search

1Password / terraform-provider-onepassword

Use the 1Password Terraform Provider to reference, create, or update items in your 1Password Vaults.
https://1password.com/secrets
MIT License
314 stars 41 forks source link

Entry is created with wrong password #139

Closed Pasukaru closed 5 months ago

Pasukaru commented 5 months ago

Your environment

Terraform Provider Version: 1.4.0

CLI Version: 2.23.0

OS: linux (CircleCI), MacOS (local)

Terraform Version: 1.6.6

What happened?

Terraform apply initially creates the item with a wrong password being set. Running terraform apply (without any changes to the tf config) then updates the item with the correct password.

What did you expect to happen?

Terraform apply should create the item with the correct password on first execution.

Steps to reproduce

resource "onepassword_item" "basic_auth" {
  vault    = local.onePasswordVault
  tags     = local.onePasswordTags
  title    = "${local.onePasswordTitlePrefix}Basic Auth"
  category = "login"
  username = local.basicAuthUsername
  password = local.basicAuthPassword
  url      = "https://${var.domain}"
}

Notes & Logs

I noticed this because the login wasn't working, and upon checking the password in the the 1pw entry, it was in a scheme that didn't match our password generation in terraform.

Possibly related to high concurrency. When a new environment is created, many different 1password entries are generated. I have not encountered this in a case where terraform only needs to update/create a single item.

The second terraform apply logged this:


Terraform will perform the following actions:

  # onepassword_item.basic_auth will be updated in-place

 ~ resource "onepassword_item" "basic_auth" {
        id       = "vaults/redacted/items/redacted"
      ~ password = (sensitive value)
        tags     = [
            "terraform",
        ]
        # (6 unchanged attributes hidden)
    }

I don't have logs of the first run anymore, will capture them when it happens again. But from what I recall, nothing special there, just the regular Terraform will create this resource.

simonweil commented 5 months ago

I have this issue too, very annoying...

volodymyrZotov commented 5 months ago

@Pasukaru Thank you for raising this! We'll take a look into that and make a release with the fix!

Meanwhile, if you want to help and have time, you're welcome to contribute and create a PR with the fix! 😃 Here are our CONTRIBUTING.md instructions.

volodymyrZotov commented 5 months ago

Fixed in v1.4.1