Add support for Password Hardening #5503
Conversation
…ead try exp, use show_and_parse build-in function instead coding a new one
… & rm init configuration in fixture
|
This pull request introduces 1 alert when merging c0d0e5d into 91d23e7 - view on LGTM.com new alerts:
|
|
/azpw run |
|
/AzurePipelines run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
liat-grozovik
changed the title
| Test passw policies configured in Linux system (PAM) | ||
| Test passw 'enabled/disable' by disabled and enable the passw and creating users between with strong/weak passw | ||
| """ | ||
| duthost = duthosts[enum_rand_one_per_hwsku_hostname] |
There was a problem hiding this comment.
Please ignore all UTs when this feature not existed on target image with this helper method:
from tests.common.helpers.assertions import pytest_require
or
from tests.common.utilities import skip_release
The reason of this is, UT in sonic-mgmt will be run during sonic-mgmt on all branch, so forexample, when build 202011 branch, these UT should be ignored because the feature doest not exist on that branch.
also because this feature can be config as not build to image, then when feature not build we also need ignore all UTs.
There was a problem hiding this comment.
(I used pytest.skip, because pytest_require raise some problems to me)
|
This pull request introduces 1 alert when merging c8cab76ccd74f85deee9fc0b4faa39097d90a437 into 6d67c13 - view on LGTM.com new alerts:
|
davidpil2002
force-pushed
the
passw_hardening
branch
2 times, most recently
from
f016452 to
66d3262
Compare
|
This pull request introduces 1 alert when merging 66d32629eea07be3b9788ebcc716aad7771517bc into 6d67c13 - view on LGTM.com new alerts:
|
davidpil2002
force-pushed
the
passw_hardening
branch
from
66d3262 to
f0c999f
Compare
|
This pull request introduces 1 alert when merging f0c999f into 6d67c13 - view on LGTM.com new alerts:
|
|
@liuh-80 could you please review and signoff? |
yes, first the feature from sonic-buildimage should be merged, then the sonic-mgmt code |
|
@roysr-nv please also review |
it was reviewed by @AntonHryshchuk |
|
@davidpil2002 can you please help to sign the EasyCLA to unblock the merge? Thanks @liat-grozovik |
|
/easycla |
### Description of PR Summary: Added Password Hardening Tests according to HLD Test Plan Context: By enabling the new Password Hardening feature and configured policies, the user will be enforce to use "strong" passwords according to the policies configured. The new tests cases will cover all the possible password policies with good and bad cases, including: * Perform show command * Perform config command * Verify default values of the feature * Enable/Disable the feature * Test all passw policies available: * Configure passw policy classes of every existing types * Configure passw policy min using different valid values * Configure passw policy age expiration using different valid values * Configure passw policy age warning using different valid values * Configure passw policy username-password-match * Configure passw policy history using different valid values Note After creating a new policy is necessary to set a new password for a user to verify that the policy matches the configured. The set configuration should be validated using the show command. ### Approach #### What is the motivation for this PR? Add new tests cases for testing the feature Password Hardening. #### How did you do it? There are 10 test scenarios each one of them config different policies and test the case with good(strong) passwords and bad(weak) passwords expecting results according to the configuration and the flow. The configuration is done by using sonic-cli, sending different "config" commands. In addition, the test is testing that the configuration in PAM files in the system change according to the expected. The expected files were saved in the directory "sample". #### How did you verify/test it? New tests cases passed #### Any platform specific information? N/A #### Supported testbed topology if it's a new test case? any ### Documentation Link of HLD including feature design and Test plan: https://github.com/Azure/SONiC/blob/master/doc/passw_hardening/hld_password_hardening.md
Description of PR
Summary:
Added Password Hardening Tests according to HLD Test Plan
Context: By enabling the new Password Hardening feature and configured policies, the user will be enforce to use "strong" passwords according to the policies configured.
The new tests cases will cover all the possible password policies with good and bad cases, including:
Note
After creating a new policy is necessary to set a new password for a user to verify that the policy matches the configured.
The set configuration should be validated using the show command.
Type of change
Back port request
Approach
What is the motivation for this PR?
Add new tests cases for testing the feature Password Hardening.
How did you do it?
There are 10 test scenarios each one of them config different policies and test the case with good(strong) passwords and bad(weak) passwords expecting results according to the configuration and the flow.
The configuration is done by using sonic-cli, sending different "config" commands.
In addition, the test is testing that the configuration in PAM files in the system change according to the expected.
The expected files were saved in the directory "sample".
How did you verify/test it?
New tests cases passed
Any platform specific information?
N/A
Supported testbed topology if it's a new test case?
any
Documentation
Link of HLD including feature design and Test plan:
https://github.com/Azure/SONiC/blob/master/doc/passw_hardening/hld_password_hardening.md