Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

okta_authenticator fails for key = "webauthn" since 4.8.0 #1925

Closed
wrprice opened this issue Mar 8, 2024 · 4 comments · Fixed by #1938
Closed

okta_authenticator fails for key = "webauthn" since 4.8.0 #1925

wrprice opened this issue Mar 8, 2024 · 4 comments · Fixed by #1938
Labels
bug triaged Triaged into internal Jira

Comments

@wrprice
Copy link

wrprice commented Mar 8, 2024
edited
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v1.6.1

  • provider registry.terraform.io/okta/okta v4.8.0

Affected Resource(s)

  • okta_authenticator

Terraform Configuration Files

resource "okta_authenticator" "webauthn" {
  name   = "FIDO2 (WebAuthn)"
  key    = "webauthn"
  status = "ACTIVE"
}

Expected Behavior

Webauthn authenticator is enabled for the org.

Can this be done in the Admin UI?

Yes

Can this be done in the actual API call?

Yes

Actual Behavior

With the above resource already deployed and in the TF state from a previous version (4.5.0), after upgrading to 4.8.0 the plan shows a diff:

 okta_authenticator.webauthn
-    name = "Security Key or Biometric"
+    name = "FIDO2 (WebAuthn)"

And when apply runs, this error occurs:

Error: for authenticator type 'security_key' fields 'provider_hostname', 'provider_auth_port', 'provider_shared_secret' and 'provider_user_name_template' are required

These settings should NOT be required for FIDO2/WebAuthn, but key = "webauthn" appears to be treated as a security_key type because only that type is required to provide those fields per the provider docs.

Steps to Reproduce

  1. Apply configuration shown above using provider <= 4.7.0
  2. Upgrade Okta provider to version 4.8.0
  3. terraform apply

Important Factoids

Plans and apply run in Terraform Cloud.

References
@duytiennguyen-okta
Copy link
Contributor

OKTA internal reference https://oktainc.atlassian.net/browse/OKTA-705810

@duytiennguyen-okta duytiennguyen-okta added the triaged Triaged into internal Jira label Mar 12, 2024
@duytiennguyen-okta duytiennguyen-okta mentioned this issue Mar 20, 2024
Merged
@duytiennguyen-okta duytiennguyen-okta mentioned this issue Apr 5, 2024
Closed
@duytiennguyen-okta
Copy link
Contributor

@wrprice this should be fixed with v4.8.1

@ejchun
Copy link

ejchun commented Jul 29, 2024

We're still running into this issue with v4.9.0.

@brandenwagner
Copy link

We're still running into this issue with v4.9.0.

Same here with v4.9.1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug triaged Triaged into internal Jira
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix webauthn issue since 4.8.0 okta/terraform-provider-okta
4 participants
@brandenwagner @wrprice @ejchun @duytiennguyen-okta