From 99863f308af558390ad23bc36316bef2682d6f2b Mon Sep 17 00:00:00 2001
From: Sergey Petrov <petrov@selectel.ru>
Date: Wed, 14 Sep 2022 19:45:03 +0300
Subject: [PATCH] Enforce password strength constraint

---
 selectel/resource_selectel_vpc_user_v2.go | 25 +++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/selectel/resource_selectel_vpc_user_v2.go b/selectel/resource_selectel_vpc_user_v2.go
index 031f622e..4fa1a020 100644
--- a/selectel/resource_selectel_vpc_user_v2.go
+++ b/selectel/resource_selectel_vpc_user_v2.go
@@ -4,7 +4,9 @@ import (
 	"context"
 	"log"
 	"net/http"
+	"unicode"
 
+	"github.com/hashicorp/go-cty/cty"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/selectel/go-selvpcclient/v2/selvpcclient/resell/v2/users"
@@ -29,6 +31,29 @@ func resourceVPCUserV2() *schema.Resource {
 				Type:     schema.TypeString,
 				Required: true,
 				ForceNew: false,
+				ValidateDiagFunc: func(i interface{}, path cty.Path) diag.Diagnostics {
+					password := i.(string)
+					if len(password) < 8 {
+						return diag.Errorf("password must be at least 8 characters long")
+					}
+
+					chrType := 0
+					for _, r := range password {
+						switch {
+						case unicode.IsDigit(r):
+							chrType |= 1
+						case unicode.IsLower(r):
+							chrType |= 2
+						case unicode.IsUpper(r):
+							chrType |= 4
+						}
+					}
+					if chrType != 7 {
+						return diag.Errorf("password must contain at least one digit, one lowercase and one uppercase character")
+					}
+
+					return nil
+				},
 			},
 			"enabled": {
 				Type:     schema.TypeBool,