marrobi
commented
2 years ago This could be a reset credentials custom action?
Closed martinpeck closed 2 years ago
marrobi
commented
2 years ago This could be a reset credentials custom action?
martinpeck
commented
2 years ago @marrobi : any chance you could change/update the title/description on this one to explain which password we're focusing on here. I assume it's related to the Guac virtual desktops.
jjgriff93
commented
2 years ago @martinpeck @marrobi currently custom actions don't accept any parameters (i.e. a new password string) - I'm not aware of any reset method for a VM that doesn't mean entering a new replacement password there and then be it in CLI/PS or portal, are you aware of any? Happy to implement parameters in custom actions as a dependency, just wanted to point out the scope of this might be bigger than initially thought
marrobi
commented
2 years ago Can a new password not be generated and the VM and KV updated?
The password is created in the first place by TF, not by user input.
Maybe taint the secret and run an TF apply?
jjgriff93
commented
2 years ago Right I'm with you, yes that should work!
At present the VM password is created and stored in Key Vault This is likely to expire at some point in the future, or the local password may be reset by the user meaning the stored password an actual password differ.
A user needs to be able to reset their password in these scenarios.