[Feature]: Consistency for the SNOWFLAKE_AUTHENTICATOR value

Snowflake-Labs / terraform-provider-snowflake

Terraform provider for managing Snowflake accounts

https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest

MIT License

552 stars 420 forks source link

[Feature]: Consistency for the SNOWFLAKE_AUTHENTICATOR value #2983

Open vludax opened 3 months ago

vludax commented 3 months ago

Use Cases or Problem Statement

As documented in the migration guide, since version 0.74.0 of the provider, the authenticator property has to be set to "JWT" to use key-pair authentication.

In order to simplify our upgrade process, we would like to make use of the SNOWFLAKE_AUTHENTICATOR environment variable. However, we have discovered that several other connectors, such as python and nodejs expect the value of SNOWFLAKE_AUTHENTICATOR to be "SNOWFLAKE_JWT" rather than "JWT. It also looks like the "SNOWFLAKE_JWT" value is also used by the go SDK.

Object type(s)

No response

Proposal

Let the terraform provider treat the "SNOWFLAKE_JWT" value the same way it treats "JWT" for the authenticator property.

How much impact is this issue causing?

Medium

Additional Information

No response

Would you like to implement a fix?

[ ] Yeah, I'll take it 😎

sfc-gh-jcieslak commented 3 months ago

Hey @vludax 👋 Thanks for reporting the issue. Soon we'll be going through provider configuration rework where we'll address topics such as this one. But until that happens, please continue using JWT for now. Any breaking changes will be documented in the migration guide, but we'll ping you here once the change will be released.

sfc-gh-jmichalak commented 3 months ago

@vludax You can also use a config like this:

variable "authenticator" {
  type = string

}
provider "snowflake" {
  ...
  authenticator = var.authenticator
}

and run terraform like TF_VAR_authenticator="JWT" terraform refresh. See https://developer.hashicorp.com/terraform/cli/config/environment-variables#tf_var_name for more details.

vludax commented 3 months ago

@sfc-gh-jmichalak The reason we wanted to use the SNOWFLAKE_AUTHENTICATOR environment variable was to avoid making additional changes in the provider config. If we need to add authenticator = var.authenticator, we may as well just set authenticator = "JWT" 🙂

sfc-gh-jmichalak commented 1 week ago

Hi @vludax 👋

We've released a new v0.98.0 version (release, migration guide). For now, we accept both of these values, but SNOWFLAKE_JWT is the preferred method and JWT is deprecated and will be removed in the future releases.

vludax commented 1 week ago

Thank you @sfc-gh-jmichalak!