diff --git a/lib/chef/knife/ec2_server_create.rb b/lib/chef/knife/ec2_server_create.rb index bc28e8a6..df32f2e0 100644 --- a/lib/chef/knife/ec2_server_create.rb +++ b/lib/chef/knife/ec2_server_create.rb @@ -717,15 +717,11 @@ def plugin_validate_options! exit 1 end - if winrm? && config_value(:connection_password).to_s.length > 14 - ui.warn("The password provided is longer than 14 characters. Computers with Windows prior to Windows 2000 will not be able to use this account. Do you want to continue this operation? (Y/N):") - password_promt = STDIN.gets.chomp.upcase - if password_promt == "N" - raise "Exiting as operation with password greater than 14 characters not accepted" - elsif password_promt == "Y" - @allow_long_password = "/yes" - else - raise "The input provided is incorrect." + if winrm? + reg = /^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%^&*-]).{8,40}$/ + unless config_value(:connection_password) =~ reg + ui.error("Complexity requirements are not met. Password length should be 8-40 characters and include: 1 uppercase, 1 lowercase, 1 digit, and 1 special character") + exit 1 end end @@ -891,7 +887,6 @@ def server_attributes attributes[:placement][:tenancy] = "dedicated" if vpc_mode? && config_value(:dedicated_instance) attributes[:iam_instance_profile] = {} attributes[:iam_instance_profile][:name] = config_value(:iam_instance_profile) - if config_value(:winrm_ssl) if config_value(:aws_user_data) begin @@ -919,7 +914,6 @@ def server_attributes end end end - attributes[:ebs_optimized] = !!config_value(:ebs_optimized) if ami.root_device_type == "ebs" diff --git a/spec/unit/ec2_server_create_spec.rb b/spec/unit/ec2_server_create_spec.rb index 9f653f27..88d37e9a 100644 --- a/spec/unit/ec2_server_create_spec.rb +++ b/spec/unit/ec2_server_create_spec.rb @@ -164,7 +164,7 @@ image: "ami-005bdb005fb00e791", ssh_key_name: "ssh_key_name", connection_user: "user", - connection_password: "password", + connection_password: "Password@123", network_interfaces: %w{eni-12345678 eni-87654321}, }.each do |key, value| Chef::Config[:knife][key] = value @@ -514,6 +514,15 @@ end end + shared_examples "invalid password" do + it "raises error" do + expect(knife_ec2_create.ui).to receive(:error).with( + "Complexity requirements are not met. Password length should be 8-40 characters and include: 1 uppercase, 1 lowercase, 1 digit, and 1 special character" + ) + expect { knife_ec2_create.plugin_validate_options! }.to raise_error(SystemExit) + end + end + describe "S3 secret test cases" do before do Chef::Config[:knife][:s3_secret] = @@ -2008,7 +2017,6 @@ it "appends ssl config to user supplied user_data at the end of tag section" do encoded_data = Base64.encode64(@server_def_user_data) server_def = knife_ec2_create.server_attributes - expect(server_def[:user_data]).to eq(encoded_data) end @@ -2671,45 +2679,58 @@ end end - describe "Handle password greater than 14 characters" do + describe "Check Password valid on not" do before do allow(knife_ec2_create).to receive(:validate_aws_config!) allow(knife_ec2_create).to receive(:validate_nics!) allow(knife_ec2_create).to receive(:ami).and_return(ami) knife_ec2_create.config[:connection_user] = "domain\\ec2" - knife_ec2_create.config[:connection_password] = "LongPassword@123" knife_ec2_create.config[:connection_protocol] = "winrm" end - context "when user enters Y after prompt" do + context "when user enters a valid password" do before do - allow(STDIN).to receive_message_chain(:gets, chomp: "Y") + knife_ec2_create.config[:connection_password] = "Password@123" end - it "user addition command is executed forcefully" do - expect(knife_ec2_create.ui).to receive(:warn).with("The password provided is longer than 14 characters. Computers with Windows prior to Windows 2000 will not be able to use this account. Do you want to continue this operation? (Y/N):") - knife_ec2_create.plugin_validate_options! - expect(knife_ec2_create.instance_variable_get(:@allow_long_password)).to eq ("/yes") + + it "does not raise an error" do + expect(knife_ec2_create.ui).not_to receive(:error).with( + "Complexity requirement not met. Password length should be 8-40 characters and include: 1 uppercase, 1 lowercase, 1 digit and 1 special character" + ) + expect { knife_ec2_create.plugin_validate_options! }.not_to raise_error(SystemExit) end end - context "when user enters n after prompt" do + context "when password does not contain with atleast one uppercase character" do before do - allow(STDIN).to receive_message_chain(:gets, chomp: "N") + knife_ec2_create.config[:connection_password] = "password@123" end - it "operation exits" do - expect(knife_ec2_create.ui).to receive(:warn).with("The password provided is longer than 14 characters. Computers with Windows prior to Windows 2000 will not be able to use this account. Do you want to continue this operation? (Y/N):") - expect { knife_ec2_create.plugin_validate_options! }.to raise_error("Exiting as operation with password greater than 14 characters not accepted") + + it_behaves_like "invalid password" + end + + context "when password does not contain with atleast one lowercase character" do + before do + knife_ec2_create.config[:connection_password] = "PASSWORD@123" end + + it_behaves_like "invalid password" end - context "when user enters xyz instead of (Y/N) after prompt" do + context "when password does not contain with atleast one digit from 0-9" do before do - allow(STDIN).to receive_message_chain(:gets, chomp: "xyz") + knife_ec2_create.config[:connection_password] = "password@" end - it "operation exits" do - expect(knife_ec2_create.ui).to receive(:warn).with("The password provided is longer than 14 characters. Computers with Windows prior to Windows 2000 will not be able to use this account. Do you want to continue this operation? (Y/N):") - expect { knife_ec2_create.plugin_validate_options! }.to raise_error("The input provided is incorrect.") + + it_behaves_like "invalid password" + end + + context "when password does not contain with atleast one special character" do + before do + knife_ec2_create.config[:connection_password] = "password123" end + + it_behaves_like "invalid password" end end