search

Snowflake-Labs / terraform-provider-snowflake

Terraform provider for managing Snowflake accounts
https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest
MIT License
529 stars 410 forks source link

[Bug]: invalid property 'SYNC_PASSWORD' for 'INTEGRATION - SCIM - AZURE' #2946

Closed aldwyn closed 1 month ago

aldwyn commented 1 month ago

Terraform CLI Version

1.9.2

Terraform Provider Version

0.93.0

Terraform Configuration

# Create integration to enable scim on AAD
resource "snowflake_scim_integration" "aad_provisioning" {
  provider       = snowflake.accountadmin
  name           = "AAD_PROVISIONING"
  run_as_role    = "AAD_PROVISIONER"
  scim_client    = "AZURE"
  network_policy = "SOME_NETWORK_POLICY"
  enabled        = true
  sync_password  = false
}

Category

category:resource

Object type(s)

resource:scim_integration

Expected Behavior

It should not send "SYNC_PASSWORD" when the set scim_client is "AZURE"

Actual Behavior

│ Error: 001420 (22023): SQL compilation error:
│ invalid property 'SYNC_PASSWORD' for 'INTEGRATION - SCIM - AZURE'

Steps to Reproduce

  1. Copy the pasted Terraform resource
  2. Run terraform apply

How much impact is this issue causing?

High

Logs

No response

Additional Information

No response

Would you like to implement a fix?

sfc-gh-jmichalak commented 1 month ago

Hi @aldwyn 👋 According to Snowflake docs, this option is available only for Okta and Custom SCIM integrations. So, this configuration is invalid, please remove sync_password property. We'll update the docs with this limitation and add a validation rule.

aldwyn commented 1 month ago

Hey @sfc-gh-jmichalak,

We came from v0.92 snowflake_scim_integration and it doesn't have sync_password. We just applied it, and that error already exists without the sync_password set. So we tried setting it to false, but still to no avail.

sfc-gh-jmichalak commented 1 month ago

Since you have this resource in your state, please remove it from the state with terraform state rm, add sync_password = true to the config, and import with terraform import "snowflake_scim_integration.test" "aad_provisioning". After these steps there should be no errors.

We'll add these steps to migration guide for v0.93. We're working on fixing this in the next release (v0.94)., which is expected to land on Wednesday/Thursday next week.

sfc-gh-jmichalak commented 1 month ago

@aldwyn This has been fixed in v0.94. Please follow our migration guide. We've also added a note about this to the migration guide for v0.93.