Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add word/profanity filter for random_pet #576

Open
1 task done
garretth9 opened this issue May 15, 2024 · 2 comments
Open
1 task done

Add word/profanity filter for random_pet #576

garretth9 opened this issue May 15, 2024 · 2 comments
Labels
enhancement waiting-response Issues or pull requests waiting for an external response

Comments

@garretth9
Copy link

Terraform CLI and Provider Versions

Terraform v1.5.7
on darwin_arm64

  • provider registry.terraform.io/hashicorp/azuread v2.46.0
  • provider registry.terraform.io/hashicorp/random v3.6.0

Use Cases or Problem Statement

In some cases random_pet names may be used in user-facing scenarios. For example we use random_pet to generate initial passwords for certain types of accounts. With the current list of words that are being used by the provider it's possible to generate pets that some would consider inappropriate, such as "primarily-witty-jackass" (a real-world example).

Proposal

A couple possible options.

  1. Add an "excluded_words = list(string)" parameter. If a pet name is generated containing any of these words a new one should be generated instead.
  2. Add an "exclude_profanity = bool" parameter. This could potentially use a libarary such as https://github.com/TwiN/go-away to detect words that could be considered inappropriate without the user needing to manually specify them and generate a new pet name if an inappropriate word is detected.

How much impact is this issue causing?

Low

Additional Information

No response

Code of Conduct

  • I agree to follow this project's Code of Conduct
@garretth9 garretth9 changed the title Add word filter for random_pet Add word/profanity filter for random_pet May 15, 2024
@bflad
Copy link
Contributor

bflad commented May 21, 2024

Hi @garretth9 👋 Thank you for raising this and sorry for the questionable word results out of this resource.

The random_pet resource implementation relies on an upstream Go module, github.com/dustinkirkland/golang-petname, for returning the names. That Go module sources them from another repository and the maintainer seems amenable to removing questionable word results, such as recently here: dustinkirkland/petname#3 -- since maintainer seems responsive and amenable to these sort of requests, this might seem like a preferable resolution path in these cases. Having practitioners determine and implement a skip-list for every resource implementation seems less than ideal in comparison, since practitioners likely will not know what words the generator may return and therefore what to potentially skip. Implementing a separate library to filter results also seems a little heavy-handed when the results list is extremely stable and manually maintained.

Luckily in this case, it seems like "jackass" was removed in a prior change upstream: dustinkirkland/golang-petname@c546b6c

To fix this immediate issue, I propose we go ahead and upgrade the Go module to remove this particular result, cutting a release, and I might suggest you take a look at (or suggesting further changes to) https://github.com/dustinkirkland/petname/ before doing anything more drastic in this codebase.

Does that sound reasonable? Thanks.

bflad added a commit that referenced this issue May 21, 2024
Reference: #576

This update is proposed to remove some questionable words from the upstream generator. It is manually submitted because the dependency does not use semantic versioning and Dependabot sometimes has trouble with commit-based release update suggestions.
@bflad bflad added the waiting-response Issues or pull requests waiting for an external response label May 21, 2024
bflad added a commit that referenced this issue May 21, 2024
Reference: #576

This update is proposed to remove some questionable words from the upstream generator. It is manually submitted because the dependency does not use semantic versioning and Dependabot sometimes has trouble with commit-based release update suggestions.
@bflad
Copy link
Contributor

bflad commented May 21, 2024

For what it's worth, hashicorp/random v3.6.2 is releasing now with that particular example result removed by nature of upgrading the dependency.

@github-actions github-actions bot removed the waiting-response Issues or pull requests waiting for an external response label May 21, 2024
@bflad bflad added the waiting-response Issues or pull requests waiting for an external response label May 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement waiting-response Issues or pull requests waiting for an external response
Projects
None yet
Development

No branches or pull requests

2 participants