Assign random passwords while creating multiple Azure Active Directory users with Terraform reading a CSV file

Question

I am trying to assign random passwords to multiple AAD users -in a csv file- with Terraform and resources "azuread_user"

First of all, I have this CSV file with some users:

user_name
User1
User2
User3
User4

Following, I read this CSV file using:

locals {
  users = csvdecode(file("${path.module}/users.csv"))
}

Then, using "random_password" resource, I am generating a new password:

resource "random_password" "password" {
  length           = 16
  special          = true
  override_special = "!#$%&*()-_=+[]{}<>:?"
}

Next, with "azuread_user" I am trying to create the user with the password generated:

resource "azuread_user" "users" {
  for_each = { for user in local.users : user.first_name => user }

  user_principal_name = format(
    "%s@%s",
    each.value.user_name,
    "mydomain.com"
  )
  password = each.value.password
  display_name = "${each.value.first_name} ${each.value.last_name}"

}

but the problem is that every user has the same password from resource "random_password" "password".

How can I assign a randomly password for each user?

Answer 1

I tried to create users with random passwords as below:

locals {
  users = {
    "[email protected]" = { first_name = "John", last_name = "Doe" , department = "Marketing Department" },
    "[email protected]" = { first_name = "Jane", last_name = "Doe" , department = "IT Department"}
  }
}


resource "random_password" "passwords" {
  for_each = local.users
  length  = 16
  special = true
}


resource "azuread_user" "users" {
  for_each = local.users

  display_name         = "${each.value.first_name} ${each.value.last_name}"
  mail_nickname        = each.value.first_name
  user_principal_name = each.key
  password            = random_password.passwords[each.key].result
  department = each.value.department
}

In order to check if random passwords are generated I stored them in keyvault and checked . They seem to be different for different user.

resource "azurerm_key_vault" "example" {
  name                        = "kavyaexmplekeyvault"
  location                    = data.azurerm_resource_group.example.location
  resource_group_name         = data.azurerm_resource_group.example.name
  enabled_for_disk_encryption = true
  tenant_id                   = data.azurerm_client_config.current.tenant_id
  soft_delete_retention_days  = 7
  purge_protection_enabled    = false

  sku_name = "standard"

  access_policy {
    tenant_id = data.azurerm_client_config.current.tenant_id
    object_id = data.azurerm_client_config.current.object_id

   
    key_permissions = [
      "Create",
      "Get",
    ]

    secret_permissions = [
      "Set",
      "Get",
      "Delete",
      "Purge",
      "Recover",
      "List"
    ]

    storage_permissions = [
      "Get","Set"
    ]
  }
}

resource "azurerm_key_vault_secret" "password_one" {
  for_each = local.users
  name         = "passwrdone${each.value.first_name}"
  value        =  random_password.passwords[each.key].result
  key_vault_id = azurerm_key_vault.example.id
}

Password for jane:

Password for john: