fix issue where importing random_string & random_password is not writ…

…ing all defaults into TF state

Co-authored-by: Benjamin Bennett <[email protected]>

CHANGELOG.md

@@ -1,3 +1,10 @@
+## 3.3.2 (unreleased)
+
+BUG FIXES:
+
+* resource/random_password: When importing set defaults for all attributes that have a default defined ([256](https://github.com/hashicorp/terraform-provider-random/pull/256)).
+* resource/random_string: When importing set defaults for all attributes that have a default defined ([256](https://github.com/hashicorp/terraform-provider-random/pull/256)).
+
 ## 3.3.1 (June 07, 2022)
 
 BUG FIXES:

docs/resources/password.md

@@ -1,5 +1,4 @@
 ---
-# generated by https://github.com/hashicorp/terraform-plugin-docs
 page_title: "random_password Resource - terraform-provider-random"
 subcategory: ""
 description: |-
@@ -63,6 +62,66 @@ resource "aws_db_instance" "example" {
 Import is supported using the following syntax:
 
 ```shell
-# Random Password can be imported by specifying the value of the string:
 terraform import random_password.password securepassword
 ```
+
+### Limitations of Import
+
+Any attribute values that are specified within Terraform config will be
+ignored during import and all attributes that have defaults defined within
+the schema will have the default assigned.
+
+For instance, using the following config during import:
+```terraform
+resource "random_password" "password" {
+  length = 16
+  lower  = false
+}
+```
+
+Then importing the resource using `terraform import random_password.password securepassword`,
+would result in the triggering of a replacement (i.e., destroy-create) during the next
+`terraform apply`.
+
+### Avoiding Replacement
+
+If the resource were imported using `terraform import random_password.password securepassword`,
+replacement could be avoided by using:
+
+1. Attribute values that match the imported ID and defaults:
+
+    ```terraform
+    resource "random_password" "password" {
+      length = 14
+      lower  = true
+    }
+    ```
+
+
+2. Attribute values that match the imported ID and omit the attributes with defaults:
+
+    ```terraform
+    resource "random_password" "password" {
+      length = 14
+    }
+    ```
+
+
+3. `ignore_changes` specifying the attributes to ignore:
+
+    ```terraform
+    resource "random_password" "password" {
+      length = 16
+      lower  = false
+
+      lifecycle {
+        ignore_changes = [
+          length,
+          lower,
+        ]
+      }
+    }
+    ```
+
+    **NOTE** `ignore_changes` is only required until the resource is recreated after import,
+    after which it will use the configuration values specified.

docs/resources/string.md

@@ -1,5 +1,4 @@
 ---
-# generated by https://github.com/hashicorp/terraform-plugin-docs
 page_title: "random_string Resource - terraform-provider-random"
 subcategory: ""
 description: |-
@@ -57,6 +56,61 @@ resource "random_string" "random" {
 Import is supported using the following syntax:
 
 ```shell
-# Strings can be imported by just specifying the value of the string:
 terraform import random_string.test test
 ```
+
+### Limitations of Import
+
+Any attribute values that are specified within Terraform config will be
+ignored during import and all attributes that have defaults defined within
+the schema will have the default assigned.
+
+For instance, using the following config during import:
+```terraform
+resource "random_string" "test" {
+  length = 16
+  lower  = false
+}
+```
+
+Then importing the resource using `terraform import random_string.test test`,
+would result in the triggering of a replacement (i.e., destroy-create) during
+the next `terraform apply`.
+
+### Avoiding Replacement
+
+If the resource were imported using `terraform import random_string.test test`,
+replacement can be avoided by using:
+
+1. Attribute values that match the imported ID and defaults:
+    ```terraform
+    resource "random_string" "test" {
+      length = 4
+      lower  = true
+    }
+    ```
+
+2. Attribute values that match the imported ID and omit the attributes with defaults:
+    ```terraform
+    resource "random_string" "test" {
+      length = 4
+    }
+    ```
+
+3. `ignore_changes` specifying the attributes to ignore:
+    ```terraform
+    resource "random_string" "test" {
+      length = 16
+      lower  = false
+
+      lifecycle {
+        ignore_changes = [
+          length,
+          lower,
+        ]
+      }
+    }
+    ```
+
+    **NOTE** `ignore_changes` is only required until the resource is recreated after import,
+    after which it will use the configuration values specified.

examples/resources/random_password/import.sh

@@ -1,2 +1,2 @@
-# Random Password can be imported by specifying the value of the string:
+# Random Password can be imported by specifying the value of the password. 
 terraform import random_password.password securepassword

examples/resources/random_string/import.sh

@@ -1,2 +1,2 @@
-# Strings can be imported by just specifying the value of the string:
+# Random String can be imported by specifying the value of the string. 
 terraform import random_string.test test

internal/provider/resource_password.go

@@ -72,13 +72,32 @@ func createPassword(ctx context.Context, d *schema.ResourceData, meta interface{
 }
 
 func importPasswordFunc(ctx context.Context, d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
+	for k, v := range passwordSchemaV2() {
+		if v.Default == nil {
+			continue
+		}
+		if err := d.Set(k, v.Default); err != nil {
+			return nil, fmt.Errorf("error setting %s: %w", k, err)
+		}
+	}
+
+	for _, key := range []string{"number", "numeric"} {
+		if err := d.Set(key, true); err != nil {
+			return nil, fmt.Errorf("error setting %s: %w", key, err)
+		}
+	}
+
 	val := d.Id()
 	d.SetId("none")
 
 	if err := d.Set("result", val); err != nil {
 		return nil, fmt.Errorf("resource password import failed, error setting result: %w", err)
 	}
 
+	if err := d.Set("length", len(val)); err != nil {
+		return nil, fmt.Errorf("error setting length: %w", err)
+	}
+
 	hash, err := generateHash(val)
 	if err != nil {
 		return nil, fmt.Errorf("resource password import failed, generate hash error: %w", err)

internal/provider/resource_password_test.go

@@ -47,7 +47,7 @@ func TestAccResourcePasswordBasic(t *testing.T) {
 				},
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"bcrypt_hash", "length", "lower", "number", "numeric", "special", "upper", "min_lower", "min_numeric", "min_special", "min_upper", "override_special"},
+				ImportStateVerifyIgnore: []string{"bcrypt_hash"},
 			},
 		},
 	})

internal/provider/resource_string.go

@@ -51,12 +51,31 @@ func resourceString() *schema.Resource {
 }
 
 func importStringFunc(ctx context.Context, d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
+	for k, v := range stringSchemaV2() {
+		if v.Default == nil {
+			continue
+		}
+		if err := d.Set(k, v.Default); err != nil {
+			return nil, fmt.Errorf("error setting %s: %w", k, err)
+		}
+	}
+
+	for _, key := range []string{"number", "numeric"} {
+		if err := d.Set(key, true); err != nil {
+			return nil, fmt.Errorf("error setting %s: %w", key, err)
+		}
+	}
+
 	val := d.Id()
 
 	if err := d.Set("result", val); err != nil {
 		return nil, fmt.Errorf("error setting result: %w", err)
 	}
 
+	if err := d.Set("length", len(val)); err != nil {
+		return nil, fmt.Errorf("error setting length: %w", err)
+	}
+
 	return []*schema.ResourceData{d}, nil
 }
 

internal/provider/resource_string_test.go

@@ -27,10 +27,9 @@ func TestAccResourceString(t *testing.T) {
 				),
 			},
 			{
-				ResourceName:            "random_string.basic",
-				ImportState:             true,
-				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"length", "lower", "number", "numeric", "special", "upper", "min_lower", "min_numeric", "min_special", "min_upper", "override_special"},
+				ResourceName:      "random_string.basic",
+				ImportState:       true,
+				ImportStateVerify: true,
 			},
 		},
 	})

templates/resources/password.md.tmpl

@@ -0,0 +1,85 @@
+---
+page_title: "{{.Name}} {{.Type}} - {{.ProviderName}}"
+subcategory: ""
+description: |-
+{{ .Description | plainmarkdown | trimspace | prefixlines "  " }}
+---
+
+# {{.Name}} ({{.Type}})
+
+{{ .Description | trimspace }}
+
+## Example Usage
+
+{{ tffile "examples/resources/random_password/resource.tf" }}
+
+{{ .SchemaMarkdown | trimspace }}
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import random_password.password securepassword
+```
+
+### Limitations of Import
+
+Any attribute values that are specified within Terraform config will be
+ignored during import and all attributes that have defaults defined within
+the schema will have the default assigned.
+
+For instance, using the following config during import:
+```terraform
+resource "random_password" "password" {
+  length = 16
+  lower  = false
+}
+```
+
+Then importing the resource using `terraform import random_password.password securepassword`,
+would result in the triggering of a replacement (i.e., destroy-create) during the next
+`terraform apply`.
+
+### Avoiding Replacement
+
+If the resource were imported using `terraform import random_password.password securepassword`,
+replacement could be avoided by using:
+
+1. Attribute values that match the imported ID and defaults:
+
+    ```terraform
+    resource "random_password" "password" {
+      length = 14
+      lower  = true
+    }
+    ```
+
+
+2. Attribute values that match the imported ID and omit the attributes with defaults:
+
+    ```terraform
+    resource "random_password" "password" {
+      length = 14
+    }
+    ```
+
+
+3. `ignore_changes` specifying the attributes to ignore:
+
+    ```terraform
+    resource "random_password" "password" {
+      length = 16
+      lower  = false
+
+      lifecycle {
+        ignore_changes = [
+          length,
+          lower,
+        ]
+      }
+    }
+    ```
+
+    **NOTE** `ignore_changes` is only required until the resource is recreated after import,
+    after which it will use the configuration values specified.