raises error if password length is less than 8 chars

Signed-off-by: Kapil Chouhan <kapil.chouhan@msystechnologies.com>
chef · Dec 16, 2019 · bf0b01f · bf0b01f
1 parent 72bc6db
commit bf0b01f
Show file tree

Hide file tree

Showing 2 changed files with 73 additions and 4 deletions.
diff --git a/lib/chef/knife/ec2_server_create.rb b/lib/chef/knife/ec2_server_create.rb
@@ -717,6 +717,14 @@ def plugin_validate_options!
           exit 1
         end
 
+        if winrm?
+          reg = /^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%^&*-]).{8,40}$/
+          unless config_value(:connection_password) =~ reg
+            ui.error("Complexity requirement not met. Password length should be 8-40 characters and include: 1 uppercase, 1 lowercase, 1 digit and 1 special character")
+            exit 1
+          end
+        end
+
         if winrm? && config_value(:connection_password).to_s.length > 14
           ui.warn("The password provided is longer than 14 characters. Computers with Windows prior to Windows 2000 will not be able to use this account. Do you want to continue this operation? (Y/N):")
           password_promt = STDIN.gets.chomp.upcase
@@ -891,7 +899,6 @@ def server_attributes
         attributes[:placement][:tenancy] = "dedicated" if vpc_mode? && config_value(:dedicated_instance)
         attributes[:iam_instance_profile] = {}
         attributes[:iam_instance_profile][:name] = config_value(:iam_instance_profile)
-
         if config_value(:winrm_ssl)
           if config_value(:aws_user_data)
             begin
@@ -919,7 +926,6 @@ def server_attributes
             end
           end
         end
-
         attributes[:ebs_optimized] = !!config_value(:ebs_optimized)
 
         if ami.root_device_type == "ebs"

diff --git a/spec/unit/ec2_server_create_spec.rb b/spec/unit/ec2_server_create_spec.rb
@@ -164,7 +164,7 @@
       image: "ami-005bdb005fb00e791",
       ssh_key_name: "ssh_key_name",
       connection_user: "user",
-      connection_password: "password",
+      connection_password: "Password@123",
       network_interfaces: %w{eni-12345678 eni-87654321},
     }.each do |key, value|
       Chef::Config[:knife][key] = value
@@ -514,6 +514,15 @@
     end
   end
 
+  shared_examples "invalid password" do
+    it "raises error" do
+      expect(knife_ec2_create.ui).to receive(:error).with(
+        "Complexity requirement not met. Password length should be 8-40 characters and include: 1 uppercase, 1 lowercase, 1 digit and 1 special character"
+      )
+      expect { knife_ec2_create.plugin_validate_options! }.to raise_error(SystemExit)
+    end
+  end
+
   describe "S3 secret test cases" do
     before do
       Chef::Config[:knife][:s3_secret] =
@@ -2008,7 +2017,6 @@
       it "appends ssl config to user supplied user_data at the end of <powershell> tag section" do
         encoded_data = Base64.encode64(@server_def_user_data)
         server_def = knife_ec2_create.server_attributes
-
         expect(server_def[:user_data]).to eq(encoded_data)
       end
 
@@ -2671,6 +2679,61 @@
     end
   end
 
+  describe "Check Password valid on not" do
+    before do
+      allow(knife_ec2_create).to receive(:validate_aws_config!)
+      allow(knife_ec2_create).to receive(:validate_nics!)
+      allow(knife_ec2_create).to receive(:ami).and_return(ami)
+      knife_ec2_create.config[:connection_user] = "domain\\ec2"
+      knife_ec2_create.config[:connection_protocol] = "winrm"
+    end
+
+    context "when user enters a valid password" do
+      before do
+        knife_ec2_create.config[:connection_password] = "Password@123"
+      end
+
+      it "does not raise an error" do
+        expect(knife_ec2_create.ui).not_to receive(:error).with(
+          "Complexity requirement not met. Password length should be 8-40 characters and include: 1 uppercase, 1 lowercase, 1 digit and 1 special character"
+        )
+        expect { knife_ec2_create.plugin_validate_options! }.not_to raise_error(SystemExit)
+      end
+    end
+
+    context "when password does not contain with atleast one uppercase character" do
+      before do
+        knife_ec2_create.config[:connection_password] = "password@123"
+      end
+
+      it_behaves_like "invalid password"
+    end
+
+    context "when password does not contain with atleast one lowercase character" do
+      before do
+        knife_ec2_create.config[:connection_password] = "PASSWORD@123"
+      end
+
+      it_behaves_like "invalid password"
+    end
+
+    context "when password does not contain with atleast one digit from 0-9" do
+      before do
+        knife_ec2_create.config[:connection_password] = "password@"
+      end
+
+      it_behaves_like "invalid password"
+    end
+
+    context "when password does not contain with atleast one special character" do
+      before do
+        knife_ec2_create.config[:connection_password] = "password123"
+      end
+
+      it_behaves_like "invalid password"
+    end
+  end
+
   describe "Handle password greater than 14 characters" do
     before do
       allow(knife_ec2_create).to receive(:validate_aws_config!)