From 6617c6e145bbfbb0081f3cc714c96128a9729a3c Mon Sep 17 00:00:00 2001 From: Christian Bongiorno Date: Thu, 9 Sep 2021 07:12:36 -0700 Subject: [PATCH] Remove password requirement, but still validate. Update docs to reflect this --- README.md | 5 +++++ docs/index.md | 2 +- docs/resources/artifactory_user.md | 2 ++ pkg/artifactory/resource_artifactory_user.go | 2 +- 4 files changed, 9 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 0593bd0e9..6f3d2f6d1 100644 --- a/README.md +++ b/README.md @@ -78,6 +78,11 @@ Permission target V1 support has been totally removed. Dynamically testing of pe currently doesn't work because of race conditions when creating a repo. This will have to be resolved with retries at a later date. +### Changes to user creation ### +Previously, passwords were being generated for the user if none was supplied. This was both unnecessary (since TF has a password provider) +and because the internal implementation could never be entirely in line with the remote server (or, be sure it was). +With the release of 2.3.1, password is still optional, but if supplied, must watch the default password requirements. These +can be overridden with `JFROG_PASSWD_VALIDATION_ON=false` if a custom password policy is in place. ## Build the Provider diff --git a/docs/index.md b/docs/index.md index f36eaa046..06f0a4a19 100644 --- a/docs/index.md +++ b/docs/index.md @@ -115,5 +115,5 @@ The following arguments are supported: Conflicts with `api_key`, and `access_token`. This can also be sourced from the `ARTIFACTORY_PASSWORD` environment variable. * `api_key` - (Optional) API key for api auth. Uses `X-JFrog-Art-Api` header. Conflicts with `username`, `password`, and `access_token`. This can also be sourced from the `ARTIFACTORY_API_KEY` environment variable. -* `access_token` - (Optional) API key for token auth. Uses `Authorization: Bearer` header. +* `access_token` - (Optional) API key for token auth. Uses `Authorization: Bearer` header. For xray functionality, this is the only auth method accepted Conflicts with `username` and `password`, and `api_key`. This can also be sourced from the `ARTIFACTORY_ACCESS_TOKEN` environment variable. diff --git a/docs/resources/artifactory_user.md b/docs/resources/artifactory_user.md index 296a50e09..3521c23c0 100644 --- a/docs/resources/artifactory_user.md +++ b/docs/resources/artifactory_user.md @@ -8,6 +8,8 @@ updated in Terraform. If no password is given a random one is created otherwise noting "removing" the password argument does not reset the password; it just removes Terraform from storing the "known" state. +- Note: The password is optional, but if supplied, it will be compared to the default artifactory password rules. You can +override password validation entirely by setting `export JFROG_PASSWD_VALIDATION_ON=false`, if your organization has it's own password requirements ## Example Usage diff --git a/pkg/artifactory/resource_artifactory_user.go b/pkg/artifactory/resource_artifactory_user.go index d735d445e..156d7628f 100644 --- a/pkg/artifactory/resource_artifactory_user.go +++ b/pkg/artifactory/resource_artifactory_user.go @@ -68,7 +68,7 @@ func resourceArtifactoryUser() *schema.Resource { "password": { Type: schema.TypeString, Sensitive: true, - Required: true, + Optional: true, ValidateFunc: func(tfValue interface{}, key string) ([]string, []error) { validationOn, _ := strconv.ParseBool(os.Getenv("JFROG_PASSWD_VALIDATION_ON")) if validationOn {