Password String Length Error

Question

Password String Length Error

Closed this issue 2 months ago · 7 comments

Describe the bug

With new releases of provider we're getting errors for artifactory_managed_user:

╷
│ Error: Invalid Attribute Value Length
│
│   with artifactory_managed_user....,
│   on users.tf line 60, in resource "artifactory_managed_user" "<redacted>":
│   60:   password = random_password.<redacted>.result
│
│ Attribute password string length must be at least 12, got: 10
╵

Previously in 10.3.3 we didn't see this error.

Requirements for and issue

A description of the bug
A fully functioning terraform snippet that can be copy&pasted (no outside files or ENV vars unless that's part of the issue). If this is not supplied, this issue will likely be closed without any effort expended.
Your version of artifactory (you can curl it at $host/artifactory/api/system/version
Your version of terraform
Your version of terraform provider

Expected behavior

I understand this is likely a security concern, however we're not looking to update our password at this time.. There needs to be a way to allow this password to exist in its current non-conforming state.

Additional context
Add any other context about the problem here.

Answer 1 · 2024-05-08T19:25:45.000Z

@tdgeery Thanks for the report! I don't recall the reason the min length of 12 was chosen before. Checking both the cloud version and self-hosted version, it looks like the default min length is 8 characters. Obviously for self-hosted, customers are free to change this default length.

I'll update the resource validation to 8 characters min so existing passwords should pass.

Answer 2 · 2024-06-28T18:05:24.000Z

Is it possible to configure this length? or option to remove this check? I am blocked upgrading provider since we have some users with passwords of 7 character length...

Answer 3 · 2024-06-28T18:07:58.000Z

@tdgeery Not currently for either configurable or removal of the check. I'll add this to our plan to support these.

Answer 4 · 2024-06-28T18:08:41.000Z

That would be great, wouldn't to stay too far from latest 😛

Answer 5 · 2024-06-28T18:10:09.000Z

@tdgeery Ideally your users should update their passwords to longer length 😄 but I totally understand the challenge that involves.

Answer 6 · 2024-06-28T18:11:14.000Z

Wish that was actually achievable 😆

Answer 7 · 2024-07-11T23:14:39.000Z

@tdgeery #1024 should allow you to configure the resource password validation to match your Artifactory settings.