add user option to ignore password_regex
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
In Progress
|
Medium
|
Vishakha Agarwal |
Bug Description
Heat's bug: https:/
Heat creates service users in its dedicated domain on the fly. These are crucial in situations that require deferred authentications, for example autoscaling.
There's a password_regex option in [security_
However Heat has no way to generate random passwords for its users that will certainly pass any such regex set. In fact the problem of generating a random string from arbitrary regex is quite a non trivial one and for now solutions/libraries exist only when regex uses only a certain subset of a full regex spec.
When generating passwords for its domain users Heat creates quite a strong password (32 alphanum+special symbols), but still it may fail a custom regex set in Keystone.
It is proposed to add another user option (ignore_
Changed in keystone: | |
importance: | Undecided → Medium |
Changed in keystone: | |
assignee: | nobody → Vishakha Agarwal (vishakha.agarwal) |
Fix proposed to branch: master /review. opendev. org/657039
Review: https:/