From 9abeed5f2362ff25521754ae632c2a6cc63936c0 Mon Sep 17 00:00:00 2001 From: hammy Date: Fri, 21 Jul 2023 13:08:04 -0400 Subject: [PATCH] Feat(eos_cli_config_gen): add support for password complexity policies (#2991) --- .../devices/management-accounts.md | 49 ++++++++ .../devices/management-security.md | 14 +++ .../intended/configs/management-accounts.cfg | 18 +++ .../intended/configs/management-security.cfg | 8 ++ .../host_vars/management-accounts.yml | 3 + .../host_vars/management-security.yml | 11 ++ .../eos_cli_config_gen/inventory/hosts.ini | 1 + .../docs/input-variables.md | 6 + .../docs/tables/management-accounts.md | 15 +++ .../docs/tables/management-security.md | 22 ++++ .../eos_cli_config_gen.jsonschema.json | 106 ++++++++++++++++++ .../schemas/eos_cli_config_gen.schema.yml | 64 +++++++++++ .../management_accounts.schema.yml | 13 +++ .../management_security.schema.yml | 56 +++++++++ .../documentation/management-accounts.j2 | 19 ++++ .../documentation/management-security.j2 | 16 +++ .../templates/documentation/management.j2 | 3 + .../templates/eos-intended-config.j2 | 2 + .../templates/eos/management-accounts.j2 | 8 ++ .../templates/eos/management-security.j2 | 30 +++++ 20 files changed, 464 insertions(+) create mode 100644 ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/management-accounts.md create mode 100644 ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/management-accounts.cfg create mode 100644 ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/management-accounts.yml create mode 100644 ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/management-accounts.md create mode 100644 ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/management_accounts.schema.yml create mode 100644 ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/management-accounts.j2 create mode 100644 ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/management-accounts.j2 diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/management-accounts.md b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/management-accounts.md new file mode 100644 index 00000000000..8d136e49976 --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/management-accounts.md @@ -0,0 +1,49 @@ +# management-accounts + +## Table of Contents + +- [Management](#management) + - [Management Interfaces](#management-interfaces) + - [Management Accounts](#management-accounts) + +## Management + +### Management Interfaces + +#### Management Interfaces Summary + +##### IPv4 + +| Management Interface | description | Type | VRF | IP Address | Gateway | +| -------------------- | ----------- | ---- | --- | ---------- | ------- | +| Management1 | oob_management | oob | MGMT | 10.73.255.122/24 | 10.73.255.2 | + +##### IPv6 + +| Management Interface | description | Type | VRF | IPv6 Address | IPv6 Gateway | +| -------------------- | ----------- | ---- | --- | ------------ | ------------ | +| Management1 | oob_management | oob | MGMT | - | - | + +#### Management Interfaces Device Configuration + +```eos +! +interface Management1 + description oob_management + vrf MGMT + ip address 10.73.255.122/24 +``` + +### Management Accounts + +#### Password Policy + +The password policy set for management accounts is: AVD_POLICY + +#### Management Accounts Device Configuration + +```eos +! +management accounts + password policy AVD_POLICY +``` diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/management-security.md b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/management-security.md index d817ae8108f..78171acca4a 100644 --- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/management-security.md +++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/documentation/devices/management-security.md @@ -11,6 +11,7 @@ - [SSL profile test1-trust-cert Certificates Summary](#ssl-profile-test1-trust-cert-certificates-summary) - [SSL profile test2-chain-cert Certificates Summary](#ssl-profile-test2-chain-cert-certificates-summary) - [SSL profile test2-trust-cert Certificates Summary](#ssl-profile-test2-trust-cert-certificates-summary) + - [Password Policies](#password-policies) - [Management Security Configuration](#management-security-configuration) ## Management @@ -90,6 +91,11 @@ interface Management1 | ------------------ | ----------- | ------ | ------ | | - | Hostname must be FQDN | - | Enabled | +### Password Policies +| Policy Name | Digits | Length | Lowercase letters | Special characters | Uppercase letters | Repetitive characters | Sequential characters | +|-------------|--------|--------|-------------------|--------------------|-------------------|-----------------------|----------------------| +| AVD_POLICY | > 1 | > 2 | > 3 | > 4 | > 5 | < 6 | < 7 | + ### Management Security Configuration ```eos @@ -99,6 +105,14 @@ management security password encryption-key common password encryption reversible aes-256-gcm password minimum length 17 + password policy AVD_POLICY + minimum digits 1 + minimum length 2 + minimum lower 3 + minimum special 4 + minimum upper 5 + maximum repetitive 6 + maximum sequential 7 ssl profile certificate-profile certificate eAPI.crt key eAPI.key ssl profile cipher-list-profile diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/management-accounts.cfg b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/management-accounts.cfg new file mode 100644 index 00000000000..24f16d01fa4 --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/management-accounts.cfg @@ -0,0 +1,18 @@ +!RANCID-CONTENT-TYPE: arista +! +transceiver qsfp default-mode 4x10G +! +hostname management-accounts +! +no enable password +no aaa root +! +interface Management1 + description oob_management + vrf MGMT + ip address 10.73.255.122/24 +! +management accounts + password policy AVD_POLICY +! +end diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/management-security.cfg b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/management-security.cfg index b59370c014e..4b20c5fee47 100644 --- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/management-security.cfg +++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/intended/configs/management-security.cfg @@ -17,6 +17,14 @@ management security password encryption-key common password encryption reversible aes-256-gcm password minimum length 17 + password policy AVD_POLICY + minimum digits 1 + minimum length 2 + minimum lower 3 + minimum special 4 + minimum upper 5 + maximum repetitive 6 + maximum sequential 7 ssl profile certificate-profile certificate eAPI.crt key eAPI.key ssl profile cipher-list-profile diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/management-accounts.yml b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/management-accounts.yml new file mode 100644 index 00000000000..a244686dd63 --- /dev/null +++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/management-accounts.yml @@ -0,0 +1,3 @@ +management_accounts: + password: + policy: "AVD_POLICY" diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/management-security.yml b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/management-security.yml index 4f58d66f589..e87f3bd2441 100644 --- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/management-security.yml +++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/management-security.yml @@ -5,6 +5,17 @@ management_security: minimum_length: 17 encryption_key_common: true encryption_reversible: aes-256-gcm + policies: + - name: AVD_POLICY + minimum: + digits: 1 + length: 2 + lower: 3 + special: 4 + upper: 5 + maximum: + repetitive: 6 + sequential: 7 ssl_profiles: - name: tls-versions-profile tls_versions: "1.0 1.1" diff --git a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/hosts.ini b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/hosts.ini index a3a7e23f8d1..4616a6ef155 100644 --- a/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/hosts.ini +++ b/ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/hosts.ini @@ -62,6 +62,7 @@ mcs-client loopbacks-interfaces mac-address-table maintenance +management-accounts management-api-http management-cvx management-api-models diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/input-variables.md b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/input-variables.md index 79091bbaf51..29861a657fa 100644 --- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/input-variables.md +++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/input-variables.md @@ -447,6 +447,12 @@ roles/eos_cli_config_gen/docs/tables/ip-name-servers.md roles/eos_cli_config_gen/docs/tables/ip-ssh-client-source-interfaces.md --8<-- +### Management accounts + +--8<-- +roles/eos_cli_config_gen/docs/tables/management-accounts.md +--8<-- + ### Management API HTTP --8<-- diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/management-accounts.md b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/management-accounts.md new file mode 100644 index 00000000000..3fe0b1eeebc --- /dev/null +++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/management-accounts.md @@ -0,0 +1,15 @@ +=== "Table" + + | Variable | Type | Required | Default | Value Restrictions | Description | + | -------- | ---- | -------- | ------- | ------------------ | ----------- | + | [management_accounts](## "management_accounts") | Dictionary | | | | | + | [  password](## "management_accounts.password") | Dictionary | | | | | + | [    policy](## "management_accounts.password.policy") | String | | | | | + +=== "YAML" + + ```yaml + management_accounts: + password: + policy: + ``` diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/management-security.md b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/management-security.md index e7561aa51d2..4894671ac3d 100644 --- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/management-security.md +++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/docs/tables/management-security.md @@ -8,6 +8,17 @@ | [    minimum_length](## "management_security.password.minimum_length") | Integer | | | Min: 1
Max: 32 | | | [    encryption_key_common](## "management_security.password.encryption_key_common") | Boolean | | | | | | [    encryption_reversible](## "management_security.password.encryption_reversible") | String | | | | | + | [    policies](## "management_security.password.policies") | List, items: Dictionary | | | | | + | [      - name](## "management_security.password.policies.[].name") | String | Required, Unique | | | | + | [        minimum](## "management_security.password.policies.[].minimum") | Dictionary | | | | | + | [          digits](## "management_security.password.policies.[].minimum.digits") | Integer | | | Min: 1
Max: 65535 | | + | [          length](## "management_security.password.policies.[].minimum.length") | Integer | | | Min: 1
Max: 65535 | | + | [          lower](## "management_security.password.policies.[].minimum.lower") | Integer | | | Min: 1
Max: 65535 | | + | [          special](## "management_security.password.policies.[].minimum.special") | Integer | | | Min: 1
Max: 65535 | | + | [          upper](## "management_security.password.policies.[].minimum.upper") | Integer | | | Min: 1
Max: 65535 | | + | [        maximum](## "management_security.password.policies.[].maximum") | Dictionary | | | | | + | [          repetitive](## "management_security.password.policies.[].maximum.repetitive") | Integer | | | Min: 1
Max: 65535 | | + | [          sequential](## "management_security.password.policies.[].maximum.sequential") | Integer | | | Min: 1
Max: 65535 | | | [  ssl_profiles](## "management_security.ssl_profiles") | List, items: Dictionary | | | | | | [    - name](## "management_security.ssl_profiles.[].name") | String | | | | | | [      tls_versions](## "management_security.ssl_profiles.[].tls_versions") | String | | | | List of allowed TLS versions as string
Examples:
- "1.0"
- "1.0 1.1"
| @@ -39,6 +50,17 @@ minimum_length: encryption_key_common: encryption_reversible: + policies: + - name: + minimum: + digits: + length: + lower: + special: + upper: + maximum: + repetitive: + sequential: ssl_profiles: - name: tls_versions: diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.jsonschema.json b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.jsonschema.json index 76d26061290..7efbc9d4fc5 100644 --- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.jsonschema.json +++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.jsonschema.json @@ -6900,6 +6900,30 @@ "^_.+$": {} } }, + "management_accounts": { + "type": "object", + "properties": { + "password": { + "type": "object", + "properties": { + "policy": { + "type": "string", + "title": "Policy" + } + }, + "additionalProperties": false, + "patternProperties": { + "^_.+$": {} + }, + "title": "Password" + } + }, + "additionalProperties": false, + "patternProperties": { + "^_.+$": {} + }, + "title": "Management Accounts" + }, "management_api_gnmi": { "type": "object", "properties": { @@ -7430,6 +7454,88 @@ "encryption_reversible": { "type": "string", "title": "Encryption Reversible" + }, + "policies": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "title": "Name" + }, + "minimum": { + "type": "object", + "properties": { + "digits": { + "type": "integer", + "minimum": 1, + "maximum": 65535, + "title": "Digits" + }, + "length": { + "type": "integer", + "minimum": 1, + "maximum": 65535, + "title": "Length" + }, + "lower": { + "type": "integer", + "minimum": 1, + "maximum": 65535, + "title": "Lower" + }, + "special": { + "type": "integer", + "minimum": 1, + "maximum": 65535, + "title": "Special" + }, + "upper": { + "type": "integer", + "minimum": 1, + "maximum": 65535, + "title": "Upper" + } + }, + "additionalProperties": false, + "patternProperties": { + "^_.+$": {} + }, + "title": "Minimum" + }, + "maximum": { + "type": "object", + "properties": { + "repetitive": { + "type": "integer", + "minimum": 1, + "maximum": 65535, + "title": "Repetitive" + }, + "sequential": { + "type": "integer", + "minimum": 1, + "maximum": 65535, + "title": "Sequential" + } + }, + "additionalProperties": false, + "patternProperties": { + "^_.+$": {} + }, + "title": "Maximum" + } + }, + "additionalProperties": false, + "patternProperties": { + "^_.+$": {} + }, + "required": [ + "name" + ] + }, + "title": "Policies" } }, "additionalProperties": false, diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.schema.yml b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.schema.yml index 4038e198c8c..f0151fb0030 100644 --- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/eos_cli_config_gen.schema.yml @@ -4276,6 +4276,14 @@ keys: items: type: str description: Name of Interface Group + management_accounts: + type: dict + keys: + password: + type: dict + keys: + policy: + type: str management_api_gnmi: type: dict keys: @@ -4593,6 +4601,62 @@ keys: type: bool encryption_reversible: type: str + policies: + type: list + primary_key: name + items: + type: dict + keys: + name: + type: str + minimum: + type: dict + keys: + digits: + type: int + min: 1 + max: 65535 + convert_types: + - str + length: + type: int + min: 1 + max: 65535 + convert_types: + - str + lower: + type: int + min: 1 + max: 65535 + convert_types: + - str + special: + type: int + min: 1 + max: 65535 + convert_types: + - str + upper: + type: int + min: 1 + max: 65535 + convert_types: + - str + maximum: + type: dict + keys: + repetitive: + type: int + min: 1 + max: 65535 + convert_types: + - str + sequential: + type: int + min: 1 + max: 65535 + convert_types: + - str ssl_profiles: type: list items: diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/management_accounts.schema.yml b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/management_accounts.schema.yml new file mode 100644 index 00000000000..8392168494a --- /dev/null +++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/management_accounts.schema.yml @@ -0,0 +1,13 @@ +# yaml-language-server: $schema=../../../../plugins/plugin_utils/schema/avd_meta_schema.json +# Line above is used by RedHat's YAML Schema vscode extension +# Use Ctrl + Space to get suggestions for every field. Autocomplete will pop up after typing 2 letters. +type: dict +keys: + management_accounts: + type: dict + keys: + password: + type: dict + keys: + policy: + type: str diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/management_security.schema.yml b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/management_security.schema.yml index ef165068586..9939e954b64 100644 --- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/management_security.schema.yml +++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/schemas/schema_fragments/management_security.schema.yml @@ -21,6 +21,62 @@ keys: type: bool encryption_reversible: type: str + policies: + type: list + primary_key: name + items: + type: dict + keys: + name: + type: str + minimum: + type: dict + keys: + digits: + type: int + min: 1 + max: 65535 + convert_types: + - str + length: + type: int + min: 1 + max: 65535 + convert_types: + - str + lower: + type: int + min: 1 + max: 65535 + convert_types: + - str + special: + type: int + min: 1 + max: 65535 + convert_types: + - str + upper: + type: int + min: 1 + max: 65535 + convert_types: + - str + maximum: + type: dict + keys: + repetitive: + type: int + min: 1 + max: 65535 + convert_types: + - str + sequential: + type: int + min: 1 + max: 65535 + convert_types: + - str ssl_profiles: type: list items: diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/management-accounts.j2 b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/management-accounts.j2 new file mode 100644 index 00000000000..085fe3f3897 --- /dev/null +++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/management-accounts.j2 @@ -0,0 +1,19 @@ +{# doc - management accounts #} +{% if management_accounts is arista.avd.defined %} + +### Management Accounts + +#### Password Policy + +{% if management_accounts.password.policy is arista.avd.defined %} +The password policy set for management accounts is: {{ management_accounts.password.policy }} +{% else %} +No specific password policy is set for management accounts. +{% endif %} + +#### Management Accounts Device Configuration + +```eos +{% include 'eos/management-accounts.j2' %} +``` +{% endif %} diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/management-security.j2 b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/management-security.j2 index d8f471f2367..e88abfb85ab 100644 --- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/management-security.j2 +++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/management-security.j2 @@ -94,6 +94,22 @@ {% endif %} {% endfor %} {% endif %} +{% if management_security.password.policies is arista.avd.defined %} + +### Password Policies +| Policy Name | Digits | Length | Lowercase letters | Special characters | Uppercase letters | Repetitive characters | Sequential characters | +|-------------|--------|--------|-------------------|--------------------|-------------------|-----------------------|----------------------| +{% for policy in management_security.password.policies | arista.avd.natural_sort('name') %} +{% set min_digits = policy.minimum.digits if policy.minimum.digits is arista.avd.defined else 'N/A' %} +{% set min_length = policy.minimum.length if policy.minimum.length is arista.avd.defined else 'N/A' %} +{% set min_lower = policy.minimum.lower if policy.minimum.lower is arista.avd.defined else 'N/A' %} +{% set min_special = policy.minimum.special if policy.minimum.special is arista.avd.defined else 'N/A' %} +{% set min_upper = policy.minimum.upper if policy.minimum.upper is arista.avd.defined else 'N/A' %} +{% set max_repetitive = policy.maximum.repetitive if policy.maximum.repetitive is arista.avd.defined else 'N/A' %} +{% set max_sequential = policy.maximum.sequential if policy.maximum.sequential is arista.avd.defined else 'N/A' %} +| {{ policy.name }} | > {{ min_digits }} | > {{ min_length }} | > {{ min_lower }} | > {{ min_special }} | > {{ min_upper }} | < {{ max_repetitive }} | < {{ max_sequential }} | +{% endfor %} +{% endif %} ### Management Security Configuration diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/management.j2 b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/management.j2 index 5c6c2655e34..3be1b2cbd70 100644 --- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/management.j2 +++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/documentation/management.j2 @@ -12,6 +12,7 @@ or management_ssh is arista.avd.defined or management_tech_support is arista.avd.defined or ip_ssh_client_source_interfaces is arista.avd.defined + or management_accounts is arista.avd.defined or management_api_gnmi is arista.avd.defined or management_cvx is arista.avd.defined or management_console is arista.avd.defined @@ -44,6 +45,8 @@ {% include 'documentation/management-tech-support.j2' %} {## IP SSH Client Source Interfaces #} {% include 'documentation/ip-ssh-client-source-interfaces.j2' %} +{## Management Accounts #} +{% include 'documentation/management-accounts.j2' %} {## Management API gNMI #} {% include 'documentation/management-api-gnmi.j2' %} {## Management CVX #} diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos-intended-config.j2 b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos-intended-config.j2 index 88d4409c4ee..0a8367eef9b 100644 --- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos-intended-config.j2 +++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos-intended-config.j2 @@ -272,6 +272,8 @@ {% include 'eos/ip-http-client-source-interfaces.j2' %} {# ip ssh client source interfaces #} {% include 'eos/ip-ssh-client-source-interfaces.j2' %} +{# management accounts #} +{% include 'eos/management-accounts.j2' %} {# management api http #} {% include 'eos/management-api-http.j2' %} {# management console #} diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/management-accounts.j2 b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/management-accounts.j2 new file mode 100644 index 00000000000..46fbb6e0526 --- /dev/null +++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/management-accounts.j2 @@ -0,0 +1,8 @@ +{# eos - management accounts #} +{% if management_accounts is arista.avd.defined %} +! +management accounts +{% if management_accounts.password.policy is arista.avd.defined %} + password policy {{ management_accounts.password.policy }} +{% endif %} +{% endif %} diff --git a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/management-security.j2 b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/management-security.j2 index d54ec1771c8..80c3cab62b4 100644 --- a/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/management-security.j2 +++ b/ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/management-security.j2 @@ -14,6 +14,36 @@ management security {% if management_security.password.minimum_length is arista.avd.defined %} password minimum length {{ management_security.password.minimum_length }} {% endif %} +{% if management_security.password.policies is arista.avd.defined %} +{% for policy in management_security.password.policies %} + password policy {{ policy.name }} +{% if policy.minimum is arista.avd.defined %} +{% if policy.minimum.digits is arista.avd.defined %} + minimum digits {{ policy.minimum.digits }} +{% endif %} +{% if policy.minimum.length is arista.avd.defined %} + minimum length {{ policy.minimum.length }} +{% endif %} +{% if policy.minimum.lower is arista.avd.defined %} + minimum lower {{ policy.minimum.lower }} +{% endif %} +{% if policy.minimum.special is arista.avd.defined %} + minimum special {{ policy.minimum.special }} +{% endif %} +{% if policy.minimum.upper is arista.avd.defined %} + minimum upper {{ policy.minimum.upper }} +{% endif %} +{% endif %} +{% if policy.maximum is arista.avd.defined %} +{% if policy.maximum.repetitive is arista.avd.defined %} + maximum repetitive {{ policy.maximum.repetitive }} +{% endif %} +{% if policy.maximum.sequential is arista.avd.defined %} + maximum sequential {{ policy.maximum.sequential }} +{% endif %} +{% endif %} +{% endfor %} +{% endif %} {% for ssl_profile in management_security.ssl_profiles | arista.avd.natural_sort %} ssl profile {{ ssl_profile.name }} {% if ssl_profile.tls_versions is arista.avd.defined %}