Skip to content

Commit

Permalink
Add password policies
Browse files Browse the repository at this point in the history
  • Loading branch information
alexwilcox9 committed Sep 9, 2021
1 parent c3d29c4 commit 306ec21
Show file tree
Hide file tree
Showing 2 changed files with 60 additions and 2 deletions.
56 changes: 56 additions & 0 deletions internal/services/users/user_resource.go
Original file line number Diff line number Diff line change
Expand Up @@ -209,6 +209,19 @@ func userResource() *schema.Resource {
ValidateFunc: validation.StringLenBetween(1, 256), // Currently the max length for AAD passwords is 256
},

"disable_strong_password": {
Description: "Whether the user is allowed weaker passwords than the default policy to be specified.",
Type: schema.TypeBool,
Optional: true,
Default: false,
},
"disable_password_expiration": {
Description: "Whether the users password is exempt from expiring",
Type: schema.TypeBool,
Optional: true,
Default: false,
},

"postal_code": {
Description: "The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code",
Type: schema.TypeString,
Expand Down Expand Up @@ -367,6 +380,18 @@ func userResourceCreate(ctx context.Context, d *schema.ResourceData, meta interf
mailNickName = strings.Split(upn, "@")[0]
}

passwordPolicies := utils.String("")
disable_strong_password := d.Get("disable_strong_password").(bool)
disable_password_expiration := d.Get("disable_password_expiration").(bool)

if disable_strong_password && (!disable_password_expiration) {
passwordPolicies = utils.String("DisableStrongPassword")
} else if (!disable_strong_password) && disable_password_expiration {
passwordPolicies = utils.String("DisablePasswordExpiration")
} else if disable_strong_password && disable_password_expiration {
passwordPolicies = utils.String("DisablePasswordExpiration, DisableStrongPassword")
}

properties := msgraph.User{
AccountEnabled: utils.Bool(d.Get("account_enabled").(bool)),
AgeGroup: utils.NullableString(d.Get("age_group").(string)),
Expand All @@ -385,6 +410,7 @@ func userResourceCreate(ctx context.Context, d *schema.ResourceData, meta interf
MobilePhone: utils.NullableString(d.Get("mobile_phone").(string)),
OfficeLocation: utils.NullableString(d.Get("office_location").(string)),
OtherMails: tf.ExpandStringSlicePtr(d.Get("other_mails").(*schema.Set).List()),
PasswordPolicies: passwordPolicies,
PostalCode: utils.NullableString(d.Get("postal_code").(string)),
PreferredLanguage: utils.NullableString(d.Get("preferred_language").(string)),
ShowInAddressList: utils.Bool(d.Get("show_in_address_list").(bool)),
Expand Down Expand Up @@ -425,6 +451,18 @@ func userResourceCreate(ctx context.Context, d *schema.ResourceData, meta interf
func userResourceUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
client := meta.(*clients.Client).Users.UsersClient

passwordPolicies := utils.String("")
disable_strong_password := d.Get("disable_strong_password").(bool)
disable_password_expiration := d.Get("disable_password_expiration").(bool)

if disable_strong_password && (!disable_password_expiration) {
passwordPolicies = utils.String("DisableStrongPassword")
} else if (!disable_strong_password) && disable_password_expiration {
passwordPolicies = utils.String("DisablePasswordExpiration")
} else if disable_strong_password && disable_password_expiration {
passwordPolicies = utils.String("DisablePasswordExpiration, DisableStrongPassword")
}

properties := msgraph.User{
DirectoryObject: msgraph.DirectoryObject{
ID: utils.String(d.Id()),
Expand All @@ -445,6 +483,7 @@ func userResourceUpdate(ctx context.Context, d *schema.ResourceData, meta interf
MobilePhone: utils.NullableString(d.Get("mobile_phone").(string)),
OfficeLocation: utils.NullableString(d.Get("office_location").(string)),
OtherMails: tf.ExpandStringSlicePtr(d.Get("other_mails").(*schema.Set).List()),
PasswordPolicies: passwordPolicies,
PostalCode: utils.NullableString(d.Get("postal_code").(string)),
PreferredLanguage: utils.NullableString(d.Get("preferred_language").(string)),
ShowInAddressList: utils.Bool(d.Get("show_in_address_list").(bool)),
Expand Down Expand Up @@ -538,6 +577,23 @@ func userResourceRead(ctx context.Context, d *schema.ResourceData, meta interfac
tf.Set(d, "user_principal_name", user.UserPrincipalName)
tf.Set(d, "user_type", user.UserType)

disable_strong_password := false
disable_password_expiration := false

if user.PasswordPolicies != nil {
policies := strings.Split(*user.PasswordPolicies, ",")
for _, p := range policies {
if strings.EqualFold(strings.TrimSpace(p), "DisableStrongPassword") {
disable_strong_password = true
}
if strings.EqualFold(strings.TrimSpace(p), "DisablePasswordExpiration") {
disable_password_expiration = true
}
}
}
tf.Set(d, "disable_strong_password", disable_strong_password)
tf.Set(d, "disable_password_expiration", disable_password_expiration)

return nil
}

Expand Down
6 changes: 4 additions & 2 deletions internal/services/users/user_resource_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -174,8 +174,10 @@ resource "azuread_user" "test" {
onpremises_immutable_id = "%[1]d"
usage_location = "NO"
password = "%[2]s"
force_password_change = true
password = "%[2]s"
force_password_change = true
disable_strong_password = true
disable_password_expiration = true
age_group = "NotAdult"
business_phones = ["12345678901"]
Expand Down

0 comments on commit 306ec21

Please sign in to comment.