When using provider with Service Accounts users may encounter the following error op error: (409) Conflict: Internal server conflict when create/update/delete a bunch of items in the same vault as Terraform Provider handles each resource separately and therefore it makes a bunch of parallel requests using CLI for each of the resources.
What did you expect to happen?
No errors occurred.
Steps to reproduce
Create Service Account token with write permissions.
Create main.tf with the following content (see Notes section below)
terraform init
terraform apply
Some items won't be created and you should see op error: (409) Conflict: Internal server conflict in the console.
Notes & Logs
main.tf example
terraform {
required_providers {
onepassword = {
source = "1Password/onepassword"
version = "~> 1.2.2"
}
}
}
provider "onepassword" {
service_account_token = "your_service_account_token"
}
resource "onepassword_item" "demo_password" {
vault = "vault_id"
title = "Demo Password Recipe"
category = "password"
password_recipe {
length = 40
symbols = false
}
section {
label = "API Creds"
field {
label = "PORT"
type = "CONCEALED"
value = "8080"
}
field {
label = "HOSTNAME"
value = "example.com"
}
}
}
resource "onepassword_item" "demo_login" {
vault = "vault_id"
title = "Demo Terraform Login changed"
category = "login"
username = "test@example.com"
}
resource "onepassword_item" "demo_sections" {
vault = "vault_id"
title = "Demo Terraform Item with Sections"
category = "login"
username = "test_changed@example.com"
section {
label = "Terraform Section"
field {
label = "API_KEY"
type = "CONCEALED"
value = "2Federate2!"
}
field {
label = "HOSTNAME"
value = "example.com"
}
}
section {
label = "Terraform Second Section"
field {
label = "App Specific Password"
type = "CONCEALED"
password_recipe {
length = 30
symbols = false
}
}
field {
label = "User"
value = "dchanged emo"
}
}
}
resource "onepassword_item" "another_password" {
vault = "vault_id"
title = "Another Demo Password Recipe"
category = "password"
password_recipe {
length = 40
symbols = false
}
}
resource "onepassword_item" "another_demo_login" {
vault = "vault_id"
title = "Another Demo Terraform Login changed"
category = "login"
username = "test@example.com"
}
resource "onepassword_item" "another_demo_sections" {
vault = "vault_id"
title = "Another Demo Terraform Item with Sections"
category = "login"
username = "test_changed@example.com"
section {
label = "Terraform Section"
field {
label = "API_KEY"
type = "CONCEALED"
value = "2Federate2!"
}
field {
label = "HOSTNAME"
value = "example.com"
}
}
section {
label = "Another Terraform Second Section"
field {
label = "App Specific Password"
type = "CONCEALED"
password_recipe {
length = 30
symbols = false
}
}
field {
label = "User"
value = "dchanged emo"
}
}
}
Possible solution:
The issue might be solved by adding a retry mechanism when getting 409 error from the server using op-cli.
Your environment
Terraform Provider Version: 1.2.2
Connect Server Version: n/a
OP CLI Version: 2.23.0
OS: macOS 14.1.1
Terraform Version: 1.6.4
What happened?
When using provider with Service Accounts users may encounter the following error
op error: (409) Conflict: Internal server conflict
when create/update/delete a bunch of items in the same vault as Terraform Provider handles each resource separately and therefore it makes a bunch of parallel requests using CLI for each of the resources.What did you expect to happen?
No errors occurred.
Steps to reproduce
main.tf
with the following content (see Notes section below)terraform init
terraform apply
op error: (409) Conflict: Internal server conflict
in the console.Notes & Logs
main.tf
examplePossible solution:
The issue might be solved by adding a retry mechanism when getting
409
error from the server using op-cli.