Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

random_password - exclude attribute functionality #199

Open
1 task done
drarnold opened this issue Feb 9, 2022 · 0 comments
Open
1 task done

random_password - exclude attribute functionality #199

drarnold opened this issue Feb 9, 2022 · 0 comments
Labels
enhancement post-migration Review after migrating provider from SDKv2 to Framework

Comments

@drarnold
Copy link

drarnold commented Feb 9, 2022

Terraform CLI and Provider Versions

$ terraform --version
Terraform v1.0.6
on darwin_amd64

But this could be on any version that supports the random_password resource.

Use Cases or Problem Statement

We are currently using the random_password resource to generate passwords for our Neo4j database with the following snippet of code:

resource "random_password" "neo4j_password" {
  length  = 32
  special = false
}

This gives us a good randomized password, almost all of the time. The big issue we run into is that the ' (single quote) is not considered a special character per the documentation nor the codebase. Neo4j currently does not handle these single quotes very well, so we can either update Neo4j's password management or we can handle the password being generated. I am opting for either approach, so I will be creating an issue for them as well.

Proposal

I have several different ideas about what could be done to solve this particular issue:

  1. We could consider a single quote ' as a special character, which would allow the usage of the special attribute within the random_password resource.
  2. We could create an exclude attribute for the random_password resource, similar to the following:
resource "random_password" "neo4j_password" {
  length  = 32
  special = false
  exclude = "',_%@"
}

This would go through the generated password and replace any excluded characters with valid characters.

How much impact is this issue causing?

Medium

Additional Information

Currently, we are taking the hit and handling the issue as it comes up with our new environment creation process where we need to troubleshoot the issue and change the password using the terraform taint command since we have other restrictions in place to change passwords on subsequent plans.

I think we can also work with Neo4j regarding their password handling, however, it seems like this might be the easier route if we can add special characters into the list.

Code of Conduct

  • I agree to follow this project's Code of Conduct
@drarnold drarnold changed the title random_password - exclude_characters random_password - exclude attribute functionality Feb 9, 2022
@bendbennett bendbennett added the tf-devex-triage Terraform DevEx project tracking label May 17, 2022
@bendbennett bendbennett added post-migration Review after migrating provider from SDKv2 to Framework and removed tf-devex-triage Terraform DevEx project tracking labels Jun 7, 2022
@hajali-amine hajali-amine mentioned this issue Nov 7, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement post-migration Review after migrating provider from SDKv2 to Framework
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

enhancement: add exclude attribute to random_password resource
2 participants
@bendbennett @drarnold