Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: invalid property 'SYNC_PASSWORD' for 'INTEGRATION - SCIM - AZURE' #2946

Closed
1 task
aldwyn opened this issue Jul 18, 2024 · 4 comments
Closed
1 task

[Bug]: invalid property 'SYNC_PASSWORD' for 'INTEGRATION - SCIM - AZURE' #2946

aldwyn opened this issue Jul 18, 2024 · 4 comments
Assignees
@sfc-gh-jmichalak
Labels
bug Used to mark issues with provider's incorrect behavior resource:scim_integration Issue connected to the snowflake_scim_integration resource

Comments

@aldwyn
Copy link

aldwyn commented Jul 18, 2024

Terraform CLI Version

1.9.2

Terraform Provider Version

0.93.0

Terraform Configuration

# Create integration to enable scim on AAD
resource "snowflake_scim_integration" "aad_provisioning" {
  provider       = snowflake.accountadmin
  name           = "AAD_PROVISIONING"
  run_as_role    = "AAD_PROVISIONER"
  scim_client    = "AZURE"
  network_policy = "SOME_NETWORK_POLICY"
  enabled        = true
  sync_password  = false
}

Category

category:resource

Object type(s)

resource:scim_integration

Expected Behavior

It should not send "SYNC_PASSWORD" when the set scim_client is "AZURE"

Actual Behavior

│ Error: 001420 (22023): SQL compilation error:
│ invalid property 'SYNC_PASSWORD' for 'INTEGRATION - SCIM - AZURE'

Steps to Reproduce

  1. Copy the pasted Terraform resource
  2. Run terraform apply

How much impact is this issue causing?

High

Logs

No response

Additional Information

No response

Would you like to implement a fix?

  • Yeah, I'll take it 😎
@aldwyn aldwyn added the bug Used to mark issues with provider's incorrect behavior label Jul 18, 2024
@sfc-gh-jmichalak sfc-gh-jmichalak added general-usage General help/usage questions and removed bug Used to mark issues with provider's incorrect behavior labels Jul 18, 2024
@sfc-gh-jmichalak
Copy link
Collaborator

sfc-gh-jmichalak commented Jul 18, 2024
edited
Loading

Hi @aldwyn 👋
According to Snowflake docs, this option is available only for Okta and Custom SCIM integrations. So, this configuration is invalid, please remove sync_password property. We'll update the docs with this limitation and add a validation rule.

@aldwyn
Copy link
Author

aldwyn commented Jul 18, 2024
edited
Loading

Hey @sfc-gh-jmichalak,

We came from v0.92 snowflake_scim_integration and it doesn't have sync_password. We just applied it, and that error already exists without the sync_password set. So we tried setting it to false, but still to no avail.

@sfc-gh-jmichalak
Copy link
Collaborator

sfc-gh-jmichalak commented Jul 18, 2024
edited
Loading

Since you have this resource in your state, please remove it from the state with terraform state rm, add sync_password = true to the config, and import with terraform import "snowflake_scim_integration.test" "aad_provisioning". After these steps there should be no errors.

We'll add these steps to migration guide for v0.93.
We're working on fixing this in the next release (v0.94)., which is expected to land on Wednesday/Thursday next week.

@sfc-gh-jmichalak sfc-gh-jmichalak mentioned this issue Jul 22, 2024
Merged
2 tasks
@sfc-gh-jmichalak sfc-gh-jmichalak added bug Used to mark issues with provider's incorrect behavior resource:scim_integration Issue connected to the snowflake_scim_integration resource and removed general-usage General help/usage questions labels Jul 24, 2024
sfc-gh-jmichalak added a commit that referenced this issue Jul 25, 2024
@sfc-gh-jmichalak
fix: Fix sync_password field for Azure scim clients (#2950)
6781133 
<!-- Feel free to delete comments as you fill this in -->
- add a state upgrader to set `default` for affected resources
- add an entry the in migration guide with explanation of the issue
(also add a warning for v0.93)
- add sdk validation for setting conflicting values
- add resource validation for setting conflicting values in
create/update (can't do it as ValidateFunc because it has scope of only
one field)
- add acceptance tests to cover flow with this issue
- improve docs for other security integrations


## Test Plan
<!-- detail ways in which this PR has been tested or needs to be tested
-->
* [x] acceptance tests
<!-- add more below if you think they are relevant -->
* [x] unit tests

## References
<!-- issues documentation links, etc  -->
References
#2946,
#2927.
@sfc-gh-jmichalak
Copy link
Collaborator

@aldwyn This has been fixed in v0.94. Please follow our migration guide. We've also added a note about this to the migration guide for v0.93.

@aldwyn aldwyn closed this as completed Aug 6, 2024
@sfc-gh-jmichalak sfc-gh-jmichalak self-assigned this Oct 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sfc-gh-jmichalak sfc-gh-jmichalak

Labels
bug Used to mark issues with provider's incorrect behavior resource:scim_integration Issue connected to the snowflake_scim_integration resource
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aldwyn @sfc-gh-jmichalak