Feature/secrets with complexity

[rlieberman-splunk]

Copied from #1510

Description

this PR make sure secrets are generated with crypto rand function for optimal randomness and that they at least include a lower, upper case + decimal + special characters , which is usually a requirement for regulated context like PCI (and a good practise in general)

Key Changes

• replace math/rand with crypto/rand
• Add Generate Secrets With complexity requirements

files modified pkg/splunk/common/names.go -> add more const variables for lower case, upper case, decimal and special characters
pkg/splunk/util/util.go pkg/splunk/util/util_test.go , pkg/splunk/util/secrets.go ,pkg/splunk/util/secrets_test.go

add GenerateSecretPartWithComplexity function , which choose m times a character for the SecretBytes passed as argument at a random position in the byte array (but checking it is not yet used position)

add GenerateSecretWithComplexity(n int, minlower int, minupper int, mindecimal int, minspecial int) fucntion
which for a n size secrets will :

• check the added constraints are possible
• call GenerateSecretPartWithComplexity for all the 4 cases
• complete the remaining with a random characters from the extended allowed characters

GenerateSecret function is still there but only used for HEC
it is now using the crypto rand function also (you cant have different rand in the same file and this is more secure anyway to use the crypto version)

updated the code to call the GenerateSecretWithComplexity with 24 lentgh (as before) and 1 complexity for each type

Testing and Verification

How did you test these changes? What automated tests are added?

updated tests

added a test that verify we produce a error if ask more complexity than secrets length

manual tests

• run the code as standalone function then once good within operator
• check secrets are now complex (by deleting older secrets) -> OK

Related Issues

Yes, customer issue discussed internally
Jira tickets, GitHub issues, Support tickets...

PR Checklist

• Code changes adhere to the project's coding standards.
• Relevant unit and integration tests are included.
• Documentation has been updated accordingly.
• All tests pass locally.
• The PR description follows the project's guidelines.

[coveralls]

Pull Request Test Coverage Report for Build 15284002631

Details

• 77 of 104 (74.04%) changed or added relevant lines in 2 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage decreased (-0.1%) to 86.502%

---

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
pkg/splunk/util/secrets.go	13	21	61.9%
pkg/splunk/common/util.go	64	83	77.11%

Totals
Change from base Build 15218470055:	-0.1%
Covered Lines:	10632
Relevant Lines:	12291

---

💛 - Coveralls