Bug 1454812 - [Azure] User password limitations are not working correctly
Summary: [Azure] User password limitations are not working correctly
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: UI - OPS
Version: 5.8.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: GA
: 5.9.0
Assignee: Daniel Berger
QA Contact: Leo Khomenko
URL:
Whiteboard: ui:provision
Depends On:
Blocks: 1478415
TreeView+ depends on / blocked
 
Reported: 2017-05-23 13:54 UTC by Leo Khomenko
Modified: 2018-07-30 18:50 UTC (History)
12 users (show)

Fixed In Version: 5.9.0.1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1478415 (view as bug list)
Environment:
Last Closed: 2018-03-06 14:54:56 UTC
Category: Bug
Cloudforms Team: Azure
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Leo Khomenko 2017-05-23 13:54:10 UTC
Description of problem: It's possible to create provision request with password which doesn't meet requirements:
'Customize/Password' must be correctly formatted. The password must be 12-72 characters, contain at least one lowercase English character, one uppercase English character, and one number.'
looks like we only check password length 


Version-Release number of selected component (if applicable):5.8.0.16


How reproducible:100%


Steps to Reproduce:
1.Create Instance provision request with password containing 12 lowercase only symbols


Actual results:request gets created


Expected results: same warning message should be shown as password doesn't meet requirements


Additional info: such request fails with no explanation in UI:
last message - [EVM] VM [test-lkhom-11] Step [CheckProvisioned] Status [Creating VM] Message [Creating VM] Current Retry Number [1] 

and error message in evm.log:
[----] E, [2017-05-23T09:49:14.234173 #7169:9a3134] ERROR -- : Q-task_id([miq_provision_8]) MIQ(ManageIQ::Providers::Azure::CloudManager::Provision#provision_error) [[Azure::Armrest::BadRequestException]: The supplied password must be between 8-123 characters long and must satisfy at least 3 of password complexity requirements from the following: 
1) Contains an uppercase character
2) Contains a lowercase character
3) Contains a numeric digit
4) Contains a special character.] encountered during phase [start_clone_task]

Comment 3 Bronagh Sorota 2017-06-16 13:36:20 UTC
Leo
Can you clarify your question? This BZ is already asking for password requirements to be met.

thanks
Bronagh

Comment 6 Bronagh Sorota 2017-06-27 17:29:31 UTC
Hi Dan B.
This goes hand in hand with the username version of this ticket: https://bugzilla.redhat.com/show_bug.cgi?id=1454829

The regex that checks the username and password requirements is set here:
https://github.com/ManageIQ/manageiq-providers-azure/blob/master/content/miq_dialogs/miq_provision_azure_dialogs_template.yaml?#L355..#L369

The Azure doc that explains the limitations on usernames and password is:
https://docs.microsoft.com/en-us/rest/api/compute/virtualmachines/virtualmachines-create-or-update
(search for "adminUsername" and adminPassword")

Comment 7 Daniel Berger 2017-06-28 16:35:36 UTC
https://github.com/ManageIQ/manageiq-providers-azure/pull/87

Note that the actual minimum is 12 characters, despite what the docs say.

Comment 17 Leo Khomenko 2017-12-06 10:42:59 UTC
works fine in 5.9.0.11


Note You need to log in before you can comment on or make changes to this bug.