Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ambiguous wording in docs on the parameters for RandomPassword, eg "numeric = true" can still generate a password without numerics. #475

Open
1 task done
Sheffer opened this issue Oct 10, 2023 · 0 comments
Open
1 task done

Ambiguous wording in docs on the parameters for RandomPassword, eg "numeric = true" can still generate a password without numerics. #475

Sheffer opened this issue Oct 10, 2023 · 0 comments
Labels
bug

Comments

@Sheffer
Copy link

Sheffer commented Oct 10, 2023

Terraform CLI and Provider Versions

The wording on
https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password

for lower = true states "(Boolean) Include lowercase alphabet characters in the result."

I read this as that it will include at least one lowercase character in the resulting password. It does not. It just add lowercase to the pool of possible characters.

The same problem exist for upper, special and numeric.

I have had at least one deployment fail to a 30 character password was missing numerics and some validation check in Azure crapped out.

It can be mitigated by using min_lower =1 etc.

Proposed change:

A: Either make the docs clear on that "true" does just add to pool and do not guarantee a char of that type.
OR
B: Change the code to always include at least one of the types (lower, upper, special, numeric) set to true.

Terraform Configuration

provider "random" {}

resource "random_password" "password" {
  length           = 4
  special          = true
  numeric          = true
  lower            = true
  upper            = true
  override_special = "_%@"  # Optional: customize the set of special characters
}

output "generated_password" {
  value = random_password.password.result
  sensitive = true
}

Expected Behavior

A password that includes at least one each of upper, lower, numeric and special.

Actual Behavior

Generated password is missing both numerics and special characters.

{
"generated_password": {
"sensitive": true,
"type": "string",
"value": "Jprw"
}
}

Steps to Reproduce

  1. terraform apply

You might have to repeat a few times as the process is random. With 4 or 5 characters it is not hard to end up with one that is missing at least one propery.

How much impact is this issue causing?

Low

Logs

No response

Additional Information

No response

Code of Conduct

  • I agree to follow this project's Code of Conduct
@Sheffer Sheffer added the bug label Oct 10, 2023
@Sheffer Sheffer changed the title Ambiguous wording in docs on the parameters for RandomPassword, eg "numeric: true" can still generate a password without numerics. Ambiguous wording in docs on the parameters for RandomPassword, eg "numeric = true" can still generate a password without numerics. Oct 10, 2023
@Sheffer Sheffer mentioned this issue Oct 10, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Sheffer