Add random password feature #34
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We need to manage user's channels and other resources using Terraform without knowledge of user's actual password (due to privacy issues). So the following feature is implemented. If password field in user resource definition is set to "-", the user is created with a random password and "reset password" email is sent to the user.
ndrpnt
reviewed
Jul 26, 2022
There was a problem hiding this comment.
Hi @mooncube, thanks a lot for your PR. Sorry, for the slow reply, as you can see this repo doesn't see much activity.
I guess the reason for this change is to avoid using a random_password resource that would imply storing the generated password in Terraform state file. I'm not sure that it does much in terms of privacy (we don't guarantee anything to the user and still have ways to know the password), but since you seem to have a use for it I'm willing to merge your PR. Would you mind taking a look at the review? Thanks.
Comment on lines
+51
to
+53
| password.WriteString( | ||
| string(passwordChars.Specials[random.Intn(len(passwordChars.Specials))]), | ||
| ) |
There was a problem hiding this comment.
Suggested change
| password.WriteString( | |
| string(passwordChars.Specials[random.Intn(len(passwordChars.Specials))]), | |
| ) | |
| // Using crypto/rand | |
| i, err := rand.Int(rand.Reader, big.NewInt(len(passwordChars.Specials))) | |
| if err != nil { | |
| return "", err | |
| } | |
| password.WriteString(string(passwordChars.Specials[i.Uint64()])) |
| @@ -2,10 +2,15 @@ package provider | |||
|
|
|||
| import ( | |||
| "fmt" | |||
| "math/rand" | |||
There was a problem hiding this comment.
I think we should use crypto/rand for password generation. See my suggestion below for an example
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We need to manage user's channels and other resources using
Terraform without knowledge of user's actual password (due to
privacy issues).
So the following feature is implemented.
If password field in user resource definition is set to "-", the
user is created with a random password and "reset password" email
is sent to the user.