alexkappa/terraform-provider-auth0

Auth0 provider update issue

vbabitskiy opened this issue · 1 comments

vbabitskiy commented

Description

Auth0 provider version update brings force auth0_client client_id update

Terraform Version

Terraform 0.13.7

Current provider.auth0 0.6.0
Desired provider.auth0 0.21.0

Affected Resource(s)

auth0_client

Terraform Configuration Files

resource "auth0_client" "app_client" {
...
  jwt_configuration {
    lifetime_in_seconds = 36000
    secret_encoded = true
    alg  = "RS256"
    scopes = {}
  }
...
}

Terraform State File

State file has "secret_encoded": true

...
"jwt_configuration": [
  {
    "alg": "RS256",
    "lifetime_in_seconds": 36000,
    "scopes": null,
    "secret_encoded": true
  }
],
...

Expected Behavior

client_id should not be updated

Actual Behavior

Update plan has forces replacement of client_id based of secret_encoded

...
      ~ client_id = "my secret value" -> (known after apply)
....
      ~ jwt_configuration {
            alg                 = "RS256"
            lifetime_in_seconds = 36000
          - scopes              = {} -> null
          ~ secret_encoded      = false -> true # forces replacement
        }
....

Steps to Reproduce

  1. Apply auth0_client configuration with provider version 0.6.0
  2. Update provider version to 0.21.0
  3. Plan auth0_client configuration with provider version 0.21.0

Debug Output

N/A

Panic Output

N/A

Important Factoids

N/A

References

N/A

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment
alexkappa commented

Hi @vbabitskiy, I'm afraid this is not possible. The Auth0 Management API doesn't allow modifying the secret_encoded field. Therefore the provider is forced to recreate if the value is modified.

To reproduce, I've issued the following request:

PATCH /api/v2/clients/<id> HTTP/1.1

{
    "jwt_configuration": {
        "alg": "HS256",
        "lifetime_in_seconds": 3,
        "secret_encoded": true
    }
}

HTTP/2.0 400 Bad Request

{
  "statusCode": 400,
  "error": "Bad Request",
  "message": "Payload validation error: 'Additional properties not allowed: secret_encoded' on property jwt_configuration (An object that holds settings related to how JWTs are created).",
  "errorCode": "invalid_body"
}