check/fix discrepancies between regex/docs for passwords

[yeoldegrove]

We should double check for discrepancies between our regex/docs for HANA and Netweaver/S4HANA passwords. It seems to me that our rules are outdated and do not match the official SAP docs.

[melzer-b1]

• The passwords must contain at least 8/10 up to 14 characters.
• They cannot start with a special character and
• must contain at least 1 digit, 1 upper-case character, 1 lower-case character and not the invalid characters '"' or '\'

[yeoldegrove]

I dug up some official docs again to support the needed changes. We should differentiate the rules and regexes between HANA and Netweaver/S4HANA. Also creating a doc/sap_passwords.mdwhich links to the official documentation would help. We could short-link to this new doc to not always include all the other links and the complete ruleset.

HANA:

• https://help.sap.com/docs/SAP_HANA_PLATFORM/009e68bc5f3c440cb31823a3ec4bb95b/974e9cb991704d05a256241a7b821971.html?locale=en-US&version=2.0.05
• https://help.sap.com/docs/SAP_HANA_ONE/102d9916bf77407ea3942fef93a47da8/61662e3032ad4f8dbdb5063a21a7d706.html?locale=en-US
• minimal_password_length = 8
• max length = 64
• The following character types are possible:
  • Lowercase letter (a-z)
  • Uppercase letter (A-Z)
  • Numerical digits (0-9)
  • Special characters (underscore (_), hyphen (-), and so on)
  • Any character that is not an uppercase letter, a lowercase letter, or a numerical digit is considered a special character.
  • The default configuration requires passwords to contain at least one uppercase letter, at least one number, and at least one lowercase letter, with special characters being optional.

Netweaver / S4HANA:

• https://help.sap.com/docs/SAP_NETWEAVER_750/c6e6d078ab99452db94ed7b3b7bbcccf/4ac3f18f8c352470e10000000a42189c.html?locale=en-US
• login/min_password_lng = 6
• max length = 40
• special characters are possible but not needed
  • The password can only consist of digits, letters, and the following (ASCII) special characters: !"@ $%&/()=?'*+~#-_.,;:{[]}\<>, and space and the grave accent.
  • The password can consist of any characters including national special characters (such as ä, ç, ß from ISO Latin-1, 8859-1). However, all characters that aren’t contained in the set above are mapped to the same special character, and the system therefore doesn’t differentiate between them.
• no other restrictions

[melzer-b1]

I've updated the PR to the 'new' rules. The rules are now documentated in doc/sap_passwords.md. All error messages and comments in the terraform.tfvars.example now refer to this file.

[yeoldegrove]

Several updates were done in #873 and #890