From 6c5a01c15714c36d95afbd48429b808f7a0eb164 Mon Sep 17 00:00:00 2001 From: lpbedard Date: Mon, 17 Jul 2017 08:23:27 -0400 Subject: [PATCH] Features/cloudinfra 141 (#4) * Some adjustments following review And resuscitate the branch that should not have been closed :-) * Use the crypto/rand instead of math/rand - fix documentation --- Makefile | 8 +++++++- README.md | 18 ++++-------------- resource_quantum_password.go | 33 ++++++++++++++++++++++----------- 3 files changed, 33 insertions(+), 26 deletions(-) diff --git a/Makefile b/Makefile index 35ff577..ce33a0e 100644 --- a/Makefile +++ b/Makefile @@ -12,4 +12,10 @@ build: terraform-provider-quantum .PHONY: install install: terraform-provider-quantum - mv terraform-provider-quantum $(shell dirname $(shell which terraform)) \ No newline at end of file + mv terraform-provider-quantum $(shell dirname $(shell which terraform)) + +.PHONY: deploy +deploy: + GOARCH=amd64 GOOS=linux go build -o .pkg/terraform-provider-quantum_linux_x64 + GOARCH=amd64 GOOS=darwin go build -o .pkg/terraform-provider-quantum_darwin_x64 + GOARCH=amd64 GOOS=windows go build -o .pkg/terraform-provider-quantum_x64.exe diff --git a/README.md b/README.md index 06bab88..3730681 100644 --- a/README.md +++ b/README.md @@ -46,28 +46,18 @@ data.quantum_list_files.data_files.files = ["./data/file1.txt", "./data/file2.do ### quantum_password -This resource will generate a password with lowercase, uppercase, numbers and special characters mathing the specified `length`. It will also rotate the password every `'n'` days based on the `expires_in_days` attribute. +This resource will generate a password with lowercase, uppercase, numbers and special characters mathing the specified `length`. It will also rotate the password every `'n'` days based on the `rotation` attribute. #### Example Usage -Generates a rnadom password to be used by other resources +Generates a random password to be used by other resources ```hcl resource "quantum_password" "rds_backup_db_password" { - length = 10 - expires_in_days = 90 + length = 10 + rotation = 90 } ``` - -The output will look like this: - -```sh -+ quantum_password.rds_backup_db_password - created_at: "" - expires_in_days: "90" - password: "" -``` - #### Argument Reference - `length` - (Optional) - Password length [default `20`] diff --git a/resource_quantum_password.go b/resource_quantum_password.go index 9e644ba..9ece7d1 100644 --- a/resource_quantum_password.go +++ b/resource_quantum_password.go @@ -2,16 +2,18 @@ package main import ( "crypto/md5" + "crypto/rand" "encoding/hex" "fmt" "log" - "math/rand" - "strings" + "math/big" "time" "github.com/hashicorp/terraform/helper/schema" ) +const minimumCharsPerCategory = 2 + func resourceQuantumPassword() *schema.Resource { return &schema.Resource{ Create: resourceQuantumPasswordCreate, @@ -65,7 +67,6 @@ func update(d *schema.ResourceData, update bool) error { // Get parameters args := getQuantumPasswordArgs(d) - var err error t, err := time.Parse(time.RFC3339, args.lastUpdate) if err != nil { log.Printf("Unable to parse the last generation date (%s), resetting password", args.lastUpdate) @@ -100,16 +101,22 @@ func update(d *schema.ResourceData, update bool) error { } func generatePassword(args *QuantumPasswordArgs) (string, *time.Time, error) { - rand.Seed(int64(time.Now().Nanosecond())) - if args.length < len(categories) { return "", nil, fmt.Errorf("The password must be at least %d chars long", len(categories)) } var password string for i := 0; i < args.length; i++ { - chars := categories[i%len(categories)] - password += string(chars[rand.Intn(len(chars))]) + var group int + if i < len(categories)*minimumCharsPerCategory { + // We take at least a minimum number of characters of each categories + group = i % len(categories) + } else { + // Afterwhile, we pick them randomly + group = randInt(len(categories)) + } + chars := categories[group] + password += string(chars[randInt(len(chars))]) } generated := time.Now() @@ -117,16 +124,20 @@ func generatePassword(args *QuantumPasswordArgs) (string, *time.Time, error) { } func shuffle(password string) string { - rand.Seed(int64(time.Now().Nanosecond())) - arr := strings.Split(password, "") + arr := []byte(password) for i := 0; i < len(arr); i++ { - j := rand.Intn(len(arr)) + j := randInt(len(arr)) arr[i], arr[j] = arr[j], arr[i] } - return strings.Join(arr, "") + return string(arr) +} + +func randInt(length int) int { + i, _ := rand.Int(rand.Reader, big.NewInt(int64(length))) + return int(i.Int64()) } func getQuantumPasswordArgs(d *schema.ResourceData) *QuantumPasswordArgs {