feat!: Add pwd validation policy for mysql modules #409
Conversation
anuhyapolisetti
changed the title
anuhyapolisetti
force-pushed
the
master
branch
2 times, most recently
from
d6d3739
to
d84aded
Compare
anuhyapolisetti
force-pushed
the
master
branch
from
d84aded
to
00ad833
Compare
modules/mysql/main.tf
Outdated
| @@ -48,6 +53,7 @@ resource "google_sql_database_instance" "default" { | |||
| region = var.region | |||
| encryption_key_name = var.encryption_key_name | |||
| deletion_protection = var.deletion_protection | |||
| root_password = coalesce(var.root_password, random_password.root-password.result) | |||
There was a problem hiding this comment.
Looks like root_password was previously force new and this may result in recreation of google_sql_database_instance for users on the older provider. Can we default to null if no var.root_password?
https://github.com/hashicorp/terraform-provider-google/pull/13574/files
|
@anuhyapolisetti |
|
The change from special = false to special = true is a very bad breaking change and there is no way to use this module with this change until this is fixed. I suggest adding another var to specifiy if the generated passwords should use special chars or not and defaulting to false since otherwise this is a bad breaking change |
| @@ -178,7 +189,7 @@ resource "random_password" "user-password" { | |||
| } | |||
|
|
|||
| length = 32 | |||
| special = false | |||
There was a problem hiding this comment.
This change is a MAJOR breaking change
This PR adds support for the settings.password_validation_policy block in the mysql module
For Mysql, password validation policy is supported only for 5.7 Database version.
I've added the password_validation_policy block (and related tests) to the mysql-ha example.