search

hashicorp / terraform-provider-googleworkspace

Terraform Provider for Google Workspace
https://registry.terraform.io/providers/hashicorp/googleworkspace
Mozilla Public License 2.0
132 stars 59 forks source link

Password required to be set on user creation #351

Open jazzlyn opened 2 years ago

jazzlyn commented 2 years ago

Hi there,

Terraform Version

Terraform v1.2.2 on linux_amd64

Affected Resource(s)

Debug Output

Error: Password is required when creating a new user
│ 
│   with module.gworkspace.module.users["example.user"].googleworkspace_user.user,
│   on .terraform/modules/gworkspace/modules/users/main.tf line 14, in resource "googleworkspace_user" "user":
│   14: resource "googleworkspace_user" "user" {

Expected Behavior

Regarding https://registry.terraform.io/providers/hashicorp/googleworkspace/latest/docs/resources/user password should be an optional parameter and that should be the case. Google also provides an option to automatically generate password on creation through their UI.

FYI: I checked the discontinued provider "gsuite" and there is a note about handling passwords, see https://registry.terraform.io/providers/DeviaVir/gsuite/latest/docs/resources/user.

Note the following behaviors regarding passwords:

When running terraform import on a user resource: The password and hash_function fields are ignored.

When running terraform apply with a new user resource in your terraform state:

If the user does not exist in GSuite the following applies: The password field should be set or a secured password will be automatically generated. The hash_function field must be set only if the password field contains a hashed value. The GSuite account will be configured to require password change on next login.

If the user exists in GSuite the following applies: The password and hash_function fields will be ignored.

When running terraform apply with an existing user resource: Empty password and hash_function fields will be ignored.

Actual Behavior

A password is needed at user creation and therefore has to be added to the configuration.

Steps to Reproduce

Create a new user resource and run terraform apply.

Any chance that this behaviour could be changed?

jshcmpbll commented 2 years ago

This is the biggest issue my team has with using this provider. Ideally, the recovery email would be used to send out an invitation to the individual to finish setting up their account and this provider would not touch user passwords at all.

thevino97 commented 2 years ago

Hi this is something i have been looking for, when will this be publicly released. Also will we be able to sent an invitation email to the recovery email to invite a new user to the workspace ?

ivorsmorenburg commented 2 years ago

Very annoying to have to create a "temporal" password to create and invite a new member to the organisation, feels like this it's a missing feature or bug for using "googleworkspace_user".

This its very important feature if we like to use the CasC using this terraform provider.

Can we prioritise this and make another release ASAP?

I think I speak for everyone, this is a blocker!

Maarc-D commented 2 years ago

Hi this is something i have been looking for, when will this be publicly released. Also will we be able to sent an invitation email to the recovery email to invite a new user to the workspace ?

You can add a thumb up to my PR if you want ;) maybe like this it will be taken into account ;)

https://github.com/hashicorp/terraform-provider-googleworkspace/pull/359

ivorsmorenburg commented 2 years ago

So we not going to fix this then right?

chakrit commented 1 year ago

Does this provider have a release schedule of some sort?

This is a BLOCKER, it also prevents you from using for_each with a User block where you source the attributes from an external source (an API from your HR app, or a JSON file, for example) if we set password = it would then be set for the entire org in my case.