From fa7f54cb55041e23b914d7ab0ab3a3bdcdbebee9 Mon Sep 17 00:00:00 2001
From: Christopher Boumenot <chrboum@microsoft.com>
Date: Wed, 11 Jul 2018 15:32:45 -0700
Subject: [PATCH] azure: satisfy Azure password requirements

---
 builder/azure/arm/tempname.go      | 41 +++++++++++++++++++++++++++---
 builder/azure/arm/tempname_test.go | 14 ++++++++++
 2 files changed, 52 insertions(+), 3 deletions(-)

diff --git a/builder/azure/arm/tempname.go b/builder/azure/arm/tempname.go
index bf0cb6552..501dfda65 100644
--- a/builder/azure/arm/tempname.go
+++ b/builder/azure/arm/tempname.go
@@ -2,13 +2,19 @@ package arm
 
 import (
 	"fmt"
+	"strings"
 
 	"github.com/hashicorp/packer/builder/azure/common"
 )
 
 const (
-	TempNameAlphabet     = "0123456789bcdfghjklmnpqrstvwxyz"
-	TempPasswordAlphabet = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
+	TempNameAlphabet = "0123456789bcdfghjklmnpqrstvwxyz"
+
+	numbers   = "0123456789"
+	lowerCase = "abcdefghijklmnopqrstuvwxyz"
+	upperCase = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+
+	TempPasswordAlphabet = numbers + lowerCase + upperCase
 )
 
 type TempName struct {
@@ -39,8 +45,37 @@ func NewTempName() *TempName {
 	tempName.VirtualNetworkName = fmt.Sprintf("pkrvn%s", suffix)
 	tempName.ResourceGroupName = fmt.Sprintf("packer-Resource-Group-%s", suffix)
 
-	tempName.AdminPassword = common.RandomString(TempPasswordAlphabet, 32)
+	tempName.AdminPassword = generatePassword()
 	tempName.CertificatePassword = common.RandomString(TempPasswordAlphabet, 32)
 
 	return tempName
 }
+
+// generate a password that is acceptable to Azure
+// Three of the four items must be met.
+//  1. Contains an uppercase character
+//  2. Contains a lowercase character
+//  3. Contains a numeric digit
+//  4. Contains a special character
+func generatePassword() string {
+	var s string
+	for i := 0; i < 100; i++ {
+		s := common.RandomString(TempPasswordAlphabet, 32)
+		if !strings.ContainsAny(s, numbers) {
+			continue
+		}
+
+		if !strings.ContainsAny(s, lowerCase) {
+			continue
+		}
+
+		if !strings.ContainsAny(s, upperCase) {
+			continue
+		}
+
+		return s
+	}
+
+	// if an acceptable password cannot be generated in 100 tries, give up
+	return s
+}
diff --git a/builder/azure/arm/tempname_test.go b/builder/azure/arm/tempname_test.go
index 4c09f8c46..120df3ea1 100644
--- a/builder/azure/arm/tempname_test.go
+++ b/builder/azure/arm/tempname_test.go
@@ -41,6 +41,20 @@ func TestTempNameShouldCreatePrefixedRandomNames(t *testing.T) {
 	}
 }
 
+func TestTempAdminPassword(t *testing.T) {
+	tempName := NewTempName()
+
+	if !strings.ContainsAny(tempName.AdminPassword, numbers) {
+		t.Errorf("Expected AdminPassword to contain at least one of '%s'!", numbers)
+	}
+	if !strings.ContainsAny(tempName.AdminPassword, lowerCase) {
+		t.Errorf("Expected AdminPassword to contain at least one of '%s'!", lowerCase)
+	}
+	if !strings.ContainsAny(tempName.AdminPassword, upperCase) {
+		t.Errorf("Expected AdminPassword to contain at least one of '%s'!", upperCase)
+	}
+}
+
 func TestTempNameShouldHaveSameSuffix(t *testing.T) {
 	tempName := NewTempName()
 	suffix := tempName.ComputeName[5:]