2

I am getting user input for a password in my Ansible task. This user input is passed through command to 'password variable'. I want to check if given password matches below condition:

  • length greater than 8
  • password should contain only printable ASCII chars

I tried something like this :

- fail: msg="Password validation failed" 
  when: password | default('') | length <= 0 | chars = ascii_letters

This is not working.

If I am using fail module only for password non empty and length check, it is working.

- fail: msg="Password validation failed" 
  when: password | default('') | length <= 0 | chars = ascii_letters
β.εηοιτ.βε
  • 33,893
  • 13
  • 69
  • 83
Poojitha
  • 27
  • 4
  • Use the proper module instead: [`assert`](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/assert_module.html), with it, you can pass as much condition as you like in a list. – β.εηοιτ.βε Jul 11 '22 at 11:03
  • @β.εηοιτ.βε I used this way: - name : Check if password is long enough assert: that: - password | length > 8 | chars = ascii_letters success_msg: "Passed." fail_msg: "Password validation failed" quiet: true its not working. – Poojitha Jul 11 '22 at 11:17
  • `| chars = ascii_letters` this Is not a valid filter, nor in Ansible, nor in Jinja. – β.εηοιτ.βε Jul 11 '22 at 11:18
  • Also `password | length > 8` will give you a boolean, you cannot chain another filter on it, as it will test the returned boolean, not the string in `password` anymore. – β.εηοιτ.βε Jul 11 '22 at 11:21
  • Please help me how can I do ? – Poojitha Jul 11 '22 at 11:45
  • 1
    Does this answer your question? [Check password matches the condition in ansible](https://stackoverflow.com/questions/72049059/check-password-matches-the-condition-in-ansible) – β.εηοιτ.βε Jul 12 '22 at 07:00

1 Answers1

1

To check if a string contains only ASCII character, the best would be to use a regular expression, which you can assert with the regex test.

As regex are pretty powerful, you could also bake your character limitation in it.

Here would be a task achieving this:

- name: Assert a string of 8+ ASCII char
  assert:
    that:
      - password is string
      - password is regex('^[\x00-\x7F]{8,}$')

And some results based on use cases:

  • errors if we do not send anything as --extra-vars 
    fatal: [localhost]: FAILED! => changed=false 
  assertion: password is string
  evaluated_to: false
  msg: Assertion failed
  • errors if we pass a too short password: --extra-vars "password=1234567" 
    fatal: [localhost]: FAILED! => changed=false 
  assertion: password is regex('^[\x00-\x7F]{8,}$')
  evaluated_to: false
  msg: Assertion failed
  • also errors in the regex if we pass a non-ASCII char: --extra-vars "password=1234567é" 
    fatal: [localhost]: FAILED! => changed=false 
  assertion: password is regex('^[\x00-\x7F]{8,}$')
  evaluated_to: false
  msg: Assertion failed
  • pass the assertion with --extra-vars "password=12345678" 
    ok: [localhost] => changed=false 
  msg: All assertions passed
β.εηοιτ.βε
  • 33,893
  • 13
  • 69
  • 83
  • 1
    You can find another example under [Check password matches the condition in Ansible](https://stackoverflow.com/a/72049548/6771046). – U880D Jul 12 '22 at 06:58