Pattern: Use of plain-text password for OpenStack Compute
Issue: -
Assigning a password to the compute instance using plain-text could lead to compromise; it would be preferable to use key-pairs as a login mechanism.
Resolution: Do not use plain-text passwords in terraform files.
Example of incorrect code:
resource "openstack_compute_instance_v2" "bad_example" {
name = "basic"
image_id = "ad091b52-742f-469e-8f3c-fd81cadf0743"
flavor_id = "3"
admin_pass = "N0tSoS3cretP4ssw0rd"
security_groups = ["default"]
user_data = "#cloud-config\nhostname: instance_1.example.com\nfqdn: instance_1.example.com"
network {
name = "my_network"
}
}Example of correct code:
resource "openstack_compute_instance_v2" "good_example" {
name = "basic"
image_id = "ad091b52-742f-469e-8f3c-fd81cadf0743"
flavor_id = "3"
key_pair = "my_key_pair_name"
security_groups = ["default"]
user_data = "#cloud-config\nhostname: instance_1.example.com\nfqdn: instance_1.example.com"
network {
name = "my_network"
}
}