Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add blacklists for VM username and password when provisioning #88

Merged
merged 1 commit into from
Jul 12, 2017
Merged

Add blacklists for VM username and password when provisioning #88

merged 1 commit into from
Jul 12, 2017

Conversation

djberg96
Copy link
Collaborator

@djberg96 djberg96 commented Jul 5, 2017
edited
Loading

In addition to certain pattern requirements, Azure has special blacklists that are considered invalid for usernames and/or passwords when provisioning a VM. These blacklists are too long to be practical to implement as part of a regex, so I've added them here as a separate list.

In addition, I've capped the username length at 20 characters to match the Azure spec.

See https://docs.microsoft.com/en-us/azure/virtual-machines/windows/faq for more details.

Requires ManageIQ/manageiq#15513 first. (Update: merged)

Addresses https://bugzilla.redhat.com/show_bug.cgi?id=1454829

@djberg96 djberg96 requested a review from blomquisg July 11, 2017 12:43
@blomquisg
Copy link
Member

@djberg96 it seems fine to me. I've pinged @gmcculloug to take a look, too.

gmcculloug
gmcculloug reviewed Jul 11, 2017
View reviewed changes
content/miq_dialogs/miq_provision_azure_dialogs_template.yaml Outdated
'administrator', 'admin', 'user', 'user1', 'test', 'user2', 'test1', 'user3',
'admin1', '1', '123', 'a', 'actuser', 'adm', 'admin2', 'aspnet', 'backup',
'console', 'david', 'guest', 'john', 'owner', 'root', 'server', 'sql',
'support', 'support_388945a0', 'sys', 'test2', 'test3', 'user4', 'user5'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see this list is taken directly from the MS doc linked in the description but it would be easier to read if similar items were grouped together? Like all the admin based ones and all the user# ones.

Just curious if you have any idea why they blacklist support_388945a0, david and john? They seem odd compared to something obvious like admin and user1.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably best to put them in alphabetical order I suppose. I can fix that. I'm not sure about "david" or "john", other than being super common first names, but "support_388945a0" is a default built-in user account. More info if you care:

https://technet.microsoft.com/en-us/library/cc779144(WS.10).aspx

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good. I would say this is ready to merge once the list is ordered.

@miq-bot
Copy link
Member

miq-bot commented Jul 12, 2017

Checked commit https://github.com/djberg96/manageiq-providers-azure/commit/fa8c1c5627e8fbb5097425a8f2e677f28fb30cb4 with ruby 2.2.6, rubocop 0.47.1, and haml-lint 0.20.0
0 files checked, 0 offenses detected
Everything looks fine. 🍰

@gmcculloug
Copy link
Member

👍 but sad to know my Azure password cannot be iloveyou!. 💔

@gmcculloug gmcculloug self-assigned this Jul 12, 2017
@gmcculloug
Copy link
Member

@djberg96 Should this PR and ManageIQ/manageiq#15513 be labeled as fine/yes?

@gmcculloug gmcculloug merged commit 0c3e664 into ManageIQ:master Jul 12, 2017
@gmcculloug gmcculloug added this to the Sprint 65 Ending Jul 24, 2017 milestone Jul 12, 2017
@djberg96
Copy link
Collaborator Author

@miq-bot add_label fine/yes

@simaishi
Copy link
Contributor

simaishi commented Aug 8, 2017

Fine backport (to manageiq repo) details:

$ git log -1
commit 4a7a549b3cdcadae7a236d7a91489d82cdf5ea8f
Author: Greg McCullough <[email protected]>
Date:   Wed Jul 12 15:46:18 2017 -0400

    Merge pull request #88 from djberg96/provisioning_blacklist
    
    Add blacklists for VM username and password when provisioning
    (cherry picked from commit 0c3e664e7c4297f3b07bb442174c7eda3734031b)
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1478563

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gmcculloug gmcculloug gmcculloug left review comments

@blomquisg blomquisg blomquisg approved these changes

Assignees

@gmcculloug gmcculloug

Labels
enhancement fine/backported
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@djberg96 @blomquisg @miq-bot @gmcculloug @simaishi