Implement SMM password policy configuration

The discovery.passwordrules is extended to support the SMM
2024-11-24 18:41:55 +00:00 · 2019-02-01 15:42:44 -05:00 · 2019-02-01 15:42:44 -05:00 · 521013e50a
commit 521013e50a
parent 25c8f93336
1 changed files with 34 additions and 1 deletions
--- a/confluent_server/confluent/discovery/handlers/smm.py
+++ b/confluent_server/confluent/discovery/handlers/smm.py
@ -36,9 +36,42 @@ class NodeHandler(bmchandler.NodeHandler):
            uuid = fixuuid(uuid[0])
            self.info['uuid'] = uuid

+    def _validate_cert(self, certificate):
+        # Assumption is by the time we call config, that discovery core has
+        # vetted self._fp.  Our job here then is just to make sure that
+        # the currect connection matches the previously saved cert
+        return certificate == self._fp
+
+    def set_password_policy(self, ic):
+        rules = []
+        for rule in self.ruleset.split(','):
+            if '=' not in rule:
+                continue
+            name, value = rule.split('=')
+            if value.lower() in ('no', 'none', 'disable', 'disabled'):
+                value = '0'
+            if name.lower() in ('expiry', 'expiration'):
+                rules.append('passwordDurationDays:' + value)
+                warndays = '5' if int(value) > 5 else value
+                rules.append('passwordExpireWarningDays:' + warndays)
+            if name.lower() in ('lockout', 'loginfailures'):
+                rules.append('passwordFailAllowdNum:' + value)
+            if name.lower() == 'reuse':
+                rules.append('passwordReuseCheckNum:' + value)
+        if rules:
+            apirequest = 'set={0}'.format(','.join(rules))
+            ic.register_key_handler(self._validate_cert)
+            ic.oem_init()
+            ic._oem.smmhandler.wc.request('POST', '/data', apirequest)
+            ic._oem.smmhandler.wc.getresponse().read()
+
    def config(self, nodename):
        # SMM for now has to reset to assure configuration applies
-        super(NodeHandler, self).config(nodename)
+        dpp = self.configmanager.get_node_attributes(
+            nodename, 'discovery.passwordrules')
+        self.ruleset = dpp.get(nodename, {}).get(
+            'discovery.passwordrules', {}).get('value', '')
+        ic = self._bmcconfig(nodename, customconfig=self.set_password_policy)

 # notes for smm:
 # POST to: