Node 18 GA (non-beta) is not supported in Terraform

[tadhglewis]

Checklist

• I have looked into the README and have not found a suitable solution or answer.
• I have looked into the documentation and have not found a suitable solution or answer.
• I have searched the issues and have not found a suitable solution or answer.
• I have upgraded to the latest version of this provider and the issue still persists.
• I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• I agree to the terms within the Auth0 Code of Conduct.

Description

node18 is the beta runtime and it seems node18-actions is a GA / non-beta - why is this even a separate release? was there a breaking change between the beta and ga version?

When click-opsing to Node 18 (recommended), it sets the TF remote state to node18-actions however you can't set node18-actions due to the provider validation Error: expected runtime to be one of [node12 node16 node18], got node18-actions

Expectation

Be able to use Node 18 non-beta in Actions

Reproduction

1. Set to node18 in terraform
2. View management dashboard and you will see Upgrade this action from the Node 18 Beta to Node 18 GA runtime.
3. Click-ops to upgrade
4. Set runtime to node18-actions in Terraform - fails provider validation and terraform is out of date compared to clickoped

Auth0 Terraform Provider version

0,50,0

Terraform version

NA

[tadhglewis]

#771

[sergiught]

Hey @tadhglewis 👋🏻

This is a duplicate of #705, which was already fixed for the v1.0.0-beta.1 version. Please also check #705 (comment).

[tadhglewis]

@sergiught Ah cool. How stable is the beta currently? We're pretty keen to use 1.0.0 as it resolves some issues but typically we skip betas to avoid bugs... Seem to be running into more issues not being on the beta though 😅

[sergiught]

@tadhglewis the current latest v1.0.0-beta.1 is pretty stable and there are no known issues, or any other plans for breaking changes. However I do admit that the migration guide could seem a little intimidating: https://github.com/auth0/terraform-provider-auth0/blob/main/MIGRATION_GUIDE.md as there are a lot of points to address, but I'd advise going through them now rather than latter when we release v1 GA. If you encounter any issues we're more than happy to support you asap.

[tadhglewis]

@sergiught just putting it in here to avoid the noise in issues as it is a combination of terraform and backend api issue and probably not relevant to others. Let me know if you want a separate issue though.

We've migrated to the beta and we're running into an issue. We migrated from using token_endpoint_auth_method attribute on auth0_client to a separate resource

resource "auth0_client_credentials" "xxx" {
  client_id = auth0_client.xxx.id

  authentication_method = "client_secret_post"
}

In our plan we get one resource to be created however when we apply, we get the following error: Error: 403 Forbidden: You cannot read the following fields: client_secret

We specifically avoid adding read secret scopes so we don't end up with a sensitive tf state however docs state this should be fine

To access this attribute you need to add the read:client_keys scope to the Terraform client. Otherwise, the attribute will contain an empty string

https://registry.terraform.io/providers/auth0/auth0/latest/docs/resources/client_credentials#optional

[sergiught]

Hey @tadhglewis 👋🏻

Thanks for raising this. I was able to reproduce and understand what's happening when we don't have the read:client_secret permission enabled on the generated api token.

The issue is here:

terraform-provider-auth0/internal/auth0/client/resource_credentials.go

Lines 204 to 212 in aefc55d

	client, err := api.Client.Read(
	data.Id(),
	management.IncludeFields(
	"client_id",
	"client_secret",
	"token_endpoint_auth_method",
	"client_authentication_methods",
	),
	)

where we explicitly, call out that we want to read the client_secret when we retrieve the client data.

Would you mind opening a separate issue for this so we can better track the fix for it? 🙏🏻