[BUG] Export of security settings fails with maintained iframe_urls

[Zearom]

Is there an existing issue for this?

• I have searched the existing issues

What version of the Terraform exporter are you using?

1.2.0

What version of the Terraform CLI/OpenTofu CLI are you using?

1.12.2

What type of issue are you facing

bug report

Describe the bug

It seems with version 1.7 of the SAP/BTP-Terraform-Provider the export of security settings is no longer working if at least one iFrame Url has been maintained in the security settings of the subaccount.

The export fails with the error message "Attribute "iframe_domains_list" cannot be specified when "iframe_domains" is specified" and "Attribute "iframe_domains" cannot be specified when "iframe_domains_list" is specified", which indicates a problem with the validations in the provider.

It looks like the btptf application sets the urls in both attributes, which of course prevents the validation routine of both attributes.

> btptf export-by-json -s <sniped>

🚀 Terraform configuration export started ...

set up config directory "generated_configurations_<snaped>"

✓  done crafting import block for BTP_SUBACCOUNT_SECURITY_SETTING
⣻  generating Terraform configuration for BTP_SUBACCOUNT_SECURITY_SETTING╷
│ Error: Invalid Attribute Combination
│ 
│   with btp_subaccount_security_settings.secsetting,
│   on btp_resources.tf line 4:
│   (source code not available)
│ 
│ Attribute "iframe_domains_list" cannot be specified when "iframe_domains" is specified
╵
╷
│ Error: Invalid Attribute Combination
│ 
│   with btp_subaccount_security_settings.secsetting,
│   on btp_resources.tf line 5:
│   (source code not available)
│ 
│ Attribute "iframe_domains" cannot be specified when "iframe_domains_list" is specified
╵

2025/07/03 22:06:41 error generating Terraform configuration for BTP_SUBACCOUNT_SECURITY_SETTING: error running Terraform plan: exit status 1

btp-ressources.tf

# __generated__ by Terraform
# Please review these resources and move them into your main configuration files.

# __generated__ by Terraform
resource "btp_subaccount_security_settings" "secsetting" {
  access_token_validity                    = -1
  custom_email_domains                     = []
  default_identity_provider                = "sap.default"
  iframe_domains                           = "https://sap.com"
  iframe_domains_list                      = ["https://sap.com"]
  refresh_token_validity                   = -1
  subaccount_id                            = "<sniped>"
  treat_users_with_same_email_as_same_user = false
}

Expected Behavior

• The security settings should be exported
• iframe-urls should be listed in the "iframe_domains_list" attribute
• The Attribute iframe_domains must remain empty.

Steps To Reproduce

1. Create a subaccount
2. Maintain at least one iframe url in the security settings
3. Create a export-json, "btptf create-json -s "
4. Executing the export, "btptf create-by-json -s "
5. Export fails.

User's Role Collections

• Subaccount Administrator

Add screenshots to help explain your problem

No response

Additional context

No response

[lechnerc77]

Analysis:

• Error happens during terraform plan -generate-config-out=generated_config.tf
• Does not happen during manual import.

Probably due to READ and consequent schema validation during this command. A fix must be delivered via the Terraform provider.
Once the fix is available

• The new Terraform provider version must be added to the exporter
• The integration test must be enhanced to cover this sceanrio

[lechnerc77]

• New provider version is released and integrated into Terraform Exporter for SAP BTP
• Tests were updated and executed successfully: see https://github.com/SAP/terraform-exporter-btp/actions/runs/16440514473

Fix will be available with next version