Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

make must_change_password attribute immutable after creation #1422

Merged
merged 3 commits into from
Oct 18, 2024
Merged

make must_change_password attribute immutable after creation #1422

merged 3 commits into from
Oct 18, 2024

Conversation

alegrey91
Copy link
Contributor

@alegrey91 alegrey91 commented Oct 11, 2024
edited
Loading

Issue: rancher/rancher#45736

Problem

Currently, the must_change_password is not immutable. Since rancher doesn't allow to change that option after the user creation, we should handle this from the terraform provider.

Solution

Set the must_change_password attribute as immutable after creation.

Testing

Engineering Testing

Manual Testing

Setup a rancher instance from docker:

sudo docker run --privileged -it --rm -p 8080:80 -p 443:443 rancher/rancher

In order to test this new attribute I've used the following terraform script to ensure the new user had this attribute set:

resource "rancher2_user" "testuser" {
  name     = "Test User"
  username = "testuser"
  password = "password12345"
  must_change_password = true
  enabled     = true
}

# Assign global role bindings to the user (optional)
resource "rancher2_global_role_binding" "new_user_role" {
  user_id       = rancher2_user.testuser.id
  global_role_id = "user-base"
}

Once terraform completed its run, you can login with the new created user testuser.
Once logged in the UI will show the reset password page.

After that, you can change must_change_password attribute, and verify that terraform needs to destroy the resource in order to set the new value.

Automated Testing

QA Testing Considerations

Regressions Considerations

@alegrey91
feat(user): add attribute must_change_password for rancher2_user reso…
79b6a04 
…urce

Signed-off-by: Alessio Greggi <alessio.greggi@suse.com>
@alegrey91
fix: add forcenew option to rancher user resource
2e88e55 
Signed-off-by: Alessio Greggi <alessio.greggi@suse.com>
@alegrey91
Merge branch 'master' into issue/45736
e8784f9
@alegrey91 alegrey91 self-assigned this Oct 11, 2024
@alegrey91 alegrey91 changed the title (reopened) Add must_change_password attribute to rancher2_user resource make must_change_password attribute immutable after creation Oct 11, 2024
@alegrey91 alegrey91 marked this pull request as ready for review October 11, 2024 10:39
@bigkevmcd
Copy link

This change looks fine to me, following @alegrey91's instructions works too.

Checked against.

https://developer.hashicorp.com/terraform/plugin/sdkv2/schemas/schema-behaviors#forcenew

andreas-kupries
andreas-kupries approved these changes Oct 18, 2024
View reviewed changes
Copy link

@andreas-kupries andreas-kupries left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks ok.

@alegrey91 alegrey91 merged commit a37b808 into rancher:master Oct 18, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andreas-kupries andreas-kupries andreas-kupries approved these changes

@bigkevmcd bigkevmcd bigkevmcd approved these changes

Assignees

@alegrey91 alegrey91

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@alegrey91 @bigkevmcd @andreas-kupries