terraform-provider-googleworkspace
terraform-provider-googleworkspace copied to clipboard
hashicorp
Password required to be set on user creation
Hi there,
Terraform Version
Terraform v1.2.2 on linux_amd64
- provider registry.terraform.io/hashicorp/google v3.66.1
- provider registry.terraform.io/hashicorp/googleworkspace v0.7.0
Affected Resource(s)
- googleworkspace_user
Debug Output
Error: Password is required when creating a new user
│
│ with module.gworkspace.module.users["example.user"].googleworkspace_user.user,
│ on .terraform/modules/gworkspace/modules/users/main.tf line 14, in resource "googleworkspace_user" "user":
│ 14: resource "googleworkspace_user" "user" {
Expected Behavior
Regarding https://registry.terraform.io/providers/hashicorp/googleworkspace/latest/docs/resources/user password should be an optional parameter and that should be the case. Google also provides an option to automatically generate password on creation through their UI.
FYI: I checked the discontinued provider "gsuite" and there is a note about handling passwords, see https://registry.terraform.io/providers/DeviaVir/gsuite/latest/docs/resources/user.
Note the following behaviors regarding passwords:
When running terraform import on a user resource: The password and hash_function fields are ignored.
When running terraform apply with a new user resource in your terraform state:
If the user does not exist in GSuite the following applies: The password field should be set or a secured password will be automatically generated. The hash_function field must be set only if the password field contains a hashed value. The GSuite account will be configured to require password change on next login.
If the user exists in GSuite the following applies: The password and hash_function fields will be ignored.
When running terraform apply with an existing user resource: Empty password and hash_function fields will be ignored.
Actual Behavior
A password is needed at user creation and therefore has to be added to the configuration.
Steps to Reproduce
Create a new user resource and run terraform apply.
Any chance that this behaviour could be changed?
This is the biggest issue my team has with using this provider. Ideally, the recovery email would be used to send out an invitation to the individual to finish setting up their account and this provider would not touch user passwords at all.
Hi this is something i have been looking for, when will this be publicly released. Also will we be able to sent an invitation email to the recovery email to invite a new user to the workspace ?
Very annoying to have to create a "temporal" password to create and invite a new member to the organisation, feels like this it's a missing feature or bug for using "googleworkspace_user".
This its very important feature if we like to use the CasC using this terraform provider.
Can we prioritise this and make another release ASAP?
I think I speak for everyone, this is a blocker!
Hi this is something i have been looking for, when will this be publicly released. Also will we be able to sent an invitation email to the recovery email to invite a new user to the workspace ?
You can add a thumb up to my PR if you want ;) maybe like this it will be taken into account ;)
https://github.com/hashicorp/terraform-provider-googleworkspace/pull/359
Does this provider have a release schedule of some sort?
This is a BLOCKER, it also prevents you from using for_each with a User block where you source the attributes from an external source (an API from your HR app, or a JSON file, for example) if we set password = it would then be set for the entire org in my case.
