feat(module): add random_password/default/1.0

[ishaankalra]

Summary

• Adds a new random_password/default/1.0 module using the hashicorp/random provider
• Registers a new output type @facets/random_password with a sensitive result attribute
• Exports the generated password as a sensitive string attribute consumable by downstream modules

Spec Fields

Field	Type	Default	Description
length	number	16	Password length (8–128)
special	boolean	true	Include special characters
upper	boolean	true	Include uppercase letters
numeric	boolean	true	Include numeric characters

Output

Attribute	Type	Sensitive
result	string	yes

Validation

• raptor module validate — all checks pass
• raptor create iac-module --dry-run — all validations pass

Summary by CodeRabbit

• New Features
  • Added random password generation capability with configurable options including password length (8-128 characters), numeric characters, special characters, and uppercase letters. Available for GCP and AWS EKS deployments.

[coderabbitai]

Walkthrough

A new Terraform module for random password generation is introduced, comprising configuration files, input variables, resource definitions, and output specifications. The module accepts configurable parameters for password length and character types.

Changes

Cohort / File(s)	Summary
Random Password Module modules/random_password/default/1.0/.terraform.lock.hcl, modules/random_password/default/1.0/facets.yaml, modules/random_password/default/1.0/main.tf, modules/random_password/default/1.0/outputs.tf, modules/random_password/default/1.0/variables.tf	New Terraform module for password generation with configurable length (8–128 characters, default 16) and character types (numeric, special, uppercase). Includes provider lock file, facet specification with GCP/AWS-EKS metadata, resource definition using hashicorp/random provider v3.8.1, module input variables, and output binding for the generated password result.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main change: adding a new random_password module at version 1.0 with default flavor.
Description check	✅ Passed	The description includes a clear summary of changes, spec fields, output details, and validation confirmation, but lacks structured sections matching the repository template.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch module/random_password-default-1.0

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 Trivy (0.69.3)

Trivy execution failed: Unknown error

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

modules/random_password/default/1.0/main.tf (1)

16-22: Consider adding lower parameter for completeness.

The module exposes upper, numeric, and special but not lower (lowercase letters). The random_password resource defaults lower = true, which is fine for most cases, but exposing it would give users full control over character sets.

This is optional since lowercase letters are almost always desired in passwords.

♻️ Optional: Add lower parameter

In locals block:

  numeric = lookup(local.spec, "numeric", true)
+ lower   = lookup(local.spec, "lower", true)

In resource block:

  numeric          = local.numeric
+ lower            = local.lower

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/random_password/default/1.0/main.tf` around lines 16 - 22, Add a new
"lower" parameter to the module so callers can control lowercase characters:
update the locals block to include lower = lookup(local.spec, "lower", true)
(matching existing pattern for length/special/upper/numeric) and wire that local
into the random_password resource's lower attribute (alongside
upper/numeric/special) so the resource uses the exposed value; also add
corresponding docs/variable handling where you populate var.instance.spec to
document the new option.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@modules/random_password/default/1.0/facets.yaml`:
- Around line 19-21: The module's facet metadata is inconsistent: the YAML
"clouds" key currently lists only "gcp" while "x-project-type" is set to
"aws-eks"; update the "clouds" array to be cloud-agnostic (e.g.,
["aws","gcp","azure","kubernetes"]) to match other cloud-agnostic modules and
either remove or clear the "x-project-type" field if AWS EKS is not applicable.
Locate the "clouds" key and "x-project-type" field in the facets.yaml for the
random provider and replace the single-entry "gcp" list with the multi-cloud
list (or delete "x-project-type") so the metadata accurately reflects the
provider's cloud-agnostic scope.

---

Nitpick comments:
In `@modules/random_password/default/1.0/main.tf`:
- Around line 16-22: Add a new "lower" parameter to the module so callers can
control lowercase characters: update the locals block to include lower =
lookup(local.spec, "lower", true) (matching existing pattern for
length/special/upper/numeric) and wire that local into the random_password
resource's lower attribute (alongside upper/numeric/special) so the resource
uses the exposed value; also add corresponding docs/variable handling where you
populate var.instance.spec to document the new option.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 3d8187fb-5e67-4a50-bbac-2cbcb9cc58a9

📥 Commits

Reviewing files that changed from the base of the PR and between 3533638 and 3136540.

📒 Files selected for processing (5)

• modules/random_password/default/1.0/.terraform.lock.hcl
• modules/random_password/default/1.0/facets.yaml
• modules/random_password/default/1.0/main.tf
• modules/random_password/default/1.0/outputs.tf
• modules/random_password/default/1.0/variables.tf

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check how other cloud-agnostic modules handle clouds/x-project-type
rg -l "hashicorp/random" --type hcl | head -5 | xargs -I{} dirname {} | xargs -I{} cat {}/facets.yaml 2>/dev/null | grep -A2 "clouds:"

Repository: Facets-cloud/facets-modules

Length of output: 98

---

🏁 Script executed:

# First, let's find and examine the specific file
find . -path "*modules/random_password/default/1.0/facets.yaml" -type f

Repository: Facets-cloud/facets-modules

Length of output: 120

---

🏁 Script executed:

# Also check the overall repository structure to understand the module format
ls -la modules/ | head -20

Repository: Facets-cloud/facets-modules

Length of output: 1283

---

🏁 Script executed:

# Search for other modules that use hashicorp/random provider
find modules -name "facets.yaml" -type f | xargs grep -l "hashicorp/random" | head -10

Repository: Facets-cloud/facets-modules

Length of output: 53

---

🏁 Script executed:

cat -n ./modules/random_password/default/1.0/facets.yaml

Repository: Facets-cloud/facets-modules

Length of output: 2602

---

🏁 Script executed:

# Search for all modules with 'clouds:' to see the pattern
find modules -name "facets.yaml" -type f | xargs grep -B2 -A2 "clouds:" | head -50

Repository: Facets-cloud/facets-modules

Length of output: 3036

---

🏁 Script executed:

# Check how many modules use aws-eks as x-project-type
find modules -name "facets.yaml" -type f | xargs grep -l "aws-eks" | wc -l

Repository: Facets-cloud/facets-modules

Length of output: 72

---

🏁 Script executed:

# Find modules with multiple cloud support (more likely cloud-agnostic)
find modules -name "facets.yaml" -type f | xargs grep -l "clouds:" | while read f; do
  clouds=$(grep -A5 "^clouds:" "$f" | grep "^\s*-" | wc -l)
  [ "$clouds" -gt 1 ] && echo "$f ($clouds clouds)"
done | head -20

Repository: Facets-cloud/facets-modules

Length of output: 1190

---

🏁 Script executed:

# Check for modules with no x-project-type specified (to understand the pattern)
find modules -name "facets.yaml" -type f | while read f; do
  if ! grep -q "x-project-type:" "$f"; then
    echo "$f"
  fi
done | head -10

Repository: Facets-cloud/facets-modules

Length of output: 531

---

🏁 Script executed:

# Look for documentation or schema definition
find . -name "*.md" -o -name "*.txt" -o -name "schema*" | xargs grep -l "x-project-type\|clouds" 2>/dev/null | head -5

Repository: Facets-cloud/facets-modules

Length of output: 314

---

🏁 Script executed:

# Check what x-project-type values exist across all modules
find modules -name "facets.yaml" -type f | xargs grep "x-project-type:" | cut -d':' -f2 | sort | uniq -c

Repository: Facets-cloud/facets-modules

Length of output: 93

---

🏁 Script executed:

# Look at a cloud-agnostic module like alert_group to see its pattern
cat modules/alert_group/default/0.1/facets.yaml | grep -A10 "^clouds:"

Repository: Facets-cloud/facets-modules

Length of output: 201

---

🏁 Script executed:

# Check if random_password has any provider info that could explain its configuration
cat modules/random_password/default/1.0/facets.yaml | grep -i "provider\|resource"

Repository: Facets-cloud/facets-modules

Length of output: 53

---

Fix cloud and project-type configuration for cloud-agnostic provider.

The module declares clouds: [gcp] but x-project-type: aws-eks, which is inconsistent. The random provider is cloud-agnostic and should support all major clouds. This configuration incorrectly restricts the module to GCP while also claiming AWS EKS support. Update to clouds: [aws, gcp, azure, kubernetes] to match other cloud-agnostic modules in the repository, or remove the x-project-type field if it's not applicable.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@modules/random_password/default/1.0/facets.yaml` around lines 19 - 21, The
module's facet metadata is inconsistent: the YAML "clouds" key currently lists
only "gcp" while "x-project-type" is set to "aws-eks"; update the "clouds" array
to be cloud-agnostic (e.g., ["aws","gcp","azure","kubernetes"]) to match other
cloud-agnostic modules and either remove or clear the "x-project-type" field if
AWS EKS is not applicable. Locate the "clouds" key and "x-project-type" field in
the facets.yaml for the random provider and replace the single-entry "gcp" list
with the multi-cloud list (or delete "x-project-type") so the metadata
accurately reflects the provider's cloud-agnostic scope.