Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OrganizationConnection is broken for non-database connections #657

Open
Hawxy opened this issue Sep 24, 2024 · 5 comments
Open

OrganizationConnection is broken for non-database connections #657

Hawxy opened this issue Sep 24, 2024 · 5 comments
Labels
awaiting/bridge The issue cannot be resolved without action in pulumi-terraform-bridge. kind/bug Some behavior is incorrect or out of spec

Comments

@Hawxy
Copy link

Hawxy commented Sep 24, 2024

Describe what happened

The terraform provider recently added a few new fields to the organization connection configuration, namely is_signup_enabled & show_as_button. However, is_signup_enabled should only be used with database connections as the endpoint returns 400 with any other connection type. If the property isn't added to the options then I would expect it not to be sent, but this doesn't appear to be the case given the exception being returned. I'm not sure if this an issue on the bridge side or the terraform provider itself.

Sample program

    const adConnection = new auth0.Connection(
        'AD',
        {
            name: 'AD-Connection',
            displayName: 'AD',
           //..truncated
            strategy: 'waad',
        }
    );

    const org = new auth0.Organization('Org', {
        name: 'test-org',
        displayName: 'Test Org',
    });

    const orgConnectionAzure = new auth0.OrganizationConnection('Org-Connection', {
        organizationId: org.id,
        connectionId: adConnection.id,
        assignMembershipOnLogin: true
    });

Log output

Diagnostics:
  auth0:index:OrganizationConnection (****):
    error:   sdk-v2/provider2.go:457: sdk.helper_schema: 400 Bad Request: Only database connections support is_signup_enabled: [email protected]
 
  auth0:index:OrganizationConnection (****):
    error: 1 error occurred:
    	* 400 Bad Request: Only database connections support is_signup_enabled
 
  pulumi:pulumi:Stack (****):
    error: update failed
 

Affected Resource(s)

OrganizationConnection

Output of pulumi about

Version      3.133.0
Go Version   go1.23.1
Go Compiler  gc

Plugins
KIND      NAME    VERSION
resource  auth0   3.7.1
language  nodejs  unknown

Host
OS       Microsoft Windows 11 Pro
Version  10.0.22631 Build 22631
Arch     x86_64

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

@Hawxy Hawxy added kind/bug Some behavior is incorrect or out of spec needs-triage Needs attention from the triage team labels Sep 24, 2024
@guineveresaenger
Copy link
Contributor

guineveresaenger commented Sep 24, 2024

Hi @Hawxy - thank you for filing this issue.

To make sure I'm understanding you correctly - what you're seeing is that despite not specifying isSignupEnabled on your OrganizationConnection, you are getting an error from the auth0 API that you can't use this field.

This is an auth0 api error; it's not coming from Pulumi or Terraform, which makes me inclined to think this is an upstream bug, although I can't see an open issue regarding this there.

In order to help us help you more effectively, could you do the following for us:

provide us with a complete minimal repro that shows this behavior
send us a Gist with the output of PULUMI_DEBUG_GRPC=logs.json pulumi up

@guineveresaenger guineveresaenger added awaiting-feedback Blocked on input from the author and removed needs-triage Needs attention from the triage team awaiting-feedback Blocked on input from the author labels Sep 24, 2024
@guineveresaenger guineveresaenger pinned this issue Sep 24, 2024
@guineveresaenger
Copy link
Contributor

update: I have a repro, using a combination of your code and the documentation.
I have also verified that this does not happen with an equivalent Terraform program.

This is a bug on our end. We will continue to investigate.

Pulumi Typescript code
import * as auth0 from "@pulumi/auth0";
const adConnection = new auth0.Connection("azure_ad", {
    name: "connection-azure-ad",
    strategy: "waad",
    showAsButton: true,
    options: {
        identityApi: "azure-active-directory-v1.0",
        clientId: "123456",
        clientSecret: "123456",
        appId: "app-id-123",
        tenantDomain: "example.onmicrosoft.com",
        domain: "example.onmicrosoft.com",
        domainAliases: [
            "example.com",
            "api.example.com",
        ],
        iconUrl: "https://example.onmicrosoft.com/assets/logo.png",
        useWsfed: false,
        waadProtocol: "openid-connect",
        waadCommonEndpoint: false,
        maxGroupsToRetrieve: "250",
        apiEnableUsers: true,
        scopes: [
            "basic_profile",
            "ext_groups",
            "ext_profile",
        ],
        setUserRootAttributes: "on_each_login",
        shouldTrustEmailVerifiedConnection: "never_set_emails_as_verified",
        upstreamParams: JSON.stringify({
            screen_name: {
                alias: "login_hint",
            },
        }),
        nonPersistentAttrs: [
            "ethnicity",
            "gender",
        ],
    },
});

const org = new auth0.Organization('Org', {
    name: 'test-org',
    displayName: 'Test Org',
});

const orgConnectionAzure = new auth0.OrganizationConnection('Org-Connection', {
    organizationId: org.id,
    connectionId: adConnection.id,
    assignMembershipOnLogin: true
});

Equivalent TF program
terraform {
  required_providers {
    auth0 = {
      source = "auth0/auth0"
      version = "1.6.1"
    }
  }
}

provider "auth0" {}


resource "auth0_connection" "azure_ad" {
  name           = "connection-azure-ad"
  strategy       = "waad"
  show_as_button = true
  options {
    identity_api  = "azure-active-directory-v1.0"
    client_id     = "123456"
    client_secret = "123456"
    app_id        = "app-id-123"
    tenant_domain = "example.onmicrosoft.com"
    domain        = "example.onmicrosoft.com"
    domain_aliases = [
      "example.com",
      "api.example.com"
    ]
    icon_url               = "https://example.onmicrosoft.com/assets/logo.png"
    use_wsfed              = false
    waad_protocol          = "openid-connect"
    waad_common_endpoint   = false
    max_groups_to_retrieve = 250
    api_enable_users       = true
    scopes = [
      "basic_profile",
      "ext_groups",
      "ext_profile"
    ]
    set_user_root_attributes               = "on_each_login"
    should_trust_email_verified_connection = "never_set_emails_as_verified"
    upstream_params = jsonencode({
      "screen_name" : {
        "alias" : "login_hint"
      }
    })
    non_persistent_attrs = ["ethnicity", "gender"]
  }
}
resource "auth0_organization" "org" {
  name         = "test-org"
  display_name = "Test Org"
}

resource "auth0_organization_connection" "org_connection_azure" {
  organization_id          = auth0_organization.org.id
  connection_id            = auth0_connection.azure_ad.id
  assign_membership_on_login = true
}

@iwahbe iwahbe added the awaiting/bridge The issue cannot be resolved without action in pulumi-terraform-bridge. label Sep 27, 2024
@brentshulman-silkline
Copy link

I just ran into this exact problem as well

@shalabi
Copy link

shalabi commented Nov 27, 2024

same here

@shalabi
Copy link

shalabi commented Dec 9, 2024

Any updates with this issue?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
awaiting/bridge The issue cannot be resolved without action in pulumi-terraform-bridge. kind/bug Some behavior is incorrect or out of spec
Projects
None yet
Development

No branches or pull requests

5 participants