Closed sfc-gh-cconner closed 3 months ago
@sfc-gh-cconner cc @harukitake
We are facing with this issue, and confirmed:
Apple Silion (M1 & M2) failed due to the keyring issue
Failed to write to keychain. Err: No directory provided for file keyring
ref. https://github.com/snowflakedb/gosnowflake/blob/v1.7.1/secure_storage_manager.go#L91-L93
Windows Subsystem for Linux has been successful
on terraform 1.7.4 and provider v0.87.2.
We are having trouble with not being able to have SSO with token caching. Do you know how we can resolve this issue on Apple Silion?
@sadahry , we have identified the root cause to be related to the build process. We are working on a fix, but we do not have a timeframe just yet.
@sfc-gh-cconner We've confirmed the issue resolved by 0.87.3-pre
version 🎉
probably due to this fix https://github.com/Snowflake-Labs/terraform-provider-snowflake/pull/2613
We've been waiting for this fix. Thank you!!
That is great news!!
Hey @sadahry. For which systems have you verified the prerelease version? I want to release this patch as part of the 0.88.0 version officially, but first, I want to confirm that it works for various systems.
I've confirmed it on Apple Silion (M1). OSX: Monterey 12.4
It has resolved in v0.88.0
.
https://github.com/Snowflake-Labs/terraform-provider-snowflake/releases/tag/v0.88.0
I have tested this on MacOS 14.4.1 with 0.88.0 and token caching worked. I received the OS prompt for my system password. I selected the "always allow" option. Then the browser opened to complete auth with Okta. The Authentication completed with Okta in the browser. After that all future authentication for additional resources in the same process or future processes did not open the browser.
Thanks for the MR in #2613 @sfc-gh-swinkler! This will make a big difference in usability. Even for DBA's at our org, we require SSO, even in dev environments.
@DustinMoriarty glad my fix helped you
Closing as completed.
Provider Version
0.70.1
Terraform Version
1.5.4
Describe the bug
Even though the terraform provider has a version of the Go Driver that supports Token caching, it does not work in the terraform provider.
The go driver does this automatically out of the box with external browser authentication. I have tested with go 1.6.19 and it just works. I tested with the current Snowflake terraform provider that uses Go driver 1.6.19 and it does not try to use the Keychain. So, I built the terraform provider with go driver 1.6.19 with some extra logging to try and see what's going on and my custom built Snowflake provider does use the Keychain.
Expected behavior
The expectation is that the Terraform provider automatically caches the credential token.