From 44f4de18dfe444ec3b78a4ca3e8e8b0179c0bc8e Mon Sep 17 00:00:00 2001 From: William Park Date: Tue, 28 Nov 2023 12:50:09 -0800 Subject: [PATCH 01/15] Add debugging and commit signing instructions to CONTRIBUTING.md --- CONTRIBUTING.md | 49 ++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 42 insertions(+), 7 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 687dc214..69b0ba0a 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -7,7 +7,7 @@ Thanks for your interest in contributing to the 1Password Connect Terraform Prov Run the following command to build the 1Password Connect Terraform Provider: ```sh -go build . +$ go build . ``` This will create the `terraform-provider-onepassword` binary. @@ -17,19 +17,19 @@ This will create the `terraform-provider-onepassword` binary. To run the Go tests and check test coverage run the following command: ```sh -go test -v ./... -cover +$ go test -v ./... -cover ``` -## Installing plugin locally +## Installing the Provider Locally -Refer to the following sections of the Terraform's "Custom Framework Providers" tutorial to install this plugin locally: +Refer to the following sections of the Terraform's "Custom Framework Providers" tutorial to install this provider locally: - [Prepare Terraform for local provider install](https://developer.hashicorp.com/terraform/tutorials/providers-plugin-framework/providers-plugin-framework-provider#prepare-terraform-for-local-provider-install) - [Locally install provider and verify with Terraform](https://developer.hashicorp.com/terraform/tutorials/providers-plugin-framework/providers-plugin-framework-provider#locally-install-provider-and-verify-with-terraform) -## Using plugin locally +## Using the Provider Locally -In your Terraform configuration you will need to specify the `op` plugin with: +In your Terraform configuration you will need to specify the `onepassword` provider with: ```tf terraform { @@ -48,6 +48,37 @@ provider "onepassword" { After copying a newly-built version of the provider to the plugins directory you will have to run `terraform init` again. If you forget to do this then Terraform will error out and tell you to do so. +## Start a Debugging Session + +Ensure that the `dev_overrides` block was added to your `~/.terraformrc` file, using `"1Password/onepassword"` as the source. Refer to the [Installing the Plugin Locally](#installing-the-plugin-locally) section for instructions. + +Build the provider without optimizations enabled: + +```sh +$ go build -gcflags="all=-N -l" . +``` + +Start a Delve debugging session: + +```sh +$ dlv debug . -- --debug +Type 'help' for list of commands. +(dlv) continue +``` + +**Note**: Editors like GoLand can be configured to start a debugging session as well. Just be sure to pass the `--debug` flag as a program argument. + +If a debugging session was started properly, the provider should print the following output to `stdout`: + +```sh +Provider started, to attach Terraform set the TF_REATTACH_PROVIDERS env var: + + TF_REATTACH_PROVIDERS='{"1Password/onepassword":{"Protocol":"grpc","Pid":3382870,"Test":true,"Addr":{"Network":"unix","String":"/tmp/plugin713096927"}}}' + +``` + +Copy the line starting with `TF_REATTACH_PROVIDERS` from your provider's output. Either export it, or prefix every Terraform command with it, and run Terraform as usual. Any breakpoints you have set will halt execution and show you the current variable values. + ## Generating Documentation Documentation is generated for the provider using [terraform-plugin-docs](https://github.com/hashicorp/terraform-plugin-docs). This plugin uses the schema `Description` field in conjunction with the contents of the `/templates` and `/examples` folders to generate the `/docs` content. @@ -55,5 +86,9 @@ Documentation is generated for the provider using [terraform-plugin-docs](https: To regenerate the `/docs` Markdown run: ```sh -go generate +$ go generate ``` + +## Sign Your Commits + +To get your PR merged, we require you to sign your commits. Fortunately, this has become very easy to [set up](https://developer.1password.com/docs/ssh/git-commit-signing/)! From 5093c896e3efb0f3dc2d69c2261c1c44a9d9946d Mon Sep 17 00:00:00 2001 From: William Park Date: Tue, 28 Nov 2023 12:52:49 -0800 Subject: [PATCH 02/15] Change 'Start a Debugging Session' header to 'Debugging' --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 69b0ba0a..0673f59c 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -48,7 +48,7 @@ provider "onepassword" { After copying a newly-built version of the provider to the plugins directory you will have to run `terraform init` again. If you forget to do this then Terraform will error out and tell you to do so. -## Start a Debugging Session +## Debugging Ensure that the `dev_overrides` block was added to your `~/.terraformrc` file, using `"1Password/onepassword"` as the source. Refer to the [Installing the Plugin Locally](#installing-the-plugin-locally) section for instructions. From 3d4354e8b6830727a51f2735a1df544394c075a2 Mon Sep 17 00:00:00 2001 From: William Park Date: Tue, 28 Nov 2023 12:58:12 -0800 Subject: [PATCH 03/15] Remove $ symbol from terminal commands --- CONTRIBUTING.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 0673f59c..2b1ad25b 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -7,7 +7,7 @@ Thanks for your interest in contributing to the 1Password Connect Terraform Prov Run the following command to build the 1Password Connect Terraform Provider: ```sh -$ go build . +go build . ``` This will create the `terraform-provider-onepassword` binary. @@ -17,7 +17,7 @@ This will create the `terraform-provider-onepassword` binary. To run the Go tests and check test coverage run the following command: ```sh -$ go test -v ./... -cover +go test -v ./... -cover ``` ## Installing the Provider Locally @@ -55,13 +55,13 @@ Ensure that the `dev_overrides` block was added to your `~/.terraformrc` file, u Build the provider without optimizations enabled: ```sh -$ go build -gcflags="all=-N -l" . +go build -gcflags="all=-N -l" . ``` Start a Delve debugging session: ```sh -$ dlv debug . -- --debug +dlv debug . -- --debug Type 'help' for list of commands. (dlv) continue ``` @@ -86,7 +86,7 @@ Documentation is generated for the provider using [terraform-plugin-docs](https: To regenerate the `/docs` Markdown run: ```sh -$ go generate +go generate ``` ## Sign Your Commits From fe07d56ebc482d5c7b9b891960d387f621b20d63 Mon Sep 17 00:00:00 2001 From: William Park Date: Tue, 28 Nov 2023 13:01:36 -0800 Subject: [PATCH 04/15] Update the 'Installing the Provider Locally' section link --- CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 2b1ad25b..fdba89f0 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -50,7 +50,7 @@ After copying a newly-built version of the provider to the plugins directory you ## Debugging -Ensure that the `dev_overrides` block was added to your `~/.terraformrc` file, using `"1Password/onepassword"` as the source. Refer to the [Installing the Plugin Locally](#installing-the-plugin-locally) section for instructions. +Ensure that the `dev_overrides` block was added to your `~/.terraformrc` file, using `"1Password/onepassword"` as the source. Refer to the [Installing the Provider Locally](#installing-the-provider-locally) section for instructions. Build the provider without optimizations enabled: From bfb3373e5e78764e6a250b662e7f11c188b829ca Mon Sep 17 00:00:00 2001 From: Volodymyr Zotov Date: Tue, 28 Nov 2023 16:37:56 -0600 Subject: [PATCH 05/15] Add CLI version option to the bug report template --- .github/ISSUE_TEMPLATE/bug_report.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 74309ec0..40f94caa 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -18,6 +18,11 @@ https://start.1password.com/integrations/active --> Connect Server Version: + +CLI Version: + OS: From 48008f38357dc30a6b7dd6d2d9df030b421eecbe Mon Sep 17 00:00:00 2001 From: Volodymyr Zotov Date: Tue, 28 Nov 2023 16:44:53 -0600 Subject: [PATCH 06/15] Add service account options to the provider initialization --- docs/index.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/index.md b/docs/index.md index 48e18a15..e3d9f8d9 100644 --- a/docs/index.md +++ b/docs/index.md @@ -9,8 +9,6 @@ description: |- Use the 1Password Connect Terraform Provider to reference, create, or update items in your existing vaults using [1Password Secrets Automation](https://1password.com/secrets). -## Using a Service Account Token - The 1Password Connect Terraform Provider supports both the [1Password Connect Server](https://developer.1password.com/docs/secrets-automation/#1password-connect-server) and [1Password Service Accounts](https://developer.1password.com/docs/secrets-automation/#1password-service-accounts). To use a service account token, the [1Password CLI](https://developer.1password.com/docs/cli) has to be installed on the machine running terraform. For how to do this in terraform cloud, see @@ -21,6 +19,9 @@ and [1Password Service Accounts](https://developer.1password.com/docs/secrets-au ```terraform provider "onepassword" { url = "http://localhost:8080" + token = "CONNECT_TOKEN" + service_account_token = "SERVICE_ACCOUNT_TOKEN" + op_cli_path = "op_cli_path" } ``` From 30e3144adc53bbd12e9638801a492df9f5ddda23 Mon Sep 17 00:00:00 2001 From: Volodymyr Zotov Date: Tue, 28 Nov 2023 16:49:41 -0600 Subject: [PATCH 07/15] Use 1Password Terraform Provider term instead of 1Password Connect Terraform Provider As currently Provider supports both Connect and Service Accounts the name will be more general --- CHANGELOG.md | 2 +- CONTRIBUTING.md | 4 ++-- README.md | 4 ++-- docs/index.md | 8 ++++---- onepassword/provider.go | 2 +- templates/index.md.tmpl | 8 ++++---- 6 files changed, 14 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 115197c8..8a696252 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -128,7 +128,7 @@ Support custom sections and fields for Login, Password, and Database Items # v0.1.0 -Initial 1Password Connect Terraform Provider release +Initial 1Password Terraform Provider release ## Features: diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 687dc214..f6b22991 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,10 +1,10 @@ # Contributing -Thanks for your interest in contributing to the 1Password Connect Terraform Provider project! 🙌 We appreciate your time and effort. Here are some guidelines to help you get started. +Thanks for your interest in contributing to the 1Password Terraform Provider project! 🙌 We appreciate your time and effort. Here are some guidelines to help you get started. ## Building -Run the following command to build the 1Password Connect Terraform Provider: +Run the following command to build the 1Password Terraform Provider: ```sh go build . diff --git a/README.md b/README.md index 7c21becf..513bbd73 100644 --- a/README.md +++ b/README.md @@ -2,8 +2,8 @@
-

1Password Connect Terraform Provider

-

Use the 1Password Connect Terraform Provider to access and manage items in your 1Password vaults.

+

1Password Terraform Provider

+

Use the 1Password Terraform Provider to access and manage items in your 1Password vaults.

Get started diff --git a/docs/index.md b/docs/index.md index e3d9f8d9..06fb091f 100644 --- a/docs/index.md +++ b/docs/index.md @@ -2,14 +2,14 @@ layout: "" page_title: "Provider: 1Password" description: |- - Use the 1Password Connect Terraform Provider to reference, create, or update logins, password and database items in your 1Password Vaults. + Use the 1Password Terraform Provider to reference, create, or update logins, password and database items in your 1Password Vaults. --- -# 1Password Connect Terraform Provider +# 1Password Terraform Provider -Use the 1Password Connect Terraform Provider to reference, create, or update items in your existing vaults using [1Password Secrets Automation](https://1password.com/secrets). +Use the 1Password Terraform Provider to reference, create, or update items in your existing vaults using [1Password Secrets Automation](https://1password.com/secrets). -The 1Password Connect Terraform Provider supports both the [1Password Connect Server](https://developer.1password.com/docs/secrets-automation/#1password-connect-server) +The 1Password Terraform Provider supports both the [1Password Connect Server](https://developer.1password.com/docs/secrets-automation/#1password-connect-server) and [1Password Service Accounts](https://developer.1password.com/docs/secrets-automation/#1password-service-accounts). To use a service account token, the [1Password CLI](https://developer.1password.com/docs/cli) has to be installed on the machine running terraform. For how to do this in terraform cloud, see [here](https://developer.hashicorp.com/terraform/cloud-docs/run/install-software#only-install-standalone-binaries). diff --git a/onepassword/provider.go b/onepassword/provider.go index af4595d7..07a1f243 100644 --- a/onepassword/provider.go +++ b/onepassword/provider.go @@ -35,7 +35,7 @@ func init() { // } } -// Provider The 1Password Connect terraform provider +// Provider The 1Password Terraform Provider func Provider() *schema.Provider { providerUserAgent := fmt.Sprintf(terraformProviderUserAgent, version.ProviderVersion) provider := &schema.Provider{ diff --git a/templates/index.md.tmpl b/templates/index.md.tmpl index cbed554c..ee6ae1c0 100644 --- a/templates/index.md.tmpl +++ b/templates/index.md.tmpl @@ -2,16 +2,16 @@ layout: "" page_title: "Provider: 1Password" description: |- - Use the 1Password Connect Terraform Provider to reference, create, or update logins, password and database items in your 1Password Vaults. + Use the 1Password Terraform Provider to reference, create, or update logins, password and database items in your 1Password Vaults. --- -# 1Password Connect Terraform Provider +# 1Password Terraform Provider -Use the 1Password Connect Terraform Provider to reference, create, or update items in your existing vaults using [1Password Secrets Automation](https://1password.com/secrets). +Use the 1Password Terraform Provider to reference, create, or update items in your existing vaults using [1Password Secrets Automation](https://1password.com/secrets). ## Using a Service Account Token -The 1Password Connect Terraform Provider supports both the [1Password Connect Server](https://developer.1password.com/docs/secrets-automation/#1password-connect-server) +The 1Password Terraform Provider supports both the [1Password Connect Server](https://developer.1password.com/docs/secrets-automation/#1password-connect-server) and [1Password Service Accounts](https://developer.1password.com/docs/secrets-automation/#1password-service-accounts). To use a service account token, the [1Password CLI](https://developer.1password.com/docs/cli) has to be installed on the machine running terraform. For how to do this in terraform cloud, see [here](https://developer.hashicorp.com/terraform/cloud-docs/run/install-software#only-install-standalone-binaries). From 9c053041f4980d08cab74915f1a500c3cfabc944 Mon Sep 17 00:00:00 2001 From: Volodymyr Zotov Date: Tue, 28 Nov 2023 16:53:32 -0600 Subject: [PATCH 08/15] Update generated docs --- docs/index.md | 6 +++--- examples/provider/provider.tf | 5 ++++- templates/index.md.tmpl | 2 -- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/docs/index.md b/docs/index.md index 06fb091f..50ba4f78 100644 --- a/docs/index.md +++ b/docs/index.md @@ -18,10 +18,10 @@ and [1Password Service Accounts](https://developer.1password.com/docs/secrets-au ```terraform provider "onepassword" { - url = "http://localhost:8080" - token = "CONNECT_TOKEN" + url = "http://localhost:8080" + token = "CONNECT_TOKEN" service_account_token = "SERVICE_ACCOUNT_TOKEN" - op_cli_path = "op_cli_path" + op_cli_path = "OP_CLI_PATH" } ``` diff --git a/examples/provider/provider.tf b/examples/provider/provider.tf index 8939835c..201b4389 100644 --- a/examples/provider/provider.tf +++ b/examples/provider/provider.tf @@ -1,3 +1,6 @@ provider "onepassword" { - url = "http://localhost:8080" + url = "http://localhost:8080" + token = "CONNECT_TOKEN" + service_account_token = "SERVICE_ACCOUNT_TOKEN" + op_cli_path = "OP_CLI_PATH" } diff --git a/templates/index.md.tmpl b/templates/index.md.tmpl index ee6ae1c0..8b4d8309 100644 --- a/templates/index.md.tmpl +++ b/templates/index.md.tmpl @@ -9,8 +9,6 @@ description: |- Use the 1Password Terraform Provider to reference, create, or update items in your existing vaults using [1Password Secrets Automation](https://1password.com/secrets). -## Using a Service Account Token - The 1Password Terraform Provider supports both the [1Password Connect Server](https://developer.1password.com/docs/secrets-automation/#1password-connect-server) and [1Password Service Accounts](https://developer.1password.com/docs/secrets-automation/#1password-service-accounts). To use a service account token, the [1Password CLI](https://developer.1password.com/docs/cli) has to be installed on the machine running terraform. For how to do this in terraform cloud, see From 923637149f98d840df75a1136de6924b972af071 Mon Sep 17 00:00:00 2001 From: Volodymyr Zotov Date: Tue, 28 Nov 2023 17:11:04 -0600 Subject: [PATCH 09/15] Mention known Service Accounts 'conflict' issue. https://github.com/1Password/terraform-provider-onepassword/issues/108 --- docs/index.md | 9 +++++++++ templates/index.md.tmpl | 9 +++++++++ 2 files changed, 18 insertions(+) diff --git a/docs/index.md b/docs/index.md index 50ba4f78..3cc03ade 100644 --- a/docs/index.md +++ b/docs/index.md @@ -34,3 +34,12 @@ provider "onepassword" { - `service_account_token` (String) A valid token for your 1Password Service Account. Can also be sourced from OP_SERVICE_ACCOUNT_TOKEN. Either this or `token` must be set. - `token` (String) A valid token for your 1Password Connect API. Can also be sourced from OP_CONNECT_TOKEN. Either this or `service_account_token` must be set. - `url` (String) The HTTP(S) URL where your 1Password Connect API can be found. Must be provided through the OP_CONNECT_HOST environment variable if this attribute is not set. Can be omitted, if service_account_token is set. + +## Known Service Accounts limitation: +Users may encounter the following error `op error: (409) Conflict: Internal server conflict` when create/update/delete a bunch of items in the same vault as Terraform Provider handles each resource separately and therefore it makes a bunch of parallel requests using CLI for each of the resources. + +There are some ways to avoid this: +1. Use `depends_on` in your resource definition to make sure the Provider makes requests sequentially. +2. After it fails with `409` error run `terraform apply` again till all the changes will be applied. +3. Use Connect. +4. Put items in the different vaults. diff --git a/templates/index.md.tmpl b/templates/index.md.tmpl index 8b4d8309..7d95f70b 100644 --- a/templates/index.md.tmpl +++ b/templates/index.md.tmpl @@ -19,3 +19,12 @@ and [1Password Service Accounts](https://developer.1password.com/docs/secrets-au {{tffile "examples/provider/provider.tf"}} {{ .SchemaMarkdown | trimspace }} + +## Known Service Accounts limitation: +Users may encounter the following error `op error: (409) Conflict: Internal server conflict` when create/update/delete a bunch of items in the same vault as Terraform Provider handles each resource separately and therefore it makes a bunch of parallel requests using CLI for each of the resources. + +There are ways to avoid this: +1. Use `depends_on` in your resource definition to make sure the Provider makes requests sequentially. +2. After it fails with `409` error run `terraform apply` again till all the changes will be applied. +3. Use Connect. +4. Put items in the different vaults. From bfcfc0a631f94e70a75cfe288795d88bf4311e17 Mon Sep 17 00:00:00 2001 From: Volodymyr Zotov Date: Tue, 28 Nov 2023 17:12:11 -0600 Subject: [PATCH 10/15] Mention known Service Accounts 'conflict' issue will be fixed in the next release. --- templates/index.md.tmpl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/index.md.tmpl b/templates/index.md.tmpl index 7d95f70b..64d9cb85 100644 --- a/templates/index.md.tmpl +++ b/templates/index.md.tmpl @@ -28,3 +28,5 @@ There are ways to avoid this: 2. After it fails with `409` error run `terraform apply` again till all the changes will be applied. 3. Use Connect. 4. Put items in the different vaults. + +This will be addressed in the next release. \ No newline at end of file From 5c77cedd3eb773e786283e8105a77ca35448cdc2 Mon Sep 17 00:00:00 2001 From: Volodymyr Zotov Date: Tue, 28 Nov 2023 17:14:07 -0600 Subject: [PATCH 11/15] Generate docs --- docs/index.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/index.md b/docs/index.md index 3cc03ade..61726a1a 100644 --- a/docs/index.md +++ b/docs/index.md @@ -38,8 +38,10 @@ provider "onepassword" { ## Known Service Accounts limitation: Users may encounter the following error `op error: (409) Conflict: Internal server conflict` when create/update/delete a bunch of items in the same vault as Terraform Provider handles each resource separately and therefore it makes a bunch of parallel requests using CLI for each of the resources. -There are some ways to avoid this: +There are ways to avoid this: 1. Use `depends_on` in your resource definition to make sure the Provider makes requests sequentially. 2. After it fails with `409` error run `terraform apply` again till all the changes will be applied. 3. Use Connect. 4. Put items in the different vaults. + +This will be addressed in the next release. \ No newline at end of file From fb10c554b741be8a49a2b34093fbb0a1eeee0ec1 Mon Sep 17 00:00:00 2001 From: Volodymyr Zotov Date: Wed, 29 Nov 2023 16:51:36 -0600 Subject: [PATCH 12/15] Update all the documents as per reviewers suggestions --- CHANGELOG.md | 2 +- CONTRIBUTING.md | 47 ++++++++++++++++++++++++++++++----------- README.md | 4 ++-- docs/index.md | 30 +++++++++++++++----------- onepassword/provider.go | 2 +- templates/index.md.tmpl | 30 +++++++++++++++----------- 6 files changed, 75 insertions(+), 40 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8a696252..f6208224 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -128,7 +128,7 @@ Support custom sections and fields for Login, Password, and Database Items # v0.1.0 -Initial 1Password Terraform Provider release +Initial 1Password Terraform provider release ## Features: diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index b4ef66ef..8e59dcce 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,10 +1,10 @@ # Contributing -Thanks for your interest in contributing to the 1Password Terraform Provider project! 🙌 We appreciate your time and effort. Here are some guidelines to help you get started. +Thanks for your interest in contributing to the 1Password Terraform provider project! 🙌 We appreciate your time and effort. Here are some guidelines to help you get started. ## Building -Run the following command to build the 1Password Terraform Provider: +Run the following command to build the 1Password Terraform provider: ```sh go build . @@ -20,16 +20,16 @@ To run the Go tests and check test coverage run the following command: go test -v ./... -cover ``` -## Installing the Provider Locally +## Installing the provider locally Refer to the following sections of the Terraform's "Custom Framework Providers" tutorial to install this provider locally: - [Prepare Terraform for local provider install](https://developer.hashicorp.com/terraform/tutorials/providers-plugin-framework/providers-plugin-framework-provider#prepare-terraform-for-local-provider-install) - [Locally install provider and verify with Terraform](https://developer.hashicorp.com/terraform/tutorials/providers-plugin-framework/providers-plugin-framework-provider#locally-install-provider-and-verify-with-terraform) -## Using the Provider Locally +## Using the provider locally -In your Terraform configuration you will need to specify the `onepassword` provider with: +You must specify the `onepassword` provider in your Terraform configuration: ```tf terraform { @@ -46,11 +46,11 @@ provider "onepassword" { } ``` -After copying a newly-built version of the provider to the plugins directory you will have to run `terraform init` again. If you forget to do this then Terraform will error out and tell you to do so. +After copying a newly built version of the provider to the plugins directory, you need to run `terraform init` again. Otherwise, Terraform returns an error. ## Debugging -Ensure that the `dev_overrides` block was added to your `~/.terraformrc` file, using `"1Password/onepassword"` as the source. Refer to the [Installing the Provider Locally](#installing-the-provider-locally) section for instructions. +Make sure you add the `dev_overrides` block to your `~/.terraformrc` file (using `"1Password/onepassword"` as the source). For instructions, refer to the [Installing the provider locally](#installing-the-provider-locally). Build the provider without optimizations enabled: @@ -66,9 +66,9 @@ Type 'help' for list of commands. (dlv) continue ``` -**Note**: Editors like GoLand can be configured to start a debugging session as well. Just be sure to pass the `--debug` flag as a program argument. +**Note**: You can also configure editors like GoLand to start a debugging session by passing the `--debug` flag as a program argument. -If a debugging session was started properly, the provider should print the following output to `stdout`: +If a debugging session was starts correctly, the provider prints the following output to `stdout`: ```sh Provider started, to attach Terraform set the TF_REATTACH_PROVIDERS env var: @@ -79,7 +79,7 @@ Provider started, to attach Terraform set the TF_REATTACH_PROVIDERS env var: Copy the line starting with `TF_REATTACH_PROVIDERS` from your provider's output. Either export it, or prefix every Terraform command with it, and run Terraform as usual. Any breakpoints you have set will halt execution and show you the current variable values. -## Generating Documentation +## Generating documentation Documentation is generated for the provider using [terraform-plugin-docs](https://github.com/hashicorp/terraform-plugin-docs). This plugin uses the schema `Description` field in conjunction with the contents of the `/templates` and `/examples` folders to generate the `/docs` content. @@ -89,6 +89,29 @@ To regenerate the `/docs` Markdown run: go generate ``` -## Sign Your Commits +## Sign your commits -To get your PR merged, we require you to sign your commits. Fortunately, this has become very easy to [set up](https://developer.1password.com/docs/ssh/git-commit-signing/)! +To get your PR merged, we require you to sign your commits. + +### Sign commits with `1Password` + +You can also sign commits using 1Password, which lets you sign commits with biometrics without the signing key leaving the local 1Password process. + +Learn how to use [1Password to sign your commits](https://developer.1password.com/docs/ssh/git-commit-signing/). + + +### Sign commits with `ssh-agent` + +Follow the steps below to set up commit signing with `ssh-agent`: + +1. Generate an SSH key and add it to ssh-agent +2. Add the SSH key to your GitHub account +3. Configure git to use your SSH key for commit signing + +### Sign commits `gpg` + +Follow the steps below to set up commit signing with `gpg`: + +1. Generate a GPG key +2. Add the GPG key to your GitHub account +3. Configure git to use your GPG key for commit signing \ No newline at end of file diff --git a/README.md b/README.md index 513bbd73..52fe4c3a 100644 --- a/README.md +++ b/README.md @@ -2,8 +2,8 @@
-

1Password Terraform Provider

-

Use the 1Password Terraform Provider to access and manage items in your 1Password vaults.

+

1Password Terraform provider

+

Use the 1Password Terraform provider to access and manage items in your 1Password vaults.

Get started diff --git a/docs/index.md b/docs/index.md index 61726a1a..e00bd1eb 100644 --- a/docs/index.md +++ b/docs/index.md @@ -2,17 +2,17 @@ layout: "" page_title: "Provider: 1Password" description: |- - Use the 1Password Terraform Provider to reference, create, or update logins, password and database items in your 1Password Vaults. + Use the 1Password Terraform provider to reference, create, or update logins, passwords, and database items in your 1Password vaults. --- -# 1Password Terraform Provider +# 1Password Terraform provider -Use the 1Password Terraform Provider to reference, create, or update items in your existing vaults using [1Password Secrets Automation](https://1password.com/secrets). +Use the 1Password Terraform provider to reference, create, or update items in your existing vaults using [1Password Secrets Automation](https://1password.com/secrets). -The 1Password Terraform Provider supports both the [1Password Connect Server](https://developer.1password.com/docs/secrets-automation/#1password-connect-server) +The 1Password Terraform provider supports using both [1Password Connect Server](https://developer.1password.com/docs/secrets-automation/#1password-connect-server) and [1Password Service Accounts](https://developer.1password.com/docs/secrets-automation/#1password-service-accounts). To use a service account token, the -[1Password CLI](https://developer.1password.com/docs/cli) has to be installed on the machine running terraform. For how to do this in terraform cloud, see -[here](https://developer.hashicorp.com/terraform/cloud-docs/run/install-software#only-install-standalone-binaries). +You must install [1Password CLI](https://developer.1password.com/docs/cli) on the machine running Terraform. Refer to the +[Terraform documentation](https://developer.hashicorp.com/terraform/cloud-docs/run/install-software#only-install-standalone-binaries) to learn how to install 1Password CLI on Terraform Cloud. ## Example Usage @@ -36,12 +36,18 @@ provider "onepassword" { - `url` (String) The HTTP(S) URL where your 1Password Connect API can be found. Must be provided through the OP_CONNECT_HOST environment variable if this attribute is not set. Can be omitted, if service_account_token is set. ## Known Service Accounts limitation: -Users may encounter the following error `op error: (409) Conflict: Internal server conflict` when create/update/delete a bunch of items in the same vault as Terraform Provider handles each resource separately and therefore it makes a bunch of parallel requests using CLI for each of the resources. +Users might encounter the following error if they create, update, or delete too many items simultaneously in the same 1Password vault. -There are ways to avoid this: -1. Use `depends_on` in your resource definition to make sure the Provider makes requests sequentially. -2. After it fails with `409` error run `terraform apply` again till all the changes will be applied. -3. Use Connect. +\``` +op error: (409) Conflict: Internal server conflict +\``` + +The 1Password Terraform provider handles each resource separately. As a result, each request to perform a create, update, or delete operation using CLI to create an additional parallel request. Too many parallel requests might result in one or more race conditions. + +You can avoid receiving the 409 error in one of the following ways: +1. Use `depends_on` in your resource definition to make sure the provider makes requests sequentially. +2. After receiving the `409` error, run `terraform apply` again. You might need to run this multiple times until it applies all the changes. +3. Use a Connect server. 4. Put items in the different vaults. -This will be addressed in the next release. \ No newline at end of file +This will be addressed in the next release. diff --git a/onepassword/provider.go b/onepassword/provider.go index 07a1f243..5e4c5635 100644 --- a/onepassword/provider.go +++ b/onepassword/provider.go @@ -35,7 +35,7 @@ func init() { // } } -// Provider The 1Password Terraform Provider +// Provider The 1Password Terraform provider func Provider() *schema.Provider { providerUserAgent := fmt.Sprintf(terraformProviderUserAgent, version.ProviderVersion) provider := &schema.Provider{ diff --git a/templates/index.md.tmpl b/templates/index.md.tmpl index 64d9cb85..4d3a5fd5 100644 --- a/templates/index.md.tmpl +++ b/templates/index.md.tmpl @@ -2,17 +2,17 @@ layout: "" page_title: "Provider: 1Password" description: |- - Use the 1Password Terraform Provider to reference, create, or update logins, password and database items in your 1Password Vaults. + Use the 1Password Terraform provider to reference, create, or update logins, passwords, and database items in your 1Password vaults. --- -# 1Password Terraform Provider +# 1Password Terraform provider -Use the 1Password Terraform Provider to reference, create, or update items in your existing vaults using [1Password Secrets Automation](https://1password.com/secrets). +Use the 1Password Terraform provider to reference, create, or update items in your existing vaults using [1Password Secrets Automation](https://1password.com/secrets). -The 1Password Terraform Provider supports both the [1Password Connect Server](https://developer.1password.com/docs/secrets-automation/#1password-connect-server) +The 1Password Terraform provider supports using both [1Password Connect Server](https://developer.1password.com/docs/secrets-automation/#1password-connect-server) and [1Password Service Accounts](https://developer.1password.com/docs/secrets-automation/#1password-service-accounts). To use a service account token, the -[1Password CLI](https://developer.1password.com/docs/cli) has to be installed on the machine running terraform. For how to do this in terraform cloud, see -[here](https://developer.hashicorp.com/terraform/cloud-docs/run/install-software#only-install-standalone-binaries). +You must install [1Password CLI](https://developer.1password.com/docs/cli) on the machine running Terraform. Refer to the +[Terraform documentation](https://developer.hashicorp.com/terraform/cloud-docs/run/install-software#only-install-standalone-binaries) to learn how to install 1Password CLI on Terraform Cloud. ## Example Usage @@ -21,12 +21,18 @@ and [1Password Service Accounts](https://developer.1password.com/docs/secrets-au {{ .SchemaMarkdown | trimspace }} ## Known Service Accounts limitation: -Users may encounter the following error `op error: (409) Conflict: Internal server conflict` when create/update/delete a bunch of items in the same vault as Terraform Provider handles each resource separately and therefore it makes a bunch of parallel requests using CLI for each of the resources. +Users might encounter the following error if they create, update, or delete too many items simultaneously in the same 1Password vault. -There are ways to avoid this: -1. Use `depends_on` in your resource definition to make sure the Provider makes requests sequentially. -2. After it fails with `409` error run `terraform apply` again till all the changes will be applied. -3. Use Connect. +\``` +op error: (409) Conflict: Internal server conflict +\``` + +The 1Password Terraform provider handles each resource separately. As a result, each request to perform a create, update, or delete operation using CLI to create an additional parallel request. Too many parallel requests might result in one or more race conditions. + +You can avoid receiving the 409 error in one of the following ways: +1. Use `depends_on` in your resource definition to make sure the provider makes requests sequentially. +2. After receiving the `409` error, run `terraform apply` again. You might need to run this multiple times until it applies all the changes. +3. Use a Connect server. 4. Put items in the different vaults. -This will be addressed in the next release. \ No newline at end of file +This will be addressed in the next release. From 48ee6a945b6da5bcda1a8ec0c23ba59634a555e7 Mon Sep 17 00:00:00 2001 From: Volodymyr Zotov Date: Fri, 1 Dec 2023 13:14:22 -0600 Subject: [PATCH 13/15] Fixed typo --- docs/index.md | 4 ++-- templates/index.md.tmpl | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/index.md b/docs/index.md index e00bd1eb..836f818f 100644 --- a/docs/index.md +++ b/docs/index.md @@ -10,8 +10,8 @@ description: |- Use the 1Password Terraform provider to reference, create, or update items in your existing vaults using [1Password Secrets Automation](https://1password.com/secrets). The 1Password Terraform provider supports using both [1Password Connect Server](https://developer.1password.com/docs/secrets-automation/#1password-connect-server) -and [1Password Service Accounts](https://developer.1password.com/docs/secrets-automation/#1password-service-accounts). To use a service account token, the -You must install [1Password CLI](https://developer.1password.com/docs/cli) on the machine running Terraform. Refer to the +and [1Password Service Accounts](https://developer.1password.com/docs/secrets-automation/#1password-service-accounts). +To use a service account token, you must install [1Password CLI](https://developer.1password.com/docs/cli) on the machine running Terraform. Refer to the [Terraform documentation](https://developer.hashicorp.com/terraform/cloud-docs/run/install-software#only-install-standalone-binaries) to learn how to install 1Password CLI on Terraform Cloud. ## Example Usage diff --git a/templates/index.md.tmpl b/templates/index.md.tmpl index 4d3a5fd5..d54e696e 100644 --- a/templates/index.md.tmpl +++ b/templates/index.md.tmpl @@ -10,8 +10,8 @@ description: |- Use the 1Password Terraform provider to reference, create, or update items in your existing vaults using [1Password Secrets Automation](https://1password.com/secrets). The 1Password Terraform provider supports using both [1Password Connect Server](https://developer.1password.com/docs/secrets-automation/#1password-connect-server) -and [1Password Service Accounts](https://developer.1password.com/docs/secrets-automation/#1password-service-accounts). To use a service account token, the -You must install [1Password CLI](https://developer.1password.com/docs/cli) on the machine running Terraform. Refer to the +and [1Password Service Accounts](https://developer.1password.com/docs/secrets-automation/#1password-service-accounts). +To use a service account token, you must install [1Password CLI](https://developer.1password.com/docs/cli) on the machine running Terraform. Refer to the [Terraform documentation](https://developer.hashicorp.com/terraform/cloud-docs/run/install-software#only-install-standalone-binaries) to learn how to install 1Password CLI on Terraform Cloud. ## Example Usage From 8e1a3e33740d2ec6e5d90bee578016a6e99b2673 Mon Sep 17 00:00:00 2001 From: Volodymyr Zotov Date: Fri, 1 Dec 2023 13:16:57 -0600 Subject: [PATCH 14/15] Fixed typo --- docs/index.md | 2 +- templates/index.md.tmpl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/index.md b/docs/index.md index 836f818f..9e437b9a 100644 --- a/docs/index.md +++ b/docs/index.md @@ -50,4 +50,4 @@ You can avoid receiving the 409 error in one of the following ways: 3. Use a Connect server. 4. Put items in the different vaults. -This will be addressed in the next release. +This will be addressed in the future release. diff --git a/templates/index.md.tmpl b/templates/index.md.tmpl index d54e696e..10d7f7e1 100644 --- a/templates/index.md.tmpl +++ b/templates/index.md.tmpl @@ -35,4 +35,4 @@ You can avoid receiving the 409 error in one of the following ways: 3. Use a Connect server. 4. Put items in the different vaults. -This will be addressed in the next release. +This will be addressed in the future release. From 75bf3797731410c8babe70eb27a837ad98f39ab3 Mon Sep 17 00:00:00 2001 From: Volodymyr Zotov Date: Fri, 1 Dec 2023 13:34:02 -0600 Subject: [PATCH 15/15] Update Debugging section --- CONTRIBUTING.md | 37 +++++++++++++++++++++++++++++-------- 1 file changed, 29 insertions(+), 8 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 8e59dcce..133d6b59 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -50,23 +50,41 @@ After copying a newly built version of the provider to the plugins directory, yo ## Debugging -Make sure you add the `dev_overrides` block to your `~/.terraformrc` file (using `"1Password/onepassword"` as the source). For instructions, refer to the [Installing the provider locally](#installing-the-provider-locally). +To start debugging: -Build the provider without optimizations enabled: +1. Start a debugging session. +2. Export `TF_REATTACH_PROVIDERS`. +3. Run Terraform normally. + + +### Start a debugging session + +You can start a debugging session in several ways: + +1. [Build the provider without optimizations](#build-the-provider-without-optimizations). +2. [Start a debugging session](#start-a-debugging-session-1). + +**Note**: Before continuing, make sure you add the `dev_overrides` block to your `~/.terraformrc` file (using `"1Password/onepassword"` as the source). For instructions, refer to the [Installing the provider locally](#installing-the-provider-locally). + +#### Build the provider without optimizations + +Run the following command to build the provider without enabling optimizations: ```sh go build -gcflags="all=-N -l" . ``` -Start a Delve debugging session: +#### Start a debugging session + +Run the following command to start a Delve debugging session: ```sh dlv debug . -- --debug -Type 'help' for list of commands. -(dlv) continue ``` -**Note**: You can also configure editors like GoLand to start a debugging session by passing the `--debug` flag as a program argument. +Or use your IDE debugger. You can configure editors like GoLand to start a debugging session by passing the `--debug` flag as a program argument. + +### Export `TF_REATTACH_PROVIDERS` If a debugging session was starts correctly, the provider prints the following output to `stdout`: @@ -74,10 +92,13 @@ If a debugging session was starts correctly, the provider prints the following o Provider started, to attach Terraform set the TF_REATTACH_PROVIDERS env var: TF_REATTACH_PROVIDERS='{"1Password/onepassword":{"Protocol":"grpc","Pid":3382870,"Test":true,"Addr":{"Network":"unix","String":"/tmp/plugin713096927"}}}' - ``` -Copy the line starting with `TF_REATTACH_PROVIDERS` from your provider's output. Either export it, or prefix every Terraform command with it, and run Terraform as usual. Any breakpoints you have set will halt execution and show you the current variable values. +Copy the line starting with `TF_REATTACH_PROVIDERS` from your provider's output. You can either export this variable or prefix every Terraform command with it. + +### Run Terraform + +After starting a debugging session and exporting the `TF_REATTACH_PROVIDERS` variable, run Terraform as usual. Any breakpoints you have set will halt execution and show you the current variable values. ## Generating documentation