From 0c244c2f33b58a907337354cd72d3994697521b6 Mon Sep 17 00:00:00 2001
From: Martin Nygaard Jensen <martin@ravager.dk>
Date: Thu, 27 Apr 2023 13:23:09 +0000
Subject: [PATCH] hash systemuser password in state

Signed-off-by: Martin Nygaard Jensen <martin@ravager.dk>
---
 citrixadc/resource_citrixadc_systemuser.go | 30 +++++++++++++++++-----
 1 file changed, 24 insertions(+), 6 deletions(-)

diff --git a/citrixadc/resource_citrixadc_systemuser.go b/citrixadc/resource_citrixadc_systemuser.go
index 1e8cb062f..8e79d63ce 100644
--- a/citrixadc/resource_citrixadc_systemuser.go
+++ b/citrixadc/resource_citrixadc_systemuser.go
@@ -1,6 +1,8 @@
 package citrixadc
 
 import (
+	"strings"
+
 	"github.com/citrix/adc-nitro-go/resource/config/system"
 	"github.com/citrix/adc-nitro-go/service"
 
@@ -8,6 +10,8 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 
 	"bytes"
+	"crypto/sha512"
+	"encoding/hex"
 	"fmt"
 	"log"
 	"strconv"
@@ -40,10 +44,11 @@ func resourceCitrixAdcSystemuser() *schema.Resource {
 				Computed: true,
 			},
 			"password": &schema.Schema{
-				Type:      schema.TypeString,
-				Optional:  true,
-				Computed:  false,
-				Sensitive: true,
+				Type:             schema.TypeString,
+				Optional:         true,
+				Computed:         false,
+				Sensitive:        true,
+				DiffSuppressFunc: ignoreHashMatch,
 			},
 			"hashedpassword": &schema.Schema{
 				Type:     schema.TypeString,
@@ -90,13 +95,25 @@ func resourceCitrixAdcSystemuser() *schema.Resource {
 	}
 }
 
+func hashPassword(password string) string {
+	hash := sha512.Sum512([]byte(password))
+	return hex.EncodeToString(hash[:])
+}
+
+func ignoreHashMatch(k, old, new string, d *schema.ResourceData) bool {
+	oldStr := strings.ToLower(old)
+	newStr := strings.ToLower(hashPassword(new))
+	log.Printf("[DEBUG] comparing old value: %s with new value %s", oldStr, newStr)
+	return oldStr == newStr
+}
+
 func createSystemuserFunc(d *schema.ResourceData, meta interface{}) error {
 	log.Printf("[DEBUG]  citrixadc-provider: In createSystemuserFunc")
 	client := meta.(*NetScalerNitroClient).client
 	login_username := (*meta.(*NetScalerNitroClient)).Username
 	username := d.Get("username").(string)
 
-	if (username == login_username) {
+	if username == login_username {
 		return fmt.Errorf("It seems you are trying to change the password of the Admin user. If so, please use the resource \"citrixadc_change_password\"")
 	}
 	systemuser := system.Systemuser{
@@ -120,7 +137,7 @@ func createSystemuserFunc(d *schema.ResourceData, meta interface{}) error {
 	}
 
 	d.SetId(username)
-
+	d.Set("password", hashPassword(d.Get("password").(string)))
 	err = readSystemuserFunc(d, meta)
 	if err != nil {
 		log.Printf("[ERROR] netscaler-provider: ?? we just created this systemuser but we can't read it ?? %s", username)
@@ -224,6 +241,7 @@ func updateSystemuserFunc(d *schema.ResourceData, meta interface{}) error {
 			return err
 		}
 	}
+	d.Set("password", hashPassword(d.Get("password").(string)))
 	return readSystemuserFunc(d, meta)
 }