GetFileContent broken in 1.5.4

[snarlysodboxer]

Docker images: 1password/connect-api:1.5.4 and 1password/connect-sync:1.5.4. Connect-sdk-go version: v1.4.0.

With 1.5.0 of Connect, the following code worked, but with 1.5.4 it produces

panic: error with GetFileContent: need at least version 1.3.0 of Connect for this function, detected version 1.2.0 (or earlier). Please update your Connect server

Here's the code to repeat the problem:

package main

import (
    "fmt"

    "github.com/1Password/connect-sdk-go/connect"
    "github.com/1Password/connect-sdk-go/onepassword"
)

func main() {
    connectHost := "http://localhost:8080"
    token := "redacted"
    vaultName := "my-vault"
    itemName := "docker-credentials"
    fileName := "docker-credentials.json"
    client := connect.NewClientWithUserAgent(connectHost, token, "my-test")

    // get vault
    vaults, err := client.GetVaultsByTitle(vaultName)
    if err != nil {
        panic(err)
    }
    if len(vaults) != 1 {
        panic("more or less than one vault")
    }

    // get item
    // use GetItemsByTitle instead of GetItemByTitle in order to handle length cases
    items, err := client.GetItemsByTitle(itemName, vaults[0].ID)
    if err != nil {
        panic(err)
    }
    item := &onepassword.Item{}
    switch {
    case len(items) == 1:
        item, err = client.GetItem(items[0].ID, items[0].Vault.ID)
        if err != nil {
            panic(err)
        }
    case len(items) > 1:
        panic("expected one item")
    }

    // get file contents
    contents := []byte{}
    for _, file := range item.Files {
        if file.Name == fileName {
            contents, err = client.GetFileContent(file)
            if err != nil {
                panic(fmt.Sprintf("error with GetFileContent: %v", err))
            }
        }
    }

    fmt.Printf("%#v\n", string(contents))
}

[snarlysodboxer]

These are the Connect server logs from running the above code. Note the Invalid Item UUID towards the middle, which is strange because it doesn't seem to line up with when the SDK returns the error. Nor is there a matching request ID for that one.

I've used search and replace to redact various things, but replaced them with identical identifiers.

{"log_message":"(I) GET /v1/vaults?filter=title+eq+%22my-vault%22","timestamp":"2022-07-01T23:55:37.394518085Z","level":3,"scope":{"request_id":"c4e4e254-67d6-4f88-a540-5fdce5285360"}}
{"log_message":"(I) GET /v1/vaults?filter=title+eq+%22my-vault%22 completed (200: OK)","timestamp":"2022-07-01T23:55:37.400141881Z","level":3,"scope":{"request_id":"c4e4e254-67d6-4f88-a540-5fdce5285360","jti":"wa3czmoxz-redacted"}}
{"log_message":"(I) GET /v1/vaults/my-vault-redacted-id/items?filter=title+eq+%22docker-credentials%22","timestamp":"2022-07-01T23:55:37.401812101Z","level":3,"scope":{"request_id":"c5745418-04f4-4f02-b1c5-fc237e0e06f8"}}
{"log_message":"(I) GET /v1/vaults/my-vault-redacted-id/items?filter=title+eq+%22docker-credentials%22 completed (200: OK)","timestamp":"2022-07-01T23:55:37.408569326Z","level":3,"scope":{"request_id":"c5745418-04f4-4f02-b1c5-fc237e0e06f8","jti":"wa3czmoxz-redacted"}}
{"log_message":"(E) 400: Invalid Item UUID","timestamp":"2022-07-01T23:55:37.409201998Z","level":1,"scope":{"request_id":"becd2c94-6677-42a9-a0a7-2d5f9110c7af","jti":"wa3czmoxz-redacted"}}
{"log_message":"(I) GET /v1/vaults/my-vault-redacted-id/items/my-item-redacted-id","timestamp":"2022-07-01T23:55:37.410504804Z","level":3,"scope":{"request_id":"004ad656-74d8-429d-a160-b8dd2c45cc08"}}
{"log_message":"(I) GET /v1/vaults/my-vault-redacted-id/items/my-item-redacted-id completed (200: OK)","timestamp":"2022-07-01T23:55:37.416893787Z","level":3,"scope":{"request_id":"004ad656-74d8-429d-a160-b8dd2c45cc08","jti":"wa3czmoxz-redacted"}}
{"log_message":"(I) GET /v1/vaults/my-vault-redacted-id/items/my-item-redacted-id","timestamp":"2022-07-01T23:55:37.418238425Z","level":3,"scope":{"request_id":"09e83f12-e2af-4017-b9d2-3873d1e2c960"}}
{"log_message":"(I) GET /v1/vaults/my-vault-redacted-id/items/my-item-redacted-id completed (200: OK)","timestamp":"2022-07-01T23:55:37.424186677Z","level":3,"scope":{"request_id":"09e83f12-e2af-4017-b9d2-3873d1e2c960","jti":"wa3czmoxz-redacted"}}

[snarlysodboxer]

I noticed that if I manually add the ContentPath to the file object before passing it to GetFileContents, it worked. This is because Connect Server v1.5.4 is sending contentPath but the code is looking for content_path. Here's a PR to fix the client, but you may want to fix the Connect Server instead? https://github.com/1Password/connect-sdk-go/pull/65

[snarlysodboxer]

I tried a variation of the above code using GetFiles in place of GetVaultsByTitle + GetItemsByTitle, and it also happens to be broken for a different reason, a typo. Here's a PR for that: https://github.com/1Password/connect-sdk-go/pull/64

[jpcoenen]

Hey @snarlysodboxer. Thank you for reporting this! We are working on addressing this in the Connect server.

In the meantime, we recommend downgrading the API container to v1.5.3. You can leave the sync container at 1.5.4 (which should address #36).

[snarlysodboxer]

@jpcoenen Thanks. FWIW, simply downgrading isn't sufficient because of the above mentioned bug in the connect-sdk-go. (The fix has been merged, but a new release has not been cut.)

In the meantime the 1Password integration for external-secrets is broken for anyone using Document type items.

[edif2008]

Hey @snarlysodboxer, We've just released Connect Go SDK v1.5.0 which does include the fix you're looking for. 😊

[edif2008]

Hey there again!

Good news! We've just released v1.5.5 of the Connect server which addresses the content_path bug for File object.

Thank you again for reporting this bug.

[snarlysodboxer]

Great!! Thank you!

[remidebette]

Hi, As shared here, I am having the error with v1.5.6

Would you know what is wrong?