Add support to remediate password expiration and rotation issues

tenthirtyam commented 12 months ago

Code of Conduct

[X] I have read and agree to the project's Code of Conduct.
[X] Vote on this issue by adding a 👍 reaction to the original issue initial description to help the maintainers prioritize.
[X] Do not leave "+1" or other comments that do not add relevant information or questions.
[X] If you are interested in working on this issue or have submitted a pull request, please leave a comment.

Description

In v1.4.0, we introduced two new cmdlets:

Request-PasswordRotationPolicy
Publish-PasswordRotationPolicy

This enhancement request will track an additional approvement for adding or enhancing cmdlets to identify and report issues between password rotation and password expiration settings.

For example, the Request-PasswordRotationPolicy cmdlet will identify if the password will expire before the scheduled rotation.

PS F:\> Request-PasswordRotationPolicy -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re123! -resource nsxManager

Workload Domain : sfo-w01
System          : sfo-w01-nsx01.sfo.rainpole.io
Resource        : NSX Manager
Type            : API
User            : admin
Frequency Days  : 90
Next Schedule   : 11/21/2023 12:00:29 AM
Expiration      : 10/4/2023 12:00:00 AM
Connection      : ACTIVE
Status          : ACTIVE
Alert           : RED
Message         : Password will expire before the scheduled rotation.

But there might also be the need to enable a rotation policy in the policy JSON for a resource type and then not only report on the drift, but be able to remediate the drift.

Use Case(s)

As a platform engineer, I need to be able to programmatically identify and remediate if there are any issues with the password rotation settings for a credential managed by SDDC Manager in a report.

Potential Configuration

To be determined.

References

No response

tenthirtyam commented 12 months ago

See https://github.com/vmware/powershell-module-for-vmware-cloud-foundation/pull/219 for addition of Set-VCFCredentialAutoRotatePolicy.

sowjuec commented 6 months ago

@tenthirtyam, Planning to pick this item. Also testing something on apps integration, so adding this comment.

sowjuec commented 6 months ago

@tenthirtyam, We need to incorporate drift feature before remediation, am i right in my understanding.

vmware / powershell-module-for-vmware-cloud-foundation-password-management