Providers can no longer be configured using a mix of environment variables and explicit configuration.

[dylanCz]

Checklist

• [X] I have looked into the README and have not found a suitable solution or answer.
• [X] I have looked into the documentation and have not found a suitable solution or answer.
• [X] I have searched the issues and have not found a suitable solution or answer.
• [X] I have upgraded to the latest version of this provider and the issue still persists.
• [X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• [X] I agree to the terms within the Auth0 Code of Conduct.

Description

Since 1.7.3 where this commit added a check on provider's configuration for required env vars, this prevents providers from using a mix of env vars and explicit configuration.
We set our auth0_domain as an environment variable, and then create multiple auth0 providers in our terraform code, supplying the client_id and client_secret as part of the provider block. In provider version 1.7.1, this works fine, where it used the client_id and secret supplied to the provider and resolved the domain from the environment variable.

Expectation

If a provider block does not have all the required configuration explicitly defined, it should check env vars for any missing configuration.

Reproduction

1. Set the auth0 domain environment variable export AUTH0_DOMAIN=fake_domain

2. Create a provider with version 1.7.3, without explicitly passing a domain

   
   terraform {
   required_version = ">= 1.5.0"
   required_providers {
   auth0 = {
     source  = "auth0/auth0"
     version = "1.7.3"
   }
   }
   }

provider "auth0" { alias = "additional-provider" client_id = "fake_id" client_secret = "fake_secret" }

resource "auth0_role" "my_role" { provider = auth0.additional-provider name = "Test Role" description = "Test Role" }

3. Run terraform plan, see that it errors (because the domain has not been set in the provider block)
╷
│ Error: Missing environment variables
│
│   with provider["registry.terraform.io/auth0/auth0"].additional-provider,
│   on auth0.tf line 12, in provider "auth0":
│   12: provider "auth0" {
│
│ Either AUTH0_API_TOKEN or AUTH0_DOMAIN:AUTH0_CLIENT_ID:AUTH0_CLIENT_SECRET must be configured. Ref: https://registry.terraform.io/providers/auth0/auth0/latest/docs
╵

 4. The issue can be resolved by adding an explicit domain to the provider

provider "auth0" { alias = "additional-provider" client_id = "fake_id" client_secret = "fake_secret" ++ domain = "fake_domain" ++ }

### Auth0 Terraform Provider version

1.7.3

### Terraform version

1.9.8

[duedares-rvj]

@dylanCz Hello! Sorry to hear that you are facing this issue.

I tried reproducing this but it is working as expected on our end. I have used the exact same code provider by you in the description.

Please find the logs below:

rajat.bajaj@M7V9YL36HJ manual_testing % echo $AUTH0_DOMAIN
fake_domain
rajat.bajaj@M7V9YL36HJ manual_testing % echo $AUTH0_CLIENT_ID

rajat.bajaj@M7V9YL36HJ manual_testing % echo $AUTH0_CLIENT_SECRET

rajat.bajaj@M7V9YL36HJ manual_testing % terraform init
Initializing the backend...
Initializing provider plugins...
- Finding auth0/auth0 versions matching "1.7.3"...
- Installing auth0/auth0 v1.7.3...
- Installed auth0/auth0 v1.7.3 (unauthenticated)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

╷
│ Warning: Incomplete lock file information for providers
│ 
│ Due to your customized provider installation methods, Terraform was forced to calculate lock file checksums locally for the following providers:
│   - auth0/auth0
│ 
│ The current .terraform.lock.hcl file only includes checksums for darwin_arm64, so Terraform running on another platform will fail to install these providers.
│ 
│ To calculate additional checksums for another platform, run:
│   terraform providers lock -platform=linux_amd64
│ (where linux_amd64 is the platform to generate)
╵
Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
rajat.bajaj@M7V9YL36HJ manual_testing % terraform plan

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # auth0_role.my_role will be created
  + resource "auth0_role" "my_role" {
      + description = "Test Role"
      + id          = (known after apply)
      + name        = "Test Role"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.
rajat.bajaj@M7V9YL36HJ manual_testing % terraform apply

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # auth0_role.my_role will be created
  + resource "auth0_role" "my_role" {
      + description = "Test Role"
      + id          = (known after apply)
      + name        = "Test Role"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

auth0_role.my_role: Creating...
╷
│ Error: failed to send the request: Post "https://fake_domain/api/v2/roles": Post "https://fake_domain/oauth/token": dial tcp: lookup fake_domain: no such host
│ 
│   with auth0_role.my_role,
│   on main.tf line 17, in resource "auth0_role" "my_role":
│   17: resource "auth0_role" "my_role" {
│ 
╵

[duedares-rvj]

@dylanCz Did you get a chance to try this out?