英文:
Assign random passwords while creating multiple Azure Active Directory users with Terraform reading a CSV file
问题
I am trying to assign random passwords to multiple AAD users -in a csv file- with Terraform and resources "azuread_user"
First of all, I have this CSV file with some users:
user_name
User1
User2
User3
User4
Following, I read this CSV file using:
users = csvdecode(file("${path.module}/users.csv"))
}
Then, using "random_password" resource, I am generating a new password:
resource "random_password" "password" {
length = 16
special = true
override_special = "!#$%&*()-_=+[]{}<>:?"
}
Next, with "azuread_user" I am trying to create the user with the password generated:
resource "azuread_user" "users" {
for_each = { for user in local.users : user.first_name => user }
user_principal_name = format(
"%s@%s",
each.value.user_name,
"mydomain.com"
)
password = each.value.password
display_name = "${each.value.first_name} ${each.value.last_name}";
}
but the problem is that every user has the same password from resource "random_password" "password".
How can I assign a randomly password for each user?
英文:
I am trying to assign random passwords to multiple AAD users -in a csv file- with Terraform and resources "azuread_user"
First of all, I have this CSV file with some users:
user_name
User1
User2
User3
User4
Following, I read this CSV file using:
locals {
users = csvdecode(file("${path.module}/users.csv"))
}
Then, using "random_password" resource, I am generating a new password:
resource "random_password" "password" {
length = 16
special = true
override_special = "!#$%&*()-_=+[]{}<>:?"
}
Next, with "azuread_user" I am trying to create the user with the password generated:
resource "azuread_user" "users" {
for_each = { for user in local.users : user.first_name => user }
user_principal_name = format(
"%s@%s",
each.value.user_name,
"mydomain.com"
)
password = each.value.password
display_name = "${each.value.first_name} ${each.value.last_name}"
}
but the problem is that every user has the same password from resource "random_password" "password".
How can I assign a randomly password for each user?
答案1
得分: 0
我尝试以以下方式创建具有随机密码的用户:
locals {
users = {
"divv@xxxxxxx.onmicrosoft.com" = { first_name = "John", last_name = "Doe", department = "Marketing Department" },
"shrav@xxxxxxxxxx.onmicrosoft.com" = { first_name = "Jane", last_name = "Doe", department = "IT Department" }
}
}
resource "random_password" "passwords" {
for_each = local.users
length = 16
special = true
}
resource "azuread_user" "users" {
for_each = local.users
display_name = "${each.value.first_name} ${each.value.last_name}"
mail_nickname = each.value.first_name
user_principal_name = each.key
password = random_password.passwords[each.key].result
department = each.value.department
}
为了检查是否生成了随机密码,我将它们存储在 Key Vault 中并进行了检查。它们似乎对不同的用户是不同的。
resource "azurerm_key_vault" "example" {
name = "kavyaexmplekeyvault"
location = data.azurerm_resource_group.example.location
resource_group_name = data.azurerm_resource_group.example.name
enabled_for_disk_encryption = true
tenant_id = data.azurerm_client_config.current.tenant_id
soft_delete_retention_days = 7
purge_protection_enabled = false
sku_name = "standard"
access_policy {
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = data.azurerm_client_config.current.object_id
key_permissions = [
"Create",
"Get",
]
secret_permissions = [
"Set",
"Get",
"Delete",
"Purge",
"Recover",
"List"
]
storage_permissions = [
"Get","Set"
]
}
}
resource "azurerm_key_vault_secret" "password_one" {
for_each = local.users
name = "passwrdone${each.value.first_name}"
value = random_password.passwords[each.key].result
key_vault_id = azurerm_key_vault.example.id
}
Jane的密码:
John的密码:
英文:
I tried to create users with random passwords as below:
locals {
users = {
"divv@xxxxxxx.onmicrosoft.com" = { first_name = "John", last_name = "Doe" , department = "Marketing Department" },
"shrav@xxxxxxxxxx.onmicrosoft.com" = { first_name = "Jane", last_name = "Doe" , department = "IT Department"}
}
}
resource "random_password" "passwords" {
for_each = local.users
length = 16
special = true
}
resource "azuread_user" "users" {
for_each = local.users
display_name = "${each.value.first_name} ${each.value.last_name}"
mail_nickname = each.value.first_name
user_principal_name = each.key
password = random_password.passwords[each.key].result
department = each.value.department
}
In order to check if random passwords are generated I stored them in keyvault and checked .
They seem to be different for different user.
resource "azurerm_key_vault" "example" {
name = "kavyaexmplekeyvault"
location = data.azurerm_resource_group.example.location
resource_group_name = data.azurerm_resource_group.example.name
enabled_for_disk_encryption = true
tenant_id = data.azurerm_client_config.current.tenant_id
soft_delete_retention_days = 7
purge_protection_enabled = false
sku_name = "standard"
access_policy {
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = data.azurerm_client_config.current.object_id
key_permissions = [
"Create",
"Get",
]
secret_permissions = [
"Set",
"Get",
"Delete",
"Purge",
"Recover",
"List"
]
storage_permissions = [
"Get","Set"
]
}
}
resource "azurerm_key_vault_secret" "password_one" {
for_each = local.users
name = "passwrdone${each.value.first_name}"
value = random_password.passwords[each.key].result
key_vault_id = azurerm_key_vault.example.id
}
Password for jane:
Password for john:
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论