Merge pull request #124 from jfrog/GH-122-remove-password-requirement…

…-for-users Remove password requirement, but still validate. Update docs to refle…
jfrog · Sep 9, 2021 · f9b3f0a · f9b3f0a
2 parents a24b030 + 6617c6e
commit f9b3f0a
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -78,6 +78,11 @@ Permission target V1 support has been totally removed. Dynamically testing of pe
 currently doesn't work because of race conditions when creating a repo. This will have to be resolved with retries at a 
 later date. 
 
+### Changes to user creation ###
+Previously, passwords were being generated for the user if none was supplied. This was both unnecessary (since TF has a password provider)
+and because the internal implementation could never be entirely in line with the remote server (or, be sure it was).
+With the release of 2.3.1, password is still optional, but if supplied, must watch the default password requirements. These
+can be overridden with `JFROG_PASSWD_VALIDATION_ON=false` if a custom password policy is in place.
 
 
 ## Build the Provider

diff --git a/docs/index.md b/docs/index.md
@@ -115,5 +115,5 @@ The following arguments are supported:
     Conflicts with `api_key`, and `access_token`. This can also be sourced from the `ARTIFACTORY_PASSWORD` environment variable.
 * `api_key` - (Optional) API key for api auth. Uses `X-JFrog-Art-Api` header. 
     Conflicts with `username`, `password`, and `access_token`. This can also be sourced from the `ARTIFACTORY_API_KEY` environment variable.
-* `access_token` - (Optional) API key for token auth. Uses `Authorization: Bearer` header. 
+* `access_token` - (Optional) API key for token auth. Uses `Authorization: Bearer` header. For xray functionality, this is the only auth method accepted
     Conflicts with `username` and `password`, and `api_key`. This can also be sourced from the `ARTIFACTORY_ACCESS_TOKEN` environment variable.
diff --git a/docs/resources/artifactory_user.md b/docs/resources/artifactory_user.md
@@ -8,6 +8,8 @@ updated in Terraform. If no password is given a random one is created otherwise
 noting "removing" the password argument does not reset the password; it just removes Terraform from storing the "known"
 state.
 
+- Note: The password is optional, but if supplied, it will be compared to the default artifactory password rules. You can
+override password validation entirely by setting `export JFROG_PASSWD_VALIDATION_ON=false`, if your organization has it's own password requirements
 
 ## Example Usage
 

diff --git a/pkg/artifactory/resource_artifactory_user.go b/pkg/artifactory/resource_artifactory_user.go
@@ -68,7 +68,7 @@ func resourceArtifactoryUser() *schema.Resource {
 			"password": {
 				Type:      schema.TypeString,
 				Sensitive: true,
-				Required:  true,
+				Optional:  true,
 				ValidateFunc: func(tfValue interface{}, key string) ([]string, []error) {
 					validationOn, _ := strconv.ParseBool(os.Getenv("JFROG_PASSWD_VALIDATION_ON"))
 					if validationOn {