fix: prevent auto-update of random_password resource (#446)

ravisiddhu · bharathkkb · renovate[bot] · web-flow · commit ed83b8b67875 · 2023-04-11T08:56:43.000-07:00
Co-authored-by: Bharath KKB &lt;bharathkrishnakb@gmail.com&gt;
Co-authored-by: renovate[bot] &lt;29139614+renovate[bot]@users.noreply.github.com&gt;
Co-authored-by: g-awmalik &lt;malik.awais@gmail.com&gt;
Co-authored-by: Awais Malik &lt;awmalik@google.com&gt;
Co-authored-by: CFT Bot &lt;cloud-foundation-bot@google.com&gt;
diff --git a/modules/mysql/main.tf b/modules/mysql/main.tf
@@ -198,9 +198,15 @@ resource "random_password" "user-password" {
   min_numeric = 1
   min_upper   = 1
   length      = var.password_validation_policy_config != null ? (var.password_validation_policy_config.min_length != null ? var.password_validation_policy_config.min_length + 4 : 32) : 32
-  special     = var.enable_random_password_special ? true : (var.password_validation_policy_config != null ? (var.password_validation_policy_config.complexity != "COMPLEXITY_UNSPECIFIED" ? true : false) : false)
-  min_special = var.enable_random_password_special ? 1 : (var.password_validation_policy_config != null ? (var.password_validation_policy_config.complexity != "COMPLEXITY_UNSPECIFIED" ? 1 : 0) : 0)
+  special     = var.enable_random_password_special ? true : (var.password_validation_policy_config != null ? (var.password_validation_policy_config.complexity == "COMPLEXITY_DEFAULT" ? true : false) : false)
+  min_special = var.enable_random_password_special ? 1 : (var.password_validation_policy_config != null ? (var.password_validation_policy_config.complexity == "COMPLEXITY_DEFAULT" ? 1 : 0) : 0)
   depends_on  = [null_resource.module_depends_on, google_sql_database_instance.default]
+
+  lifecycle {
+    ignore_changes = [
+      min_lower, min_upper, min_numeric
+    ]
+  }
 }
 
 resource "random_password" "additional_passwords" {
@@ -212,9 +218,15 @@ resource "random_password" "additional_passwords" {
   min_numeric = 1
   min_upper   = 1
   length      = var.password_validation_policy_config != null ? (var.password_validation_policy_config.min_length != null ? var.password_validation_policy_config.min_length + 4 : 32) : 32
-  special     = var.enable_random_password_special ? true : (var.password_validation_policy_config != null ? (var.password_validation_policy_config.complexity != "COMPLEXITY_UNSPECIFIED" ? true : false) : false)
-  min_special = var.enable_random_password_special ? 1 : (var.password_validation_policy_config != null ? (var.password_validation_policy_config.complexity != "COMPLEXITY_UNSPECIFIED" ? 1 : 0) : 0)
+  special     = var.enable_random_password_special ? true : (var.password_validation_policy_config != null ? (var.password_validation_policy_config.complexity == "COMPLEXITY_DEFAULT" ? true : false) : false)
+  min_special = var.enable_random_password_special ? 1 : (var.password_validation_policy_config != null ? (var.password_validation_policy_config.complexity == "COMPLEXITY_DEFAULT" ? 1 : 0) : 0)
   depends_on  = [null_resource.module_depends_on, google_sql_database_instance.default]
+
+  lifecycle {
+    ignore_changes = [
+      min_lower, min_upper, min_numeric
+    ]
+  }
 }
 
 resource "google_sql_user" "default" {
diff --git a/modules/postgresql/main.tf b/modules/postgresql/main.tf
@@ -202,9 +202,15 @@ resource "random_password" "user-password" {
   min_numeric = 1
   min_upper   = 1
   length      = var.password_validation_policy_config != null ? (var.password_validation_policy_config.min_length != null ? var.password_validation_policy_config.min_length + 4 : 32) : 32
-  special     = var.enable_random_password_special ? true : (var.password_validation_policy_config != null ? (var.password_validation_policy_config.complexity != "COMPLEXITY_UNSPECIFIED" ? true : false) : false)
-  min_special = var.enable_random_password_special ? 1 : (var.password_validation_policy_config != null ? (var.password_validation_policy_config.complexity != "COMPLEXITY_UNSPECIFIED" ? 1 : 0) : 0)
+  special     = var.enable_random_password_special ? true : (var.password_validation_policy_config != null ? (var.password_validation_policy_config.complexity == "COMPLEXITY_DEFAULT" ? true : false) : false)
+  min_special = var.enable_random_password_special ? 1 : (var.password_validation_policy_config != null ? (var.password_validation_policy_config.complexity == "COMPLEXITY_DEFAULT" ? 1 : 0) : 0)
   depends_on  = [null_resource.module_depends_on, google_sql_database_instance.default]
+
+  lifecycle {
+    ignore_changes = [
+      min_lower, min_upper, min_numeric
+    ]
+  }
 }
 
 resource "random_password" "additional_passwords" {
@@ -216,9 +222,15 @@ resource "random_password" "additional_passwords" {
   min_numeric = 1
   min_upper   = 1
   length      = var.password_validation_policy_config != null ? (var.password_validation_policy_config.min_length != null ? var.password_validation_policy_config.min_length + 4 : 32) : 32
-  special     = var.enable_random_password_special ? true : (var.password_validation_policy_config != null ? (var.password_validation_policy_config.complexity != "COMPLEXITY_UNSPECIFIED" ? true : false) : false)
-  min_special = var.enable_random_password_special ? 1 : (var.password_validation_policy_config != null ? (var.password_validation_policy_config.complexity != "COMPLEXITY_UNSPECIFIED" ? 1 : 0) : 0)
+  special     = var.enable_random_password_special ? true : (var.password_validation_policy_config != null ? (var.password_validation_policy_config.complexity == "COMPLEXITY_DEFAULT" ? true : false) : false)
+  min_special = var.enable_random_password_special ? 1 : (var.password_validation_policy_config != null ? (var.password_validation_policy_config.complexity == "COMPLEXITY_DEFAULT" ? 1 : 0) : 0)
   depends_on  = [null_resource.module_depends_on, google_sql_database_instance.default]
+
+  lifecycle {
+    ignore_changes = [
+      min_lower, min_upper, min_numeric
+    ]
+  }
 }
 
 resource "google_sql_user" "default" {
