terraform-provider-snowflake
terraform-provider-snowflake copied to clipboard
Snowflake-Labs
Can't create snowflake external oauth ingegration
Provider Version v0.56.0...
Terraform Version Terraform v1.3.4
Describe the bug I try to create external oauh integration like in the official documentation but throws an undefined error.
Terraform will perform the following actions:
# snowflake_external_oauth_integration.INTEGRATION_POWERBI will be created
+ resource "snowflake_external_oauth_integration" "INTEGRATION_POWERBI" {
+ any_role_mode = "ENABLE"
+ audience_urls = [
+ "api urn removed for security",
+ "https://analysis.windows.net/powerbi/connector/Snowflake",
]
+ comment = "OAuth Integration for Power BI and AAD Oauth"
+ created_on = (known after apply)
+ enabled = true
+ id = (known after apply)
+ issuer = "removed for security"
+ jws_keys_urls = [
+ "removed for security",
]
+ name = "POWERBI"
+ snowflake_user_mapping_attribute = "login_name"
+ token_user_mapping_claims = [
+ "sub",
+ "upn",
]
+ type = "AZURE"
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
snowflake_external_oauth_integration.INTEGRATION_POWERBI: Creating...
╷
│ Error: error creating security integrationCREATE SECURITY INTEGRATION "POWERBI" TYPE=EXTERNAL_OAUTH COMMENT='OAuth Integration for Power BI and AAD Oauth' EXTERNAL_OAUTH_ANY_ROLE_MODE='ENABLE' EXTERNAL_OAUTH_ISSUER='removed for security' EXTERNAL_OAUTH_SNOWFLAKE_USER_MAPPING_ATTRIBUTE='login_name' EXTERNAL_OAUTH_TYPE='AZURE' EXTERNAL_OAUTH_AUDIENCE_LIST=('api urn removed for security', 'https://analysis.windows.net/powerbi/connector/Snowflake') EXTERNAL_OAUTH_JWS_KEYS_URL=('removed for security') EXTERNAL_OAUTH_TOKEN_USER_MAPPING_CLAIM=('upn', 'sub') ENABLED=true
│
│ with snowflake_external_oauth_integration.INTEGRATION_POWERBI,
│ on main.tf line 15, in resource "snowflake_external_oauth_integration" "INTEGRATION_POWERBI":
│ 15: resource "snowflake_external_oauth_integration" "INTEGRATION_POWERBI" {
│
Expected behavior
Create external oauth integration
Code samples and commands
resource "snowflake_external_oauth_integration" "INTEGRATION_POWERBI" {
name = "POWERBI"
type = "AZURE"
enabled = true
snowflake_user_mapping_attribute = "login_name"
token_user_mapping_claims = ["upn", "sub"]
any_role_mode = "ENABLE"
audience_urls = ["https://analysis.windows.net/powerbi/connector/Snowflake", "api urn removed for security"]
issuer = "removed for security"
jws_keys_urls = ["removed for security", "removed for security"]
comment = "OAuth Integration for Power BI and AAD Oauth"
}
any_role_mode = "ENABLE" - may be behave in funkier manner.
CREATE SECURITY INTEGRATION PBI_INTEGRATION type = external_oauth enabled = true external_oauth_type = azure external_oauth_issuer = 'https://sts.windows.net/xxxxxxx/' external_oauth_jws_keys_url = 'https://login.microsoftonline.com/fxxxxxx/xxxx/xx/xx' external_oauth_audience_list = ('https://analysis.windows.net/powerbi/connector/Snowflake') external_oauth_token_user_mapping_claim = 'upn' external_oauth_snowflake_user_mapping_attribute = 'email_address' external_oauth_any_role_mode = 'DISABLE';
Try this option manually first & use only the selected attributes
Hi @tolik93 👋 Does this still happen on the newest version (v0.92)? I used your config with proper URLs in jws_keys_urls on this version and it's working correctly.
Closing due to inactivity. Please create a new issue if the problem persists in the newest version of the provider.
