Payload validation error: 'Too few properties defined (0), minimum 1' when creating client grant

[dancrumb]

With the following resource definition:

resource "auth0_client_grant" "test_client_grant" {
  client_id = "${auth0_client.test_client.id}"
  audience  = "${auth0_resource_server.ahana_api.identifier}"

  scope = [
    "file:upload",
    "file:download",
    "medicalHome:update",
  ]
}

I am getting the following error:

Error: Error applying plan:

1 error(s) occurred:

* auth0_client_grant.test_client_grant: 1 error(s) occurred:

* auth0_client_grant.test_client_grant: 400 Bad Request: Payload validation error: 'Too few properties defined (0), minimum 1'.

but there's not really any clear way to debug this... any pointers?

[dancrumb]

This is a pre-existing resource... just trying to change the audience

[alexkappa]

Hi Dan, could you try applying with DEBUG=1 and TF_LOG=1? This should output debug information. What version of the provider are you running?

[dancrumb]

Log is attached; I ran:

 DEBUG=1 TF_LOG=1 terraform apply -target=auth0_client.test_client > auth0.debug.log 2>&1 

auth0.debug.log

I'm using v0.1.3

[alexkappa]

@dancrumb there's a lot of noise in the file, making it a little hard to pinpoint. I'll keep digging though, see if I can find the root cause. My hunch is somewhere between clients and client grants and them agreeing which grants are defined. But I have to look further.

The file you attached, might contain sensitive information (not sure if it's encoded or not). You might want to take it down...

[dancrumb]

All the sensitive info is encrypted; thanks for checking though

…

On Sat, Nov 3, 2018, 08:55 Alex Kalyvitis ***@***.*** wrote: @dancrumb <https://github.com/dancrumb> there's a lot of noise in the file, making it a little hard to pinpoint. I'll keep digging though, see if I can find the root cause. My hunch is somewhere between clients and client grants and them agreeing which grants are defined. But I have to look further. The file you attached, might contain sensitive information (not sure if it's encoded or not). You might want to take it down... — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#50 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AANhT-7MbhP7Yhj8xD1770Z7625CH8bcks5uraAzgaJpZM4YC21m> .

[mattfysh]

I just ran into this issue too, trying to create a new client grant with scope = []
I noticed when terraform previews the plan, that scope is not listed among the other properties (id, audience, client_id) ... not sure if it's a terraform issue, or a bug with the plugin, but the empty scope array appears to be getting dropped and not sent to the Management API.
I've also manually created a client grant against the Management API with scope: [] and this works without issue.

Could it possibly be caused by omitempty?

https://github.com/yieldr/go-auth0/blob/master/management/client_grant.go#L20

To fix I'm temporarily using scope = ["stub"] in my tf file

[alexkappa]

I've merged the referenced PR to remove omitempty from scope and cut a new release. Could you test it with that and let me know if it resolves this issue?

Best,
Alex

[ForbesLindesay]

@alexkappa I just experienced the same error when modifying an auth0_client resource. The only thing I had changed was removing the allowed_origins and web_origins properties. The plan then looked like:

~ module.main.module.my_module.auth0_client.my_resource
    allowed_origins.#:   "1" => "0"
    allowed_origins.0:   "https://example.com" => ""
    web_origins.#:       "1" => "0"
    web_origins.0:       "https://example.com" => ""

Changing another value (removing one of the scopes) allowed me to run terraform apply without errors, but it didn't actually update the allowed_origins or web_origins to remove the values, so running again gave me the original error.

I tried explicitly setting allowed_origins to the empty array, but that also failed.

[gtirloni]

I'm facing the same issue with auth_connection:

  # module.tenant.auth0_connection.google_oauth2 will be updated in-place
  ~ resource "auth0_connection" "google_oauth2" {
      ~ enabled_clients      = [
          - "REDACTED",
        ]
        id                   = "con_REDACTED"
        is_domain_connection = false
        name                 = "google-oauth2"
        realms               = [
            "google-oauth2",
        ]
        strategy             = "google-oauth2"

        options {
            api_enable_users               = false
            basic_profile                  = false
            brute_force_protection         = false
            client_id                      = "REDACTED"
            client_secret                  = (sensitive value)
            configuration                  = (sensitive value)
            custom_scripts                 = {}
            disable_signup                 = false
            domain_aliases                 = []
            enabled_database_customization = false
            ext_admin                      = false
            ext_agreed_terms               = false
            ext_assigned_plans             = false
            ext_groups                     = false
            ext_is_suspended               = false
            ext_nested_groups              = false
            ext_profile                    = false
            import_mode                    = false
            password_dictionary            = {}
            requires_username              = false
            totp                           = {}
            use_wsfed                      = false
            validation                     = {}
            waad_common_endpoint           = false
        }
    }

[github-actions]

This issue is stale because it has been open 30 days with no activity.
Stale issues will be closed after 5 days if no action is taken. If you
think this issue should not be closed, remove the stale label.

[vmandrychenko]

We are still seeing this with v0.2.0

[alexkappa]

@vmandrychenko could you try with the latest release (v0.4.0)?

[stuartwakefield]

Hi, this issue is still occurring with version 0.5 but for us it is happening using the auth0_tenant resource.

When we run the plan we see the following change:

Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # module.auth0.module.tenant.auth0_tenant.tenant will be updated in-place
  ~ resource "auth0_tenant" "tenant" {
        allowed_logout_urls   = []
        default_directory     = "Username-Password-Authentication"
      ~ enabled_locales       = [
          - "en",
        ]
        friendly_name         = "Tenant"
        id                    = "terraform-20200306123852845500000001"
        idle_session_lifetime = 0
        sandbox_version       = "8"
        session_lifetime      = 0

        flags {
            change_pwd_flow_v1                     = false
            disable_clickjack_protection_headers   = false
            enable_apis_section                    = false
            enable_client_connections              = false
            enable_custom_domain_in_emails         = false
            enable_dynamic_client_registration     = false
            enable_legacy_logs_search_v2           = false
            enable_pipeline2                       = false
            enable_public_signup_user_exists_error = false
            universal_login                        = false
        }
    }

Trying to apply the plan results in:

Terraform v0.12.20
Initializing plugins and modules...
2020/03/06 12:45:23 [DEBUG] Using modified User-Agent: Terraform/0.12.20 TFC/c37fc3f871
module.auth0.module.tenant.auth0_tenant.tenant: Modifying... [id=terraform-20200306123852845500000001]

Error: 400 Bad Request: Payload validation error: 'Too few properties defined (0), minimum 1'

Attempting to resolve the issue by making the Terraform match the environment changes by adding an
enabled_locales field:

Error: Unsupported argument

  on modules/auth0-tenant/main.tf line 8, in resource "auth0_tenant" "tenant":
   8:   enabled_locales = [

An argument named "enabled_locales" is not expected here.

Any ideas?

[zrosenbauer]

I'm seeing this issue too currently. It seems to have to do with the custom pages.

[xanderflood]

I'm also having this issue with auth0_tenant after upgrading from 0.6 to 0.8. It seems that there's no way to omit error_page (and other fields like guardian_mfa_page and change_password) from the actual request bodies - instead we wind up pushing empty blocks, which isn't valid.

[zrosenbauer]

I ended up just copying in the templates to the repo from Auth0.

…

On Tue, Apr 7, 2020 at 8:29 PM xanderflood ***@***.***> wrote: I'm also having this issue with auth0_tenant after upgrading from 0.6 to 0.8. It seems that there's no way to *omit* error_page (and other fields like guardian_mfa_page and change_password) from the actual request bodies - instead we wind up pushing empty blocks, which isn't valid. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#50 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AA2TF7I5Z63I2DF2MMXRR53RLPHQFANCNFSM4GALNVTA> .

-- Zac Rosenbauer