OrganizationConnection is broken for non-database connections

[Hawxy]

Describe what happened

The terraform provider recently added a few new fields to the organization connection configuration, namely is_signup_enabled & show_as_button. However, is_signup_enabled should only be used with database connections as the endpoint returns 400 with any other connection type. If the property isn't added to the options then I would expect it not to be sent, but this doesn't appear to be the case given the exception being returned. I'm not sure if this an issue on the bridge side or the terraform provider itself.

Sample program

    const adConnection = new auth0.Connection(
        'AD',
        {
            name: 'AD-Connection',
            displayName: 'AD',
           //..truncated
            strategy: 'waad',
        }
    );

    const org = new auth0.Organization('Org', {
        name: 'test-org',
        displayName: 'Test Org',
    });

    const orgConnectionAzure = new auth0.OrganizationConnection('Org-Connection', {
        organizationId: org.id,
        connectionId: adConnection.id,
        assignMembershipOnLogin: true
    });

Log output

Diagnostics:
  auth0:index:OrganizationConnection (****):
    error:   sdk-v2/provider2.go:457: sdk.helper_schema: 400 Bad Request: Only database connections support is_signup_enabled: provider=auth0@3.7.1

  auth0:index:OrganizationConnection (****):
    error: 1 error occurred:
        * 400 Bad Request: Only database connections support is_signup_enabled

  pulumi:pulumi:Stack (****):
    error: update failed

Affected Resource(s)

OrganizationConnection

Output of pulumi about

Version      3.133.0
Go Version   go1.23.1
Go Compiler  gc

Plugins
KIND      NAME    VERSION
resource  auth0   3.7.1
language  nodejs  unknown

Host
OS       Microsoft Windows 11 Pro
Version  10.0.22631 Build 22631
Arch     x86_64

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

[guineveresaenger]

Hi @Hawxy - thank you for filing this issue.

To make sure I'm understanding you correctly - what you're seeing is that despite not specifying isSignupEnabled on your OrganizationConnection, you are getting an error from the auth0 API that you can't use this field.

This is an auth0 api error; it's not coming from Pulumi or Terraform, which makes me inclined to think this is an upstream bug, although I can't see an open issue regarding this there.

In order to help us help you more effectively, could you do the following for us:

~provide us with a complete minimal repro that shows this behavior~ ~send us a Gist with the output of PULUMI_DEBUG_GRPC=logs.json pulumi up~

[guineveresaenger]

update: I have a repro, using a combination of your code and the documentation. I have also verified that this does not happen with an equivalent Terraform program.

This is a bug on our end. We will continue to investigate.

Pulumi Typescript code

``` import * as auth0 from "@pulumi/auth0"; const adConnection = new auth0.Connection("azure_ad", { name: "connection-azure-ad", strategy: "waad", showAsButton: true, options: { identityApi: "azure-active-directory-v1.0", clientId: "123456", clientSecret: "123456", appId: "app-id-123", tenantDomain: "example.onmicrosoft.com", domain: "example.onmicrosoft.com", domainAliases: [ "example.com", "api.example.com", ], iconUrl: "https://example.onmicrosoft.com/assets/logo.png", useWsfed: false, waadProtocol: "openid-connect", waadCommonEndpoint: false, maxGroupsToRetrieve: "250", apiEnableUsers: true, scopes: [ "basic_profile", "ext_groups", "ext_profile", ], setUserRootAttributes: "on_each_login", shouldTrustEmailVerifiedConnection: "never_set_emails_as_verified", upstreamParams: JSON.stringify({ screen_name: { alias: "login_hint", }, }), nonPersistentAttrs: [ "ethnicity", "gender", ], }, }); const org = new auth0.Organization('Org', { name: 'test-org', displayName: 'Test Org', }); const orgConnectionAzure = new auth0.OrganizationConnection('Org-Connection', { organizationId: org.id, connectionId: adConnection.id, assignMembershipOnLogin: true }); ```

Equivalent TF program

``` terraform { required_providers { auth0 = { source = "auth0/auth0" version = "1.6.1" } } } provider "auth0" {} resource "auth0_connection" "azure_ad" { name = "connection-azure-ad" strategy = "waad" show_as_button = true options { identity_api = "azure-active-directory-v1.0" client_id = "123456" client_secret = "123456" app_id = "app-id-123" tenant_domain = "example.onmicrosoft.com" domain = "example.onmicrosoft.com" domain_aliases = [ "example.com", "api.example.com" ] icon_url = "https://example.onmicrosoft.com/assets/logo.png" use_wsfed = false waad_protocol = "openid-connect" waad_common_endpoint = false max_groups_to_retrieve = 250 api_enable_users = true scopes = [ "basic_profile", "ext_groups", "ext_profile" ] set_user_root_attributes = "on_each_login" should_trust_email_verified_connection = "never_set_emails_as_verified" upstream_params = jsonencode({ "screen_name" : { "alias" : "login_hint" } }) non_persistent_attrs = ["ethnicity", "gender"] } } resource "auth0_organization" "org" { name = "test-org" display_name = "Test Org" } resource "auth0_organization_connection" "org_connection_azure" { organization_id = auth0_organization.org.id connection_id = auth0_connection.azure_ad.id assign_membership_on_login = true } ```

[brentshulman-silkline]

I just ran into this exact problem as well