Add support to remediate password expiration and rotation issues

tenthirtyam commented 1 year ago

Code of Conduct

[X] I have read and agree to the project's Code of Conduct.
[X] Vote on this issue by adding a 👍 reaction to the original issue initial description to help the maintainers prioritize.
[X] Do not leave "+1" or other comments that do not add relevant information or questions.
[X] If you are interested in working on this issue or have submitted a pull request, please leave a comment.

Description

In v1.4.0, we introduced two new cmdlets:

Request-PasswordRotationPolicy
Publish-PasswordRotationPolicy

This enhancement request will track an additional approvement for adding or enhancing cmdlets to identify and report issues between password rotation and password expiration settings.

For example, the Request-PasswordRotationPolicy cmdlet will identify if the password will expire before the scheduled rotation.

PS F:\> Request-PasswordRotationPolicy -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re123! -resource nsxManager

Workload Domain : sfo-w01
System          : sfo-w01-nsx01.sfo.rainpole.io
Resource        : NSX Manager
Type            : API
User            : admin
Frequency Days  : 90
Next Schedule   : 11/21/2023 12:00:29 AM
Expiration      : 10/4/2023 12:00:00 AM
Connection      : ACTIVE
Status          : ACTIVE
Alert           : RED
Message         : Password will expire before the scheduled rotation.

But there might also be the need to enable a rotation policy in the policy JSON for a resource type and then not only report on the drift, but be able to remediate the drift.

Use Case(s)

As a platform engineer, I need to be able to programmatically identify and remediate if there are any issues with the password rotation settings for a credential managed by SDDC Manager in a report.

Potential Configuration

To be determined.

References

No response

tenthirtyam commented 1 year ago

See https://github.com/vmware/powershell-module-for-vmware-cloud-foundation/pull/219 for addition of Set-VCFCredentialAutoRotatePolicy.

sowjuec commented 9 months ago

@tenthirtyam, Planning to pick this item. Also testing something on apps integration, so adding this comment.

sowjuec commented 9 months ago

@tenthirtyam, We need to incorporate drift feature before remediation, am i right in my understanding.

github-actions[bot] commented 1 month ago

'Marking this issue as stale due to inactivity. This helps us focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!'

github-actions[bot] commented 3 weeks ago

I'm going to lock this issue because it has been closed for 30 days. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

vmware / powershell-module-for-vmware-cloud-foundation-password-management