Ambiguous wording in docs on the parameters for RandomPassword, eg "numeric = true" can still generate a password without numerics. #475
Description
Terraform CLI and Provider Versions
The wording on
https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password
for lower = true states "(Boolean) Include lowercase alphabet characters in the result."
I read this as that it will include at least one lowercase character in the resulting password. It does not. It just add lowercase to the pool of possible characters.
The same problem exist for upper, special and numeric.
I have had at least one deployment fail to a 30 character password was missing numerics and some validation check in Azure crapped out.
It can be mitigated by using min_lower =1 etc.
Proposed change:
A: Either make the docs clear on that "true" does just add to pool and do not guarantee a char of that type.
OR
B: Change the code to always include at least one of the types (lower, upper, special, numeric) set to true.
Terraform Configuration
provider "random" {}
resource "random_password" "password" {
length = 4
special = true
numeric = true
lower = true
upper = true
override_special = "_%@" # Optional: customize the set of special characters
}
output "generated_password" {
value = random_password.password.result
sensitive = true
}Expected Behavior
A password that includes at least one each of upper, lower, numeric and special.
Actual Behavior
Generated password is missing both numerics and special characters.
{
"generated_password": {
"sensitive": true,
"type": "string",
"value": "Jprw"
}
}
Steps to Reproduce
terraform apply
You might have to repeat a few times as the process is random. With 4 or 5 characters it is not hard to end up with one that is missing at least one propery.
How much impact is this issue causing?
Low
Logs
No response
Additional Information
No response
Code of Conduct
- I agree to follow this project's Code of Conduct