Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set password to null if it's unknown #181

Merged
merged 2 commits into from
Jun 14, 2024
Merged

Set password to null if it's unknown #181

merged 2 commits into from
Jun 14, 2024

Conversation

edif2008
Copy link
Member

Summary

In the case of Secure Note Items, the password is never set since it doesn't exist in that item category. This leaves the value it in the Unknown state throughout the creation process, which causes the provider to throw the following error:

╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for onepassword_item.secure-note.password. All values must be known after apply, so this is always a bug in the provider and
│ should be reported in the provider's own repository. Terraform will still save the other known object values in the state.
╵

This PR sets it to null in such scenarios.

Resolves: #173

How to test

  1. Checkout this branch: 
    git pull && git checkout fix/throw-err-on-item-creation-fail
  2. Build the provider: 
    make build
  3. Ensure that your environment is configured to use the local provider. Specifically, your .terraform.rc on macOS/Linux or terraform.rc on Windows contains this: 
    provider_installation {
  dev_overrides {
      # other overrides
      "1Password/onepassword" = "path/to/terraform-provider-onepassword/dist"
  }
  # For all other providers, install them directly from their origin provider
  # registries as normal. If you omit this, Terraform will _only_ use
  # the dev_overrides block, and so no other providers will be available.
  direct {}
}
  4. Create a main.tf file with this content: 
    terraform {
  required_providers {
    onepassword = {
      source = "1Password/onepassword"
      version = "~> 2.0.0"
    }
  }
}

data "onepassword_vault" "vault" {
  name = "<your-vault-name>"
}

resource "onepassword_item" "demo_login" {
  vault = data.onepassword_vault.vault.uuid

  title    = "Demo Terraform Secure Note"
  category = "secure_note"

  note_value = <<EOT
  Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec et volutpat lorem. Integer quis felis porttitor, lobortis purus id, sodales nisi. Suspendisse dictum nibh lorem, vel dapibus sapien sodales pulvinar. Donec euismod, dolor vitae fermentum faucibus, elit orci ullamcorper nisi, eget ultrices turpis elit non odio. Integer dictum risus ante, finibus venenatis sem varius bibendum. Sed pellentesque ultrices diam vel viverra. Duis odio mi, malesuada quis luctus a, lacinia quis orci. Vestibulum hendrerit lorem a odio tristique, quis blandit purus sollicitudin.

  Nullam ut hendrerit lacus, at consectetur risus. Vestibulum at diam a arcu fermentum eleifend vel at mi. Cras auctor, massa in blandit rutrum, risus nibh euismod massa, quis porttitor libero mauris id nibh. Sed lobortis ipsum in ipsum dapibus, commodo eleifend velit dignissim. Donec tincidunt turpis mi, vitae venenatis urna laoreet vel. Integer ut scelerisque massa, at varius est. Proin porta quam a dolor euismod, quis iaculis odio dictum. Cras velit neque, vestibulum et consequat at, ultrices quis enim. Nulla sed augue ac odio scelerisque facilisis. Nunc ultricies tristique eros et ullamcorper. Curabitur et est eu nibh viverra feugiat. Pellentesque viverra vitae lacus sed consectetur. Aliquam nec tempor ipsum, quis dapibus quam. Nulla suscipit enim vel porta egestas. Nulla interdum congue erat at fermentum. Quisque viverra tincidunt metus non malesuada.
  EOT
}
  5. Export the necessary environment variables for the authentication method that you want (Connect, service account or regular user)
  6. Run terraform apply
    • The provider should successfully create the item with no errors.

@edif2008
Set password to null if it's unknown
866dfce 
In the case of Secure Note Items, the password is never set, which leaves it in the Unknown state. Now we set it to null in such scenarios.
@edif2008
Improve secure note test case
c99dfae 
We now check that the password attribute is set to null
@jillianwilson
Copy link
Contributor

Code Review:
Code is clear and does what is intended

Functional Review:
Followed the testing instructions and the fix works as intended

@edif2008 edif2008 merged commit 2bfaa77 into main Jun 14, 2024
5 checks passed
@edif2008 edif2008 deleted the fix/secure-note-unknown-value-password branch June 14, 2024 06:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jillianwilson jillianwilson jillianwilson approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Secure Note resource fails to apply
2 participants
@edif2008 @jillianwilson