fix: updated the logic used to randomly generate the admin password to ensure it does not start with or contain any forbidden characters (#329)

shemau · web-flow · commit ee3fb7b0a954 · 2024-11-20T11:46:18.000Z
diff --git a/solutions/standard/main.tf b/solutions/standard/main.tf
@@ -162,6 +162,14 @@ resource "random_password" "admin_password" {
   min_numeric      = 1
 }
 
+locals {
+  # _- are invalid first characters
+  # if - replace first char with J
+  # elseif _ replace first char with K
+  # else use asis
+  admin_password = startswith(random_password.admin_password[0].result, "-") ? "J${substr(random_password.admin_password[0].result, 1, -1)}" : startswith(random_password.admin_password[0].result, "_") ? "K${substr(random_password.admin_password[0].result, 1, -1)}" : random_password.admin_password[0].result
+}
+
 # create a service authorization between Secrets Manager and the target service (Elastic Search)
 resource "ibm_iam_authorization_policy" "secrets_manager_key_manager" {
   count                       = local.create_sm_auth_policy
@@ -204,7 +212,7 @@ locals {
     }
   ]
 
-  admin_pass = var.admin_pass == null ? random_password.admin_password[0].result : var.admin_pass
+  admin_pass = var.admin_pass == null ? local.admin_password : var.admin_pass
   admin_pass_secret = [{
     secret_group_name     = var.prefix != null && var.admin_pass_sm_secret_group != null ? "${var.prefix}-${var.admin_pass_sm_secret_group}" : var.admin_pass_sm_secret_group
     existing_secret_group = var.use_existing_admin_pass_sm_secret_group
