Terraform-provider-aws: aws_db_instance.mssqlrds MasterUserPassword wrong error message.

Created on 15 Mar 2019 · 3Comments · Source: hashicorp/terraform-provider-aws

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v0.11.11
provider.aws v1.52.0

Affected Resource(s)

aws_db_instance.mssqlrds

When you provide the MasterUserPassword with wrong symbols the following error appears:

aws_db_instance.mssqlrds: Error creating DB Instance: InvalidParameterValue: The parameter MasterUserPassword is not a valid password. Only printable ASCII characters besides '/', '@', '"', ' ' may be used.

The error is clearly states opposite of what characters are forbidden in password. Neither @ nor / " or space can be used in SQL Server password.

Expected Behavior

The error stating forbidden characters cannot be use should be raised.

Actual Behavior

The error stating forbidden characters are allowed to be use is raised.

Steps to Reproduce

Set the MasterUserPassword for the aws_db_instance.mssqlrds with any of the characters: @ " or /
terraform apply

Important Factoids

None.

References

enhancement good first issue servicrds

Source

ariksu

👍5

Most helpful comment

It seems the error message reads ascii characters besides the special ones are allowed. This seems correct, but it would probably be easier to read if it would just say These characters are not allowed: ... instead.

devinburnette on 23 Mar 2019

👍3

All 3 comments

devinburnette on 23 Mar 2019

👍3

Hi folks 👋 Thank you for your interest in this feature request. After reviewing this more closely, we are hesitant to implement this level of validation for a few reasons, especially due to some current limitations in the Terraform Plugin SDK:

This validation needs to occur at apply-time versus our typical plan-time validations provided by adding ValidateFunc to the schema attribute.
The password requirements within any of the implemented engines can change over time (e.g. older versions being deprecated or newer versions with different restrictions) and it could introduce a manual maintenance burden more so than typical attribute validation.
Given the two items above, implementing this type of validation is no different than allowing the API error to passthrough to the operators, which will always be update to date and seems like the better user experience.

Given those, we are going to opt to close this for now since it is more nuanced than the typical addition of ValidateFunc on a schema attribute.

EDIT: Please note that in the original report, that error messaging is coming from the RDS API response. Any grammar updates would need to occur in the API. If you have improvement requests for the RDS team, please submit an AWS Support case or talk to your AWS Technical Account Manager, if you have one.

bflad on 21 May 2020

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

hashibot[bot] on 21 Jun 2020

Was this page helpful?

0 / 5 - 0 ratings

Related issues

tainting an ecs service and running terraform apply receives Creation of service was not idempotent

hashibot · 3Comments

Provide releases more often

dvishniakov · 3Comments

aws_elasticsearch_domain: vpc_options - subnet_ids asks for list but can only be a single value.

ccslamstack · 3Comments

Feature request: S3 Cross-Region Replication with KMS

modax · 3Comments

Please add support for default values in Cloudwatch Metric Filters

hazmeister · 3Comments