Ambiguous wording in docs on the parameters for RandomPassword, eg "numeric: true" can still generate a password without numerics.

[Sheffer]

What happened?

Generate a password that includes upper, lower and numerics.

For numeric in the docs:
"Include numeric characters in the result. Default value is true."

I interpret this as: Passwords generated will inlude at least one numeric.

The reality seems to be that numerics are now included in the pool of available characters.

It is not guaranteed to actually be a number in the resulting password.

We had at least one case of a failed deploy due to the 30 character password was completely missing numbers.
The probability is low at 30, but increases significantly at lower length.

We mitigated this by including: minLower: 1, minNumeric: 1, minUpper: 1

Proposed change:

A: Either make the docs clear on that "true" does just add to pool and do not guarantee a char of that type.
OR
B: Change the code to always include at least one of the types (lower, upper, special, numeric) set to true.

Example

new random.RandomPassword("some-password",
{ length: 30, special: false }
)

Output of pulumi about

Version 3.87.0
Go Version go1.21.1

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

[mikhailshilkov]

Hi @Sheffer thank you for reporting this issue.

The Pulumi Random provider is a bridged provider based on https://github.com/hashicorp/terraform-provider-random/issues. Do you mind opening an issue upstream? If they change the wording, we will automatically inherit it from there.

[Sheffer]

Done
hashicorp/terraform-provider-random#475