fix: prevent auto-update of random_password resource (#446)

Co-authored-by: Bharath KKB <bharathkrishnakb@gmail.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: g-awmalik <malik.awais@gmail.com> Co-authored-by: Awais Malik <awmalik@google.com> Co-authored-by: CFT Bot <cloud-foundation-bot@google.com>
terraform-google-modules · Apr 11, 2023 · ed83b8b · ed83b8b
1 parent 64618c4
commit ed83b8b
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 8 deletions.
diff --git a/modules/mysql/main.tf b/modules/mysql/main.tf
@@ -198,9 +198,15 @@ resource "random_password" "user-password" {
   min_numeric = 1
   min_upper   = 1
   length      = var.password_validation_policy_config != null ? (var.password_validation_policy_config.min_length != null ? var.password_validation_policy_config.min_length + 4 : 32) : 32
-  special     = var.enable_random_password_special ? true : (var.password_validation_policy_config != null ? (var.password_validation_policy_config.complexity != "COMPLEXITY_UNSPECIFIED" ? true : false) : false)
-  min_special = var.enable_random_password_special ? 1 : (var.password_validation_policy_config != null ? (var.password_validation_policy_config.complexity != "COMPLEXITY_UNSPECIFIED" ? 1 : 0) : 0)
+  special     = var.enable_random_password_special ? true : (var.password_validation_policy_config != null ? (var.password_validation_policy_config.complexity == "COMPLEXITY_DEFAULT" ? true : false) : false)
+  min_special = var.enable_random_password_special ? 1 : (var.password_validation_policy_config != null ? (var.password_validation_policy_config.complexity == "COMPLEXITY_DEFAULT" ? 1 : 0) : 0)
   depends_on  = [null_resource.module_depends_on, google_sql_database_instance.default]
+
+  lifecycle {
+    ignore_changes = [
+      min_lower, min_upper, min_numeric
+    ]
+  }
 }
 
 resource "random_password" "additional_passwords" {
@@ -212,9 +218,15 @@ resource "random_password" "additional_passwords" {
   min_numeric = 1
   min_upper   = 1
   length      = var.password_validation_policy_config != null ? (var.password_validation_policy_config.min_length != null ? var.password_validation_policy_config.min_length + 4 : 32) : 32
-  special     = var.enable_random_password_special ? true : (var.password_validation_policy_config != null ? (var.password_validation_policy_config.complexity != "COMPLEXITY_UNSPECIFIED" ? true : false) : false)
-  min_special = var.enable_random_password_special ? 1 : (var.password_validation_policy_config != null ? (var.password_validation_policy_config.complexity != "COMPLEXITY_UNSPECIFIED" ? 1 : 0) : 0)
+  special     = var.enable_random_password_special ? true : (var.password_validation_policy_config != null ? (var.password_validation_policy_config.complexity == "COMPLEXITY_DEFAULT" ? true : false) : false)
+  min_special = var.enable_random_password_special ? 1 : (var.password_validation_policy_config != null ? (var.password_validation_policy_config.complexity == "COMPLEXITY_DEFAULT" ? 1 : 0) : 0)
   depends_on  = [null_resource.module_depends_on, google_sql_database_instance.default]
+
+  lifecycle {
+    ignore_changes = [
+      min_lower, min_upper, min_numeric
+    ]
+  }
 }
 
 resource "google_sql_user" "default" {

diff --git a/modules/postgresql/main.tf b/modules/postgresql/main.tf
@@ -202,9 +202,15 @@ resource "random_password" "user-password" {
   min_numeric = 1
   min_upper   = 1
   length      = var.password_validation_policy_config != null ? (var.password_validation_policy_config.min_length != null ? var.password_validation_policy_config.min_length + 4 : 32) : 32
-  special     = var.enable_random_password_special ? true : (var.password_validation_policy_config != null ? (var.password_validation_policy_config.complexity != "COMPLEXITY_UNSPECIFIED" ? true : false) : false)
-  min_special = var.enable_random_password_special ? 1 : (var.password_validation_policy_config != null ? (var.password_validation_policy_config.complexity != "COMPLEXITY_UNSPECIFIED" ? 1 : 0) : 0)
+  special     = var.enable_random_password_special ? true : (var.password_validation_policy_config != null ? (var.password_validation_policy_config.complexity == "COMPLEXITY_DEFAULT" ? true : false) : false)
+  min_special = var.enable_random_password_special ? 1 : (var.password_validation_policy_config != null ? (var.password_validation_policy_config.complexity == "COMPLEXITY_DEFAULT" ? 1 : 0) : 0)
   depends_on  = [null_resource.module_depends_on, google_sql_database_instance.default]
+
+  lifecycle {
+    ignore_changes = [
+      min_lower, min_upper, min_numeric
+    ]
+  }
 }
 
 resource "random_password" "additional_passwords" {
@@ -216,9 +222,15 @@ resource "random_password" "additional_passwords" {
   min_numeric = 1
   min_upper   = 1
   length      = var.password_validation_policy_config != null ? (var.password_validation_policy_config.min_length != null ? var.password_validation_policy_config.min_length + 4 : 32) : 32
-  special     = var.enable_random_password_special ? true : (var.password_validation_policy_config != null ? (var.password_validation_policy_config.complexity != "COMPLEXITY_UNSPECIFIED" ? true : false) : false)
-  min_special = var.enable_random_password_special ? 1 : (var.password_validation_policy_config != null ? (var.password_validation_policy_config.complexity != "COMPLEXITY_UNSPECIFIED" ? 1 : 0) : 0)
+  special     = var.enable_random_password_special ? true : (var.password_validation_policy_config != null ? (var.password_validation_policy_config.complexity == "COMPLEXITY_DEFAULT" ? true : false) : false)
+  min_special = var.enable_random_password_special ? 1 : (var.password_validation_policy_config != null ? (var.password_validation_policy_config.complexity == "COMPLEXITY_DEFAULT" ? 1 : 0) : 0)
   depends_on  = [null_resource.module_depends_on, google_sql_database_instance.default]
+
+  lifecycle {
+    ignore_changes = [
+      min_lower, min_upper, min_numeric
+    ]
+  }
 }
 
 resource "google_sql_user" "default" {