Is your feature request related to a problem? Please describe.
We are currently evaluating if we can use 1password with this provider. While looking through the documentation, i noticed that there seems to be not way to assign a Group to a Vault. However it is possible to assign Accounts to Groups -> #44

Is there something i am missing here?

Describe the solution you'd like
A ressource that accepts a groupname and a vaultname and assigns the given Group to the Vault

Is your feature request related to a problem? Please describe.
No

Describe the solution you'd like
Add this provider to the community list, in order to ease the installation.

Describe alternatives you've considered
Manual steps in the README of the project.

Additional context
See https://www.terraform.io/docs/providers/type/community-index.html

Hi,

Thanks for a great plugin!

Instead of demanding that the user sets up the following environment variables:

• OP_EMAIL
• OP_PASSWORD
• OP_SECRET_KEY
  would it be possible to read the session token from OP_SESSION_subdomain which the op cli tool instructs the user to export?

I would be willing to giving implementing it myself a try, but I have never worked in go, so I am not sure if I would be able to pull it off without help.

Hi,

I'm trying to use your Provider which is working great. One thing I am not able to understand how to use ( or maybe is not supported? ) is how to upsert an existing entry.

Looks at this TF code example:

data "onepassword_vault" "test" {
  name = "test vault"
}

data "onepassword_item_login" "test" {
  name = "test-item"
  vault = "${data.onepassword_vault.test.id}"
}

resource "onepassword_item_login" "test" {
  name = "${data.onepassword_item_login.test.name}"
  vault = "${data.onepassword_item_login.test.vault}"

  url = "http://test.com"
}

Expected:
The existing entry is updated into the URL field

Actually:
The entry is created with the same identical name in the same vault.

Any help on this is highly appreciated :)

Thank you in advance!

OP Version: 0.6.1
Provider: 0.5.0

Trying to add a password to a vault with the following command:

resource "onepassword_item_password" "this" { name = "Password From Terraform" url = "https://example.com" password = "adsfnkoang9-24-ht0h09gah-2-d" vault = "Test Terraform Provider" }

When apply is run the following message is show. If executed the vault is deleted and then it tries to ad the password.

n execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:

• create

• destroy

Terraform will perform the following actions:

onepassword_item_password.this will be created

• resource "onepassword_item_password" "this" {
  • id = (known after apply)
  • name = "Password From Terraform"
  • password = (sensitive value)
  • url = "https://example.com"
  • vault = "Test Terraform Provider"
    }

onepassword_vault.this will be destroyed

• resource "onepassword_vault" "this" {
  • id = "k5a6iatzrmdddok5lc3z222avm" -> null
  • name = "Test Terraform Provider" -> null
    }

Plan: 1 to add, 0 to change, 1 to destroy.
It shouldn't be deleting the vault.

Can you add the support for EU 1Password tenant
like this: dummy-company.1password.eu

thnx

Hi,

I'm trying to make use of this provider in an alpine container, for that to work the build step in your travis pipeline needs to have CGO_ENABLED=0 env var set.

Other providers have experienced similar issues, and solved it with this env var, for example: alexkappa/terraform-provider-auth0#175

• import
• create
• read
• delete

Is your feature request related to a problem? Please describe.

The new op versions look to have the ability to manage users and groups. This seems like a nice feature given that op is the only way [that I know] to programmatically manage these resources.

Describe the solution you'd like

• A data source for user which will look up an existing user in the system. An actual resource for this would be much more difficult, but this feature request would only need the user identifier.
• A group_member resource for managing the user's membership within a given group.

Describe alternatives you've considered

I would love for a 1Password API, but without that the current alternative has been to manually manage these users, leading to much drift from human error.

Hello,

Thank you for this provider, I'm trying to use it as data source for Terraform input values.
Not sure if it's related to my environment, but haven't found any similar issue, so decided to create a new one.

So, when OP_SESSION is working, everything is working fine, but when it expired, I just got this error during terraform plan/apply commands:

Error: rpc error: code = Unavailable desc = transport is closing

And the same error I got when trying to lookup non-existing item with datasource.

So my question is: Am I doing something wrong or there are no error messages for expired access and non-existing tokens?

Example code

terraform {
  required_providers {
    onepassword = {
      source  = "anasinnyk/onepassword"
      version = "1.2.1"
    }
  }
}

provider "onepassword" {
  subdomain = "test"
}

data "onepassword_item_password" "this" {
  name = "example-pass-item"
}

resource "example" "this" {
  password =  data.onepassword_item_password.this.password
}

Environment

• Terraform v0.14.2
• terraform-provider-onepassword v1.2.1
• 1password cli 1.8.0
• macOS Catalina 10.15.7

After installing the provider and running the execution, I get the following error, can you tell me how can I solve it?
Tried my OP_version version below, the error was similar.
export OP_version = 0.7.1

Error: Cannot signin: 
Exit code: fork/exec /tmp/terraform-provider-onepassword/0.7.1/op: no such file or directory

Default

Error: Cannot signin: 
Exit code: fork/exec /tmp/terraform-provider-onepassword/1.4.0/op: no such file or directory

We found a strange error case today while adding two data references from 1Password. After adding the new secrets to Terraform using the 1Password provider, we saw an error without much helpful output.

$ terraform plan

...
Error: rpc error: code = Unavailable desc = transport is closing
Error: rpc error: code = Canceled desc = context canceled
...

After removing one of the data references from our terraform.yml we managed to get some useful errors (see bottom) which led us to find that someone had managed to enter two entries into 1Password with the same title Azure Elastic Cloud API key in the same vault.

Not sure if this is a terraform problem or something this provider should handle?

What we expected to happen: duplicate 1Password error presented to us during terraform plan

What actually happened: errors shown were not useful

Terraform provider:

terraform {
  required_providers {
    onepassword = {
      source = "anasinnyk/onepassword"
      version = "~> 1.2.1"
    }
  }
  required_version = "~> 0.13"
}

Terraform yml:

data "onepassword_item_password" "search_cloud_id" {
   name  = "Azure Elastic Cloud ID"
   vault = data.onepassword_vault.vault_name.id
}

data "onepassword_item_password" "search_api_key" {
   name  = "Azure Elastic Cloud API key"
   vault = data.onepassword_vault.vault_name.id
}

resource "kubernetes_secret" "search" {
   metadata {
     name      = "search"
     namespace = kubernetes_namespace.production.id
   }
   data = {
     "ELASTICSEARCH_CLOUD_ID" = data.onepassword_item_password.api_search_cloud_id.password
     "ELASTICSEARCH_API_KEY"  = data.onepassword_item_password.api_search_api_key.password
   }
   type = "Opaque"
}

Errors after removing one data reference:

panic: runtime error: invalid memory address or nil pointer dereference
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: [signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x147d1bd]
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1:
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: goroutine 194 [running]:
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: github.com/anasinnyk/terraform-provider-1password/onepassword.resourceItemPasswordRead(0x19418a0, 0xc0004ac540, 0xc000096f80, 0x173d040, 0xc0007ac740, 0xc0003bce40, 0xc000119910, 0x100c9b8)
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1:  github.com/anasinnyk/terraform-provider-1password/onepassword/resource_item_password.go:75 +0x18d
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).read(0xc0004613f0, 0x1941820, 0xc000384300, 0xc000096f80, 0x173d040, 0xc0007ac740, 0x0, 0x0, 0x0)
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1:  github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:288 +0x1ec
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).ReadDataApply(0xc0004613f0, 0x1941820, 0xc000384300, 0xc000304b80, 0x173d040, 0xc0007ac740, 0xc0007ac740, 0xc000304b80, 0x0, 0x0)
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1:  github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:489 +0xff
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: github.com/hashicorp/terraform-plugin-sdk/v2/internal/helper/plugin.(*GRPCProviderServer).ReadDataSource(0xc00026e6a0, 0x1941820, 0xc000384300, 0xc0003842c0, 0xc00026e6a0, 0xc00026e6b0, 0x185a058)
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1:  github.com/hashicorp/terraform-plugin-sdk/[email protected]/internal/helper/plugin/grpc_provider.go:1102 +0x4c5
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: github.com/hashicorp/terraform-plugin-sdk/v2/internal/tfplugin5._Provider_ReadDataSource_Handler.func1(0x1941820, 0xc000384300, 0x17dcd60, 0xc0003842c0, 0xc000384300, 0x1773c80, 0xc0004ac401, 0xc000304640)
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1:  github.com/hashicorp/terraform-plugin-sdk/[email protected]/internal/tfplugin5/tfplugin5.pb.go:3348 +0x86
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: github.com/hashicorp/terraform-plugin-sdk/v2/plugin.Serve.func3.1(0x19418e0, 0xc0003d4480, 0x17dcd60, 0xc0003842c0, 0xc000304620, 0xc000304640, 0xc0007c8ba0, 0x11b81c8, 0x17c7a20, 0xc0003d4480)
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1:  github.com/hashicorp/terraform-plugin-sdk/[email protected]/plugin/serve.go:76 +0x87
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: github.com/hashicorp/terraform-plugin-sdk/v2/internal/tfplugin5._Provider_ReadDataSource_Handler(0x17fdb60, 0xc00026e6a0, 0x19418e0, 0xc0003d4480, 0xc0004ac4e0, 0xc00000d080, 0x19418e0, 0xc0003d4480, 0xc000010090, 0x90)
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1:  github.com/hashicorp/terraform-plugin-sdk/[email protected]/internal/tfplugin5/tfplugin5.pb.go:3350 +0x14b
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: google.golang.org/grpc.(*Server).processUnaryRPC(0xc00027ae00, 0x1949c60, 0xc000103380, 0xc00018e000, 0xc00020acf0, 0x1e49910, 0x0, 0x0, 0x0)
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1:  google.golang.org/[email protected]/server.go:1171 +0x50a
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: google.golang.org/grpc.(*Server).handleStream(0xc00027ae00, 0x1949c60, 0xc000103380, 0xc00018e000, 0x0)
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1:  google.golang.org/[email protected]/server.go:1494 +0xccd
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: google.golang.org/grpc.(*Server).serveStreams.func1.2(0xc0000382e0, 0xc00027ae00, 0x1949c60, 0xc000103380, 0xc00018e000)
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1:  google.golang.org/[email protected]/server.go:834 +0xa1
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: created by google.golang.org/grpc.(*Server).serveStreams.func1
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1:  google.golang.org/[email protected]/server.go:832 +0x204
2021-08-27T15:34:29.368+0930 [WARN]  plugin.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2021/08/27 15:34:29 [ERROR] eval: *terraform.evalReadDataRefresh, err: rpc error: code = Unavailable desc = transport is closing
2021/08/27 15:34:29 [ERROR] eval: *terraform.evalReadDataRefresh, err: rpc error: code = Unavailable desc = transport is closing
2021/08/27 15:34:29 [ERROR] eval: *terraform.evalReadDataRefresh, err: rpc error: code = Unavailable desc = transport is closing
2021/08/27 15:34:29 [ERROR] eval: *terraform.EvalSequence, err: rpc error: code = Unavailable desc = transport is closing
2021-08-27T15:34:29.369+0930 [DEBUG] plugin: plugin process exited: path=.terraform/plugins/registry.terraform.io/anasinnyk/onepassword/1.2.1/darwin_amd64/terraform-provider-onepassword_v1.2.1 pid=17549 error="exit status 2"
2021/08/27 15:34:29 [ERROR] eval: *terraform.EvalSequence, err: rpc error: code = Unavailable desc = transport is closing
2021/08/27 15:34:29 [TRACE] [walkRefresh] Exiting eval tree: data.onepassword_item_password.search_api_key
2021/08/27 15:34:29 [ERROR] eval: *terraform.EvalSequence, err: rpc error: code = Unavailable desc = transport is closing
2021/08/27 15:34:29 [TRACE] vertex "data.onepassword_item_password.search_api_key": visit complete
2021/08/27 15:34:29 [TRACE] vertex "data.onepassword_item_password.search_api_key": dynamic subgraph encountered errors
2021/08/27 15:34:29 [TRACE] vertex "data.onepassword_item_password.search_api_key": visit complete
2021/08/27 15:34:29 [TRACE] vertex "data.onepassword_item_password.search_api_key (expand)": dynamic subgraph encountered errors
2021/08/27 15:34:29 [TRACE] vertex "data.onepassword_item_password.search_api_key (expand)": visit complete
2021/08/27 15:34:29 [TRACE] dag/walk: upstream of "provider[\"registry.terraform.io/hashicorp/kubernetes\"] (close)" errored, so skipping
2021/08/27 15:34:29 [TRACE] dag/walk: upstream of "provider[\"registry.terraform.io/anasinnyk/onepassword\"] (close)" errored, so skipping
2021/08/27 15:34:29 [TRACE] dag/walk: upstream of "root" errored, so skipping
2021-08-27T15:34:29.501+0930 [DEBUG] plugin: plugin exited
2021-08-27T15:34:29.502+0930 [WARN]  plugin.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2021-08-27T15:34:29.507+0930 [DEBUG] plugin: plugin process exited: path=.terraform/plugins/registry.terraform.io/hashicorp/kubernetes/1.13.3/darwin_amd64/terraform-provider-kubernetes_v1.13.3_x4 pid=17673
2021-08-27T15:34:29.507+0930 [DEBUG] plugin: plugin exited



!!!!!!!!!!!!!!!!!!!!!!!!!!! TERRAFORM CRASH !!!!!!!!!!!!!!!!!!!!!!!!!!!!

Terraform crashed! This is always indicative of a bug within Terraform.
A crash log has been placed at "crash.log" relative to your current
working directory. It would be immensely helpful if you could please
report the crash with Terraform[1] so that we can fix this.

When reporting bugs, please include your terraform version. That
information is available on the first line of crash.log. You can also
get it by running 'terraform --version' on the command line.

SECURITY WARNING: the "crash.log" file that was created may contain
sensitive information that must be redacted before it is safe to share
on the issue tracker.

[1]: https://github.com/hashicorp/terraform/issues

!!!!!!!!!!!!!!!!!!!!!!!!!!! TERRAFORM CRASH !!!!!!!!!!!!!!!!!!!!!!!!!!!!

Stackoverflow: https://stackoverflow.com/questions/68978003/terraform-plan-with-1password-provider-fails-with-rpc-error-unavailable-desc-tra/68978004#68978004

I've been testing this out to retrieve the fields from data "onepassword_item_common" so that I could then take those fields and use in a k8s secret resource. From what I gather, it can only return the ID (UUID) of the item in the vault, not the entire record with all the fields within that item, is that correct?

Hello,

We have a team account in 1Password and we are using the following sign-in address while using the 1Password cli: .ent.1password.com

I'm trying to configure the 1password provider in Terraform, using the followind fields:

provider "onepassword" {
        version = ">= 0.6.3"   #I'm using the latest release of the 1password provider
        email = var.onepassword_email
        password = var.onepassword_password
        secret_key = var.onepassword_secret_key
        subdomain = "myteam.ent" # Optional. Comes from <subdomain>.1password.com.
}

The above code fails to connect to my 1Password vault, it throws the below error:

Error: Cannot signin: [ERROR] 2020/06/23 14:43:21 Couldn't connect to the sign in address you provided. Make sure the address is correct and check your network connection, then try again.

Is this a bug or is there something wrong in the way I've filled the subdomain field?
I'm using the following versions:

Terraform v0.12.26

• provider.onepassword v0.6.3

Thanks!

This happens during terraform plan in 'ubuntu:bionic' container.

# terraform --version
2020/08/01 02:15:39 [INFO] Terraform version: 0.12.26  
2020/08/01 02:15:39 [INFO] Go runtime version: go1.12.13

2020/08/01 02:10:52 [TRACE] buildProviderConfig for provider.onepassword: using explicit config only
2020/08/01 02:10:52 [TRACE] GRPCProvider: GetSchema
2020-08-01T02:10:52.849Z [TRACE] plugin.stdio: waiting for stdio data
2020-08-01T02:10:52.850Z [WARN]  plugin.stdio: received EOF, stopping recv loop: err="rpc error: code = Unimplemented desc = unknown service plugin.GRPCStdio"
2020/08/01 02:10:52 [TRACE] GRPCProvider: Configure
2020/08/01 02:10:57 [TRACE] dag/walk: vertex "provider.onepassword (close)" is waiting for "data.onepassword_item_secure_note.this"
2020/08/01 02:10:57 [TRACE] dag/walk: vertex "data.onepassword_item_secure_note.this" is waiting for "provider.onepassword"
2020/08/01 02:10:57 [TRACE] dag/walk: vertex "root" is waiting for "provider.onepassword (close)"
2020/08/01 02:11:02 [TRACE] dag/walk: vertex "provider.onepassword (close)" is waiting for "data.onepassword_item_secure_note.this"
2020/08/01 02:11:02 [TRACE] dag/walk: vertex "data.onepassword_item_secure_note.this" is waiting for "provider.onepassword"
2020/08/01 02:11:02 [TRACE] dag/walk: vertex "root" is waiting for "provider.onepassword (close)"
2020/08/01 02:11:07 [TRACE] dag/walk: vertex "data.onepassword_item_secure_note.this" is waiting for "provider.onepassword"
2020/08/01 02:11:07 [TRACE] dag/walk: vertex "provider.onepassword (close)" is waiting for "data.onepassword_item_secure_note.this"
2020/08/01 02:11:07 [TRACE] dag/walk: vertex "root" is waiting for "provider.onepassword (close)"
2020/08/01 02:11:12 [TRACE] dag/walk: vertex "data.onepassword_item_secure_note.this" is waiting for "provider.onepassword"
2020/08/01 02:11:12 [TRACE] dag/walk: vertex "provider.onepassword (close)" is waiting for "data.onepassword_item_secure_note.this"
2020/08/01 02:11:12 [TRACE] dag/walk: vertex "root" is waiting for "provider.onepassword (close)"
2020/08/01 02:11:17 [TRACE] dag/walk: vertex "provider.onepassword (close)" is waiting for "data.onepassword_item_secure_note.this"
2020/08/01 02:11:17 [TRACE] dag/walk: vertex "data.onepassword_item_secure_note.this" is waiting for "provider.onepassword"
2020/08/01 02:11:17 [TRACE] dag/walk: vertex "root" is waiting for "provider.onepassword (close)"
2020/08/01 02:11:22 [TRACE] dag/walk: vertex "provider.onepassword (close)" is waiting for "data.onepassword_item_secure_note.this"
2020/08/01 02:11:22 [TRACE] dag/walk: vertex "data.onepassword_item_secure_note.this" is waiting for "provider.onepassword"
2020/08/01 02:11:22 [TRACE] dag/walk: vertex "root" is waiting for "provider.onepassword (close)"
2020/08/01 02:11:27 [TRACE] dag/walk: vertex "data.onepassword_item_secure_note.this" is waiting for "provider.onepassword"
2020/08/01 02:11:27 [TRACE] dag/walk: vertex "root" is waiting for "provider.onepassword (close)"
2020/08/01 02:11:27 [TRACE] dag/walk: vertex "provider.onepassword (close)" is waiting for "data.onepassword_item_secure_note.this"
2020/08/01 02:11:32 [TRACE] dag/walk: vertex "data.onepassword_item_secure_note.this" is waiting for "provider.onepassword"
2020/08/01 02:11:32 [TRACE] dag/walk: vertex "provider.onepassword (close)" is waiting for "data.onepassword_item_secure_note.this"
2020/08/01 02:11:32 [TRACE] dag/walk: vertex "root" is waiting for "provider.onepassword (close)"

Hi, thanks for doing the good work!

I have a problem to report regarding this version checking call with latest op CLI versions for Mac:
https://github.com/anasinnyk/terraform-provider-1password/blob/d16ba4384601a0f68f2b5eaafeb496e6072c0b29/onepassword/provider.go#L157

My observation is that using an OP_VERSION env var has no longer an effect due to the parameter --raw which is apparently no longer supported, which in turn makes the provider enter the installOPClient routine.

Tested with Mac op versions:

• 0.9.4
• 0.10.0 (latest as of now)

Running op --version --raw has this effect:

$ op --version --raw
[LOG] 2020/05/13 18:23:27 (ERROR)  unknown flag: --raw
Usage:
  op [command]
...

HI Team,

Thanks for making this provider! Unfortunately I can't get this working with Terraform 0.12.1. I have downloaded v0.30.0 of your plugin (Darwin) and added it to ~/.terraform.d/plugins/darwin_amd64. I'm on Mac OS Mojave 10.14.5.

I have added the following provider instantiation from your example expecting it to fail due to bad creds.

provider "onepassword" {
    email      = "[email protected]"
    password   = "super secret master password"
    secret_key = "A3-XXXXXX-XXXXXXX-XXXXX-XXXXX-XXXXX-XXXXX"
    subdomain  = "company"
}

However when I try terraform init I get the following error.
Provider "onepassword" not available for installation.

I have the ALKS provider installed in the same directory and it is recognized as expected, so I don't think it's something on my side.

Thanks,
Adam

I started using the one password setups and added the provider to my main.tf file and the Terraform Init is failing at the provider level:
**Error: Failed to install provider

Error while installing hashicorp/onepassword: provider registry
registry.terraform.io does not have a provider named
registry.terraform.io/hashicorp/onepassword**

Here is my portion from my main.tf file:
#adding 1Password connection info
provider "onepassword" {
#email = "[email protected]"
#password = "super secret master password"
secret_key = "xx-xxxx-xxx-xxxx-x-xxxx-xxx"
subdomain = "My Company Name"
}

Thanks
Vikram

I have OP_SUBDOMAIN set to 'the1psubdomain', e.g.
export OP_SUBDOMAIN="the1psubdomain"

The dcoumentation indicates this should be all that is required for this provider to defer to using OP_SESSION_the1psubdomain.

However, the plan stage returns:
Error: email, password or secret_key is empty and environment variable OP_SESSION_my is not set

DefaultFunc doco at https://www.terraform.io/docs/extend/schemas/schema-behaviors.html#defaultfunc states that it can not be used if a Default is specified but provides a reasonable example approach to return a default if required.

Provider Version 0.4.1
Terraform Version 0.12.6

While testing this provider, I applyed a vault in my org's 1Password installation with

resource "onepassword_vault" "test" {
  name = "test"
}

I then manually deleted it from the 1Password web interface and ran the apply again.

• Expected: The vault would be recreated.
• Observed: During the state refresh the following error was emitted, stopping the run:

Error: some error in command [get vault 4so7dvevkgmznzwbd3cgoagnty]
Error: exit status 1
Output: [LOG] 2019/08/14 07:34:14 (ERROR) vault 4so7dvevkgmznzwbd3cgoagnty not found

Thanks for the awesome TF provider for 1Password! Just an FYI, the Darwin binary works fine on previous macOS versions. However, if you use the 10.15 (Catalina) Beta, the Darwin binary won't run.

Specifically, upon running terraform plan, a pop-up message appears saying:
"terraform-provider-onepassword_v0.4.1" can't be opened because its integrity cannot be verified```
The only options are "Move to Trash" or "Cancel".

Your filename makes clear that the binary is 64 bit. Perhaps it involves notarization? I tried to find a workaround, but to no avail.

• create
• import
• delete
• read

Hi,
Trying to get my flow back up and running since upgrading my macbook to catalina, I've run across an issue.

Catalina is awkward if you don't have notarized builds; the plugin's strategy of downloading a temporary unsigned binary and running it each time is going to be a pain.

My first thought was to force it to use v0.8.0 via OP_VERSION; this is a signed binary. Unfortunately, it's packaged as a .pkg file rather than a .zip file because of this, and so that doesn't work as the plugin fails to download it.

So instead, I modified the source slightly so that an environment variable OP_BINARY pointing at the op binary would take precedence and avoid the download. That way I could point it at /usr/local/bin/op where I have the 0.8.0 version installed. That works for me, but is a bit of a kludge so I thought I'd raise an issue initially rather than submit a PR. Happy to do the latter if you want (although it's literally a 3 line change).

Cheers,
Olly

Hi @anasinnyk

I just came back to testing your terraform-provider-1password. I'm using Terraform v0.12.10 and provider.onepassword v0.5.0.

I'm logged into the 1P CLI, and the OP_SESSION_subdomain token exists. Accordingly, I define the provider using:

provider "onepassword" {
  subdomain = "industryvault"
}

When I run terraform apply to create a resource, the operation succeeds! I confirm the success by looking at the 1P GUI and seeing that the operation did succeed. However, I get an additional error message saying "Missing required argument" involving the API key. See the following, for example:

~/G/g/t/m/onepassword-test (master|✚1) $ terraform apply

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # onepassword_item_login.this will be created
  + resource "onepassword_item_login" "this" {
      + id       = (known after apply)
      + name     = "iv-testuser1"
      + password = (sensitive value)
      + url      = "https://console.jumpcloud.com"
      + username = "testuser1"
      + vault    = "Team"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

onepassword_item_login.this: Creating...
onepassword_item_login.this: Creation complete after 1s [id=vhxbzslpq2zfwtulokeapga4ii]

Error: Missing required argument

The argument "api_key" is required, but was not set.

I can apply and destroy resources no problem, but the error message is a little disconcerting.

Thanks
Kyle

Has anyone succeeded in using in Docker? I get to the apply part and

onepassword_vault.company_role_vault: Creating...

Error: some error in command [create vault company-role-vault]
Error: fork/exec /tmp/terraform-provider-onepassword/1.4.0/op: no such file or directory
Output:

It appears to be taking the credentials correctly because if I don't then it fails on plan.

Looking at the op command installed it appears to be linked against not-alpine, but I'm not exactly a docker nor terraform expert.

~ # ldd /tmp/terraform-provider-onepassword/1.4.0/op
	/lib64/ld-linux-x86-64.so.2 (0x7fd792e9e000)
	libpthread.so.0 => /lib64/ld-linux-x86-64.so.2 (0x7fd792e9e000)
	libc.so.6 => /lib64/ld-linux-x86-64.so.2 (0x7fd792e9e000)

I'm using a fairly standard terraform 0.13.5 and alpine 3.11.2.

This could just be a op problem, but I wanted to know if others succeeded with docker.

Logins don't work with MFA enabled. It would be great to be able to provide a OTP when using this provider.

Do you have plans to publish this provider in the TF registry?

Currently there's this one, which is a fork of this repo

Hello,

we were using this provider from some moths and suddenly stops working. When we run terraform this error is shown:

`Error: Cannot signin: exit status 189

on main.tf line 24, in provider "onepassword":
24: provider "onepassword" {`

We are using the last version of the provider (0.5.0), the last version of 1password (7.4.3) and 0.12.20 version of Terraform. We also tried with older versions on the provider and 1password but the error persists.

Any help will be appreciated.

Thanks and regards.

👋 Hi, I'm on the Terraform Providers team at HashiCorp. With the release of the Terraform 0.13 beta, users can now download and install community providers from the registry. We are inviting provider authors (especially those for popular community providers) to publish their providers in a closed beta.

To get invited to the closed beta, please email [email protected]. We need:

• A list of GitHub usernames to add to the beta (you and any team members who will publish)
• List of provider repositories you plan to publish
• A GPG public key in ASCII-armor format, which you will be using to sign your provider releases

You can use one key for all of your providers, or separate keys if you prefer. If you are publishing from an organization, this key or keys will be associated with that namespace. Once in the beta, you can manage personal keys in the UI as well.

Hi, thanks for the provider, it's going to (hopefully) solve an important part of automation for me!

I've installed the provider as terraform requires but I get a "failed to instantiate provider" error when terraform reaches the onepassword provider block:

...
[INFO]  plugin: configuring client automatic mTLS
[DEBUG] plugin: starting plugin: path=/root/.terraform.d/plugins/linux_amd64/terraform-provider-onepassword_v0.6.2 args=[/root/.terraform.d/plugins/linux_amd64/terraform-provider-onepassword_v0.6.2]
Error: Failed to instantiate provider "onepassword" to obtain schema: fork/exec /root/.terraform.d/plugins/linux_amd64/terraform-provider-onepassword_v0.6.2: exec format error

I'm running the terraform commands in a container based on the hashicorp/terraform:light image.

Are there some undocumented requirements for this provider, or have I missed the documentation?

Is your feature request related to a problem? Please describe.

Considering using this provider for our team/user management system, which is configured using Terraform.

Describe the solution you'd like

A onepassword_group resource from the "Manage Access" section of the docs: https://support.1password.com/command-line/#manage-access.

Describe alternatives you've considered

We currently perform this act manually, while our GitHub, AWS, and other systems are successfully Terraformed.

Additional context

I'd be happy to take this request on if the repository maintainer welcomes Pull Requests!

Is your feature request related to a problem? Please describe.
The version of this provider released to Terraform's registry doesn't have a darwin_arm64 compatible binary.

Describe the solution you'd like
Seems like the goreleaser config should already build an artifact for arm64. Support for Apple's arm64 architecture was added in Go 1.16. With a minor modification to go.mod I was able to build the binary locally. Happy to open a PR if that's preferred, I just wasn't sure if there were reasons behind targeting just Go 1.12.

Describe alternatives you've considered
What I've been doing so far - modifying to support go 1.17 and compiling the provider from source.

Versions:

Terraform: 0.12.19
provider.aws: version = "2.46"
provider.onepassword: version = "0.5"
provider.random: version = "2.2"

Issue:

First off - thanks for this provider, it's been immensely useful.

I'm working on a tf 0.12 project and ran across an issue when trying to template a onepassword_item_common type resource.

I'm creating one or many aws_db_instance resources, supplying them a password using random_password from the random provider and the for_each iterator and then attempting to automate adding this password, along with some instance attributes to a new item in 1password.

Note, this works fine if I do not use the section block.. so the looping etc does exactly as expected and will create one or many onepass items containing the correct information. I'm using the onepassword_item_common resource so I can include a specific set of fields (the thinking is to use these items as a data source in a subsequent terraform module, so I want a custom 1pass item).

If it would be helpful to see a full example let me know, I didn't want to do that since I'm not 100% certain this isn't a known problem/I'm misusing the section block.

Usage:

Example vars:

variable rds_instances {
    "dev" {
        instance_name                   = "exampledevdb"
        op_vault_name                   = "dev-vault"
        storage_gb                      = "10"
        instance_class                  = "db.t3.micro"
        db_user                         = "devadmin"
        multi_az                        = false
        rds_ingress_rules               = []
        rds_egress_rules                = []
    }
    "uat" {
        instance_name                   = "exampletestdb"
        op_vault_name                   = "uat-vault"
        storage_gb                      = "10"
        instance_class                  = "db.t3.micro"
        db_user                         = "uatadmin"
        multi_az                        = false
        rds_ingress_rules               = []
        rds_egress_rules                = []
    }

resource "onepassword_item_common" "save_to_onepassword" {
  for_each = var.rds_instances 
  name     = "RDS: ${each.value.instance_name}"
  vault    = each.value.op_vault_name
  notes    = "Managed by Terraform. Do not update this entry manually."

  template = "Config"
  section = {
    field = {
      name    = "Username"
      string  = each.value.db_user
    }

    field = {
      name = "Password"
      concealed = random_password.db_pass[each.key].result
    }

    field = {
      name =  "Address"
      string = aws_db_instance.rds_instance[each.key].address
    }

    field = {
      name = "Port"
      string = aws_db_instance.rds_instance[each.key].port
    }

    field = {
      name = "Endpoint"
      string = aws_db_instance.rds_instance[each.key].endpoint
    } 
  }
}

Expected:

A new item is created in specified 1pass vault.

Actual:

Error: Unsupported argument

on ../../../tf-module-rds/main.tf line 89, in resource "onepassword_item_login" "save_to_onepassword":
89: section = {

An argument named "section" is not expected here. Did you mean to define a
block of type "section"?

Explanation:

TF docs suggest: If you see an error like the following from your tests after upgrading, adding the missing equals sign is usually the answer.
Source: https://www.terraform.io/docs/extend/terraform-0.12-compatibility.html

This also errors as tf is attempting to set field for each element in the section block.

Error: Attribute redefined

on ../../../tf-module-rds/main.tf line 95, in resource "onepassword_item_login" "save_to_onepassword":
95: field = {

The argument "field" was already set at
../../../tf-module-rds/main.tf:90,5-10. Each argument may be set only once.

Debug:

2020/02/25 16:30:22 [ERROR] module.rds: eval: *terraform.EvalValidateResource, err: Unsupported argument: An argument named "section" is not expected here. Did you mean to define a block of type "section"?
2020/02/25 16:30:22 [ERROR] module.rds: eval: *terraform.EvalSequence, err: Unsupported argument: An argument named "section" is not expected here. Did you mean to define a block of type "section"?

Is your feature request related to a problem? Please describe.
Improved discovery and simplified installation with Terraform 0.13

Describe the solution you'd like
Hi there, we noticed this provider is on our list of community providers, however it has not yet been published to the newly-released Terraform Registry for Providers. We'd like to invite you to get it published. Instructions for doing so are available here. Please note that we will soon be redirecting the community listing page to registry.terraform.io.

Thanks for your contributions and we look forward to seeing the 1Password provider listed soon!

Thanks,
Team Terraform @ HashiCorp

I downloaded the 0.4.0, put it in the correct location and when I terraform plan I get:

Error: Error asking for user input: 1 error occurred:
	* provider.onepassword: fork/exec /<redacted>/.terraform/plugins/darwin_amd64/terraform-provider-onepassword_v0.4.0: exec format error

Is there a problem with the released version?

Getting the following error when running the registry build https://registry.terraform.io/providers/milosbackonja/1password/latest with TF 0.13

2020/10/26 11:25:22 [ERROR] eval: *terraform.EvalValidateResource, err: Invalid resource type: A data resource type "onepassword_vault" is not supported by provider "registry.terraform.io/hashicorp/1password".
2020/10/26 11:25:22 [ERROR] eval: *terraform.EvalSequence, err: Invalid resource type: A data resource type "onepassword_vault" is not supported by provider "registry.terraform.io/hashicorp/1password".

Might seem like a namespacing issue, but not sure. Any ideas?

Hi, I have this:

data "onepassword_item_login" "mylogin" {
  name  = "[email protected]"
  vault = "myvault"
}

I'm able to read the password like so:

  "${data.onepassword_item_login.mylogin.password"}

But I cannot read the username (I would like to read the username):

  "${data.onepassword_item_login.mylogin.username"}

Is this intended? Am I missing something?

Platform:
Windows10 Pro.
Terraform v0.12.12
provider.onepassword v0.5.0

I downloaded the release directly from here *latest as of this writing. I put it directly into .terraform\plugins\windows_amd64\terraform-provider-onepassword_v0.5.0

Here is a snippet of main.tf:

provider "onepassword" {
  subdomain = "myorg"
}

data "onepassword_vault" "myvault"{
  name = "rando_vault"
}

Here is my error.

Error: open /tmp/op_0.5.5.zip: The system cannot find the path specified.

  on main.tf line 1, in provider "onepassword":
  1: provider "onepassword" {

I thought maybe the executable filename was the issue, so I bumped it manually to 0.5.5. Did not resolve the issue.

This is just a feature request, but it would be great to be able to use this provider in a more complex CI/CD scenario.

Problem Description

In order to use a different 1password account than the one currently activated on the machine, the support for the --account and/or --shorthand switch(es) for the op signin call is necessary.
There may be a need to prepare a unique shorthand value for that purpose.

Use Scenario

Two (or more) infrastructure environments.
Each environment has a Terraform workspace and a 1password account.
Also, the machine may already have a 1pasword GUI application with active authentication for yet another account.
Each Terraform workspace should to be able to use its respective 1password account under any circumstances.

Alternatives

1. Running Terraform in designated docker containers, separate for each environment.

TL;DR

I use the op CLI tool to login to 1Password and create an OP_SESSION_* session. It seems that when the session expires, this plugin crashes.

Example Terraform

When I ran terraform plan/refresh/apply on this sample (still with an expired session), I saw this:

terraform {
  required_providers {
    onepassword = {
      source = "milosbackonja/1password"
      version = "1.1.0"
    }
}

provider "onepassword" {}

data "onepassword_item_password" "my_item" {
    name  = "MyItem"
    vault = "Secrets"
}

output "test" {
    sensitive = true
    value = data.onepassword_item_password.my_item
}

Stacktrace

Stack trace from the terraform-provider-1password_v1.1.0 plugin:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x147d1bd]

goroutine 30 [running]:
github.com/anasinnyk/terraform-provider-1password/onepassword.resourceItemPasswordRead(0x19418a0, 0xc000810060, 0xc0000f8300, 0x173d040, 0xc00038e520, 0xc000730c30, 0xc0007b3910, 0x100c9b8)
        github.com/anasinnyk/terraform-provider-1password/onepassword/resource_item_password.go:75 +0x18d
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).read(0xc0003eb3f0, 0x1941820, 0xc00028c240, 0xc0000f8300, 0x173d040, 0xc00038e520, 0x0, 0x0, 0x0)
        github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:288 +0x1ec
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).ReadDataApply(0xc0003eb3f0, 0x1941820, 0xc00028c240, 0xc0005089a0, 0x173d040, 0xc00038e520, 0xc00038e520, 0xc0005089a0, 0x0, 0x0)
        github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:489 +0xff
github.com/hashicorp/terraform-plugin-sdk/v2/internal/helper/plugin.(*GRPCProviderServer).ReadDataSource(0xc0001e0640, 0x1941820, 0xc00028c240, 0xc00028c1c0, 0xc0001e0640, 0xc0001e0650, 0x185a058)
        github.com/hashicorp/terraform-plugin-sdk/[email protected]/internal/helper/plugin/grpc_provider.go:1102 +0x4c5
github.com/hashicorp/terraform-plugin-sdk/v2/internal/tfplugin5._Provider_ReadDataSource_Handler.func1(0x1941820, 0xc00028c240, 0x17dcd60, 0xc00028c1c0, 0xc00028c240, 0x1773c80, 0x19194d0, 0x0)
        github.com/hashicorp/terraform-plugin-sdk/[email protected]/internal/tfplugin5/tfplugin5.pb.go:3348 +0x86
github.com/hashicorp/terraform-plugin-sdk/v2/plugin.Serve.func3.1(0x19418e0, 0xc0004821b0, 0x17dcd60, 0xc00028c1c0, 0xc000616480, 0xc0006164a0, 0xc0007f5ba0, 0x11b81c8, 0x17c7a20, 0xc0004821b0)
        github.com/hashicorp/terraform-plugin-sdk/[email protected]/plugin/serve.go:76 +0x87
github.com/hashicorp/terraform-plugin-sdk/v2/internal/tfplugin5._Provider_ReadDataSource_Handler(0x17fdb60, 0xc0001e0640, 0x19418e0, 0xc0004821b0, 0xc0007ec1e0, 0xc000508ac0, 0x19418e0, 0xc0004821b0, 0xc000490000, 0x7d)
        github.com/hashicorp/terraform-plugin-sdk/[email protected]/internal/tfplugin5/tfplugin5.pb.go:3350 +0x14b
google.golang.org/grpc.(*Server).processUnaryRPC(0xc0001fcfc0, 0x1949c60, 0xc000602900, 0xc00048c000, 0xc000192d20, 0x1e49910, 0x0, 0x0, 0x0)
        google.golang.org/[email protected]/server.go:1171 +0x50a
google.golang.org/grpc.(*Server).handleStream(0xc0001fcfc0, 0x1949c60, 0xc000602900, 0xc00048c000, 0x0)
        google.golang.org/[email protected]/server.go:1494 +0xccd
google.golang.org/grpc.(*Server).serveStreams.func1.2(0xc000036280, 0xc0001fcfc0, 0x1949c60, 0xc000602900, 0xc00048c000)
        google.golang.org/[email protected]/server.go:834 +0xa1
created by google.golang.org/grpc.(*Server).serveStreams.func1
        google.golang.org/[email protected]/server.go:832 +0x204

Error: The terraform-provider-1password_v1.1.0 plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.

Background

After the plugin crashed, I executed op logout (really, any op command would have worked) and received a console log explaining that my session had expired:

[ERROR] 2022/01/04 13:09:24 session expired, sign in to create a new session

Creating a new session with op allowed the plugin to work correctly again.

terraform version = 1.1.5

Description of error;

Error: Unable to automatically install v1.4.0 of the op client. Please install manually from https://app-updates.agilebits.com/product_history/CLI
│
│ with provider["registry.terraform.io/anasinnyk/onepassword"],
│ on providers.tf line 54, in provider "onepassword":
│ 54: provider "onepassword" {

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Op version 2 seems to have changed the commandline arguments.

https://developer.1password.com/docs/cli/upgrade/

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

When deleting a vault I get the following error:

Error: some error in command [delete vault wqssox3eghnsstvlxgv6gkwtiy]
│ Error: exit status 178
│ Output: [ERROR] 2021/06/14 09:49:08 434: Application Error

I assume the 1Password API has changed and therefore the current DELETE request fails.

• create
• delete
• read
• import