Created
July 16, 2023 19:59
-
-
Save emanor-okta/0cae00d5a4cef74229d1a9a90180f3ef to your computer and use it in GitHub Desktop.
IdP Authenticator Type does not expose idpId in AuthenticatorProviderConfiguration
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 2023-07-14T17:51:17.435-0700 [WARN] Provider "registry.terraform.io/okta/okta" produced an invalid plan for okta_authenticator.duo_idp, but we are tolerating it because it is using the legacy plugin SDK. | |
| The following problems may be the cause of any confusing errors from downstream operations: | |
| - .provider_hostname: planned value cty.StringVal("localhost") for a non-computed attribute | |
| - .provider_user_name_template: planned value cty.StringVal("global.assign.userName.login") for a non-computed attribute | |
| - .status: planned value cty.StringVal("ACTIVE") for a non-computed attribute | |
| okta_authenticator.duo_idp: Modifying... [id=aut3wx2513aJbq87J1d7] | |
| 2023-07-14T17:51:17.435-0700 [INFO] Starting apply for okta_authenticator.duo_idp | |
| 2023-07-14T17:51:17.435-0700 [DEBUG] okta_authenticator.duo_idp: applying the planned Update change | |
| 2023-07-14T17:51:17.436-0700 [DEBUG] provider.terraform-provider-okta_v3.41.0: 2023/07/14 05:51:17 [DEBUG] performing request: method=PUT url=https://domain.oktapreview.com/api/v1/authenticators/aut3wx2513aJbq87J1d7 | |
| 2023-07-14T17:51:17.436-0700 [INFO] provider.terraform-provider-okta_v3.41.0: 2023/07/14 17:51:17 [DEBUG] Okta API Request Details: | |
| ---[ REQUEST ]--------------------------------------- | |
| PUT /api/v1/authenticators/aut3wx2513aJbq87J1d7 HTTP/1.1 | |
| Host: domain.oktapreview.com | |
| User-Agent: okta-sdk-golang/2.15.0 golang/go1.17.13 darwin/amd64 okta-terraform/3.41.0 | |
| Content-Length: 140 | |
| Accept: application/json | |
| Authorization: SSWS {secret} | |
| Content-Type: application/json | |
| Accept-Encoding: gzip | |
| { | |
| "id": "aut3wx2513aJbq87J1d7", | |
| "key": "external_idp", | |
| "name": "DUO-MFA-ONLY", | |
| "provider": { | |
| "configuration": {}, | |
| "type": "CLAIMS" | |
| }, | |
| "type": "federated" | |
| } | |
| -----------------------------------------------------: timestamp=2023-07-14T17:51:17.436-0700 | |
| 2023-07-14T17:51:17.725-0700 [INFO] provider.terraform-provider-okta_v3.41.0: 2023/07/14 17:51:17 [DEBUG] Okta API Response Details: | |
| ---[ RESPONSE ]-------------------------------------- | |
| HTTP/2.0 400 Bad Request | |
| Connection: close | |
| Cache-Control: no-cache, no-store | |
| Content-Security-Policy: default-src 'self' domain.oktapreview.com *.oktacdn.com; connect-src 'self' domain.oktapreview.com domain-admin.oktapreview.com *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com *.mtls.oktapreview.com domain.kerberos.oktapreview.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' domain.oktapreview.com *.oktacdn.com; style-src 'unsafe-inline' 'self' domain.oktapreview.com *.oktacdn.com app.pendo.io cdn.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; frame-src 'self' domain.oktapreview.com domain-admin.oktapreview.com login.okta.com com-okta-authenticator: api-49ebded2.duosecurity.com; img-src 'self' domain.oktapreview.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com app.pendo.io data.pendo.io cdn.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com data: blob:; font-src 'self' domain.oktapreview.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' | |
| Content-Type: application/json | |
| Date: Sat, 15 Jul 2023 00:51:17 GMT | |
| Expires: 0 | |
| P3p: CP="HONK" | |
| Pragma: no-cache | |
| Public-Key-Pins-Report-Only: pin-sha256="jZomPEBSDXoipA9un78hKRIeN/+U4ZteRaiX8YpWfqc="; pin-sha256="axSbM6RQ+19oXxudaOTdwXJbSr6f7AahxbDHFy3p8s8="; pin-sha256="SE4qe2vdD9tAegPwO79rMnZyhHvqj3i5g1c2HkyGUNE="; pin-sha256="ylP0lMLMvBaiHn0ihLxHjzvlPVQNoyQ+rMiaj0da/Pw="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly" | |
| Server: nginx | |
| Set-Cookie: sid="";Version=1;Path=/;Max-Age=0;Expires=Thu, 01 Jan 1970 00:00:00 GMT | |
| Set-Cookie: autolaunch_triggered=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ | |
| Set-Cookie: JSESSIONID=8CAD9B341D14224AF77F736C4AD726B1; Path=/; Secure; HttpOnly | |
| Strict-Transport-Security: max-age=315360000; includeSubDomains | |
| X-Content-Type-Options: nosniff | |
| X-Okta-Request-Id: ZLHthW5ev0FXUjn4Bw16uwAADpo | |
| X-Rate-Limit-Limit: 300 | |
| X-Rate-Limit-Remaining: 297 | |
| X-Rate-Limit-Reset: 1689382326 | |
| X-Xss-Protection: 0 | |
| { | |
| "errorCode": "E0000001", | |
| "errorSummary": "Api validation failed: provider.configuration.idpId", | |
| "errorLink": "E0000001", | |
| "errorId": "oaei9mOiAwGTkGf3mPSqsYc7g", | |
| "errorCauses": [ | |
| { | |
| "errorSummary": "provider.configuration.idpId: The field cannot be left blank" | |
| } | |
| ] | |
| } | |
| -----------------------------------------------------: timestamp=2023-07-14T17:51:17.725-0700 | |
| 2023-07-14T17:51:17.725-0700 [ERROR] provider.terraform-provider-okta_v3.41.0: Response contains error diagnostic: tf_rpc=ApplyResourceChange @module=sdk.proto tf_proto_version=5.3 tf_provider_addr=provider tf_resource_type=okta_authenticator @caller=github.com/hashicorp/[email protected]/tfprotov5/internal/diag/diagnostics.go:56 diagnostic_detail= diagnostic_severity=ERROR diagnostic_summary="failed to update authenticator: the API returned an error: Api validation failed: provider.configuration.idpId. Causes: errorSummary: provider.configuration.idpId: The field cannot be left blank" tf_req_id=c248f30f-7f9e-3a2b-8f9e-3070213275d4 timestamp=2023-07-14T17:51:17.725-0700 | |
| 2023-07-14T17:51:17.749-0700 [ERROR] vertex "okta_authenticator.duo_idp" error: failed to update authenticator: the API returned an error: Api validation failed: provider.configuration.idpId. Causes: errorSummary: provider.configuration.idpId: The field cannot be left blank | |
| ╷ | |
| │ Error: failed to update authenticator: the API returned an error: Api validation failed: provider.configuration.idpId. Causes: errorSummary: provider.configuration.idpId: The field cannot be left blank | |
| │ | |
| │ with okta_authenticator.duo_idp, | |
| │ on main.tf line 33, in resource "okta_authenticator" "duo_idp": | |
| │ 33: resource "okta_authenticator" "duo_idp" { | |
| │ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment