search

Snowflake-Labs / terraform-provider-snowflake

Terraform provider for managing Snowflake accounts
https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest
MIT License
529 stars 409 forks source link

Using external auth with `~/.snowflake/config` #2145

Open erikallmer opened 10 months ago

erikallmer commented 10 months ago

Provider Version Tested on 0.67.0, 0.73.0 and 0.74.0

Terraform Version 1.2.9

Describe the bug I'm trying to use the ~/.snowflake/config file instead of using a tfvars file to provide auth settings. However, I was hoping to use browser auth which I have not managed to get working.

My ~/.snowflake/config file looks like this:

[default]
account = "<our Snowflake account name>"
user = "<my email>"
authenticator = "EXTERNALBROWSER"
role = "ACCOUNTADMIN"

With Terraform debug information I see the following error (0.67.0): [DEBUG] error unmarshalling config file: toml: cannot store TOML string into a Go int

With 0.73.0 this error is instead: [DEBUG] error unmarshalling config file: toml: cannot decode TOML string into struct field gosnowflake.Config.Authenticator of type gosnowflake.AuthType

Removing the authenticator line also removes this error from the log - however then it obviously complains that a password is not set, which is what I'm trying to avoid.

Expected behavior The Terraform provider reads my config file and allows me to authenticate using the browser.

Would greatly appreciate any pointers/help! Thank you!

imre-kerr-sb1 commented 2 months ago

I'm not a Go expert, but I did a bit of digging. It seems like this provider tries to use go-toml to directly parse the config file into a gosnowflake.Config. https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/1aaf417de916a0aa6f9ba29eb79c9aea1b9c4bf6/pkg/sdk/config.go#L90-L106

Since the authenticator field is an enum (i.e. an int), a string value like "externalbrowser" or "oauth" (which we would like to use) isn't usable.

I don't know if you could use some custom unmarshaling with TextUnmarshaler, or if you would have to parse into an intermediate type that could be converted into a gosnowflake.Config

sfc-gh-asawicki commented 2 months ago

Hey @imre-kerr-sb1. The reason for such behavior is https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/1aaf417de916a0aa6f9ba29eb79c9aea1b9c4bf6/pkg/sdk/config.go#L50 (params should be already translated correctly but they are not used in the merging func).

For now, only a handful of parameters are allowed in the config. We will address this in the upcoming https://github.com/Snowflake-Labs/terraform-provider-snowflake/blob/main/ROADMAP.md#providers-configuration-rework.