Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Random provider should be able to generate Azure-compliant names #171

Open
markslater opened this issue Jul 15, 2021 · 0 comments
Open

Random provider should be able to generate Azure-compliant names #171

markslater opened this issue Jul 15, 2021 · 0 comments
Labels
post-migration Review after migrating provider from SDKv2 to Framework

Comments

@markslater
Copy link

There are a number of resource types in Azure that require a name that is globally unique (across the whole of Azure). Examples include storage accounts and key vaults. The constraints on names are somewhat restrictive:

A vault's name must be between 3-24 alphanumeric characters. The name must begin with a letter, end with a letter or digit, and not contain consecutive hyphens. Follow this link for more information https://go.microsoft.com/fwlink/?linkid=2147742

It would be useful to be able to generate a random string that complies with these constraints whilst also making use of the full universe of valid names, to minimise the chance of collisions.

Terraform Version

Terraform v1.0.2
on linux_amd64

Affected Resource(s)

Provider hashicorp/random version 3.1.0

Proposed Terraform Configuration

resource "random_constrained_id" "key_vault_name" {
  keepers = {
    subscription_id = "${var.subscription_id}"
  }
  character_set = "az"
  character_length = 24
}

Important Factoids

  • I've assumed that the random provider is deliberately cloud provider agnostic, so I've proposed HCL that makes no reference to Azure. The result is somewhat unsatisfactory - the user needs to understand the (slightly woolly) Azure documentation, the configuration is slightly complicated, and it's hard to use the full universe of valid names. It might be better to have a resource type that is explicitly for Azure names.
  • Azure's failure messages are a bit ambiguous, for example the one above specifies only 'alphanumeric characters', but then goes on to talk about rules for hyphens.
  • Although the failure doesn't mention it, I believe the names are case-insensitive, because they are used as leaf labels in domain names.
  • Given the above, I think we have 26 letters + 10 digits + '-' = 37 valid characters, meaning 3724 = 4 x 1037 valid full length names (minus a few banned combinations). We can squeeze a few more out if we also include non-full length names (about 8 x 1037), This is still an order of magnitude short of the number of valid UUIDs, but I believe it's sufficiently large to make the chance of random collisions very small. Thought needs to be give to whether effort should be made to reduce the chance of malicious collisions.
@bendbennett bendbennett added post-migration Review after migrating provider from SDKv2 to Framework and removed tf-devex-triage labels Jun 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
post-migration Review after migrating provider from SDKv2 to Framework
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@markslater @bendbennett