search

Snowflake-Labs / terraform-provider-snowflake

Terraform provider for managing Snowflake accounts
https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest
MIT License
510 stars 401 forks source link

External OAuth Integration forcing update in place when no change #1498

Open culpgrant opened 1 year ago

culpgrant commented 1 year ago

Provider Version

0.53.0

Terraform Version

1.3.6

Describe the bug

Terraform forcing update in place when there is no change to the snowflake_external_oauth_integration. It looks to be because I have multiple strings for the jws_keys_url and the token_user_mapping_claims. The reason I have two values is that we set it up for Power BI and then for an External OAuth requirement.

Expected behavior

After I run terraform apply and there are no changes to the code - terraform thinks it needs to update in place the existing external_oauth_integration when there were no changes.

Code samples and commands Terraform Code:

resource "snowflake_external_oauth_integration" "INTEGRATION_POWERBI" {
  name                             = "POWERBI"
  type                             = "AZURE"
  enabled                          = true
  snowflake_user_mapping_attribute = "login_name"
  token_user_mapping_claims        = ["upn", "sub"]
  any_role_mode                    = "ENABLE" 
  audience_urls                    = ["https://analysis.windows.net/powerbi/connector/Snowflake", "api urn removed for security"]
  issuer                           = "removed for security"
  jws_keys_urls                    = ["removed for security", "removed for security"]
  comment                          = "OAuth Integration for Power BI and AAD Oauth"
}

Terraform plan output:

Terraform will perform the following actions:

  # snowflake_external_oauth_integration.INTEGRATION_POWERBI will be updated in-place
  ~ resource "snowflake_external_oauth_integration" "INTEGRATION_POWERBI" {
        id                               = "POWERBI"
      ~ jws_keys_urls                    = [
          - " removed for security",
          - "removed for security",
          + "removed for security",
          + "removed for security",
        ]
        name                             = "POWERBI"
      ~ token_user_mapping_claims        = [
          - " sub",
          + "sub",
            # (1 unchanged element hidden)
        ]
        # (10 unchanged attributes hidden)
    }

Additional context

I think this might be because of a leading space that is somehow being placed when terrafrom is performing some action. As you can see in the TF plan output it is putting a space before the existing token_user_mapping_claims and the jws_keys_urls

cpmub1 commented 1 year ago

Yes, i have noticed this issue with several commands, that are using list of values.

chrisweis commented 1 year ago

I see this bug was submitted in January and is still open.

@sfc-gh-swinkler Curious, do you know the improvement cadence for this repo? Is it still actively maintained? Thanks!

sfc-gh-swinkler commented 1 year ago

@chrisweis we are currently working on provider stability for long term maintainability. That means rewriting much of the code that generates the SQL commands to Snowflake and adding new unit and integration tests (sdk package). It took some time to design, but we are working through each resource one at a time. Issues like this are on my radar, in fact I have a jira ticket assigned to me. After I finish failover groups I was going to work on oauth integration. The current version of the provider is too difficult to maintain and debug issues like this, which is why we are investing time in this refactor project. Thank you for your patience