0

I am creating admin user account by prompting for user input through ansible. This admin account

vars_prompt:

    - name: "Username"
      prompt:  "Enter the administrator username"
      private: no

    - name: "Password"
      prompt: "Enter the administrator password.Password must contain at least 8 total printable ASCII character(s)."
      private: yes

    - name: "Confirm_Password"
      prompt: Confirm Password
      private: yes

I want to check if password length is greater or equal to 8 and it contains only ASCII chars.

I tried something like this :

 - name : Password matches the splunk condition
      assert:
        that:
          - Password | length >= 8 and chars=ascii_letters
        success_msg: "Passed."
        fail_msg: "New password is too short!"
        quiet: true
      tags: password_check

This isnt working. Please can anyone help me how do I achieve this

larsks
  • 228,688
  • 37
  • 348
  • 338
NVP
  • 63
  • 3
  • Why restrict a password to only contain ASCII letters? It seems like a bad practice that seriously decreases security. – Alejandro Apr 28 '22 at 19:16
  • 1
    "This isnt working." In what way? Are you getting an error message, or incorrect results? Where are you setting the `chars` variable? – larsks Apr 28 '22 at 19:30
  • something raw `echo 123456み8| perl -ne 'if(/^[[:ascii:]]{8}$/){print "good";exit 0}else{print "bad";exit 1}'` , notice the input supplied to `echo` here. The return value of this command may be used for assertion. – P.... Apr 28 '22 at 20:00
  • Creating admin account for UF installation has password policy : Password must contain at least 8 total printable ASCII character(s). This is why I was trying to limit to only ASCII chars – NVP Apr 29 '22 at 04:54

1 Answers1

0

Q: "Test if password length is greater or equal to 8 and it contains only ASCII chars."

A: The limitation to all ASCII characters is not practical. The regex below limits the string to 8 or more printable ASCII characters. See Regex for all PRINTABLE characters

    - assert:
        that: Password is match('^[ -~]{8,}$')
        fail_msg: "Password: {{ Password }} does not comply!"
        quiet: true
Vladimir Botka
  • 39,879
  • 4
  • 23
  • 43