Skip to content

Commit

Permalink
feat(Cloud Databases): Update Database Password Complexity Validation (
Browse files Browse the repository at this point in the history 
…#5701)

* feat(Cloud Databases): Update Database Password Complexity Validation
---------

Co-authored-by: Alex Hemard <[email protected]>
  • Loading branch information
@alexhemard
alexhemard and Alex Hemard authored Dec 13, 2024
1 parent 0e3048b commit 03009cb
Show file tree
Hide file tree
Showing 14 changed files with 167 additions and 144 deletions.
64 changes: 40 additions & 24 deletions .secrets.baseline
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"files": "go.mod|go.sum|.*.map|^.secrets.baseline$",
"lines": null
},
"generated_at": "2024-12-08T16:17:06Z",
"generated_at": "2024-12-12T19:51:17Z",
"plugins_used": [
{
"name": "AWSKeyDetector"
Expand Down Expand Up @@ -842,27 +842,35 @@
"type": "Base64 High Entropy String",
"verified_result": null
},
{
"hashed_secret": "1f7e33de15e22de9d2eaf502df284ed25ca40018",
"is_secret": false,
"is_verified": false,
"line_number": 1581,
"type": "Secret Keyword",
"verified_result": null
},
{
"hashed_secret": "1f614c2eb6b3da22d89bd1b9fd47d7cb7c8fc670",
"is_secret": false,
"is_verified": false,
"line_number": 3540,
"line_number": 3550,
"type": "Secret Keyword",
"verified_result": null
},
{
"hashed_secret": "7abfce65b8504403afc25c9790f358d513dfbcc6",
"is_secret": false,
"is_verified": false,
"line_number": 3553,
"line_number": 3563,
"type": "Secret Keyword",
"verified_result": null
},
{
"hashed_secret": "0c2d85bf9a9b1579b16f220a4ea8c3d62b2e24b1",
"is_secret": false,
"is_verified": false,
"line_number": 3594,
"line_number": 3604,
"type": "Secret Keyword",
"verified_result": null
}
Expand Down Expand Up @@ -2130,30 +2138,30 @@
"hashed_secret": "deab23f996709b4e3d14e5499d1cc2de677bfaa8",
"is_secret": false,
"is_verified": false,
"line_number": 1373,
"line_number": 1311,
"type": "Secret Keyword",
"verified_result": null
},
{
"hashed_secret": "20a25bac21219ffff1904bde871ded4027eca2f8",
"is_secret": false,
"is_verified": false,
"line_number": 1974,
"line_number": 1912,
"type": "Secret Keyword",
"verified_result": null
},
{
"hashed_secret": "b732fb611fd46a38e8667f9972e0cde777fbe37f",
"is_secret": false,
"is_verified": false,
"line_number": 1993,
"line_number": 1931,
"type": "Secret Keyword",
"verified_result": null
}
],
"ibm/service/database/resource_ibm_database_edb_test.go": [
{
"hashed_secret": "2317aa72dafa0a07f05af47baa2e388f95dcf6f3",
"hashed_secret": "6c6728efbf3da1eadeb8c21e829d70f6dfd4bf8d",
"is_secret": false,
"is_verified": false,
"line_number": 278,
Expand All @@ -2163,7 +2171,7 @@
],
"ibm/service/database/resource_ibm_database_elasticsearch_platinum_test.go": [
{
"hashed_secret": "2317aa72dafa0a07f05af47baa2e388f95dcf6f3",
"hashed_secret": "6c6728efbf3da1eadeb8c21e829d70f6dfd4bf8d",
"is_secret": false,
"is_verified": false,
"line_number": 773,
Expand All @@ -2173,7 +2181,7 @@
],
"ibm/service/database/resource_ibm_database_elasticsearch_test.go": [
{
"hashed_secret": "2317aa72dafa0a07f05af47baa2e388f95dcf6f3",
"hashed_secret": "6c6728efbf3da1eadeb8c21e829d70f6dfd4bf8d",
"is_secret": false,
"is_verified": false,
"line_number": 819,
Expand All @@ -2183,7 +2191,7 @@
],
"ibm/service/database/resource_ibm_database_etcd_test.go": [
{
"hashed_secret": "2317aa72dafa0a07f05af47baa2e388f95dcf6f3",
"hashed_secret": "6c6728efbf3da1eadeb8c21e829d70f6dfd4bf8d",
"is_secret": false,
"is_verified": false,
"line_number": 209,
Expand All @@ -2193,15 +2201,15 @@
],
"ibm/service/database/resource_ibm_database_mongodb_enterprise_test.go": [
{
"hashed_secret": "8cbbbfad0206e5953901f679b0d26d583c4f5ffe",
"hashed_secret": "74f75c4c7dc7e33193565dc5c56b7ab6f72db4df",
"is_secret": false,
"is_verified": false,
"line_number": 253,
"type": "Secret Keyword",
"verified_result": null
},
{
"hashed_secret": "2317aa72dafa0a07f05af47baa2e388f95dcf6f3",
"hashed_secret": "6c6728efbf3da1eadeb8c21e829d70f6dfd4bf8d",
"is_secret": false,
"is_verified": false,
"line_number": 318,
Expand All @@ -2219,7 +2227,7 @@
"verified_result": null
},
{
"hashed_secret": "2317aa72dafa0a07f05af47baa2e388f95dcf6f3",
"hashed_secret": "6c6728efbf3da1eadeb8c21e829d70f6dfd4bf8d",
"is_secret": false,
"is_verified": false,
"line_number": 179,
Expand All @@ -2229,7 +2237,7 @@
],
"ibm/service/database/resource_ibm_database_mongodb_test.go": [
{
"hashed_secret": "2317aa72dafa0a07f05af47baa2e388f95dcf6f3",
"hashed_secret": "6c6728efbf3da1eadeb8c21e829d70f6dfd4bf8d",
"is_secret": false,
"is_verified": false,
"line_number": 213,
Expand All @@ -2239,7 +2247,7 @@
],
"ibm/service/database/resource_ibm_database_mysql_test.go": [
{
"hashed_secret": "2317aa72dafa0a07f05af47baa2e388f95dcf6f3",
"hashed_secret": "6c6728efbf3da1eadeb8c21e829d70f6dfd4bf8d",
"is_secret": false,
"is_verified": false,
"line_number": 251,
Expand All @@ -2257,7 +2265,7 @@
"verified_result": null
},
{
"hashed_secret": "2317aa72dafa0a07f05af47baa2e388f95dcf6f3",
"hashed_secret": "6c6728efbf3da1eadeb8c21e829d70f6dfd4bf8d",
"is_secret": false,
"is_verified": false,
"line_number": 568,
Expand All @@ -2267,7 +2275,7 @@
],
"ibm/service/database/resource_ibm_database_rabbitmq_test.go": [
{
"hashed_secret": "2317aa72dafa0a07f05af47baa2e388f95dcf6f3",
"hashed_secret": "6c6728efbf3da1eadeb8c21e829d70f6dfd4bf8d",
"is_secret": false,
"is_verified": false,
"line_number": 224,
Expand All @@ -2277,7 +2285,7 @@
],
"ibm/service/database/resource_ibm_database_redis_test.go": [
{
"hashed_secret": "2317aa72dafa0a07f05af47baa2e388f95dcf6f3",
"hashed_secret": "6c6728efbf3da1eadeb8c21e829d70f6dfd4bf8d",
"is_secret": false,
"is_verified": false,
"line_number": 280,
Expand All @@ -2303,7 +2311,7 @@
"verified_result": null
},
{
"hashed_secret": "d67007844d8f7fbc45ea3b27c4bea0bffafb53a0",
"hashed_secret": "92ec408a50ecf51d35e7d26656a9372e50c06a07",
"is_secret": false,
"is_verified": false,
"line_number": 30,
Expand All @@ -2319,15 +2327,23 @@
"verified_result": null
},
{
"hashed_secret": "dad6fac3e5b6be7bb6f274970b4c50739a7e26ee",
"hashed_secret": "2ca8c980f5947600f2749adb4f177fd357d2df53",
"is_secret": false,
"is_verified": false,
"line_number": 46,
"type": "Secret Keyword",
"verified_result": null
},
{
"hashed_secret": "64034663b9f3ba170ea9281f5e833f93b55f91a1",
"is_secret": false,
"is_verified": false,
"line_number": 62,
"type": "Secret Keyword",
"verified_result": null
},
{
"hashed_secret": "8cbbbfad0206e5953901f679b0d26d583c4f5ffe",
"hashed_secret": "74f75c4c7dc7e33193565dc5c56b7ab6f72db4df",
"is_secret": false,
"is_verified": false,
"line_number": 70,
Expand All @@ -2354,15 +2370,15 @@
"hashed_secret": "1f5e25be9b575e9f5d39c82dfd1d9f4d73f1975c",
"is_secret": false,
"is_verified": false,
"line_number": 165,
"line_number": 166,
"type": "Secret Keyword",
"verified_result": null
},
{
"hashed_secret": "e03932ac8a17ed1819fe161fd253bf323e0e3ec9",
"is_secret": false,
"is_verified": false,
"line_number": 174,
"line_number": 175,
"type": "Secret Keyword",
"verified_result": null
}
Expand Down
15 changes: 10 additions & 5 deletions ibm/service/database/resource_ibm_database.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -215,7 +215,7 @@ func ResourceIBMDatabaseInstance() *schema.Resource {
Type: schema.TypeString,
Optional: true,
ValidateFunc: validation.All(
validation.StringLenBetween(15, 32),
validation.StringLenBetween(15, 72),
DatabaseUserPasswordValidator("database"),
),
Sensitive: true,
Expand Down Expand Up @@ -1882,7 +1882,7 @@ func resourceIBMDatabaseInstanceUpdate(context context.Context, d *schema.Resour
if group.CPU != nil && group.CPU.Allocation*nodeCount != currentGroup.CPU.Allocation {
groupScaling.CPU = &clouddatabasesv5.GroupScalingCPU{AllocationCount: core.Int64Ptr(int64(group.CPU.Allocation * nodeCount))}
}
if group.HostFlavor != nil && group.HostFlavor.ID != currentGroup.HostFlavor.ID {
if group.HostFlavor != nil {
groupScaling.HostFlavor = &clouddatabasesv5.GroupScalingHostFlavor{ID: core.StringPtr(group.HostFlavor.ID)}
}

Expand Down Expand Up @@ -3251,7 +3251,8 @@ func (u *DatabaseUser) ValidatePassword() (err error) {

var allowedCharacters = regexp.MustCompile(fmt.Sprintf("^(?:[a-zA-Z0-9]|%s)+$", specialCharPattern))
var beginWithSpecialChar = regexp.MustCompile(fmt.Sprintf("^(?:%s)", specialCharPattern))
var containsLetter = regexp.MustCompile("[a-zA-Z]")
var containsLower = regexp.MustCompile("[a-z]")
var containsUpper = regexp.MustCompile("[A-Z]")
var containsNumber = regexp.MustCompile("[0-9]")
var containsSpecialChar = regexp.MustCompile(fmt.Sprintf("(?:%s)", specialCharPattern))

Expand All @@ -3265,8 +3266,12 @@ func (u *DatabaseUser) ValidatePassword() (err error) {
"password must not begin with a special character (%s)", specialChars))
}

if !containsLetter.MatchString(u.Password) {
errs = append(errs, errors.New("password must contain at least one letter"))
if !containsLower.MatchString(u.Password) {
errs = append(errs, errors.New("password must contain at least one lower case letter"))
}

if !containsUpper.MatchString(u.Password) {
errs = append(errs, errors.New("password must contain at least one upper case letter"))
}

if !containsNumber.MatchString(u.Password) {
Expand Down
12 changes: 6 additions & 6 deletions ibm/service/database/resource_ibm_database_edb_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -185,7 +185,7 @@ func testAccCheckIBMDatabaseInstanceEDBBasic(databaseResourceGroup string, name
service = "databases-for-enterprisedb"
plan = "standard"
location = "%[3]s"
adminpassword = "password12345678"
adminpassword = "secure-Password12345"
group {
group_id = "member"
host_flavor {
Expand All @@ -199,7 +199,7 @@ func testAccCheckIBMDatabaseInstanceEDBBasic(databaseResourceGroup string, name
tags = ["one:two"]
users {
name = "user123"
password = "password12345678"
password = "secure-Password12345"
}
allowlist {
address = "172.168.1.2/32"
Expand All @@ -226,7 +226,7 @@ func testAccCheckIBMDatabaseInstanceEDBFullyspecified(databaseResourceGroup stri
service = "databases-for-enterprisedb"
plan = "standard"
location = "%[3]s"
adminpassword = "password12345678"
adminpassword = "secure-Password12345"
group {
group_id = "member"
host_flavor {
Expand All @@ -240,11 +240,11 @@ func testAccCheckIBMDatabaseInstanceEDBFullyspecified(databaseResourceGroup stri
tags = ["one:two"]
users {
name = "user123"
password = "password12345678"
password = "secure-Password12345"
}
users {
name = "user124"
password = "password12345678"
password = "secure-Password12345"
}
allowlist {
address = "172.168.1.2/32"
Expand Down Expand Up @@ -275,7 +275,7 @@ func testAccCheckIBMDatabaseInstanceEDBReduced(databaseResourceGroup string, nam
service = "databases-for-enterprisedb"
plan = "standard"
location = "%[3]s"
adminpassword = "password12345678"
adminpassword = "secure-Password12345"
group {
group_id = "member"
host_flavor {
Expand Down
Loading

0 comments on commit 03009cb

Please sign in to comment.