[IAM]: Password Policy - Password Char Combination enhancement (#2744)

[IAM]: Password Policy - Password Char Combination enhancement Summary of the Pull Request Added password_char_combination support for resource/opentelekomcloud_identity_password_policy_v3. PR Checklist Refers to: #2700 Tests added/passed. Documentation updated. Schema updated. Release notes added. Acceptance Steps Performed === RUN TestAccIdentityV3Password_basic --- PASS: TestAccIdentityV3Password_basic (44.59s) PASS Process finished with the exit code 0 Reviewed-by: Anton Sidelnikov
opentelekomcloud · Nov 25, 2024 · 0dd95a9 · 0dd95a9
1 parent f6e8b63
commit 0dd95a9
Show file tree

Hide file tree

Showing 6 changed files with 27 additions and 6 deletions.
diff --git a/docs/resources/identity_password_policy_v3.md b/docs/resources/identity_password_policy_v3.md
@@ -26,6 +26,7 @@ cloud to use this resource. Please refer to [User Management Model](https://docs
   +  `number_of_recent_passwords_disallowed` = 1
   +  `password_not_username_or_invert` = true
   +  `password_validity_period` = 0
+  +  `password_char_combination` = 2
 
 ## Example Usage
 
@@ -37,6 +38,7 @@ resource "opentelekomcloud_identity_password_policy_v3" "policy_1" {
   number_of_recent_passwords_disallowed = 0
   password_not_username_or_invert       = true
   password_validity_period              = 179
+  password_char_combination             = 3
 }
 ```
 
@@ -62,6 +64,9 @@ The following arguments are supported:
 * `password_validity_period` - (Optional, Int) Password validity period (days).
   Value range: 0-180. Value 0 indicates that this requirement does not apply.
 
+* `password_char_combination` - (Optional, Int) Minimum number of character types that a password must contain.
+  Value range: 2-4.
+
 
 ## Attribute Reference
 

diff --git a/go.mod b/go.mod
@@ -17,7 +17,7 @@ require (
 	github.com/jmespath/go-jmespath v0.4.0
 	github.com/keybase/go-crypto v0.0.0-20200123153347-de78d2cb44f4
 	github.com/mitchellh/go-homedir v1.1.0
-	github.com/opentelekomcloud/gophertelekomcloud v0.9.4-0.20241122132702-9656a4ef9527
+	github.com/opentelekomcloud/gophertelekomcloud v0.9.4-0.20241125090636-639d0490ef08
 	github.com/unknwon/com v1.0.1
 	golang.org/x/crypto v0.23.0
 	golang.org/x/sync v0.1.0

diff --git a/go.sum b/go.sum
@@ -156,10 +156,8 @@ github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLA
 github.com/nsf/jsondiff v0.0.0-20200515183724-f29ed568f4ce h1:RPclfga2SEJmgMmz2k+Mg7cowZ8yv4Trqw9UsJby758=
 github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw=
 github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
-github.com/opentelekomcloud/gophertelekomcloud v0.9.4-0.20241118132450-dc76c6a2c167 h1:GqhKpfQ3NWgC04oedIjK2QPOkkfHRSZlgLuzqIawAbE=
-github.com/opentelekomcloud/gophertelekomcloud v0.9.4-0.20241118132450-dc76c6a2c167/go.mod h1:M1F6OfSRZRzAmAFKQqSLClX952at5hx5rHe4UTEykgg=
-github.com/opentelekomcloud/gophertelekomcloud v0.9.4-0.20241122132702-9656a4ef9527 h1:XdmNPg09iH+T6SUikh1WT/3BbFBKXGfkuDLgUujyl/k=
-github.com/opentelekomcloud/gophertelekomcloud v0.9.4-0.20241122132702-9656a4ef9527/go.mod h1:M1F6OfSRZRzAmAFKQqSLClX952at5hx5rHe4UTEykgg=
+github.com/opentelekomcloud/gophertelekomcloud v0.9.4-0.20241125090636-639d0490ef08 h1:wG3Uy3CD7vTtjJmqTl4zgqzwK5RzkgIrFcNBj4W3bRg=
+github.com/opentelekomcloud/gophertelekomcloud v0.9.4-0.20241125090636-639d0490ef08/go.mod h1:M1F6OfSRZRzAmAFKQqSLClX952at5hx5rHe4UTEykgg=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=

diff --git a/...telekomcloud/acceptance/iam/resource_opentelekomcloud_identity_password_policy_v3_test.go b/...telekomcloud/acceptance/iam/resource_opentelekomcloud_identity_password_policy_v3_test.go
@@ -32,6 +32,7 @@ func TestAccIdentityV3Password_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(resourcePasswordPolicyName, "minimum_password_age", "0"),
 					resource.TestCheckResourceAttr(resourcePasswordPolicyName, "number_of_recent_passwords_disallowed", "0"),
 					resource.TestCheckResourceAttr(resourcePasswordPolicyName, "password_not_username_or_invert", "true"),
+					resource.TestCheckResourceAttr(resourcePasswordPolicyName, "password_char_combination", "4"),
 				),
 			},
 			{
@@ -44,6 +45,7 @@ func TestAccIdentityV3Password_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(resourcePasswordPolicyName, "minimum_password_age", "0"),
 					resource.TestCheckResourceAttr(resourcePasswordPolicyName, "number_of_recent_passwords_disallowed", "0"),
 					resource.TestCheckResourceAttr(resourcePasswordPolicyName, "password_not_username_or_invert", "true"),
+					resource.TestCheckResourceAttr(resourcePasswordPolicyName, "password_char_combination", "3"),
 				),
 			},
 			{
@@ -106,6 +108,7 @@ resource "opentelekomcloud_identity_password_policy_v3" "pol_1" {
   number_of_recent_passwords_disallowed = 0
   password_not_username_or_invert       = true
   password_validity_period              = 179
+  password_char_combination             = 4
 }
 `
 
@@ -117,5 +120,6 @@ resource "opentelekomcloud_identity_password_policy_v3" "pol_1" {
   number_of_recent_passwords_disallowed = 0
   password_not_username_or_invert       = true
   password_validity_period              = 180
+  password_char_combination             = 3
 }
 `
diff --git a/opentelekomcloud/services/iam/resource_opentelekomcloud_identity_password_policy_v3.go b/opentelekomcloud/services/iam/resource_opentelekomcloud_identity_password_policy_v3.go
@@ -63,6 +63,12 @@ func ResourceIdentityPasswordPolicyV3() *schema.Resource {
 				Computed:     true,
 				ValidateFunc: validation.IntBetween(0, 180),
 			},
+			"password_char_combination": {
+				Type:         schema.TypeInt,
+				Optional:     true,
+				Computed:     true,
+				ValidateFunc: validation.IntBetween(2, 4),
+			},
 			"maximum_password_length": {
 				Type:     schema.TypeInt,
 				Computed: true,
@@ -96,6 +102,7 @@ func resourceIdentityPasswordPolicyV3Create(ctx context.Context, d *schema.Resou
 		NumberOfRecentPasswordsDisallowed: pointerto.Int(d.Get("number_of_recent_passwords_disallowed").(int)),
 		PasswordNotUsernameOrInvert:       pointerto.Bool(d.Get("password_not_username_or_invert").(bool)),
 		PasswordValidityPeriod:            pointerto.Int(d.Get("password_validity_period").(int)),
+		PasswordCharCombination:           pointerto.Int(d.Get("password_char_combination").(int)),
 	}
 	_, err = security.UpdatePasswordPolicy(client, domainID, passPolicyOpts)
 	if err != nil {
@@ -133,6 +140,7 @@ func resourceIdentityPasswordPolicyV3Read(ctx context.Context, d *schema.Resourc
 		d.Set("password_not_username_or_invert", passPolicy.PasswordNotUsernameOrInvert),
 		d.Set("password_validity_period", passPolicy.PasswordValidityPeriod),
 		d.Set("password_requirements", passPolicy.PasswordRequirements),
+		d.Set("password_char_combination", passPolicy.PasswordCharCombination),
 	)
 
 	if err = mErr.ErrorOrNil(); err != nil {
@@ -152,14 +160,15 @@ func resourceIdentityPasswordPolicyV3Update(ctx context.Context, d *schema.Resou
 
 	if d.HasChanges("maximum_consecutive_identical_chars", "minimum_password_age",
 		"minimum_password_length", "number_of_recent_passwords_disallowed",
-		"password_not_username_or_invert", "password_validity_period") {
+		"password_not_username_or_invert", "password_validity_period", "password_char_combination") {
 		passPolicyOpts := security.UpdatePasswordPolicyOpts{
 			MaximumConsecutiveIdenticalChars:  pointerto.Int(d.Get("maximum_consecutive_identical_chars").(int)),
 			MinimumPasswordAge:                pointerto.Int(d.Get("minimum_password_age").(int)),
 			MinimumPasswordLength:             pointerto.Int(d.Get("minimum_password_length").(int)),
 			NumberOfRecentPasswordsDisallowed: pointerto.Int(d.Get("number_of_recent_passwords_disallowed").(int)),
 			PasswordNotUsernameOrInvert:       pointerto.Bool(d.Get("password_not_username_or_invert").(bool)),
 			PasswordValidityPeriod:            pointerto.Int(d.Get("password_validity_period").(int)),
+			PasswordCharCombination:           pointerto.Int(d.Get("password_char_combination").(int)),
 		}
 		_, err = security.UpdatePasswordPolicy(client, d.Id(), passPolicyOpts)
 		if err != nil {
@@ -188,6 +197,7 @@ func resourceIdentityPasswordPolicyV3Delete(ctx context.Context, d *schema.Resou
 			NumberOfRecentPasswordsDisallowed: pointerto.Int(1),
 			PasswordNotUsernameOrInvert:       pointerto.Bool(true),
 			PasswordValidityPeriod:            pointerto.Int(0),
+			PasswordCharCombination:           pointerto.Int(2),
 		})
 	if err != nil {
 		return diag.Errorf("error resetting the IAM account password policy: %s", err)

diff --git a/releasenotes/notes/iam_password_policy-50c9f4fa5fdfb37d.yaml b/releasenotes/notes/iam_password_policy-50c9f4fa5fdfb37d.yaml
@@ -0,0 +1,4 @@
+---
+enhancements:
+  - |
+    **[IAM]** Added `password_char_combination` support for ``resource/opentelekomcloud_identity_password_policy_v3`` (`#2744 <https://github.com/opentelekomcloud/terraform-provider-opentelekomcloud/pull/2744>`_)