Bug 1454812

Summary: [Azure] User password limitations are not working correctly
Product: Red Hat CloudForms Management Engine Reporter: Leo Khomenko <lkhomenk>
Component: UI - OPSAssignee: Daniel Berger <dberger>
Status: CLOSED CURRENTRELEASE QA Contact: Leo Khomenko <lkhomenk>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.8.0CC: bsorota, dberger, dclarizi, gblomqui, gmccullo, hkataria, jfrey, jhardy, lkhomenk, mpovolny, obarenbo, simaishi
Target Milestone: GAKeywords: TestOnly, ZStream
Target Release: 5.9.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: ui:provision
Fixed In Version: 5.9.0.1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1478415 (view as bug list) Environment:
Last Closed: 2018-03-06 14:54:56 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: Bug
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: Azure Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1478415    

Description Leo Khomenko 2017-05-23 13:54:10 UTC 
Description of problem: It's possible to create provision request with password which doesn't meet requirements:
'Customize/Password' must be correctly formatted. The password must be 12-72 characters, contain at least one lowercase English character, one uppercase English character, and one number.'
looks like we only check password length 


Version-Release number of selected component (if applicable):5.8.0.16


How reproducible:100%


Steps to Reproduce:
1.Create Instance provision request with password containing 12 lowercase only symbols


Actual results:request gets created


Expected results: same warning message should be shown as password doesn't meet requirements


Additional info: such request fails with no explanation in UI:
last message - [EVM] VM [test-lkhom-11] Step [CheckProvisioned] Status [Creating VM] Message [Creating VM] Current Retry Number [1] 

and error message in evm.log:
[----] E, [2017-05-23T09:49:14.234173 #7169:9a3134] ERROR -- : Q-task_id([miq_provision_8]) MIQ(ManageIQ::Providers::Azure::CloudManager::Provision#provision_error) [[Azure::Armrest::BadRequestException]: The supplied password must be between 8-123 characters long and must satisfy at least 3 of password complexity requirements from the following: 
1) Contains an uppercase character
2) Contains a lowercase character
3) Contains a numeric digit
4) Contains a special character.] encountered during phase [start_clone_task]
Comment 3 Bronagh Sorota 2017-06-16 13:36:20 UTC 
Leo
Can you clarify your question? This BZ is already asking for password requirements to be met.

thanks
Bronagh
Comment 6 Bronagh Sorota 2017-06-27 17:29:31 UTC 
Hi Dan B.
This goes hand in hand with the username version of this ticket: https://bugzilla.redhat.com/show_bug.cgi?id=1454829

The regex that checks the username and password requirements is set here:
https://github.com/ManageIQ/manageiq-providers-azure/blob/master/content/miq_dialogs/miq_provision_azure_dialogs_template.yaml?#L355..#L369

The Azure doc that explains the limitations on usernames and password is:
https://docs.microsoft.com/en-us/rest/api/compute/virtualmachines/virtualmachines-create-or-update
(search for "adminUsername" and adminPassword")
Comment 7 Daniel Berger 2017-06-28 16:35:36 UTC 
https://github.com/ManageIQ/manageiq-providers-azure/pull/87

Note that the actual minimum is 12 characters, despite what the docs say.
Comment 17 Leo Khomenko 2017-12-06 10:42:59 UTC 
works fine in 5.9.0.11