Skip to content
This repository was archived by the owner on Jan 17, 2025. It is now read-only.

Commit dc137eb

Browse files
hoxuhoxu
committed
Partially revert "Use md5 hashing for redshift_user password"
Commit 004a620 Pass the password as-is to Redshift, and let it figure out whether the password is already hashed or needs to be hashed. Allow providing passwords as hashed instead of only plaintext.
1 parent d7bc358 commit dc137eb

File tree

1 file changed

+2
-13
lines changed

1 file changed

+2
-13
lines changed

redshift/resource_redshift_user.go

Lines changed: 2 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,6 @@ package redshift
22

33
import (
44
"context"
5-
"crypto/md5"
65
"database/sql"
76
"fmt"
87
"log"
@@ -187,7 +186,6 @@ func resourceRedshiftUserCreate(db *DBConnection, d *schema.ResourceData) error
187186
{userCreateDBAttr, "CREATEDB", "NOCREATEDB"},
188187
}
189188

190-
userName := d.Get(userNameAttr).(string)
191189
createOpts := make([]string, 0, len(stringOpts)+len(intOpts)+len(boolOpts))
192190
for _, opt := range stringOpts {
193191
v, ok := d.GetOk(opt.hclKey)
@@ -211,7 +209,7 @@ func resourceRedshiftUserCreate(db *DBConnection, d *schema.ResourceData) error
211209
if val != "" {
212210
switch {
213211
case opt.hclKey == userPasswordAttr:
214-
createOpts = append(createOpts, fmt.Sprintf("%s '%s'", opt.sqlKey, md5Password(userName, val)))
212+
createOpts = append(createOpts, fmt.Sprintf("%s '%s'", opt.sqlKey, pqQuoteLiteral(val)))
215213
case opt.hclKey == userValidUntilAttr:
216214
switch {
217215
case v.(string) == "", strings.ToLower(v.(string)) == "infinity":
@@ -245,6 +243,7 @@ func resourceRedshiftUserCreate(db *DBConnection, d *schema.ResourceData) error
245243
createOpts = append(createOpts, valStr)
246244
}
247245

246+
userName := d.Get(userNameAttr).(string)
248247
createStr := strings.Join(createOpts, " ")
249248
sql := fmt.Sprintf("CREATE USER %s WITH %s", pq.QuoteIdentifier(userName), createStr)
250249

@@ -654,13 +653,3 @@ func getDefaultSyslogAccess(d *schema.ResourceData) string {
654653

655654
return defaultUserSyslogAccess
656655
}
657-
658-
// Generates an md5 password for the user.
659-
// Per https://docs.aws.amazon.com/redshift/latest/dg/r_CREATE_USER.html,
660-
// the process is:
661-
// 1. concatenate the password and username
662-
// 2. convert the concatenated string to an md5 hash in hex format
663-
// 3. prefix the result with 'md5' (unquoted)
664-
func md5Password(userName string, password string) string {
665-
return fmt.Sprintf("md5%x", md5.Sum([]byte(fmt.Sprintf("%s%s", password, userName))))
666-
}

0 commit comments

Comments
 (0)