RONCC
/
Dell-Omnia-Clusters-HPC-AI


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100
							# Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
#
#  Licensed under the Apache License, Version 2.0 (the "License");
#  you may not use this file except in compliance with the License.
#  You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
#  Unless required by applicable law or agreed to in writing, software
#  distributed under the License is distributed on an "AS IS" BASIS,
#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#  See the License for the specific language governing permissions and
#  limitations under the License.
---

- name: Include security variable file security_vars.yml
  include_vars: "{{ security_vars_filename }}"
  no_log: true
  tags: init

- name: Validate input parameters of security vars are not empty
  fail:
    msg: "{{ input_security_failure_msg }}"
  register: input_base_check
  tags: [ validate, security ]
  when:
    - domain_name | length < 1 or
      realm_name | length < 1

- name: Validate the domain name
  assert:
    that:
      - domain_name is regex("^(?!-)[A-Za-z0-9-]+([\\-\\.]{1}[a-z0-9]+)*\\.[A-Za-z]{2,}$")
    success_msg: "{{ dom_name_success_msg }}"
    fail_msg: "{{ dom_name_fail_msg }}"
  tags: [ validate, security ]

- name: Validate the realm name
  assert:
    that:
      - realm_name is regex("^(?!-)[A-Z0-9-]+([\\-\\.]{1}[a-z0-9]+)*\\.[A-Z]{2,}$")
      - '"." in realm_name'
    success_msg: "{{ realm_success_msg }}"
    fail_msg: "{{ realm_fail_msg }}"
  tags: [ validate, security ]

- name: Validate max_failures
  assert:
    that:
      - max_failures | int == max_failures_default_value
    success_msg: "{{ max_failures_success_msg }}"
    fail_msg: "{{ max_failures_fail_msg }}"
  tags: [ validate, security ]

- name: Validate failure_reset_interval
  assert:
    that:
      - failure_reset_interval | int
      - failure_reset_interval | int <= failure_reset_interval_max_value
      - failure_reset_interval | int >= failure_reset_interval_min_value
    success_msg: "{{ failure_reset_interval_success_msg }}"
    fail_msg: "{{ failure_reset_interval_fail_msg }}"
  tags: [ validate, security ]

- name: Validate lockout_duration
  assert:
    that:
      - lockout_duration | int
      - lockout_duration | int <= lockout_duration_max_value
      - lockout_duration | int >= lockout_duration_min_value
    success_msg: "{{ lockout_duration_success_msg }}"
    fail_msg: "{{ lockout_duration_fail_msg }}"
  tags: [ validate, security ]

- name: Validate session_timeout
  assert:
    that:
      - session_timeout | int
      - session_timeout | int <= session_timeout_max_value
      - session_timeout | int >= session_timeout_min_value
    success_msg: "{{ session_timeout_success_msg }}"
    fail_msg: "{{ session_timeout_fail_msg }}"
  tags: [ validate, security ]

- name: Validate alert_email_address
  assert:
    that:
      - email_search_key in alert_email_address
      - alert_email_address | length < email_max_length
    success_msg: "{{ alert_email_success_msg }}"
    fail_msg: "{{ alert_email_fail_msg }}"
  tags: [ validate, security ]
  when: alert_email_address | length > 1

- name: Warning - alert_email_address is empty
  debug:
    msg: "{{ alert_email_warning_msg }}"
  tags: security
  when: alert_email_address | length < 1