search

hashicorp / terraform-provider-azurerm

Terraform provider for Azure Resource Manager
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs
Mozilla Public License 2.0
4.6k stars 4.65k forks source link

Bot service slack channel doesn't save client_id/secrets #15979

Open shana opened 2 years ago

shana commented 2 years ago

The azurerm_bot_channel_slack resource takes client_id, client_secret, signing_secret and verification_token, but Azure won't save those fields unless the registerBeforeOAuthFlow is set to true. This field is set in the client, but the rest api wrongly defines it as read only, so it's never sent in the json payload, and therefore the fields are discarded on the server. The tests pass because the response from the server includes the data that was sent, not the data that was actually saved on the slack channel registration.

The azure rest API spec issue is here: https://github.com/Azure/azure-rest-api-specs/issues/18367 The azure sdk issue is here: https://github.com/Azure/azure-sdk-for-go/issues/17358

Is there a way to work around this issue until hopefully the problem is fixed in the sdk itself? This is breaking automation completely for bot service slack.

This is where the field is set in the provider: https://github.com/hashicorp/terraform-provider-azurerm/blob/0ef20db4995c24fc1e23a7955c3f3c4ae36390fd/internal/services/bot/bot_channel_slack_resource.go#L110-L115

But it's set as readonly so it's never marshalled to json in the sdk: https://github.com/Azure/azure-sdk-for-go/blob/b375326a136a64a03eb3d5ce0277f562c2ed455c/services/botservice/mgmt/2021-03-01/botservice/models.go#L2692-L2713

func (scp SlackChannelProperties) MarshalJSON() ([]byte, error) {
    objectMap := make(map[string]interface{})
    if scp.ClientID != nil {
        objectMap["clientId"] = scp.ClientID
    }
    if scp.ClientSecret != nil {
        objectMap["clientSecret"] = scp.ClientSecret
    }
    if scp.VerificationToken != nil {
        objectMap["verificationToken"] = scp.VerificationToken
    }
    if scp.LandingPageURL != nil {
        objectMap["landingPageUrl"] = scp.LandingPageURL
    }
    if scp.SigningSecret != nil {
        objectMap["signingSecret"] = scp.SigningSecret
    }
    if scp.IsEnabled != nil {
        objectMap["isEnabled"] = scp.IsEnabled
    }
    return json.Marshal(objectMap)
}
daniel-sargeant commented 1 year ago

@shana any chance you found a workaround for this? Doesn't seem like Microsoft is in any hurry to fix...