Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for Password Hardening #2121

Closed

Conversation

davidpil2002
Copy link
Contributor

@davidpil2002 davidpil2002 commented Mar 29, 2022

What I did

Add Password Hardening CLI

How I did it

created the CLI by using YANG model generator, the YANG model can be found in the password hardening HLD https://github.com/Azure/SONiC/blob/master/doc/passw_hardening/hld_password_hardening.md#TestPlan
and also in sonic-buildimage will be merged in the path: src/sonic-yang-models/yang-models/sonic-passwh.yang

How to verify it

Manually:
you can use configurations command like"config passw-hardening policies " or
"show passw-hardening policies" (more examples in the HLD.)
Auto:
1.There are unitest of each policy including good & bad flow in this commit, that should pass.

2.There are tests in sonic-mgmt repo in the path: sonic-mgmt/tests/passw_hardening/
the test are end to end test and the are testing the config/show CLI commands as well.

Previous command output (if the output of a command-line utility has changed)

(new feature)

New command output (if the output of a command-line utility has changed)

root@r-panther-13:/home/admin# show passw-hardening policies
STATE    EXPIRATION    EXPIRATION WARNING    HISTORY    LEN MAX    LEN MIN    USERNAME PASSW MATCH    LOWER CLASS    UPPER CLASS    DIGITS CLASS    SPECIAL CLASS
-------  ------------  --------------------  ---------  ---------  ---------  ----------------------  -------------  -------------  --------------  ---------------
enabled      30           10                   4         100        30               false                 true            true            true          true

@lgtm-com
Copy link

lgtm-com bot commented Mar 29, 2022

This pull request introduces 1 alert when merging de719b1 into 827358f - view on LGTM.com

new alerts:

  • 1 for Unused import

@lgtm-com
Copy link

lgtm-com bot commented Apr 7, 2022

This pull request introduces 1 alert when merging 03b3a57 into 9e2fbf4 - view on LGTM.com

new alerts:

  • 1 for Unused import

@lgtm-com
Copy link

lgtm-com bot commented Apr 13, 2022

This pull request introduces 1 alert when merging 8773eae into 576c9ef - view on LGTM.com

new alerts:

  • 1 for Unused import

@davidpil2002 davidpil2002 force-pushed the password_hardening_cli branch from 8773eae to 83cec0c Compare April 13, 2022 12:33
@lgtm-com
Copy link

lgtm-com bot commented Apr 13, 2022

This pull request introduces 1 alert when merging 83cec0c into 576c9ef - view on LGTM.com

new alerts:

  • 1 for Unused import

@davidpil2002 davidpil2002 force-pushed the password_hardening_cli branch from 83cec0c to 6b50c67 Compare April 13, 2022 13:03
@lgtm-com
Copy link

lgtm-com bot commented Apr 13, 2022

This pull request introduces 1 alert when merging 6b50c67 into 576c9ef - view on LGTM.com

new alerts:

  • 1 for Unused import

@lgtm-com
Copy link

lgtm-com bot commented Apr 13, 2022

This pull request introduces 1 alert when merging e31dd01 into 576c9ef - view on LGTM.com

new alerts:

  • 1 for Unused import

@davidpil2002 davidpil2002 force-pushed the password_hardening_cli branch from e31dd01 to 90fd599 Compare April 13, 2022 14:18
@lgtm-com
Copy link

lgtm-com bot commented Apr 13, 2022

This pull request introduces 1 alert when merging 90fd599 into 576c9ef - view on LGTM.com

new alerts:

  • 1 for Unused import

@liat-grozovik liat-grozovik changed the title add Password Hardening CLI Password Hardening CLI Apr 13, 2022
@liat-grozovik liat-grozovik changed the title Password Hardening CLI Add support for Password Hardening Apr 13, 2022

import click
import tabulate
import natsort
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please remove natsort as it throws unused import.

@@ -0,0 +1,126 @@
#!/usr/bin/env python
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need tests for auto-generated CLI? Is it because of the coverage?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes

removed unuse import natsort
@zhangyanzhao zhangyanzhao requested a review from qiluo-msft June 27, 2022 16:04
@liat-grozovik
Copy link
Collaborator

@liuh-80, @qiluo-msft kindly reminder to review and signoff

@qiluo-msft
Copy link
Contributor

qiluo-msft commented Jul 18, 2022

The latest coverage requirement (DIFF_COVER_CHECK_THRESHOLD) is 80%. Could you improve the coverage?


In reply to: 1188296645

@@ -0,0 +1,537 @@
"""
Autogenerated config CLI plugin.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it possible to add the original command to generate code into the code itself as file header comment?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be an HLD/DOC about how to use the tool, I removed the augenerated comment

@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Aug 3, 2022

CLA Missing ID CLA Not Signed

@zhangyanzhao
Copy link
Collaborator

Liat will check with Qi on the review.

@davidpil2002
Copy link
Contributor Author

The latest coverage requirement (DIFF_COVER_CHECK_THRESHOLD) is 80%. Could you improve the coverage?

I added more unitest and removed unused code.
the cov is now more than the threshold

@davidpil2002
Copy link
Contributor Author

davidpil2002 commented Aug 9, 2022

answered all the comments, the P.R is ready to be approve/merge
@qiluo-msft
@liat-grozovik

@qiluo-msft
Copy link
Contributor

@liuh-80 Could you review this PR?

@davidpil2002
Copy link
Contributor Author

@liat-grozovik pls can you help or derived me about this EasyCLA authorization issue?

@liat-grozovik
Copy link
Collaborator

/easycla

@liat-grozovik
Copy link
Collaborator

@liuh-80 we need to close this feature review as it is for 202205. can you please help to approve the PR?

@liuh-80
Copy link
Contributor

liuh-80 commented Aug 25, 2022

/easycla

@liuh-80
Copy link
Contributor

liuh-80 commented Aug 25, 2022

@liat-grozovik, please fix the easycla issue, then I can approve this PR.

Copy link
Contributor

@liuh-80 liuh-80 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will approve again after fix easycla issue.

config/plugins/sonic-passwh_yang.py Show resolved Hide resolved
@davidpil2002
Copy link
Contributor Author

/easycla

@liuh-80
Copy link
Contributor

liuh-80 commented Aug 26, 2022

Please fix user name and emaill address issue on this commit:

❌ The commit (6b50c67). This user is missing the User's ID, preventing the EasyCLA check. Consult GitHub Help to resolve.For further assistance with EasyCLA, please submit a support request ticket.

@zhangyanzhao
Copy link
Collaborator

@davidpil2002 can you please sign the EasyCLA to unblock the merge process? Thanks. @liat-grozovik for viz

@davidpil2002
Copy link
Contributor Author

/easycla

1 similar comment
@davidpil2002
Copy link
Contributor Author

/easycla

@davidpil2002
Copy link
Contributor Author

/easycla

1 similar comment
@davidpil2002
Copy link
Contributor Author

/easycla

@liuh-80
Copy link
Contributor

liuh-80 commented Aug 29, 2022

@davidpil2002 , the CLA issue caused by this commit: 6b50c67

In this commit, your ID is 'davidpil'

In other commit which does not has the CLA issue, your ID is 'davidpil2002', so please check and fix your ID in that commit, then CLA will pass.

@davidpil2002
Copy link
Contributor Author

@davidpil2002 , the CLA issue caused by this commit: 6b50c67

In this commit, your ID is 'davidpil'

In other commit which does not has the CLA issue, your ID is 'davidpil2002', so please check and fix your ID in that commit, then CLA will pass.

I fixed this issue by creating a new PR with similar name:#2338

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants