anasinnyk / terraform-provider-onepassword Goto Github PK
View Code? Open in Web Editor NEWTerraform provider for 1Password
License: GNU Lesser General Public License v3.0
Terraform provider for 1Password
License: GNU Lesser General Public License v3.0
Is your feature request related to a problem? Please describe.
We are currently evaluating if we can use 1password with this provider. While looking through the documentation, i noticed that there seems to be not way to assign a Group to a Vault. However it is possible to assign Accounts to Groups -> #44
Is there something i am missing here?
Describe the solution you'd like
A ressource that accepts a groupname and a vaultname and assigns the given Group to the Vault
Is your feature request related to a problem? Please describe.
No
Describe the solution you'd like
Add this provider to the community list, in order to ease the installation.
Describe alternatives you've considered
Manual steps in the README of the project.
Additional context
See https://www.terraform.io/docs/providers/type/community-index.html
Hi,
Thanks for a great plugin!
Instead of demanding that the user sets up the following environment variables:
OP_EMAIL
OP_PASSWORD
OP_SECRET_KEY
OP_SESSION_subdomain
which the op
cli tool instructs the user to export?I would be willing to giving implementing it myself a try, but I have never worked in go, so I am not sure if I would be able to pull it off without help.
Hi,
I'm trying to use your Provider which is working great. One thing I am not able to understand how to use ( or maybe is not supported? ) is how to upsert an existing entry.
Looks at this TF code example:
data "onepassword_vault" "test" {
name = "test vault"
}
data "onepassword_item_login" "test" {
name = "test-item"
vault = "${data.onepassword_vault.test.id}"
}
resource "onepassword_item_login" "test" {
name = "${data.onepassword_item_login.test.name}"
vault = "${data.onepassword_item_login.test.vault}"
url = "http://test.com"
}
Expected:
The existing entry is updated into the URL field
Actually:
The entry is created with the same identical name in the same vault.
Any help on this is highly appreciated :)
Thank you in advance!
OP Version: 0.6.1
Provider: 0.5.0
Trying to add a password to a vault with the following command:
resource "onepassword_item_password" "this" { name = "Password From Terraform" url = "https://example.com" password = "adsfnkoang9-24-ht0h09gah-2-d" vault = "Test Terraform Provider" }
When apply is run the following message is show. If executed the vault is deleted and then it tries to ad the password.
n execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
Terraform will perform the following actions:
Plan: 1 to add, 0 to change, 1 to destroy.
It shouldn't be deleting the vault.
Can you add the support for EU 1Password tenant
like this: dummy-company.1password.eu
thnx
Hi,
I'm trying to make use of this provider in an alpine container, for that to work the build step in your travis pipeline needs to have CGO_ENABLED=0
env var set.
Other providers have experienced similar issues, and solved it with this env var, for example: alexkappa/terraform-provider-auth0#175
Is your feature request related to a problem? Please describe.
The new op
versions look to have the ability to manage users and groups. This seems like a nice feature given that op
is the only way [that I know] to programmatically manage these resources.
Describe the solution you'd like
user
which will look up an existing user in the system. An actual resource for this would be much more difficult, but this feature request would only need the user identifier.group_member
resource for managing the user's membership within a given group.Describe alternatives you've considered
I would love for a 1Password API, but without that the current alternative has been to manually manage these users, leading to much drift from human error.
Hello,
Thank you for this provider, I'm trying to use it as data source for Terraform input values.
Not sure if it's related to my environment, but haven't found any similar issue, so decided to create a new one.
So, when OP_SESSION is working, everything is working fine, but when it expired, I just got this error during terraform plan/apply
commands:
Error: rpc error: code = Unavailable desc = transport is closing
And the same error I got when trying to lookup non-existing item with datasource.
So my question is: Am I doing something wrong or there are no error messages for expired access and non-existing tokens?
terraform {
required_providers {
onepassword = {
source = "anasinnyk/onepassword"
version = "1.2.1"
}
}
}
provider "onepassword" {
subdomain = "test"
}
data "onepassword_item_password" "this" {
name = "example-pass-item"
}
resource "example" "this" {
password = data.onepassword_item_password.this.password
}
After installing the provider and running the execution, I get the following error, can you tell me how can I solve it?
Tried my OP_version version below, the error was similar.
export OP_version = 0.7.1
Error: Cannot signin:
Exit code: fork/exec /tmp/terraform-provider-onepassword/0.7.1/op: no such file or directory
Default
Error: Cannot signin:
Exit code: fork/exec /tmp/terraform-provider-onepassword/1.4.0/op: no such file or directory
We found a strange error case today while adding two data
references from 1Password. After adding the new secrets to Terraform using the 1Password provider, we saw an error without much helpful output.
$ terraform plan
...
Error: rpc error: code = Unavailable desc = transport is closing
Error: rpc error: code = Canceled desc = context canceled
...
After removing one of the data
references from our terraform.yml
we managed to get some useful errors (see bottom) which led us to find that someone had managed to enter two entries into 1Password with the same title Azure Elastic Cloud API key
in the same vault.
Not sure if this is a terraform
problem or something this provider should handle?
What we expected to happen: duplicate 1Password error presented to us during terraform plan
What actually happened: errors shown were not useful
Terraform provider:
terraform {
required_providers {
onepassword = {
source = "anasinnyk/onepassword"
version = "~> 1.2.1"
}
}
required_version = "~> 0.13"
}
Terraform yml:
data "onepassword_item_password" "search_cloud_id" {
name = "Azure Elastic Cloud ID"
vault = data.onepassword_vault.vault_name.id
}
data "onepassword_item_password" "search_api_key" {
name = "Azure Elastic Cloud API key"
vault = data.onepassword_vault.vault_name.id
}
resource "kubernetes_secret" "search" {
metadata {
name = "search"
namespace = kubernetes_namespace.production.id
}
data = {
"ELASTICSEARCH_CLOUD_ID" = data.onepassword_item_password.api_search_cloud_id.password
"ELASTICSEARCH_API_KEY" = data.onepassword_item_password.api_search_api_key.password
}
type = "Opaque"
}
Errors after removing one data
reference:
panic: runtime error: invalid memory address or nil pointer dereference
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: [signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x147d1bd]
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1:
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: goroutine 194 [running]:
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: github.com/anasinnyk/terraform-provider-1password/onepassword.resourceItemPasswordRead(0x19418a0, 0xc0004ac540, 0xc000096f80, 0x173d040, 0xc0007ac740, 0xc0003bce40, 0xc000119910, 0x100c9b8)
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: github.com/anasinnyk/terraform-provider-1password/onepassword/resource_item_password.go:75 +0x18d
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).read(0xc0004613f0, 0x1941820, 0xc000384300, 0xc000096f80, 0x173d040, 0xc0007ac740, 0x0, 0x0, 0x0)
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:288 +0x1ec
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).ReadDataApply(0xc0004613f0, 0x1941820, 0xc000384300, 0xc000304b80, 0x173d040, 0xc0007ac740, 0xc0007ac740, 0xc000304b80, 0x0, 0x0)
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:489 +0xff
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: github.com/hashicorp/terraform-plugin-sdk/v2/internal/helper/plugin.(*GRPCProviderServer).ReadDataSource(0xc00026e6a0, 0x1941820, 0xc000384300, 0xc0003842c0, 0xc00026e6a0, 0xc00026e6b0, 0x185a058)
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: github.com/hashicorp/terraform-plugin-sdk/[email protected]/internal/helper/plugin/grpc_provider.go:1102 +0x4c5
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: github.com/hashicorp/terraform-plugin-sdk/v2/internal/tfplugin5._Provider_ReadDataSource_Handler.func1(0x1941820, 0xc000384300, 0x17dcd60, 0xc0003842c0, 0xc000384300, 0x1773c80, 0xc0004ac401, 0xc000304640)
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: github.com/hashicorp/terraform-plugin-sdk/[email protected]/internal/tfplugin5/tfplugin5.pb.go:3348 +0x86
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: github.com/hashicorp/terraform-plugin-sdk/v2/plugin.Serve.func3.1(0x19418e0, 0xc0003d4480, 0x17dcd60, 0xc0003842c0, 0xc000304620, 0xc000304640, 0xc0007c8ba0, 0x11b81c8, 0x17c7a20, 0xc0003d4480)
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: github.com/hashicorp/terraform-plugin-sdk/[email protected]/plugin/serve.go:76 +0x87
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: github.com/hashicorp/terraform-plugin-sdk/v2/internal/tfplugin5._Provider_ReadDataSource_Handler(0x17fdb60, 0xc00026e6a0, 0x19418e0, 0xc0003d4480, 0xc0004ac4e0, 0xc00000d080, 0x19418e0, 0xc0003d4480, 0xc000010090, 0x90)
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: github.com/hashicorp/terraform-plugin-sdk/[email protected]/internal/tfplugin5/tfplugin5.pb.go:3350 +0x14b
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: google.golang.org/grpc.(*Server).processUnaryRPC(0xc00027ae00, 0x1949c60, 0xc000103380, 0xc00018e000, 0xc00020acf0, 0x1e49910, 0x0, 0x0, 0x0)
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: google.golang.org/[email protected]/server.go:1171 +0x50a
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: google.golang.org/grpc.(*Server).handleStream(0xc00027ae00, 0x1949c60, 0xc000103380, 0xc00018e000, 0x0)
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: google.golang.org/[email protected]/server.go:1494 +0xccd
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: google.golang.org/grpc.(*Server).serveStreams.func1.2(0xc0000382e0, 0xc00027ae00, 0x1949c60, 0xc000103380, 0xc00018e000)
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: google.golang.org/[email protected]/server.go:834 +0xa1
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: created by google.golang.org/grpc.(*Server).serveStreams.func1
2021-08-27T15:34:29.367+0930 [DEBUG] plugin.terraform-provider-onepassword_v1.2.1: google.golang.org/[email protected]/server.go:832 +0x204
2021-08-27T15:34:29.368+0930 [WARN] plugin.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2021/08/27 15:34:29 [ERROR] eval: *terraform.evalReadDataRefresh, err: rpc error: code = Unavailable desc = transport is closing
2021/08/27 15:34:29 [ERROR] eval: *terraform.evalReadDataRefresh, err: rpc error: code = Unavailable desc = transport is closing
2021/08/27 15:34:29 [ERROR] eval: *terraform.evalReadDataRefresh, err: rpc error: code = Unavailable desc = transport is closing
2021/08/27 15:34:29 [ERROR] eval: *terraform.EvalSequence, err: rpc error: code = Unavailable desc = transport is closing
2021-08-27T15:34:29.369+0930 [DEBUG] plugin: plugin process exited: path=.terraform/plugins/registry.terraform.io/anasinnyk/onepassword/1.2.1/darwin_amd64/terraform-provider-onepassword_v1.2.1 pid=17549 error="exit status 2"
2021/08/27 15:34:29 [ERROR] eval: *terraform.EvalSequence, err: rpc error: code = Unavailable desc = transport is closing
2021/08/27 15:34:29 [TRACE] [walkRefresh] Exiting eval tree: data.onepassword_item_password.search_api_key
2021/08/27 15:34:29 [ERROR] eval: *terraform.EvalSequence, err: rpc error: code = Unavailable desc = transport is closing
2021/08/27 15:34:29 [TRACE] vertex "data.onepassword_item_password.search_api_key": visit complete
2021/08/27 15:34:29 [TRACE] vertex "data.onepassword_item_password.search_api_key": dynamic subgraph encountered errors
2021/08/27 15:34:29 [TRACE] vertex "data.onepassword_item_password.search_api_key": visit complete
2021/08/27 15:34:29 [TRACE] vertex "data.onepassword_item_password.search_api_key (expand)": dynamic subgraph encountered errors
2021/08/27 15:34:29 [TRACE] vertex "data.onepassword_item_password.search_api_key (expand)": visit complete
2021/08/27 15:34:29 [TRACE] dag/walk: upstream of "provider[\"registry.terraform.io/hashicorp/kubernetes\"] (close)" errored, so skipping
2021/08/27 15:34:29 [TRACE] dag/walk: upstream of "provider[\"registry.terraform.io/anasinnyk/onepassword\"] (close)" errored, so skipping
2021/08/27 15:34:29 [TRACE] dag/walk: upstream of "root" errored, so skipping
2021-08-27T15:34:29.501+0930 [DEBUG] plugin: plugin exited
2021-08-27T15:34:29.502+0930 [WARN] plugin.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2021-08-27T15:34:29.507+0930 [DEBUG] plugin: plugin process exited: path=.terraform/plugins/registry.terraform.io/hashicorp/kubernetes/1.13.3/darwin_amd64/terraform-provider-kubernetes_v1.13.3_x4 pid=17673
2021-08-27T15:34:29.507+0930 [DEBUG] plugin: plugin exited
!!!!!!!!!!!!!!!!!!!!!!!!!!! TERRAFORM CRASH !!!!!!!!!!!!!!!!!!!!!!!!!!!!
Terraform crashed! This is always indicative of a bug within Terraform.
A crash log has been placed at "crash.log" relative to your current
working directory. It would be immensely helpful if you could please
report the crash with Terraform[1] so that we can fix this.
When reporting bugs, please include your terraform version. That
information is available on the first line of crash.log. You can also
get it by running 'terraform --version' on the command line.
SECURITY WARNING: the "crash.log" file that was created may contain
sensitive information that must be redacted before it is safe to share
on the issue tracker.
[1]: https://github.com/hashicorp/terraform/issues
!!!!!!!!!!!!!!!!!!!!!!!!!!! TERRAFORM CRASH !!!!!!!!!!!!!!!!!!!!!!!!!!!!
I've been testing this out to retrieve the fields from data "onepassword_item_common"
so that I could then take those fields and use in a k8s secret resource. From what I gather, it can only return the ID (UUID) of the item in the vault, not the entire record with all the fields within that item, is that correct?
Hello,
We have a team account in 1Password and we are using the following sign-in address while using the 1Password cli: .ent.1password.com
I'm trying to configure the 1password provider in Terraform, using the followind fields:
provider "onepassword" {
version = ">= 0.6.3" #I'm using the latest release of the 1password provider
email = var.onepassword_email
password = var.onepassword_password
secret_key = var.onepassword_secret_key
subdomain = "myteam.ent" # Optional. Comes from <subdomain>.1password.com.
}
The above code fails to connect to my 1Password vault, it throws the below error:
Error: Cannot signin: [ERROR] 2020/06/23 14:43:21 Couldn't connect to the sign in address you provided. Make sure the address is correct and check your network connection, then try again.
Is this a bug or is there something wrong in the way I've filled the subdomain field?
I'm using the following versions:
Terraform v0.12.26
Thanks!
This happens during terraform plan
in 'ubuntu:bionic' container.
# terraform --version
2020/08/01 02:15:39 [INFO] Terraform version: 0.12.26
2020/08/01 02:15:39 [INFO] Go runtime version: go1.12.13
2020/08/01 02:10:52 [TRACE] buildProviderConfig for provider.onepassword: using explicit config only
2020/08/01 02:10:52 [TRACE] GRPCProvider: GetSchema
2020-08-01T02:10:52.849Z [TRACE] plugin.stdio: waiting for stdio data
2020-08-01T02:10:52.850Z [WARN] plugin.stdio: received EOF, stopping recv loop: err="rpc error: code = Unimplemented desc = unknown service plugin.GRPCStdio"
2020/08/01 02:10:52 [TRACE] GRPCProvider: Configure
2020/08/01 02:10:57 [TRACE] dag/walk: vertex "provider.onepassword (close)" is waiting for "data.onepassword_item_secure_note.this"
2020/08/01 02:10:57 [TRACE] dag/walk: vertex "data.onepassword_item_secure_note.this" is waiting for "provider.onepassword"
2020/08/01 02:10:57 [TRACE] dag/walk: vertex "root" is waiting for "provider.onepassword (close)"
2020/08/01 02:11:02 [TRACE] dag/walk: vertex "provider.onepassword (close)" is waiting for "data.onepassword_item_secure_note.this"
2020/08/01 02:11:02 [TRACE] dag/walk: vertex "data.onepassword_item_secure_note.this" is waiting for "provider.onepassword"
2020/08/01 02:11:02 [TRACE] dag/walk: vertex "root" is waiting for "provider.onepassword (close)"
2020/08/01 02:11:07 [TRACE] dag/walk: vertex "data.onepassword_item_secure_note.this" is waiting for "provider.onepassword"
2020/08/01 02:11:07 [TRACE] dag/walk: vertex "provider.onepassword (close)" is waiting for "data.onepassword_item_secure_note.this"
2020/08/01 02:11:07 [TRACE] dag/walk: vertex "root" is waiting for "provider.onepassword (close)"
2020/08/01 02:11:12 [TRACE] dag/walk: vertex "data.onepassword_item_secure_note.this" is waiting for "provider.onepassword"
2020/08/01 02:11:12 [TRACE] dag/walk: vertex "provider.onepassword (close)" is waiting for "data.onepassword_item_secure_note.this"
2020/08/01 02:11:12 [TRACE] dag/walk: vertex "root" is waiting for "provider.onepassword (close)"
2020/08/01 02:11:17 [TRACE] dag/walk: vertex "provider.onepassword (close)" is waiting for "data.onepassword_item_secure_note.this"
2020/08/01 02:11:17 [TRACE] dag/walk: vertex "data.onepassword_item_secure_note.this" is waiting for "provider.onepassword"
2020/08/01 02:11:17 [TRACE] dag/walk: vertex "root" is waiting for "provider.onepassword (close)"
2020/08/01 02:11:22 [TRACE] dag/walk: vertex "provider.onepassword (close)" is waiting for "data.onepassword_item_secure_note.this"
2020/08/01 02:11:22 [TRACE] dag/walk: vertex "data.onepassword_item_secure_note.this" is waiting for "provider.onepassword"
2020/08/01 02:11:22 [TRACE] dag/walk: vertex "root" is waiting for "provider.onepassword (close)"
2020/08/01 02:11:27 [TRACE] dag/walk: vertex "data.onepassword_item_secure_note.this" is waiting for "provider.onepassword"
2020/08/01 02:11:27 [TRACE] dag/walk: vertex "root" is waiting for "provider.onepassword (close)"
2020/08/01 02:11:27 [TRACE] dag/walk: vertex "provider.onepassword (close)" is waiting for "data.onepassword_item_secure_note.this"
2020/08/01 02:11:32 [TRACE] dag/walk: vertex "data.onepassword_item_secure_note.this" is waiting for "provider.onepassword"
2020/08/01 02:11:32 [TRACE] dag/walk: vertex "provider.onepassword (close)" is waiting for "data.onepassword_item_secure_note.this"
2020/08/01 02:11:32 [TRACE] dag/walk: vertex "root" is waiting for "provider.onepassword (close)"
Hi, thanks for doing the good work!
I have a problem to report regarding this version checking call with latest op
CLI versions for Mac:
https://github.com/anasinnyk/terraform-provider-1password/blob/d16ba4384601a0f68f2b5eaafeb496e6072c0b29/onepassword/provider.go#L157
My observation is that using an OP_VERSION
env var has no longer an effect due to the parameter --raw
which is apparently no longer supported, which in turn makes the provider enter the installOPClient
routine.
Tested with Mac op
versions:
Running op --version --raw
has this effect:
$ op --version --raw
[LOG] 2020/05/13 18:23:27 (ERROR) unknown flag: --raw
Usage:
op [command]
...
HI Team,
Thanks for making this provider! Unfortunately I can't get this working with Terraform 0.12.1. I have downloaded v0.30.0 of your plugin (Darwin) and added it to ~/.terraform.d/plugins/darwin_amd64. I'm on Mac OS Mojave 10.14.5.
I have added the following provider instantiation from your example expecting it to fail due to bad creds.
provider "onepassword" {
email = "[email protected]"
password = "super secret master password"
secret_key = "A3-XXXXXX-XXXXXXX-XXXXX-XXXXX-XXXXX-XXXXX"
subdomain = "company"
}
However when I try terraform init
I get the following error.
Provider "onepassword" not available for installation.
I have the ALKS provider installed in the same directory and it is recognized as expected, so I don't think it's something on my side.
Thanks,
Adam
I started using the one password setups and added the provider to my main.tf file and the Terraform Init is failing at the provider level:
**Error: Failed to install provider
Error while installing hashicorp/onepassword: provider registry
registry.terraform.io does not have a provider named
registry.terraform.io/hashicorp/onepassword**
Here is my portion from my main.tf file:
#adding 1Password connection info
provider "onepassword" {
#email = "[email protected]"
#password = "super secret master password"
secret_key = "xx-xxxx-xxx-xxxx-x-xxxx-xxx"
subdomain = "My Company Name"
}
Thanks
Vikram
I have OP_SUBDOMAIN set to 'the1psubdomain', e.g.
export OP_SUBDOMAIN="the1psubdomain"
The dcoumentation indicates this should be all that is required for this provider to defer to using OP_SESSION_the1psubdomain.
However, the plan stage returns:
Error: email, password or secret_key is empty and environment variable OP_SESSION_my is not set
DefaultFunc doco at https://www.terraform.io/docs/extend/schemas/schema-behaviors.html#defaultfunc states that it can not be used if a Default is specified but provides a reasonable example approach to return a default if required.
Provider Version 0.4.1
Terraform Version 0.12.6
While testing this provider, I apply
ed a vault in my org's 1Password installation with
resource "onepassword_vault" "test" {
name = "test"
}
I then manually deleted it from the 1Password web interface and ran the apply
again.
Error: some error in command [get vault 4so7dvevkgmznzwbd3cgoagnty]
Error: exit status 1
Output: [LOG] 2019/08/14 07:34:14 (ERROR) vault 4so7dvevkgmznzwbd3cgoagnty not found
Thanks for the awesome TF provider for 1Password! Just an FYI, the Darwin binary works fine on previous macOS versions. However, if you use the 10.15 (Catalina) Beta, the Darwin binary won't run.
Specifically, upon running terraform plan
, a pop-up message appears saying:
"terraform-provider-onepassword_v0.4.1" can't be opened because its integrity cannot be verified```
The only options are "Move to Trash" or "Cancel".
Your filename makes clear that the binary is 64 bit. Perhaps it involves notarization? I tried to find a workaround, but to no avail.
Hi,
Trying to get my flow back up and running since upgrading my macbook to catalina, I've run across an issue.
Catalina is awkward if you don't have notarized builds; the plugin's strategy of downloading a temporary unsigned binary and running it each time is going to be a pain.
My first thought was to force it to use v0.8.0 via OP_VERSION; this is a signed binary. Unfortunately, it's packaged as a .pkg file rather than a .zip file because of this, and so that doesn't work as the plugin fails to download it.
So instead, I modified the source slightly so that an environment variable OP_BINARY pointing at the op binary would take precedence and avoid the download. That way I could point it at /usr/local/bin/op where I have the 0.8.0 version installed. That works for me, but is a bit of a kludge so I thought I'd raise an issue initially rather than submit a PR. Happy to do the latter if you want (although it's literally a 3 line change).
Cheers,
Olly
Hi @anasinnyk
I just came back to testing your terraform-provider-1password
. I'm using Terraform v0.12.10 and provider.onepassword v0.5.0.
I'm logged into the 1P CLI, and the OP_SESSION_subdomain
token exists. Accordingly, I define the provider using:
provider "onepassword" {
subdomain = "industryvault"
}
When I run terraform apply
to create a resource, the operation succeeds! I confirm the success by looking at the 1P GUI and seeing that the operation did succeed. However, I get an additional error message saying "Missing required argument" involving the API key. See the following, for example:
~/G/g/t/m/onepassword-test (master|โ1) $ terraform apply
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# onepassword_item_login.this will be created
+ resource "onepassword_item_login" "this" {
+ id = (known after apply)
+ name = "iv-testuser1"
+ password = (sensitive value)
+ url = "https://console.jumpcloud.com"
+ username = "testuser1"
+ vault = "Team"
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
onepassword_item_login.this: Creating...
onepassword_item_login.this: Creation complete after 1s [id=vhxbzslpq2zfwtulokeapga4ii]
Error: Missing required argument
The argument "api_key" is required, but was not set.
I can apply and destroy resources no problem, but the error message is a little disconcerting.
Thanks
Kyle
Has anyone succeeded in using in Docker? I get to the apply
part and
onepassword_vault.company_role_vault: Creating...
Error: some error in command [create vault company-role-vault]
Error: fork/exec /tmp/terraform-provider-onepassword/1.4.0/op: no such file or directory
Output:
It appears to be taking the credentials correctly because if I don't then it fails on plan
.
Looking at the op
command installed it appears to be linked against not-alpine, but I'm not exactly a docker nor terraform expert.
~ # ldd /tmp/terraform-provider-onepassword/1.4.0/op
/lib64/ld-linux-x86-64.so.2 (0x7fd792e9e000)
libpthread.so.0 => /lib64/ld-linux-x86-64.so.2 (0x7fd792e9e000)
libc.so.6 => /lib64/ld-linux-x86-64.so.2 (0x7fd792e9e000)
I'm using a fairly standard terraform 0.13.5 and alpine 3.11.2.
This could just be a op
problem, but I wanted to know if others succeeded with docker.
Logins don't work with MFA enabled. It would be great to be able to provide a OTP when using this provider.
Do you have plans to publish this provider in the TF registry?
Currently there's this one, which is a fork of this repo
Hello,
we were using this provider from some moths and suddenly stops working. When we run terraform this error is shown:
`Error: Cannot signin: exit status 189
on main.tf line 24, in provider "onepassword":
24: provider "onepassword" {`
We are using the last version of the provider (0.5.0), the last version of 1password (7.4.3) and 0.12.20 version of Terraform. We also tried with older versions on the provider and 1password but the error persists.
Any help will be appreciated.
Thanks and regards.
๐ Hi, I'm on the Terraform Providers team at HashiCorp. With the release of the Terraform 0.13 beta, users can now download and install community providers from the registry. We are inviting provider authors (especially those for popular community providers) to publish their providers in a closed beta.
To get invited to the closed beta, please email [email protected]. We need:
You can use one key for all of your providers, or separate keys if you prefer. If you are publishing from an organization, this key or keys will be associated with that namespace. Once in the beta, you can manage personal keys in the UI as well.
Hi, thanks for the provider, it's going to (hopefully) solve an important part of automation for me!
I've installed the provider as terraform requires but I get a "failed to instantiate provider" error when terraform reaches the onepassword provider block:
...
[INFO] plugin: configuring client automatic mTLS
[DEBUG] plugin: starting plugin: path=/root/.terraform.d/plugins/linux_amd64/terraform-provider-onepassword_v0.6.2 args=[/root/.terraform.d/plugins/linux_amd64/terraform-provider-onepassword_v0.6.2]
Error: Failed to instantiate provider "onepassword" to obtain schema: fork/exec /root/.terraform.d/plugins/linux_amd64/terraform-provider-onepassword_v0.6.2: exec format error
I'm running the terraform commands in a container based on the hashicorp/terraform:light image.
Are there some undocumented requirements for this provider, or have I missed the documentation?
Is your feature request related to a problem? Please describe.
Considering using this provider for our team/user management system, which is configured using Terraform.
Describe the solution you'd like
A onepassword_group
resource from the "Manage Access" section of the docs: https://support.1password.com/command-line/#manage-access.
Describe alternatives you've considered
We currently perform this act manually, while our GitHub, AWS, and other systems are successfully Terraformed.
Additional context
I'd be happy to take this request on if the repository maintainer welcomes Pull Requests!
Is your feature request related to a problem? Please describe.
The version of this provider released to Terraform's registry doesn't have a darwin_arm64 compatible binary.
Describe the solution you'd like
Seems like the goreleaser config should already build an artifact for arm64. Support for Apple's arm64 architecture was added in Go 1.16. With a minor modification to go.mod I was able to build the binary locally. Happy to open a PR if that's preferred, I just wasn't sure if there were reasons behind targeting just Go 1.12.
Describe alternatives you've considered
What I've been doing so far - modifying to support go 1.17 and compiling the provider from source.
Terraform: 0.12.19
provider.aws: version = "2.46"
provider.onepassword: version = "0.5"
provider.random: version = "2.2"
First off - thanks for this provider, it's been immensely useful.
I'm working on a tf 0.12 project and ran across an issue when trying to template a onepassword_item_common
type resource.
I'm creating one or many aws_db_instance
resources, supplying them a password using random_password
from the random provider and the for_each
iterator and then attempting to automate adding this password, along with some instance attributes to a new item in 1password.
Note, this works fine if I do not use the section block.. so the looping etc does exactly as expected and will create one or many onepass items containing the correct information. I'm using the onepassword_item_common resource so I can include a specific set of fields (the thinking is to use these items as a data source in a subsequent terraform module, so I want a custom 1pass item).
If it would be helpful to see a full example let me know, I didn't want to do that since I'm not 100% certain this isn't a known problem/I'm misusing the section block.
Example vars:
variable rds_instances {
"dev" {
instance_name = "exampledevdb"
op_vault_name = "dev-vault"
storage_gb = "10"
instance_class = "db.t3.micro"
db_user = "devadmin"
multi_az = false
rds_ingress_rules = []
rds_egress_rules = []
}
"uat" {
instance_name = "exampletestdb"
op_vault_name = "uat-vault"
storage_gb = "10"
instance_class = "db.t3.micro"
db_user = "uatadmin"
multi_az = false
rds_ingress_rules = []
rds_egress_rules = []
}
resource "onepassword_item_common" "save_to_onepassword" {
for_each = var.rds_instances
name = "RDS: ${each.value.instance_name}"
vault = each.value.op_vault_name
notes = "Managed by Terraform. Do not update this entry manually."
template = "Config"
section = {
field = {
name = "Username"
string = each.value.db_user
}
field = {
name = "Password"
concealed = random_password.db_pass[each.key].result
}
field = {
name = "Address"
string = aws_db_instance.rds_instance[each.key].address
}
field = {
name = "Port"
string = aws_db_instance.rds_instance[each.key].port
}
field = {
name = "Endpoint"
string = aws_db_instance.rds_instance[each.key].endpoint
}
}
}
A new item is created in specified 1pass vault.
Error: Unsupported argument
on ../../../tf-module-rds/main.tf line 89, in resource "onepassword_item_login" "save_to_onepassword":
89: section = {
An argument named "section" is not expected here. Did you mean to define a
block of type "section"?
TF docs suggest: If you see an error like the following from your tests after upgrading, adding the missing equals sign is usually the answer.
Source: https://www.terraform.io/docs/extend/terraform-0.12-compatibility.html
This also errors as tf is attempting to set field for each element in the section block.
Error: Attribute redefined
on ../../../tf-module-rds/main.tf line 95, in resource "onepassword_item_login" "save_to_onepassword":
95: field = {
The argument "field" was already set at
../../../tf-module-rds/main.tf:90,5-10. Each argument may be set only once.
2020/02/25 16:30:22 [ERROR] module.rds: eval: *terraform.EvalValidateResource, err: Unsupported argument: An argument named "section" is not expected here. Did you mean to define a block of type "section"?
2020/02/25 16:30:22 [ERROR] module.rds: eval: *terraform.EvalSequence, err: Unsupported argument: An argument named "section" is not expected here. Did you mean to define a block of type "section"?
Is your feature request related to a problem? Please describe.
Improved discovery and simplified installation with Terraform 0.13
Describe the solution you'd like
Hi there, we noticed this provider is on our list of community providers, however it has not yet been published to the newly-released Terraform Registry for Providers. We'd like to invite you to get it published. Instructions for doing so are available here. Please note that we will soon be redirecting the community listing page to registry.terraform.io.
Thanks for your contributions and we look forward to seeing the 1Password provider listed soon!
Thanks,
Team Terraform @ HashiCorp
I downloaded the 0.4.0, put it in the correct location and when I terraform plan
I get:
Error: Error asking for user input: 1 error occurred:
* provider.onepassword: fork/exec /<redacted>/.terraform/plugins/darwin_amd64/terraform-provider-onepassword_v0.4.0: exec format error
Is there a problem with the released version?
Getting the following error when running the registry build https://registry.terraform.io/providers/milosbackonja/1password/latest with TF 0.13
2020/10/26 11:25:22 [ERROR] eval: *terraform.EvalValidateResource, err: Invalid resource type: A data resource type "onepassword_vault" is not supported by provider "registry.terraform.io/hashicorp/1password".
2020/10/26 11:25:22 [ERROR] eval: *terraform.EvalSequence, err: Invalid resource type: A data resource type "onepassword_vault" is not supported by provider "registry.terraform.io/hashicorp/1password".
Might seem like a namespacing issue, but not sure. Any ideas?
Hi, I have this:
data "onepassword_item_login" "mylogin" {
name = "[email protected]"
vault = "myvault"
}
I'm able to read the password like so:
"${data.onepassword_item_login.mylogin.password"}
But I cannot read the username (I would like to read the username):
"${data.onepassword_item_login.mylogin.username"}
Is this intended? Am I missing something?
Platform:
Windows10 Pro.
Terraform v0.12.12
provider.onepassword v0.5.0
I downloaded the release directly from here *latest as of this writing. I put it directly into .terraform\plugins\windows_amd64\terraform-provider-onepassword_v0.5.0
Here is a snippet of main.tf:
provider "onepassword" {
subdomain = "myorg"
}
data "onepassword_vault" "myvault"{
name = "rando_vault"
}
Here is my error.
Error: open /tmp/op_0.5.5.zip: The system cannot find the path specified.
on main.tf line 1, in provider "onepassword":
1: provider "onepassword" {
I thought maybe the executable filename was the issue, so I bumped it manually to 0.5.5. Did not resolve the issue.
This is just a feature request, but it would be great to be able to use this provider in a more complex CI/CD scenario.
In order to use a different 1password account than the one currently activated on the machine, the support for the --account
and/or --shorthand
switch(es) for the op signin
call is necessary.
There may be a need to prepare a unique shorthand value for that purpose.
Two (or more) infrastructure environments.
Each environment has a Terraform workspace and a 1password account.
Also, the machine may already have a 1pasword GUI application with active authentication for yet another account.
Each Terraform workspace should to be able to use its respective 1password account under any circumstances.
I use the op
CLI tool to login to 1Password and create an OP_SESSION_*
session. It seems that when the session expires, this plugin crashes.
Example Terraform
When I ran terraform plan/refresh/apply
on this sample (still with an expired session), I saw this:
terraform {
required_providers {
onepassword = {
source = "milosbackonja/1password"
version = "1.1.0"
}
}
provider "onepassword" {}
data "onepassword_item_password" "my_item" {
name = "MyItem"
vault = "Secrets"
}
output "test" {
sensitive = true
value = data.onepassword_item_password.my_item
}
Stacktrace
Stack trace from the terraform-provider-1password_v1.1.0 plugin:
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x147d1bd]
goroutine 30 [running]:
github.com/anasinnyk/terraform-provider-1password/onepassword.resourceItemPasswordRead(0x19418a0, 0xc000810060, 0xc0000f8300, 0x173d040, 0xc00038e520, 0xc000730c30, 0xc0007b3910, 0x100c9b8)
github.com/anasinnyk/terraform-provider-1password/onepassword/resource_item_password.go:75 +0x18d
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).read(0xc0003eb3f0, 0x1941820, 0xc00028c240, 0xc0000f8300, 0x173d040, 0xc00038e520, 0x0, 0x0, 0x0)
github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:288 +0x1ec
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).ReadDataApply(0xc0003eb3f0, 0x1941820, 0xc00028c240, 0xc0005089a0, 0x173d040, 0xc00038e520, 0xc00038e520, 0xc0005089a0, 0x0, 0x0)
github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:489 +0xff
github.com/hashicorp/terraform-plugin-sdk/v2/internal/helper/plugin.(*GRPCProviderServer).ReadDataSource(0xc0001e0640, 0x1941820, 0xc00028c240, 0xc00028c1c0, 0xc0001e0640, 0xc0001e0650, 0x185a058)
github.com/hashicorp/terraform-plugin-sdk/[email protected]/internal/helper/plugin/grpc_provider.go:1102 +0x4c5
github.com/hashicorp/terraform-plugin-sdk/v2/internal/tfplugin5._Provider_ReadDataSource_Handler.func1(0x1941820, 0xc00028c240, 0x17dcd60, 0xc00028c1c0, 0xc00028c240, 0x1773c80, 0x19194d0, 0x0)
github.com/hashicorp/terraform-plugin-sdk/[email protected]/internal/tfplugin5/tfplugin5.pb.go:3348 +0x86
github.com/hashicorp/terraform-plugin-sdk/v2/plugin.Serve.func3.1(0x19418e0, 0xc0004821b0, 0x17dcd60, 0xc00028c1c0, 0xc000616480, 0xc0006164a0, 0xc0007f5ba0, 0x11b81c8, 0x17c7a20, 0xc0004821b0)
github.com/hashicorp/terraform-plugin-sdk/[email protected]/plugin/serve.go:76 +0x87
github.com/hashicorp/terraform-plugin-sdk/v2/internal/tfplugin5._Provider_ReadDataSource_Handler(0x17fdb60, 0xc0001e0640, 0x19418e0, 0xc0004821b0, 0xc0007ec1e0, 0xc000508ac0, 0x19418e0, 0xc0004821b0, 0xc000490000, 0x7d)
github.com/hashicorp/terraform-plugin-sdk/[email protected]/internal/tfplugin5/tfplugin5.pb.go:3350 +0x14b
google.golang.org/grpc.(*Server).processUnaryRPC(0xc0001fcfc0, 0x1949c60, 0xc000602900, 0xc00048c000, 0xc000192d20, 0x1e49910, 0x0, 0x0, 0x0)
google.golang.org/[email protected]/server.go:1171 +0x50a
google.golang.org/grpc.(*Server).handleStream(0xc0001fcfc0, 0x1949c60, 0xc000602900, 0xc00048c000, 0x0)
google.golang.org/[email protected]/server.go:1494 +0xccd
google.golang.org/grpc.(*Server).serveStreams.func1.2(0xc000036280, 0xc0001fcfc0, 0x1949c60, 0xc000602900, 0xc00048c000)
google.golang.org/[email protected]/server.go:834 +0xa1
created by google.golang.org/grpc.(*Server).serveStreams.func1
google.golang.org/[email protected]/server.go:832 +0x204
Error: The terraform-provider-1password_v1.1.0 plugin crashed!
This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.
After the plugin crashed, I executed op logout
(really, any op
command would have worked) and received a console log explaining that my session had expired:
[ERROR] 2022/01/04 13:09:24 session expired, sign in to create a new session
Creating a new session with op
allowed the plugin to work correctly again.
terraform version = 1.1.5
Description of error;
Error: Unable to automatically install v1.4.0 of the op client. Please install manually from https://app-updates.agilebits.com/product_history/CLI
โ
โ with provider["registry.terraform.io/anasinnyk/onepassword"],
โ on providers.tf line 54, in provider "onepassword":
โ 54: provider "onepassword" {
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Op version 2 seems to have changed the commandline arguments.
https://developer.1password.com/docs/cli/upgrade/
Describe the solution you'd like
A clear and concise description of what you want to happen.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Add any other context or screenshots about the feature request here.
When deleting a vault I get the following error:
Error: some error in command [delete vault wqssox3eghnsstvlxgv6gkwtiy]
โ Error: exit status 178
โ Output: [ERROR] 2021/06/14 09:49:08 434: Application Error
I assume the 1Password API has changed and therefore the current DELETE request fails.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.