Skip to content

Commit

Permalink
Feat(eos_cli_config_gen): add support for password complexity policies (
Browse files Browse the repository at this point in the history
  • Loading branch information
haylinmoore authored Jul 21, 2023
1 parent cd47571 commit 9abeed5
Show file tree
Hide file tree
Showing 20 changed files with 464 additions and 0 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
# management-accounts

## Table of Contents

- [Management](#management)
- [Management Interfaces](#management-interfaces)
- [Management Accounts](#management-accounts)

## Management

### Management Interfaces

#### Management Interfaces Summary

##### IPv4

| Management Interface | description | Type | VRF | IP Address | Gateway |
| -------------------- | ----------- | ---- | --- | ---------- | ------- |
| Management1 | oob_management | oob | MGMT | 10.73.255.122/24 | 10.73.255.2 |

##### IPv6

| Management Interface | description | Type | VRF | IPv6 Address | IPv6 Gateway |
| -------------------- | ----------- | ---- | --- | ------------ | ------------ |
| Management1 | oob_management | oob | MGMT | - | - |

#### Management Interfaces Device Configuration

```eos
!
interface Management1
description oob_management
vrf MGMT
ip address 10.73.255.122/24
```

### Management Accounts

#### Password Policy

The password policy set for management accounts is: AVD_POLICY

#### Management Accounts Device Configuration

```eos
!
management accounts
password policy AVD_POLICY
```
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
- [SSL profile test1-trust-cert Certificates Summary](#ssl-profile-test1-trust-cert-certificates-summary)
- [SSL profile test2-chain-cert Certificates Summary](#ssl-profile-test2-chain-cert-certificates-summary)
- [SSL profile test2-trust-cert Certificates Summary](#ssl-profile-test2-trust-cert-certificates-summary)
- [Password Policies](#password-policies)
- [Management Security Configuration](#management-security-configuration)

## Management
Expand Down Expand Up @@ -90,6 +91,11 @@ interface Management1
| ------------------ | ----------- | ------ | ------ |
| - | Hostname must be FQDN | - | Enabled |

### Password Policies
| Policy Name | Digits | Length | Lowercase letters | Special characters | Uppercase letters | Repetitive characters | Sequential characters |
|-------------|--------|--------|-------------------|--------------------|-------------------|-----------------------|----------------------|
| AVD_POLICY | > 1 | > 2 | > 3 | > 4 | > 5 | < 6 | < 7 |

### Management Security Configuration

```eos
Expand All @@ -99,6 +105,14 @@ management security
password encryption-key common
password encryption reversible aes-256-gcm
password minimum length 17
password policy AVD_POLICY
minimum digits 1
minimum length 2
minimum lower 3
minimum special 4
minimum upper 5
maximum repetitive 6
maximum sequential 7
ssl profile certificate-profile
certificate eAPI.crt key eAPI.key
ssl profile cipher-list-profile
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
!RANCID-CONTENT-TYPE: arista
!
transceiver qsfp default-mode 4x10G
!
hostname management-accounts
!
no enable password
no aaa root
!
interface Management1
description oob_management
vrf MGMT
ip address 10.73.255.122/24
!
management accounts
password policy AVD_POLICY
!
end
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,14 @@ management security
password encryption-key common
password encryption reversible aes-256-gcm
password minimum length 17
password policy AVD_POLICY
minimum digits 1
minimum length 2
minimum lower 3
minimum special 4
minimum upper 5
maximum repetitive 6
maximum sequential 7
ssl profile certificate-profile
certificate eAPI.crt key eAPI.key
ssl profile cipher-list-profile
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
management_accounts:
password:
policy: "AVD_POLICY"
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,17 @@ management_security:
minimum_length: 17
encryption_key_common: true
encryption_reversible: aes-256-gcm
policies:
- name: AVD_POLICY
minimum:
digits: 1
length: 2
lower: 3
special: 4
upper: 5
maximum:
repetitive: 6
sequential: 7
ssl_profiles:
- name: tls-versions-profile
tls_versions: "1.0 1.1"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ mcs-client
loopbacks-interfaces
mac-address-table
maintenance
management-accounts
management-api-http
management-cvx
management-api-models
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -447,6 +447,12 @@ roles/eos_cli_config_gen/docs/tables/ip-name-servers.md
roles/eos_cli_config_gen/docs/tables/ip-ssh-client-source-interfaces.md
--8<--

### Management accounts

--8<--
roles/eos_cli_config_gen/docs/tables/management-accounts.md
--8<--

### Management API HTTP

--8<--
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
=== "Table"

| Variable | Type | Required | Default | Value Restrictions | Description |
| -------- | ---- | -------- | ------- | ------------------ | ----------- |
| [<samp>management_accounts</samp>](## "management_accounts") | Dictionary | | | | |
| [<samp>&nbsp;&nbsp;password</samp>](## "management_accounts.password") | Dictionary | | | | |
| [<samp>&nbsp;&nbsp;&nbsp;&nbsp;policy</samp>](## "management_accounts.password.policy") | String | | | | |

=== "YAML"

```yaml
management_accounts:
password:
policy: <str>
```
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,17 @@
| [<samp>&nbsp;&nbsp;&nbsp;&nbsp;minimum_length</samp>](## "management_security.password.minimum_length") | Integer | | | Min: 1<br>Max: 32 | |
| [<samp>&nbsp;&nbsp;&nbsp;&nbsp;encryption_key_common</samp>](## "management_security.password.encryption_key_common") | Boolean | | | | |
| [<samp>&nbsp;&nbsp;&nbsp;&nbsp;encryption_reversible</samp>](## "management_security.password.encryption_reversible") | String | | | | |
| [<samp>&nbsp;&nbsp;&nbsp;&nbsp;policies</samp>](## "management_security.password.policies") | List, items: Dictionary | | | | |
| [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;- name</samp>](## "management_security.password.policies.[].name") | String | Required, Unique | | | |
| [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;minimum</samp>](## "management_security.password.policies.[].minimum") | Dictionary | | | | |
| [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;digits</samp>](## "management_security.password.policies.[].minimum.digits") | Integer | | | Min: 1<br>Max: 65535 | |
| [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;length</samp>](## "management_security.password.policies.[].minimum.length") | Integer | | | Min: 1<br>Max: 65535 | |
| [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;lower</samp>](## "management_security.password.policies.[].minimum.lower") | Integer | | | Min: 1<br>Max: 65535 | |
| [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;special</samp>](## "management_security.password.policies.[].minimum.special") | Integer | | | Min: 1<br>Max: 65535 | |
| [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;upper</samp>](## "management_security.password.policies.[].minimum.upper") | Integer | | | Min: 1<br>Max: 65535 | |
| [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;maximum</samp>](## "management_security.password.policies.[].maximum") | Dictionary | | | | |
| [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;repetitive</samp>](## "management_security.password.policies.[].maximum.repetitive") | Integer | | | Min: 1<br>Max: 65535 | |
| [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;sequential</samp>](## "management_security.password.policies.[].maximum.sequential") | Integer | | | Min: 1<br>Max: 65535 | |
| [<samp>&nbsp;&nbsp;ssl_profiles</samp>](## "management_security.ssl_profiles") | List, items: Dictionary | | | | |
| [<samp>&nbsp;&nbsp;&nbsp;&nbsp;- name</samp>](## "management_security.ssl_profiles.[].name") | String | | | | |
| [<samp>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;tls_versions</samp>](## "management_security.ssl_profiles.[].tls_versions") | String | | | | List of allowed TLS versions as string<br>Examples:<br> - "1.0"<br> - "1.0 1.1"<br> |
Expand Down Expand Up @@ -39,6 +50,17 @@
minimum_length: <int>
encryption_key_common: <bool>
encryption_reversible: <str>
policies:
- name: <str>
minimum:
digits: <int>
length: <int>
lower: <int>
special: <int>
upper: <int>
maximum:
repetitive: <int>
sequential: <int>
ssl_profiles:
- name: <str>
tls_versions: <str>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6900,6 +6900,30 @@
"^_.+$": {}
}
},
"management_accounts": {
"type": "object",
"properties": {
"password": {
"type": "object",
"properties": {
"policy": {
"type": "string",
"title": "Policy"
}
},
"additionalProperties": false,
"patternProperties": {
"^_.+$": {}
},
"title": "Password"
}
},
"additionalProperties": false,
"patternProperties": {
"^_.+$": {}
},
"title": "Management Accounts"
},
"management_api_gnmi": {
"type": "object",
"properties": {
Expand Down Expand Up @@ -7430,6 +7454,88 @@
"encryption_reversible": {
"type": "string",
"title": "Encryption Reversible"
},
"policies": {
"type": "array",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string",
"title": "Name"
},
"minimum": {
"type": "object",
"properties": {
"digits": {
"type": "integer",
"minimum": 1,
"maximum": 65535,
"title": "Digits"
},
"length": {
"type": "integer",
"minimum": 1,
"maximum": 65535,
"title": "Length"
},
"lower": {
"type": "integer",
"minimum": 1,
"maximum": 65535,
"title": "Lower"
},
"special": {
"type": "integer",
"minimum": 1,
"maximum": 65535,
"title": "Special"
},
"upper": {
"type": "integer",
"minimum": 1,
"maximum": 65535,
"title": "Upper"
}
},
"additionalProperties": false,
"patternProperties": {
"^_.+$": {}
},
"title": "Minimum"
},
"maximum": {
"type": "object",
"properties": {
"repetitive": {
"type": "integer",
"minimum": 1,
"maximum": 65535,
"title": "Repetitive"
},
"sequential": {
"type": "integer",
"minimum": 1,
"maximum": 65535,
"title": "Sequential"
}
},
"additionalProperties": false,
"patternProperties": {
"^_.+$": {}
},
"title": "Maximum"
}
},
"additionalProperties": false,
"patternProperties": {
"^_.+$": {}
},
"required": [
"name"
]
},
"title": "Policies"
}
},
"additionalProperties": false,
Expand Down
Loading

0 comments on commit 9abeed5

Please sign in to comment.