jamestoyer
commented
5 years ago After chatting with @dillon-giacoppo, I've made the password field optional.
When you create a new user and don't provide a password, a random one is generated, otherwise the given password is used. If you remove the password from the user, the password in the server does not change but the password is no longer "managed" in Terraform.
Changes to the password on the Artifactory server are still not tracked, but I think for now this is ok
Internally we use a method of creating users that is incompatible with using environment variables to manage the passwords, i.e. Terraform Enterprise. In addition, we need to rotate these passwords periodically and would like Terraform to do this. I know this was discussed in #5, however many other providers do something similar.
If we were worried about knowing if the password has changed in Artifactory, we could use the GetUserEncryptedPassword endpoint to see if things had indeed changed. For now this stores the "known" state of a password and updates it only when the input is updated. The password is hashed so it is not stored in plain text but can be compared for changes. This allows our use case.
Note: This is a breaking change. If this doesn't fit with the long term vision of the provider I'm happy to keep it on an internal fork.