search

Snowflake-Labs / terraform-provider-snowflake

Terraform provider for managing Snowflake accounts
https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest
MIT License
546 stars 419 forks source link

Token Caching does not work #2047

Closed sfc-gh-cconner closed 3 months ago

sfc-gh-cconner commented 1 year ago

Provider Version

0.70.1

Terraform Version

1.5.4

Describe the bug

Even though the terraform provider has a version of the Go Driver that supports Token caching, it does not work in the terraform provider.

The go driver does this automatically out of the box with external browser authentication. I have tested with go 1.6.19 and it just works. I tested with the current Snowflake terraform provider that uses Go driver 1.6.19 and it does not try to use the Keychain. So, I built the terraform provider with go driver 1.6.19 with some extra logging to try and see what's going on and my custom built Snowflake provider does use the Keychain.

Expected behavior

The expectation is that the Terraform provider automatically caches the credential token.

sadahry commented 7 months ago

@sfc-gh-cconner cc @harukitake

We are facing with this issue, and confirmed:

  1. Apple Silion (M1 & M2) failed due to the keyring issue

    Failed to write to keychain. Err: No directory provided for file keyring

    ref. https://github.com/snowflakedb/gosnowflake/blob/v1.7.1/secure_storage_manager.go#L91-L93

  2. Windows Subsystem for Linux has been successful

on terraform 1.7.4 and provider v0.87.2.

We are having trouble with not being able to have SSO with token caching. Do you know how we can resolve this issue on Apple Silion?

sfc-gh-cconner commented 7 months ago

@sadahry , we have identified the root cause to be related to the build process. We are working on a fix, but we do not have a timeframe just yet.

sadahry commented 7 months ago

@sfc-gh-cconner We've confirmed the issue resolved by 0.87.3-pre version 🎉

probably due to this fix https://github.com/Snowflake-Labs/terraform-provider-snowflake/pull/2613

We've been waiting for this fix. Thank you!!

sfc-gh-cconner commented 7 months ago

That is great news!!

sfc-gh-asawicki commented 7 months ago

Hey @sadahry. For which systems have you verified the prerelease version? I want to release this patch as part of the 0.88.0 version officially, but first, I want to confirm that it works for various systems.

sadahry commented 7 months ago

I've confirmed it on Apple Silion (M1). OSX: Monterey 12.4

harukitake commented 6 months ago

It has resolved in v0.88.0. https://github.com/Snowflake-Labs/terraform-provider-snowflake/releases/tag/v0.88.0

DustinMoriarty commented 6 months ago

I have tested this on MacOS 14.4.1 with 0.88.0 and token caching worked. I received the OS prompt for my system password. I selected the "always allow" option. Then the browser opened to complete auth with Okta. The Authentication completed with Okta in the browser. After that all future authentication for additional resources in the same process or future processes did not open the browser.

Thanks for the MR in #2613 @sfc-gh-swinkler! This will make a big difference in usability. Even for DBA's at our org, we require SSO, even in dev environments.

sfc-gh-swinkler commented 6 months ago

@DustinMoriarty glad my fix helped you

sfc-gh-asawicki commented 3 months ago

Closing as completed.