From 0440e5dce91965871fb326107a3692a2e8fca967 Mon Sep 17 00:00:00 2001
From: singuliere <singuliere@autistici.org>
Date: Fri, 11 Dec 2020 13:26:20 +0100
Subject: [PATCH] randomly generated passwords must obey some constraints

The password constraints of security.py require at least one digit,
one lower case, one upper case and one special character.

https://github.com/wazuh/wazuh/blob/master/framework/wazuh/security.py#L22

Fixes: https://github.com/wazuh/wazuh-ansible/issues/518
---
 .../wazuh/ansible-wazuh-manager/files/create_user.py  | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/roles/wazuh/ansible-wazuh-manager/files/create_user.py b/roles/wazuh/ansible-wazuh-manager/files/create_user.py
index aeabde44c..6bb966fae 100644
--- a/roles/wazuh/ansible-wazuh-manager/files/create_user.py
+++ b/roles/wazuh/ansible-wazuh-manager/files/create_user.py
@@ -69,13 +69,20 @@ def db_roles():
     # set a random password for all other users
     for name, id in initial_users.items():
         if name != username:
+            specials = "@$!%*?&-_"
             random_pass = "".join(
+                [
+                    random.choice(string.ascii_uppercase),
+                    random.choice(string.ascii_lowercase),
+                    random.choice(string.digits),
+                    random.choice(specials),
+                ] +
                 random.choices(
                     string.ascii_uppercase
                     + string.ascii_lowercase
                     + string.digits
-                    + "@$!%*?&-_",
-                    k=16,
+                    + specials,
+                    k=14,
                 )
             )
             update_user(