aws_appflow_connector_profile creation fails with error - ValidationException: Validation exception: AuthCode cannot be blank for connector: SALESFORCE

Rafno commented 2 years ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

Terraform v1.2.7

provider registry.terraform.io/hashicorp/aws v4.26.0

Affected Resource(s)

aws_appflow_connector_profile

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

resource "aws_appflow_connector_profile" "salesforce_connector" {
  name            = "salesforce-connector"
  connector_type  = "Salesforce"
  connection_mode = "Private" #Does not matter if it is public or private, error occurs on both
  kms_arn         = var.kms_key_arn
  connector_profile_config {
    connector_profile_credentials {
      salesforce {
        client_credentials_arn = aws_secretsmanager_secret.appflow_salesforce_credentials.arn
      }
    }

    connector_profile_properties {
      salesforce {
        instance_url           = var.salesforce_url
        is_sandbox_environment = true
      }
    }
  }
}

Debug Output

Link to gist

Expected Behavior

Connector is created.

Actual Behavior

Connector does not create

Steps to Reproduce

terraform apply

Important Factoids

Attempting to add an empty oauth block crashes the plugin, make this change to the code to force it to crash.

connector_profile_credentials {
      salesforce {
        client_credentials_arn = aws_secretsmanager_secret.appflow_salesforce_credentials.arn
        oauth_request {

        }
      }
    }

camro commented 2 years ago

Hi @Rafno,

I believe you need to pass in an auth initially. You can do this by created a custom connected app and authenticating it with a Salesforce account you want to use.

You're initial sync would then look like this

resource "aws_appflow_connector_profile" "salesforce_connector" {

  # ...

  connector_profile_config {
    connector_profile_credentials {
      salesforce {
        client_credentials_arn = aws_secretsmanager_secret.appflow_salesforce_credentials.arn
        auth_code    = <YOUR_AUTH_CODE_HERE>
          redirect_uri = "http://localhost"
        }
      }
    }

    # ...
  }
}

It would be good to use a sensitive variable for this, eg. var.appflow_salesforce_auth_code where appflow_salesforce_auth_code is

variable "appflow_salesforce_auth_code" {
  sensitive = true
}

github-actions[bot] commented 1 month ago

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

hashicorp / terraform-provider-aws