#593 add password requirements

[martyav]

Fixes #593

Reminders

• See the README for more details on how to work with the Rancher docs.

• Verify if changes pertain to other versions of Rancher. If they do, finalize the edits on one version of the page, then apply the edits to the other versions.

• If the pull request is dependent on an upcoming release, make sure to target the release branch instead of main.

Description

This adds the password requirements to a central location and refreshes the Setting a Bootstrap Password page to use tabs and remove redundant material.

Also: Users are not actually REQUIRED to reset the admin password after first login, though they likely should.

Comments

Backticks don't seem to work inside tabs unless they're at the end of a line or on their own line?

A page in the dashboard repo makes some claims about passwords that I'm trying to verify: https://github.com/rancher/dashboard/blob/master/docusaurus/docs/code-base-works/auth-sessions-and-tokens.md

1. The minimum password length can be modified by the user (not sure at all if this is relevant to the bootstrap password) This doesn't apply to the bootstrap password. Passwords made later must be 12 chars or longer.
2. Password and username must differ

[martyav]

Re:

1. Can users alter the minimum password length post-installation?
2. Is it possible for the user to set up Rancher in such a way that the bootstrap password has a minimum length different from 12 chars?
3. Are there additional password requirements, such as the username and password must differ?

https://github.com/rancher/dashboard/blob/master/docusaurus/docs/code-base-works/auth-sessions-and-tokens.md from the dashboard repo claims that users can alter the password length with CATTLE_PASSWORD_MIN_LENGTH, but I'm not sure if that field's exposed to users. It also claims the additional requirement that the username and password must differ, which is quite sensible, but wanted to verify.

[martyav]

@maxsokolovsky Hi, Max. To follow up from this morning, can users alter the minimum length of the admin password (not the special case of the bootstrap -- we have established that it has no min length)? And is there any other validation going on -- for example, requiring that the username and password must differ?

[maxsokolovsky]

@martyav, the only thing I am seeing in the code and an actual test is that the password must be 12 characters in length.

[btat]

@martyav This (rancher/dashboard#6633) should be considered as well.

[martyav]

Parent issue

• Allow to change minimum length requirement for user password dashboard#6633

---

Pull requests

• Allow to change minimum length requirement for user password dashboard#6801 - v2.6.9:
  • Added new setting inside "Global Setting" using key password-min-length.
• Validation for the minimum length requirement for user password setting  dashboard#6897 - v2.7.2:
  • Prevent users to submit password configuration which is not matching the requirement: min 2 and max 256 chars.
• Feature/6633 min password again dashboard#7930 - v2.7.2:
  • Added validation for integers exclusively for min-password changes
  • Changed setting key CATTLE_PASSWORD_MIN_LENGTH to PASSWORD_MIN_LENGTH, to match server returned value
  • Allowed editing settings from environment variables; this is due server configuration have been changed for this case
  • Updated tests - rancher/dashboard@3d5a981
• Allow to change minimum length requirement for user password dashboard#8006 - v2.7.2
  • New case with decimal using 0 as value, e.g. 1.0.

[btat]

Line 27 says run the following commands, but this isn't a command.

Is this intended to be a snippet of the values.yaml file or a snippet of the Helm install command? In either case, the syntax is incorrect.

[martyav]

This was originally listed inline:

For a Helm install, users can specify the bootstrap password variable by configuring it in the Helm chart values with .Values.bootstrapPassword.

For some reason, the backtick formatting wasn't working inside the tab when I looked at a preview of the site, but using the code block syntax with triple backticks worked

[martyav]

Synced with v2.8 to v2.6