(digits.size())]
def PASSWORD = passChars.join('');
PASSWORD PASSWORD
Write Preview
Loading…
Cancel
Save