Allow the creation of custom users for the API

[xr09]

Create custom API users before starting Wazuh

With the new RBAC API it is possible to create users with different roles.

It is required to create a new script which will take a JSON file with the custom login details (username, password, role) and will proceed to create it before starting the Wazuh processes.

The script should use the create_user function from the framework.

Tasks:

• Provide env vars to render custom login on JSON file
• Parse JSON and call the create_user function
• Check user existence on the database
• Test custom logins

[xr09]

Workflow to add custom users

• On build time a new script is injected into the image at /var/ossec/framework/scripts/create_user.py
• The env variables API_USERNAME and API_PASSWORD are rendered into a json file at /var/ossec/api/configuration/admin.json

{
  "username": "my-custom-login",
  "password": "SomeRandomPa44*-"
}

• The password must comply with the strength requirements (uppercase, lowercase, numbers, specials chars and a min of 8 characters)
• The script will read the admin.json file and proceed to create the user on the API database.

[xr09]

In the case of a weak password the script returns an error but the execution continued, to prevent this error to pass unnoticed the container will show an error message and proceed to shutdown in the case of this script returning an exit code different than 0.

In this way, it becomes clear that user intervention is required.