Update documentation with service accounts

.github/ISSUE_TEMPLATE/bug_report.md

@@ -18,6 +18,11 @@ https://start.1password.com/integrations/active
 -->
 Connect Server Version:
 
+<!-- What version of the OP CLI are you running?
+You can get this information by running 'op --version'
+-->
+CLI Version:
+
 <!-- What OS are you running Terraform on? -->
 OS:
 

CHANGELOG.md

@@ -128,7 +128,7 @@ Support custom sections and fields for Login, Password, and Database Items
 
 # v0.1.0
 
-Initial 1Password Connect Terraform Provider release
+Initial 1Password Terraform Provider release
 
 ## Features:
 

CONTRIBUTING.md

@@ -1,10 +1,10 @@
 # Contributing
 
-Thanks for your interest in contributing to the 1Password Connect Terraform Provider project! 🙌 We appreciate your time and effort. Here are some guidelines to help you get started.
+Thanks for your interest in contributing to the 1Password Terraform Provider project! 🙌 We appreciate your time and effort. Here are some guidelines to help you get started.
 
 ## Building
 
-Run the following command to build the 1Password Connect Terraform Provider:
+Run the following command to build the 1Password Terraform Provider:
 
 ```sh
 go build .
@@ -20,16 +20,16 @@ To run the Go tests and check test coverage run the following command:
 go test -v ./... -cover
 ```
 
-## Installing plugin locally
+## Installing the Provider Locally
 
-Refer to the following sections of the Terraform's "Custom Framework Providers" tutorial to install this plugin locally:
+Refer to the following sections of the Terraform's "Custom Framework Providers" tutorial to install this provider locally:
 
 - [Prepare Terraform for local provider install](https://developer.hashicorp.com/terraform/tutorials/providers-plugin-framework/providers-plugin-framework-provider#prepare-terraform-for-local-provider-install)
 - [Locally install provider and verify with Terraform](https://developer.hashicorp.com/terraform/tutorials/providers-plugin-framework/providers-plugin-framework-provider#locally-install-provider-and-verify-with-terraform)
 
-## Using plugin locally
+## Using the Provider Locally
 
-In your Terraform configuration you will need to specify the `op` plugin with:
+In your Terraform configuration you will need to specify the `onepassword` provider with:
 
 ```tf
 terraform {
@@ -48,6 +48,37 @@ provider "onepassword" {
 
 After copying a newly-built version of the provider to the plugins directory you will have to run `terraform init` again. If you forget to do this then Terraform will error out and tell you to do so.
 
+## Debugging
+
+Ensure that the `dev_overrides` block was added to your `~/.terraformrc` file, using `"1Password/onepassword"` as the source. Refer to the [Installing the Provider Locally](#installing-the-provider-locally) section for instructions.
+
+Build the provider without optimizations enabled:
+
+```sh
+go build -gcflags="all=-N -l" .
+```
+
+Start a Delve debugging session:
+
+```sh
+dlv debug . -- --debug
+Type 'help' for list of commands.
+(dlv) continue
+```
+
+**Note**: Editors like GoLand can be configured to start a debugging session as well. Just be sure to pass the `--debug` flag as a program argument.
+
+If a debugging session was started properly, the provider should print the following output to `stdout`: 
+
+```sh
+Provider started, to attach Terraform set the TF_REATTACH_PROVIDERS env var:
+
+    TF_REATTACH_PROVIDERS='{"1Password/onepassword":{"Protocol":"grpc","Pid":3382870,"Test":true,"Addr":{"Network":"unix","String":"/tmp/plugin713096927"}}}'
+
+```
+
+Copy the line starting with `TF_REATTACH_PROVIDERS` from your provider's output. Either export it, or prefix every Terraform command with it, and run Terraform as usual. Any breakpoints you have set will halt execution and show you the current variable values.
+
 ## Generating Documentation
 
 Documentation is generated for the provider using [terraform-plugin-docs](https://github.com/hashicorp/terraform-plugin-docs). This plugin uses the schema `Description` field in conjunction with the contents of the `/templates` and `/examples` folders to generate the `/docs` content.
@@ -57,3 +88,7 @@ To regenerate the `/docs` Markdown run:
 ```sh
 go generate
 ```
+
+## Sign Your Commits
+
+To get your PR merged, we require you to sign your commits. Fortunately, this has become very easy to [set up](https://developer.1password.com/docs/ssh/git-commit-signing/)!

README.md

@@ -2,8 +2,8 @@
 <img alt="" role="img" src="https://blog.1password.com/posts/2021/secrets-automation-launch/header.svg"/>
 
 <div align="center">
-  <h1>1Password Connect Terraform Provider</h1>
-  <p>Use the 1Password Connect Terraform Provider to access and manage items in your 1Password vaults.</p>
+  <h1>1Password Terraform Provider</h1>
+  <p>Use the 1Password Terraform Provider to access and manage items in your 1Password vaults.</p>
   <a href="#-get-started">
     <img alt="Get started" src="https://user-images.githubusercontent.com/45081667/226940040-16d3684b-60f4-4d95-adb2-5757a8f1bc15.png" height="37"/>
   </a>

docs/index.md

@@ -2,16 +2,14 @@
 layout: ""
 page_title: "Provider: 1Password"
 description: |-
-  Use the 1Password Connect Terraform Provider to reference, create, or update logins, password and database items in your 1Password Vaults.
+  Use the 1Password Terraform Provider to reference, create, or update logins, password and database items in your 1Password Vaults.
 ---
 
-# 1Password Connect Terraform Provider
+# 1Password Terraform Provider
 
-Use the 1Password Connect Terraform Provider to reference, create, or update items in your existing vaults using [1Password Secrets Automation](https://1password.com/secrets).
+Use the 1Password Terraform Provider to reference, create, or update items in your existing vaults using [1Password Secrets Automation](https://1password.com/secrets).
 
-## Using a Service Account Token
-
-The 1Password Connect Terraform Provider supports both the [1Password Connect Server](https://developer.1password.com/docs/secrets-automation/#1password-connect-server)
+The 1Password Terraform Provider supports both the [1Password Connect Server](https://developer.1password.com/docs/secrets-automation/#1password-connect-server)
 and [1Password Service Accounts](https://developer.1password.com/docs/secrets-automation/#1password-service-accounts). To use a service account token, the
 [1Password CLI](https://developer.1password.com/docs/cli) has to be installed on the machine running terraform. For how to do this in terraform cloud, see
 [here](https://developer.hashicorp.com/terraform/cloud-docs/run/install-software#only-install-standalone-binaries).
@@ -20,7 +18,10 @@ and [1Password Service Accounts](https://developer.1password.com/docs/secrets-au
 
 ```terraform
 provider "onepassword" {
-  url = "http://localhost:8080"
+  url                   = "http://localhost:8080"
+  token                 = "CONNECT_TOKEN"
+  service_account_token = "SERVICE_ACCOUNT_TOKEN"
+  op_cli_path           = "OP_CLI_PATH"
 }
 ```
 
@@ -33,3 +34,14 @@ provider "onepassword" {
 - `service_account_token` (String) A valid token for your 1Password Service Account. Can also be sourced from OP_SERVICE_ACCOUNT_TOKEN. Either this or `token` must be set.
 - `token` (String) A valid token for your 1Password Connect API. Can also be sourced from OP_CONNECT_TOKEN. Either this or `service_account_token` must be set.
 - `url` (String) The HTTP(S) URL where your 1Password Connect API can be found. Must be provided through the OP_CONNECT_HOST environment variable if this attribute is not set. Can be omitted, if service_account_token is set.
+
+## Known Service Accounts limitation:
+Users may encounter the following error `op error: (409) Conflict: Internal server conflict` when create/update/delete a bunch of items in the same vault as Terraform Provider handles each resource separately and therefore it makes a bunch of parallel requests using CLI for each of the resources.
+
+There are ways to avoid this:
+1. Use `depends_on` in your resource definition to make sure the Provider makes requests sequentially.
+2. After it fails with `409` error run `terraform apply` again till all the changes will be applied.
+3. Use Connect.
+4. Put items in the different vaults.
+
+This will be addressed in the next release.

examples/provider/provider.tf

@@ -1,3 +1,6 @@
 provider "onepassword" {
-  url = "http://localhost:8080"
+  url                   = "http://localhost:8080"
+  token                 = "CONNECT_TOKEN"
+  service_account_token = "SERVICE_ACCOUNT_TOKEN"
+  op_cli_path           = "OP_CLI_PATH"
 }

onepassword/provider.go

@@ -35,7 +35,7 @@ func init() {
 	// }
 }
 
-// Provider The 1Password Connect terraform provider
+// Provider The 1Password Terraform Provider
 func Provider() *schema.Provider {
 	providerUserAgent := fmt.Sprintf(terraformProviderUserAgent, version.ProviderVersion)
 	provider := &schema.Provider{

templates/index.md.tmpl

@@ -2,16 +2,14 @@
 layout: ""
 page_title: "Provider: 1Password"
 description: |-
-  Use the 1Password Connect Terraform Provider to reference, create, or update logins, password and database items in your 1Password Vaults.
+  Use the 1Password Terraform Provider to reference, create, or update logins, password and database items in your 1Password Vaults.
 ---
 
-# 1Password Connect Terraform Provider
+# 1Password Terraform Provider
 
-Use the 1Password Connect Terraform Provider to reference, create, or update items in your existing vaults using [1Password Secrets Automation](https://1password.com/secrets).
+Use the 1Password Terraform Provider to reference, create, or update items in your existing vaults using [1Password Secrets Automation](https://1password.com/secrets).
 
-## Using a Service Account Token
-
-The 1Password Connect Terraform Provider supports both the [1Password Connect Server](https://developer.1password.com/docs/secrets-automation/#1password-connect-server)
+The 1Password Terraform Provider supports both the [1Password Connect Server](https://developer.1password.com/docs/secrets-automation/#1password-connect-server)
 and [1Password Service Accounts](https://developer.1password.com/docs/secrets-automation/#1password-service-accounts). To use a service account token, the
 [1Password CLI](https://developer.1password.com/docs/cli) has to be installed on the machine running terraform. For how to do this in terraform cloud, see
 [here](https://developer.hashicorp.com/terraform/cloud-docs/run/install-software#only-install-standalone-binaries).
@@ -21,3 +19,14 @@ and [1Password Service Accounts](https://developer.1password.com/docs/secrets-au
 {{tffile "examples/provider/provider.tf"}}
 
 {{ .SchemaMarkdown | trimspace }}
+
+## Known Service Accounts limitation:
+Users may encounter the following error `op error: (409) Conflict: Internal server conflict` when create/update/delete a bunch of items in the same vault as Terraform Provider handles each resource separately and therefore it makes a bunch of parallel requests using CLI for each of the resources.
+
+There are ways to avoid this:
+1. Use `depends_on` in your resource definition to make sure the Provider makes requests sequentially.
+2. After it fails with `409` error run `terraform apply` again till all the changes will be applied.
+3. Use Connect.
+4. Put items in the different vaults.
+
+This will be addressed in the next release.