Skip to content

Commit

Permalink
roles: added password policy utilities to ipa role
Browse files Browse the repository at this point in the history
  • Loading branch information
Dan Lavu committed Dec 3, 2024
1 parent 52dac39 commit 36ad492
Showing 1 changed file with 113 additions and 0 deletions.
113 changes: 113 additions & 0 deletions sssd_test_framework/roles/ipa.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
"IPAAutomountLocation",
"IPAAutomountMap",
"IPAAutomountKey",
"IPAPasswordPolicy",
]


Expand Down Expand Up @@ -73,6 +74,7 @@ def __init__(self, *args, **kwargs) -> None:
"""
Call commands from sssctl.
"""
self.password: IPAPasswordPolicy = IPAPasswordPolicy(self, name="ipausers")

self.automount: IPAAutomount = IPAAutomount(self)
"""
Expand Down Expand Up @@ -552,6 +554,17 @@ def expire(self, expiration: str | None = "19700101000000Z") -> IPAUser:

return self

@property
def password_change_at_logon(self) -> IPAUser:
"""
Force user to change password next logon.
:return: Self.
:rtype: IPAUser
"""
self.host.conn.run(f"ipa user-mod {self.name} --setattr=krbPasswordExpiration=20010203203734Z")
return self

def passkey_add(self, passkey_mapping: str) -> IPAUser:
"""
Add passkey mapping to the user.
Expand Down Expand Up @@ -1597,3 +1610,103 @@ def __get_info(self, info: str | NFSExport | IPAAutomountMap | None) -> str | No
return info.name

return info


class IPAPasswordPolicy(IPAObject):
"""
Password policy management.
"""

def __init__(self, role: IPA, name: str):
"""
:param role: IPA host object.
:type role: IPAHost
:param name: Name of target object.
:type name: str
"""
super().__init__(role, name, command_group="pwpolicy")

def complexity(self, enable: bool) -> IPAPasswordPolicy:
"""
Enable or disable password complexity.
:param enable: Enable or disable password complexity.
:type enable: bool
:return: IPAPasswordPolicy object.
:rtype: IPAPasswordPolicy
"""
if enable:
attrs: CLIBuilderArgs = {
"dictcheck": (self.cli.option.VALUE, "True"),
"usercheck": (self.cli.option.VALUE, "True"),
"minlength": (self.cli.option.VALUE, 8),
"minclasses": (self.cli.option.VALUE, 5),
"priority": (self.cli.option.VALUE, 1),
}
self._add(attrs)
else:
_attrs: CLIBuilderArgs = {
"dictcheck": (self.cli.option.VALUE, "False"),
"usercheck": (self.cli.option.VALUE, "False"),
"minlength": (self.cli.option.VALUE, 0),
"minclasses": (self.cli.option.VALUE, 0),
"priority": (self.cli.option.VALUE, 1),
}
self._modify(_attrs)

return self

def lockout(self, duration: int, attempts: int) -> IPAPasswordPolicy:
"""
Set lockout duration and login attempts.
:param duration: Duration of lockout in seconds.
:type duration: int
:param attempts: Number of login attempts.
:type attempts: int
:return: IPAPasswordPolicy object.
:rtype: IPAPasswordPolicy
"""
attrs: CLIBuilderArgs = {
"lockouttime": (self.cli.option.VALUE, str(duration)),
"maxfail": (self.cli.option.VALUE, str(attempts)),
}
self._add(attrs)

return self

def age(self, minimum: int, maximum: int) -> IPAPasswordPolicy:
"""
Set maximum and minimum password age.
:param minimum: Minimum password age in seconds, converted to days.
:type minimum: int
:param maximum: Maximum password age in seconds, converted to days.
:type maximum: int
:return: IPAPasswordPolicy object.
:rtype: IPAPasswordPolicy
"""
attrs: CLIBuilderArgs = {
"minlife": (self.cli.option.VALUE, str(minimum)),
"maxlife": (self.cli.option.VALUE, str(maximum)),
}

self._add(attrs)

return self

def requirements(self, length: int) -> IPAPasswordPolicy:
"""
Set password requirements, like length.
:param length: Required password character count.
:type length: int
:return: IPAPasswordPolicy object.
:rtype: IPAPasswordPolicy
"""
attrs: CLIBuilderArgs = {
"minlength": (self.cli.option.VALUE, length),
}
self._add(attrs)

return self

0 comments on commit 36ad492

Please sign in to comment.