Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

resource/random_password: Fix bcrypt_hash generation #308

Merged
merged 3 commits into from
Sep 6, 2022
Merged

resource/random_password: Fix bcrypt_hash generation #308

merged 3 commits into from
Sep 6, 2022

Conversation

bflad
Copy link
Contributor

@bflad bflad commented Sep 2, 2022
edited
Loading

Closes #307

This change fixes the source of the bcrypt_hash generation to being the result of the random password generation. The issue was introduced in v3.4.0. This also will fix resources with an invalid bcrypt_hash via state upgrade.

Previously:

--- FAIL: TestAccResourcePassword_BcryptHash (0.63s)
    /Users/bflad/src/github.com/hashicorp/terraform-provider-random/internal/provider/resource_password_test.go:107: Step 1/1 error: Check failed: Check 3/3 error: crypto/bcrypt: hashedPassword is not the hash of the given password

Suggested CHANGELOG:

NOTES:

* resource/random_password: If the resource was created between versions 3.4.0 and 3.4.2, the `bcrypt_hash` value would not correctly verify against the `result` value. Affected resources will automatically regenerate a valid `bcrypt_hash` after this upgrade.

BUG FIXES:

* resource/random_password: Fixed incorrect `bcrypt_hash` generation since version 3.4.0

@bflad
resource/random_password: Fix bcrypt_hash generation
a07c5b8 
Reference: #307

This change fixes the source of the `bcrypt_hash` generation to being the result of the random password generation. The issue was introduced in v3.4.0.

Previously:

```
--- FAIL: TestAccResourcePassword_BcryptHash (0.63s)
    /Users/bflad/src/github.com/hashicorp/terraform-provider-random/internal/provider/resource_password_test.go:107: Step 1/1 error: Check failed: Check 3/3 error: crypto/bcrypt: hashedPassword is not the hash of the given password
```

Suggested CHANGELOG:

```
NOTES:

* resource/random_password: If the resource was created between versions 3.4.0 and 3.4.2, the `bcrypt_hash` value will not correctly verify against the `result` value. Use `terraform taint` or `terraform apply -replace` to trigger resource recreation with this version.

BUG FIXES:

* resource/random_password: Fixed incorrect `bcrypt_hash` generation since version 3.4.0
```
@bflad bflad added the bug label Sep 2, 2022
@bflad bflad added this to the v3.4.3 milestone Sep 2, 2022
@bflad bflad requested a review from a team as a code owner September 2, 2022 17:38
@github-actions github-actions bot added the size/M label Sep 2, 2022
@bflad
Copy link
Contributor Author

bflad commented Sep 2, 2022

We can likely detect and fix affected bcrypt_hash values for practitioners automatically via a state upgrader. I will take a swing at that and we can adjust the changelog message accordingly if that can get in.

@github-actions github-actions bot added size/XL and removed size/M labels Sep 2, 2022
bendbennett
bendbennett approved these changes Sep 5, 2022
View reviewed changes
Copy link
Contributor

@bendbennett bendbennett left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@bflad bflad mentioned this pull request Sep 5, 2022
Merged
@bflad bflad merged commit d324547 into main Sep 6, 2022
@bflad bflad deleted the bflad/password-bcrypt-fix branch September 6, 2022 12:48
@github-actions GitHub Actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 27, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@bendbennett bendbennett bendbennett approved these changes

Assignees
No one assigned
Labels
bug size/XL
Projects
None yet
Milestone
v3.4.3
Development

Successfully merging this pull request may close these issues.

random_password.bcrypt_hash is incorrect since 3.4.0
2 participants
@bflad @bendbennett