fix import for random_string & random_password resource

[wakeful]

What's the problem

when I try to use terraform import with random_string or random_password resource terraform is always trying to recreate the object, terraform.tfstate state file contains null elements instead the default ones.

this problem was also reported by other - #106 and #119

How to reproduce?

Create a new .tf file with content

resource "random_string" "test" {
 length = 4
}

resource "random_password" "password" {
  length = 14
}

and run import statement e.q.

$ terraform import random_password.password securepassword
random_password.password: Importing from ID "securepassword"...
random_password.password: Import prepared!
  Prepared random_password for import
random_password.password: Refreshing state... [id=none]

Import successful!

The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.


$ terraform import random_string.test test
random_string.test: Importing from ID "test"...
random_string.test: Import prepared!
  Prepared random_string for import
random_string.test: Refreshing state... [id=test]

Import successful!

The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.

Result?

running plan is trying to replace the existing objects

$ terraform plan
random_password.password: Refreshing state... [id=none]
random_string.test: Refreshing state... [id=test]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # random_password.password must be replaced
-/+ resource "random_password" "password" {
      ~ bcrypt_hash = (sensitive value)
      ~ id          = "none" -> (known after apply)
      + length      = 14 # forces replacement
      + lower       = true # forces replacement
      + min_lower   = 0 # forces replacement
      + min_numeric = 0 # forces replacement
      + min_special = 0 # forces replacement
      + min_upper   = 0 # forces replacement
      + number      = true # forces replacement
      ~ result      = (sensitive value)
      + special     = true # forces replacement
      + upper       = true # forces replacement
    }

  # random_string.test must be replaced
-/+ resource "random_string" "test" {
      ~ id          = "test" -> (known after apply)
      + length      = 4 # forces replacement
      + lower       = true # forces replacement
      + min_lower   = 0 # forces replacement
      + min_numeric = 0 # forces replacement
      + min_special = 0 # forces replacement
      + min_upper   = 0 # forces replacement
      + number      = true # forces replacement
      ~ result      = "test" -> (known after apply)
      + special     = true # forces replacement
      + upper       = true # forces replacement
    }

Plan: 2 to add, 0 to change, 2 to destroy.

Expected result?

$ terraform plan

random_string.test: Refreshing state... [id=test]
random_password.password: Refreshing state... [id=none]

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed.

terraform.tfstate without my change

{
  "version": 4,
  "terraform_version": "1.2.0",
  "serial": 2,
  "lineage": "4adedd74-eb91-8bbc-afdc-91646ac5c129",
  "outputs": {},
  "resources": [
    {
      "mode": "managed",
      "type": "random_password",
      "name": "password",
      "provider": "provider[\"registry.terraform.io/hashicorp/random\"]",
      "instances": [
        {
          "schema_version": 1,
          "attributes": {
            "bcrypt_hash": "$2a$10$gSUJVtd.2eIJ.JETLDjTpuRNRBK3NqpGzoAgM2k3hGd6u4tVOGDvC",
            "id": "none",
            "keepers": null,
            "length": null,
            "lower": null,
            "min_lower": null,
            "min_numeric": null,
            "min_special": null,
            "min_upper": null,
            "number": null,
            "override_special": null,
            "result": "securepassword",
            "special": null,
            "upper": null
          },
          "sensitive_attributes": [],
          "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ=="
        }
      ]
    },
    {
      "mode": "managed",
      "type": "random_string",
      "name": "test",
      "provider": "provider[\"registry.terraform.io/hashicorp/random\"]",
      "instances": [
        {
          "schema_version": 1,
          "attributes": {
            "id": "test",
            "keepers": null,
            "length": null,
            "lower": null,
            "min_lower": null,
            "min_numeric": null,
            "min_special": null,
            "min_upper": null,
            "number": null,
            "override_special": null,
            "result": "test",
            "special": null,
            "upper": null
          },
          "sensitive_attributes": [],
          "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ=="
        }
      ]
    }
  ]
}

[hashicorp-cla]

All committers have signed the CLA.

[bendbennett]

Hi @wakeful and thank you for submitting this PR.

Overall the changes look good.
Would you be able to:

• Rebase on main
• Amend the tests (see below)
• Update the CHANGELOG.md
• Amend the comments in /examples/resources/random_password/import.sh and /examples/resources/random_string/import.sh to reflect the change in behaviour and regenerate the docs (i.e., make generate)

Tests

TestAccResourcePasswordBasic
Remove all items except bcrypt_hash from ImportStateVerifyIgnore

ImportStateVerifyIgnore: []string{"bcrypt_hash"},

TestAccResourceString
Remove ImportStateVerifyIgnore

[wakeful]

hi @bendbennett

as requested:

• Rebase on main
• Amend the tests
• Update the CHANGELOG.md
• Amend the comments in ... - this is not required as there is no change in the importing / usage logic

[bendbennett]

Hi @wakeful thank you for making those updates.

I think it might be useful to update the comments in /examples/resources/random_password/import.sh and /examples/resources/random_string/import.sh to reflect that the behaviour of import has been altered (i.e., all attributes that have default values will have these defaults assigned during import). These comments will then be visible to practitioners under https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password#import and https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string#import

[wakeful]

hey @bendbennett

import doc where updated,

could you help me fix the broken test? TestAccResourceString

[bendbennett]

Think the changes in importPasswordFunc and importStringFunc should fix the issues with the tests.

Have left a couple of other minor suggestions.

Thanks for your continuing input on this.

[wakeful]

👋 @bendbennett

thanks for your suggestions 👍
everything should now be in place can you take another look?

[bendbennett]

@wakeful looks good. Thank you for making the changes.

Only comment I have is to alter the CHANGELOG.md to reflect that these changes are not yet released.

[wakeful]

CHANGELOG.md updated,

thanks for you help @bendbennett

[bendbennett]

Closes #106
Closes #119

[detro]

Left a suggestion, but overall I think this is 👍

[detro]

I initially approved, but then thought of a potential issue where a value set manually before import, would end up overridden by .Default.

[bendbennett]

@wakeful I've added comments to the import.sh for random_password and random_string to try and document the behaviour during import.

[bendbennett]

@wakeful I've attached a couple of templates for use in generating docs relating to imports - resources.zip.

If you expand this and drop the resources directory into the /templates dir and run make generate it should update password.md and string.md with markdown that'll be more practitioner-friendly.

[bendbennett]

@wakeful are you happy to adopt the last set of suggested changes?

[wakeful]

hey @bendbennett

all updated please check again - sorry for the delays, I needed to concentrate on my day to day job.

[bendbennett]

@wakeful thank you for your continuing efforts on this PR.
I think we're getting close now.

[wakeful]

Hi @bendbennett

I think all is done now :)

[bendbennett]

@wakeful nice job! Think we're there. Thank you for your work on this.

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.