search

1Password / connect

Access your 1Password secrets using a 1Password Connect Server
https://developer.1password.com/docs/connect
149 stars 28 forks source link

Invalid item UUID errors #45

Open PhilippBs opened 1 year ago

PhilippBs commented 1 year ago

We started to see a bunch of errors in our logs from connect-api like this:

{
    "log_message": "(E) 400: Invalid Item UUID",
    "timestamp": "2022-07-31T11:05:55.79723929Z",
    "level": 1,
    "scope": {
        "request_id": "XXX",
        "jti": "XXX"
    }
}

connect-operator version: 1password/onepassword-operator:1.5.0 connect-api version: 1password/connect-api:1.5.6 connect-sync version: 1password/connect-sync:1.5.6

col commented 1 year ago

We're also having this problem. There are A LOT of these errors and the all have the same request_id and jti. Any ideas on what's causing this or how we can avoid these error logs?

connect-api version: 1password/connect-api:1.5.4

havard024 commented 1 year ago

We're also having the same issue, I created a bug in 1password operator repo https://github.com/1Password/onepassword-operator/issues/132

havard024 commented 1 year ago

We now have 1.5 mill log lines over the past two weeks

Screenshot 2022-11-10 at 07 34 41
ilaif commented 1 year ago

This happens to me as well, We also get errors from op CLI with:

[ERROR] 2023/01/09 19:52:24 could not read secret op://xxx/credential: could not retrieve vaults: Get "*****************************************/v1/vaults": dial tcp: lookup op-connect.xxx.xxx on 127.0.0.11:53: server misbehaving

Not sure it's related, but it seems the connect server is not stable.

Any idea?

ninjaMikeG commented 1 year ago

My experience is that this occurs when we try to reference a secret in a OnePasswordItem by TITLE rather than by ID. It appears to make a query by ID - using the title as the input, then if not found, searches by TITLE filter. (Based on symptoms - haven't dug into the actual operator code) - This causes the connect server to throw the malformed uuid message.

col commented 1 year ago

@ninjaMikeG The sounds plausible. How would I get the ID of the secret rather than using the TITLE if I wanted to work around this issue?

ninjaMikeG commented 1 year ago

If this a manual OnePasswordItem creation, then the easiest way is to open the item in the web UI. The vaultID and itemID are in the URL (this is in the Operator docs, iirc).

Alternatively, you should be able to get the item id using the 1Password CLI on your local machine. You can even add the --format json flag to then parse it with something like jq - we use this in our local generators to build templates in helm charts

danpaulson commented 11 months ago

Over a year on this is still an issue. Only an annoyance but an annoyance still.

havard024 commented 11 months ago

We recently upgraded from 1.5.6 to 1.7.2, haven't had any problems since.

danpaulson commented 11 months ago

We recently upgraded from 1.5.6 to 1.7.2, haven't had any problems since.

I'm seeing this as well. Thanks! Would suggest @PhilippBs can close this now.