-
Notifications
You must be signed in to change notification settings - Fork 1.5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[YANG] Add support for Password Hardening (#10322)
- Why I did it Yang Model about password hardening feature, the sonic CLI of this feature was autogenerated from this Yang model - How I did it Create new Yang model in src/sonic-yang-models/yang-models/sonic-passwh.yang. - How to verify it There are unitests(yang test) in this P.R covering all the passwords policies with good and bad values cases. Or is possible manually using the config/show password commands that were autogenerated from this Yang model. (this CLI code added in sonic-utilities)
- Loading branch information
1 parent
29043ff
commit ab09303
Showing
7 changed files
with
319 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
32 changes: 32 additions & 0 deletions
32
src/sonic-yang-models/tests/yang_model_tests/tests/password_hardening.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
{ | ||
"PASSWORD_TABLE": { | ||
"desc": "Configure policer with all default fields." | ||
}, | ||
"PASSWORD_ENABLE_FEATURE_WITH_POLICIES": { | ||
"desc": "Configure password policies and enabled feature." | ||
}, | ||
"PASSWORD_BAD_ENABLE_FEATURE": { | ||
"desc": "Configure password policies enabled feature with a wrong value.", | ||
"eStrKey" : "InvalidValue" | ||
}, | ||
"PASSWORD_BAD_DIGIT": { | ||
"desc": "Configure password Digit Class policy with invalid value", | ||
"eStrKey" : "InvalidValue" | ||
}, | ||
"PASSWORD_BAD_HISTORY_CNT": { | ||
"desc": "Configure password history_cnt with out of range value", | ||
"eStrKey" : "InvalidValue" | ||
}, | ||
"PASSWORD_BAD_LEN_MIN": { | ||
"desc": "Configure password len-min with out of range value", | ||
"eStrKey" : "Pattern" | ||
}, | ||
"PASSWORD_BAD_EXPIRATION": { | ||
"desc": "Configure password expiration with out of range value", | ||
"eStrKey" : "Pattern" | ||
}, | ||
"PASSWORD_BAD_EXPIRATION_WARN": { | ||
"desc": "Configure password expiration-warning with out of range value", | ||
"eStrKey" : "Pattern" | ||
} | ||
} |
146 changes: 146 additions & 0 deletions
146
src/sonic-yang-models/tests/yang_model_tests/tests_config/password_hardening.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,146 @@ | ||
{ | ||
"PASSWORD_TABLE": { | ||
"sonic-passwh:sonic-passwh": { | ||
"sonic-passwh:PASSW_HARDENING": { | ||
"POLICIES":{ | ||
"state": "disabled", | ||
"expiration": "180", | ||
"expiration_warning": "15", | ||
"history_cnt": "10", | ||
"len_min": "8", | ||
"reject_user_passw_match": true, | ||
"lower_class": true, | ||
"upper_class": true, | ||
"digits_class": true, | ||
"special_class": true | ||
} | ||
} | ||
} | ||
}, | ||
"PASSWORD_ENABLE_FEATURE_WITH_POLICIES": { | ||
"sonic-passwh:sonic-passwh": { | ||
"sonic-passwh:PASSW_HARDENING": { | ||
"POLICIES":{ | ||
"state": "enabled", | ||
"expiration": "180", | ||
"expiration_warning": "15", | ||
"history_cnt": "10", | ||
"len_min": "8", | ||
"reject_user_passw_match": true, | ||
"lower_class": true, | ||
"upper_class": true, | ||
"digits_class": true, | ||
"special_class": true | ||
} | ||
} | ||
} | ||
}, | ||
"PASSWORD_BAD_ENABLE_FEATURE": { | ||
"sonic-passwh:sonic-passwh": { | ||
"sonic-passwh:PASSW_HARDENING": { | ||
"POLICIES":{ | ||
"state": "33", | ||
"expiration": "180", | ||
"expiration_warning": "15", | ||
"history_cnt": "10", | ||
"len_min": "8", | ||
"reject_user_passw_match": true, | ||
"lower_class": true, | ||
"upper_class": true, | ||
"digits_class": true, | ||
"special_class": true | ||
} | ||
} | ||
} | ||
}, | ||
"PASSWORD_BAD_DIGIT": { | ||
"sonic-passwh:sonic-passwh": { | ||
"sonic-passwh:PASSW_HARDENING": { | ||
"POLICIES":{ | ||
"state": "disabled", | ||
"expiration": "180", | ||
"expiration_warning": "15", | ||
"history_cnt": "10", | ||
"len_min": "8", | ||
"reject_user_passw_match": true, | ||
"lower_class": true, | ||
"upper_class": true, | ||
"digits_class": "1", | ||
"special_class": true | ||
} | ||
} | ||
} | ||
}, | ||
"PASSWORD_BAD_HISTORY_CNT": { | ||
"sonic-passwh:sonic-passwh": { | ||
"sonic-passwh:PASSW_HARDENING": { | ||
"POLICIES":{ | ||
"state": "enabled", | ||
"expiration": "180", | ||
"expiration_warning": "15", | ||
"history_cnt": "300", | ||
"len_min": "8", | ||
"reject_user_passw_match": true, | ||
"lower_class": true, | ||
"upper_class": true, | ||
"digits_class": true, | ||
"special_class": true | ||
} | ||
} | ||
} | ||
}, | ||
"PASSWORD_BAD_LEN_MIN": { | ||
"sonic-passwh:sonic-passwh": { | ||
"sonic-passwh:PASSW_HARDENING": { | ||
"POLICIES":{ | ||
"state": "enabled", | ||
"expiration": "180", | ||
"expiration_warning": "15", | ||
"history_cnt": "50", | ||
"len_min": "50", | ||
"reject_user_passw_match": true, | ||
"lower_class": true, | ||
"upper_class": true, | ||
"digits_class": true, | ||
"special_class": true | ||
} | ||
} | ||
} | ||
}, | ||
"PASSWORD_BAD_EXPIRATION": { | ||
"sonic-passwh:sonic-passwh": { | ||
"sonic-passwh:PASSW_HARDENING": { | ||
"POLICIES":{ | ||
"state": "enabled", | ||
"expiration": "400", | ||
"expiration_warning": "15", | ||
"history_cnt": "50", | ||
"len_min": "8", | ||
"reject_user_passw_match": true, | ||
"lower_class": true, | ||
"upper_class": true, | ||
"digits_class": true, | ||
"special_class": true | ||
} | ||
} | ||
} | ||
}, | ||
"PASSWORD_BAD_EXPIRATION_WARN": { | ||
"sonic-passwh:sonic-passwh": { | ||
"sonic-passwh:PASSW_HARDENING": { | ||
"POLICIES":{ | ||
"state": "enabled", | ||
"expiration": "180", | ||
"expiration_warning": "40", | ||
"history_cnt": "10", | ||
"len_min": "8", | ||
"reject_user_passw_match": true, | ||
"lower_class": true, | ||
"upper_class": true, | ||
"digits_class": true, | ||
"special_class": true | ||
} | ||
} | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
module sonic-passwh { | ||
yang-version 1.1; | ||
namespace "https://github.com/Azure/sonic-passwh"; | ||
prefix password; | ||
|
||
description "PASSWORD HARDENING YANG Module for SONiC OS"; | ||
|
||
revision 2022-05-03 { | ||
description "First Revision"; | ||
} | ||
|
||
container sonic-passwh { | ||
|
||
typedef feature_state { | ||
type enumeration { | ||
enum enabled; | ||
enum disabled; | ||
} | ||
} | ||
|
||
container PASSW_HARDENING { | ||
description "PASSWORD HARDENING part of config_db.json"; | ||
container POLICIES { | ||
leaf state { | ||
description "state of the feature"; | ||
type feature_state; | ||
default "disabled"; | ||
} | ||
leaf expiration { | ||
description "expiration time (days unit)"; | ||
type uint16 { | ||
range 1..365; | ||
} | ||
} | ||
leaf expiration_warning { | ||
description "expiration warning time (days unit)"; | ||
type uint8 { | ||
range 1..30; | ||
} | ||
} | ||
leaf history_cnt { | ||
description "num of old password that the system will recorded"; | ||
type uint8 { | ||
range 1..100; | ||
} | ||
} | ||
leaf len_min { | ||
description "password min length"; | ||
type uint8 { | ||
range 1..32; | ||
} | ||
} | ||
leaf reject_user_passw_match{ | ||
description "username password match"; | ||
type boolean; | ||
} | ||
leaf lower_class{ | ||
description "password lower chars policy"; | ||
type boolean; | ||
} | ||
leaf upper_class{ | ||
description "password upper chars policy"; | ||
type boolean; | ||
} | ||
leaf digits_class{ | ||
description "password digits chars policy"; | ||
type boolean; | ||
} | ||
leaf special_class{ | ||
description "password special chars policy"; | ||
type boolean; | ||
} | ||
}/*container policies */ | ||
} /* container PASSWH */ | ||
}/* container sonic-passwh */ | ||
}/* end of module sonic-passwh */ |