Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multiple Duo authentication requests during terraform plan #2194

Open
hahuang65 opened this issue Nov 14, 2023 · 8 comments
Open

Multiple Duo authentication requests during terraform plan #2194

hahuang65 opened this issue Nov 14, 2023 · 8 comments
Labels
bug Used to mark issues with provider's incorrect behavior category:provider_config

Comments

@hahuang65
Copy link

Provider Version

0.75.0

Terraform Version

1.5.7

Describe the bug

Using SNOWFLAKE_USER, SNOWFLAKE_PASSWORD, SNOWFLAKE_AUTHENTICATOR=UsernamePasswordMFA, SNOWFLAKE_CLIENT_STORE_TEMPORARY_CREDENTIAL=1 and SNOWFLAKE_CLIENT_REQUEST_MFA_TOKEN=1 results in Duo pushes for every single request made by Terraform.

I've also tried setting "true" instead of 1 for the boolean options as well.

Expected behavior

Should request a single time and cache it for the remainder of terraform plan or terraform run.

Code samples and commands

Please add code examples and commands that were run to cause the problem.

Additional context

Add any other context about the problem here.
@hahuang65 hahuang65 added the bug Used to mark issues with provider's incorrect behavior label Nov 14, 2023
@sfc-gh-swinkler sfc-gh-swinkler mentioned this issue Jan 11, 2024
Merged
sfc-gh-swinkler added a commit that referenced this issue Jan 11, 2024
@sfc-gh-swinkler
fix: goreleaser for mfa token caching (#2320)
4fef709 
mfa token caching does not work for windows / darwin OS when CGO is
disabled. Its recommended to turn of CGO for performance reasons, so
adding an env variable to gorelaser to only turn on CGO for windows and
darwin

fixes:
#908 
#2194
@afeld
Copy link

afeld commented Mar 27, 2024

I think #2504 (comment) may explain why this is happening.

@afeld
Copy link

afeld commented Mar 27, 2024

Do you have MFA caching enabled on the Snowflake side?

@JESCHO99
Copy link

JESCHO99 commented Jul 1, 2024
edited
Loading

@sfc-gh-jcieslak What is the current status for this bug? What I see and testend in version 0.92.0 is that even with the "ALLOW_CLIENT_MFA_CACHING" set to true for the account every terraform plan using the same username and password is sending a duo push which makes it very hard to work good localy.

Also when having this parameter set explicitly it is not working in the provider:
client_request_mfa_token = true

@sfc-gh-asawicki
Copy link
Collaborator

Hey @JESCHO99. Which OS you are working on?

@JESCHO99
Copy link

JESCHO99 commented Jul 1, 2024

Hey @sfc-gh-asawicki, we are working on Windows.

@sfc-gh-asawicki
Copy link
Collaborator

Okay, that's a lead.

AFAIK the caching works on macos and linux distros. The caching needs the CGO_ENABLED for the macos and windows builds. Apparently, the current build setup is not linking the required c libs correctly for windows builds. A fix will require a ground-up rework of our release pipelines or finding a workaround solution for windows builds.

We will follow up with the problem internally but for now, we can suggest only:

cc: @sfc-gh-sthyagaraj

@JESCHO99
Copy link

JESCHO99 commented Jul 2, 2024

Hey @sfc-gh-asawicki, thanks for pointing out what is not working here and delivering some workarounds. I guess when this is solved this issue ticket will be closed? So we will just keep watching. Thanks for your help!

@sfc-gh-asawicki
Copy link
Collaborator

Yes, we will update you on this issue as soon as we make any progress with the caching problems. In the meantime, please inform us if you try any of these workarounds or when you come up with something different (it might be helpful).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Used to mark issues with provider's incorrect behavior category:provider_config
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@afeld @hahuang65 @JESCHO99 @sfc-gh-jcieslak @sfc-gh-asawicki