refactor pwd pol special char option

dfry · dfry · commit 95e671af6fb7 · 2023-03-30T19:47:38.000+01:00
diff --git a/gitlab_templates/switch-iac/workbench-config-15.json b/gitlab_templates/switch-iac/workbench-config-15.json
@@ -67,6 +67,7 @@
   "ttksims_enabled": "true",
   "quoting_service_simple_routing_mode_enabled": "false",
   "vault_config_operator_helm_chart_version": "0.8.13",
+  "password_policy_use_special_chars": "true",
   "internal_pm4ml_configs": [
     {
       "DFSP_NAME": "pm4mlreceiverfsp",
diff --git a/terraform/k8s-apps-setup/state-setup/stateful-resources-config.tf b/terraform/k8s-apps-setup/state-setup/stateful-resources-config.tf
@@ -8,10 +8,10 @@ resource "helm_release" "vault_cr_pwdpolicy" {
     auth_path = "kubernetes_op"
     auth_role = "policy-admin"
     resource_type = each.value.resource_type
+    resource_name = each.value.resource_name
     namespace = kubernetes_namespace.stateful_namespace[each.value.resource_namespace].metadata[0].name
-    secret_password_policy = templatefile("${path.module}/templates/password-policy.hcl.tpl", { password_length = 20, use_special_chars = false, special_char_list = "!@#$%^&*"})
+    secret_password_policy = templatefile("${path.module}/templates/password-policy.hcl.tpl", { password_length = 20, use_special_chars = var.password_policy_use_special_chars, special_char_list = var.password_policy_special_chars})
     vault_base_path = each.value.generate_secret_vault_base_path
-    resource_name = each.value.resource_name
     secret_name = each.value.generate_secret_name
     secret_keys_map  = { for key in each.value.generate_secret_keys : key => "'{{ .dynamicsecret_${replace(key, "-", "_")}.password }}'" }
     secret_namespaces = "[${join(",", local.total_secret_namespaces[each.key])}]"
@@ -29,10 +29,10 @@ resource "helm_release" "vault_cr_randomsecret" {
     auth_path = "kubernetes_op"
     auth_role = "policy-admin"
     resource_type = each.value.resource_type
+    resource_name = each.value.resource_name
     namespace = kubernetes_namespace.stateful_namespace[each.value.resource_namespace].metadata[0].name
-    secret_password_policy = templatefile("${path.module}/templates/password-policy.hcl.tpl", { password_length = 20, use_special_chars = false, special_char_list = "!@#$%^&*"})
+    secret_password_policy = templatefile("${path.module}/templates/password-policy.hcl.tpl", { password_length = 20, use_special_chars = var.password_policy_use_special_chars, special_char_list = var.password_policy_special_chars})
     vault_base_path = each.value.generate_secret_vault_base_path
-    resource_name = each.value.resource_name
     secret_name = each.value.generate_secret_name
     secret_keys_map  = { for key in each.value.generate_secret_keys : key => "'{{ .dynamicsecret_${replace(key, "-", "_")}.password }}'" }
     secret_namespaces = "[${join(",", local.total_secret_namespaces[each.key])}]"
@@ -53,10 +53,10 @@ resource "helm_release" "vault_cr_vaultsecret" {
     auth_path = "kubernetes_op"
     auth_role = "policy-admin"
     resource_type = each.value.resource_type
+    resource_name = each.value.resource_name
     namespace = kubernetes_namespace.stateful_namespace[each.value.resource_namespace].metadata[0].name
-    secret_password_policy = templatefile("${path.module}/templates/password-policy.hcl.tpl", { password_length = 20, use_special_chars = false, special_char_list = "!@#$%^&*"})
+    secret_password_policy = templatefile("${path.module}/templates/password-policy.hcl.tpl", { password_length = 20, use_special_chars = var.password_policy_use_special_chars, special_char_list = var.password_policy_special_chars})
     vault_base_path = each.value.generate_secret_vault_base_path
-    resource_name = each.value.resource_name
     secret_name = each.value.generate_secret_name
     secret_keys_map  = { for key in each.value.generate_secret_keys : key => "'{{ .dynamicsecret_${replace(key, "-", "_")}.password }}'" }
     secret_namespaces = "[${join(",", local.total_secret_namespaces[each.key])}]"
diff --git a/terraform/k8s-apps-setup/state-setup/variables.tf b/terraform/k8s-apps-setup/state-setup/variables.tf
@@ -16,6 +16,17 @@ variable "storage_class_name" {
   default     = "longhorn"
 }
 
+variable "password_policy_special_chars" {
+  description = "special chars for password policies"
+  type        = string
+  default     = "!@#$%^&*"
+}
+
+variable "password_policy_use_special_chars" {
+  description = "use special chars for password policies?"
+  type        = bool
+  default     = true
+}
 
 variable "stateful_resources" {
   description = "stateful resource config data"

Original file line number	Diff line number	Diff line change
`@@ -67,6 +67,7 @@`
`67`	`67`	`"ttksims_enabled": "true",`
`68`	`68`	`"quoting_service_simple_routing_mode_enabled": "false",`
`69`	`69`	`"vault_config_operator_helm_chart_version": "0.8.13",`
	`70`	`+ "password_policy_use_special_chars": "true",`
`70`	`71`	`"internal_pm4ml_configs": [`
`71`	`72`	`{`
`72`	`73`	`"DFSP_NAME": "pm4mlreceiverfsp",`