Assign random passwords while creating multiple Azure Active Directory users with Terraform reading a CSV file

huangapple go评论51阅读模式
英文:

Assign random passwords while creating multiple Azure Active Directory users with Terraform reading a CSV file

问题

I am trying to assign random passwords to multiple AAD users -in a csv file- with Terraform and resources "azuread_user"

First of all, I have this CSV file with some users:

user_name
User1
User2
User3
User4

Following, I read this CSV file using:

  users = csvdecode(file("${path.module}/users.csv"))
}

Then, using "random_password" resource, I am generating a new password:

resource "random_password" "password" {
  length           = 16
  special          = true
  override_special = "!#$%&*()-_=+[]{}<>:?"
}

Next, with "azuread_user" I am trying to create the user with the password generated:

resource "azuread_user" "users" {
  for_each = { for user in local.users : user.first_name => user }

  user_principal_name = format(
    "%s@%s",
    each.value.user_name,
    "mydomain.com"
  )
  password = each.value.password
  display_name = "${each.value.first_name} ${each.value.last_name}";
}

but the problem is that every user has the same password from resource "random_password" "password".

How can I assign a randomly password for each user?

英文:

I am trying to assign random passwords to multiple AAD users -in a csv file- with Terraform and resources "azuread_user"

First of all, I have this CSV file with some users:

user_name
User1
User2
User3
User4

Following, I read this CSV file using:

locals {
  users = csvdecode(file(&quot;${path.module}/users.csv&quot;))
}

Then, using "random_password" resource, I am generating a new password:

resource &quot;random_password&quot; &quot;password&quot; {
  length           = 16
  special          = true
  override_special = &quot;!#$%&amp;*()-_=+[]{}&lt;&gt;:?&quot;
}

Next, with "azuread_user" I am trying to create the user with the password generated:

resource &quot;azuread_user&quot; &quot;users&quot; {
  for_each = { for user in local.users : user.first_name =&gt; user }

  user_principal_name = format(
    &quot;%s@%s&quot;,
    each.value.user_name,
    &quot;mydomain.com&quot;
  )
  password = each.value.password
  display_name = &quot;${each.value.first_name} ${each.value.last_name}&quot;

}

but the problem is that every user has the same password from resource "random_password" "password".

How can I assign a randomly password for each user?

答案1

得分: 0

我尝试以以下方式创建具有随机密码的用户:

locals {
  users = {
    "divv@xxxxxxx.onmicrosoft.com" = { first_name = "John", last_name = "Doe", department = "Marketing Department" },
    "shrav@xxxxxxxxxx.onmicrosoft.com" = { first_name = "Jane", last_name = "Doe", department = "IT Department" }
  }
}

resource "random_password" "passwords" {
  for_each = local.users
  length  = 16
  special = true
}

resource "azuread_user" "users" {
  for_each = local.users

  display_name         = "${each.value.first_name} ${each.value.last_name}"
  mail_nickname        = each.value.first_name
  user_principal_name = each.key
  password            = random_password.passwords[each.key].result
  department = each.value.department
}

为了检查是否生成了随机密码,我将它们存储在 Key Vault 中并进行了检查。它们似乎对不同的用户是不同的。

resource "azurerm_key_vault" "example" {
  name                        = "kavyaexmplekeyvault"
  location                    = data.azurerm_resource_group.example.location
  resource_group_name         = data.azurerm_resource_group.example.name
  enabled_for_disk_encryption = true
  tenant_id                   = data.azurerm_client_config.current.tenant_id
  soft_delete_retention_days  = 7
  purge_protection_enabled    = false

  sku_name = "standard"

  access_policy {
    tenant_id = data.azurerm_client_config.current.tenant_id
    object_id = data.azurerm_client_config.current.object_id

    key_permissions = [
      "Create",
      "Get",
    ]

    secret_permissions = [
      "Set",
      "Get",
      "Delete",
      "Purge",
      "Recover",
      "List"
    ]

    storage_permissions = [
      "Get","Set"
    ]
  }
}

resource "azurerm_key_vault_secret" "password_one" {
  for_each = local.users
  name         = "passwrdone${each.value.first_name}"
  value        =  random_password.passwords[each.key].result
  key_vault_id = azurerm_key_vault.example.id
}

Jane的密码:

Assign random passwords while creating multiple Azure Active Directory users with Terraform reading a CSV file

John的密码:

Assign random passwords while creating multiple Azure Active Directory users with Terraform reading a CSV file

英文:

I tried to create users with random passwords as below:

locals {
  users = {
    &quot;divv@xxxxxxx.onmicrosoft.com&quot; = { first_name = &quot;John&quot;, last_name = &quot;Doe&quot; , department = &quot;Marketing Department&quot; },
    &quot;shrav@xxxxxxxxxx.onmicrosoft.com&quot; = { first_name = &quot;Jane&quot;, last_name = &quot;Doe&quot; , department = &quot;IT Department&quot;}
  }
}


resource &quot;random_password&quot; &quot;passwords&quot; {
  for_each = local.users
  length  = 16
  special = true
}


resource &quot;azuread_user&quot; &quot;users&quot; {
  for_each = local.users

  display_name         = &quot;${each.value.first_name} ${each.value.last_name}&quot;
  mail_nickname        = each.value.first_name
  user_principal_name = each.key
  password            = random_password.passwords[each.key].result
  department = each.value.department
}

Assign random passwords while creating multiple Azure Active Directory users with Terraform reading a CSV file

Assign random passwords while creating multiple Azure Active Directory users with Terraform reading a CSV file

In order to check if random passwords are generated I stored them in keyvault and checked .
They seem to be different for different user.

resource &quot;azurerm_key_vault&quot; &quot;example&quot; {
  name                        = &quot;kavyaexmplekeyvault&quot;
  location                    = data.azurerm_resource_group.example.location
  resource_group_name         = data.azurerm_resource_group.example.name
  enabled_for_disk_encryption = true
  tenant_id                   = data.azurerm_client_config.current.tenant_id
  soft_delete_retention_days  = 7
  purge_protection_enabled    = false

  sku_name = &quot;standard&quot;

  access_policy {
    tenant_id = data.azurerm_client_config.current.tenant_id
    object_id = data.azurerm_client_config.current.object_id

   
    key_permissions = [
      &quot;Create&quot;,
      &quot;Get&quot;,
    ]

    secret_permissions = [
      &quot;Set&quot;,
      &quot;Get&quot;,
      &quot;Delete&quot;,
      &quot;Purge&quot;,
      &quot;Recover&quot;,
      &quot;List&quot;
    ]

    storage_permissions = [
      &quot;Get&quot;,&quot;Set&quot;
    ]
  }
}

resource &quot;azurerm_key_vault_secret&quot; &quot;password_one&quot; {
  for_each = local.users
  name         = &quot;passwrdone${each.value.first_name}&quot;
  value        =  random_password.passwords[each.key].result
  key_vault_id = azurerm_key_vault.example.id
}

Password for jane:

Assign random passwords while creating multiple Azure Active Directory users with Terraform reading a CSV file

Password for john:

Assign random passwords while creating multiple Azure Active Directory users with Terraform reading a CSV file

huangapple
  • 本文由 发表于 2023年2月13日 23:25:03
  • 转载请务必保留本文链接:https://go.coder-hub.com/75437888.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定