search

1Password / terraform-provider-onepassword

Use the 1Password Terraform Provider to reference, create, or update items in your 1Password Vaults.
https://1password.com/secrets
MIT License
323 stars 44 forks source link

v2.0.0 failing to apply with example code from the docs #174

Closed bryanhonof closed 3 months ago

bryanhonof commented 4 months ago

Your environment

Terraform Provider Version: v2.0.0

Connect Server Version: n/a

CLI Version: 2.24.0

OS: darwin_arm64

Terraform Version: v1.8.3

What happened?

data "onepassword_vault" "vault" {
  name = "test"
}

resource "onepassword_item" "demo_login" {
  vault = data.onepassword_vault.vault.id

  title    = "Demo Terraform Login"
  category = "login"
  username = "test@example.com"
}
$ terraform apply
...
onepassword_item.demo_login: Creating...
╷
│ Error: Plugin did not respond
│
│ The plugin encountered an error, and failed to respond to the plugin6.(*GRPCProvider).ApplyResourceChange call. The
│ plugin logs may contain more details.
╵

Stack trace from the terraform-provider-onepassword_v2.0.0 plugin:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x60 pc=0x100499d00]

goroutine 81 [running]:
github.com/1Password/terraform-provider-onepassword/internal/provider.itemTerraformID(...)
    github.com/1Password/terraform-provider-onepassword/internal/provider/util.go:17
github.com/1Password/terraform-provider-onepassword/internal/provider.itemToData({0x1009fb058, 0x1400026ccf0}, 0x0, 0x140001aa4e0)
    github.com/1Password/terraform-provider-onepassword/internal/provider/onepassword_item_resource.go:458 +0x40
github.com/1Password/terraform-provider-onepassword/internal/provider.(*OnePasswordItemResource).Create(0x1400026ab50, {0x1009fb058, 0x1400026ccf0}, {{{{0x100a001e8, 0x140004672f0}, {0x1008e7240, 0x14000466750}}, {0x100a01d50, 0x140000615e0}}, {{{0x100a001e8, ...}, ...}, ...}, ...}, ...)
    github.com/1Password/terraform-provider-onepassword/internal/provider/onepassword_item_resource.go:342 +0x278
github.com/hashicorp/terraform-plugin-framework/internal/fwserver.(*Server).CreateResource(0x140001489c0, {0x1009fb058, 0x1400026ccf0}, 0x140003e55b8, 0x140003e5590)
    github.com/hashicorp/terraform-plugin-framework@v1.8.0/internal/fwserver/server_createresource.go:101 +0x400
github.com/hashicorp/terraform-plugin-framework/internal/fwserver.(*Server).ApplyResourceChange(0x140001489c0, {0x1009fb058, 0x1400026ccf0}, 0x1400026e410, 0x140003e56b0)
    github.com/hashicorp/terraform-plugin-framework@v1.8.0/internal/fwserver/server_applyresourcechange.go:57 +0x380
github.com/hashicorp/terraform-plugin-framework/internal/proto6server.(*Server).ApplyResourceChange(0x140001489c0, {0x1009fb058?, 0x1400026cc00?}, 0x1400026e370)
    github.com/hashicorp/terraform-plugin-framework@v1.8.0/internal/proto6server/server_applyresourcechange.go:55 +0x2e0
github.com/hashicorp/terraform-plugin-go/tfprotov6/tf6server.(*server).ApplyResourceChange(0x14000120d20, {0x1009fb058?, 0x1400026c240?}, 0x140001280e0)
    github.com/hashicorp/terraform-plugin-go@v0.22.2/tfprotov6/tf6server/server.go:846 +0x2b4
github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/tfplugin6._Provider_ApplyResourceChange_Handler({0x1009c9c40, 0x14000120d20}, {0x1009fb058, 0x1400026c240}, 0x140005b6600, 0x0)
    github.com/hashicorp/terraform-plugin-go@v0.22.2/tfprotov6/internal/tfplugin6/tfplugin6_grpc.pb.go:518 +0x1c0
google.golang.org/grpc.(*Server).processUnaryRPC(0x140003ec000, {0x1009fb058, 0x1400026c180}, {0x100a00bc0, 0x140000f0000}, 0x14000270000, 0x14000349dd0, 0x100f29bb8, 0x0)
    google.golang.org/grpc@v1.63.2/server.go:1369 +0xb58
google.golang.org/grpc.(*Server).handleStream(0x140003ec000, {0x100a00bc0, 0x140000f0000}, 0x14000270000)
    google.golang.org/grpc@v1.63.2/server.go:1780 +0xb20
google.golang.org/grpc.(*Server).serveStreams.func2.1()
    google.golang.org/grpc@v1.63.2/server.go:1019 +0x8c
created by google.golang.org/grpc.(*Server).serveStreams.func2 in goroutine 8
    google.golang.org/grpc@v1.63.2/server.go:1030 +0x13c

Error: The terraform-provider-onepassword_v2.0.0 plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.

What did you expect to happen?

I expected the item to be created in 1password.

Steps to reproduce

  1. Apply the above Terraform code with the necessary Terraform boilerplate
  2. See the stack trace appear

Notes & Logs

edif2008 commented 4 months ago

Thank you for raising this. I could reproduce the bug and it's definitely not a desired behavior. We will look into this and come up with a fix as soon as possible.

edif2008 commented 4 months ago

After looking at the snippet more, I see a misconfiguration:

vault = data.onepassword_vault.vault.id

That ID is a Terraform ID and it does not match the vault ID that you would normally use.

The fix for this is using the uuid property of the onepassword_vault data source like so:

vault = data.onepassword_vault.vault.uuid

I will keep this issue open since I've identified some errors in the examples provided so we will improve them as soon as possible.

krzysztof-madej commented 4 months ago

I had the same issue with uuid when I was testing this. I will check it once again and come back to you.

Antse commented 4 months ago

same issue even when using uuid

edif2008 commented 4 months ago

Hey @Antse! 👋

I'm sorry to hear that you're encountering this.

Unfortunately, I'm unable to reproduce the error when the uuid is used. Here's the snippet I'm using for debugging this:

terraform {
  required_providers {
    onepassword = {
      source = "1Password/onepassword"
      version = "~> 2.0"
    }
  }
}

data "onepassword_vault" "vault" {
  name = "demo"
}

resource "onepassword_item" "demo_login" {
  vault = data.onepassword_vault.vault.uuid

  title    = "Demo Terraform Login"
  category = "login"
  username = "test@example.com"
}

This one succeeds when using a service account for example.

There is a possibility that what you're encountering is rather the 1Password client failing to create an item. However, there's a bug in the code that doesn't handle it properly, which leads to the crash you're facing. This should be addressed by #178.

lodotek commented 3 months ago

I too am encountering this same issue. I am on an M1 Mac.

yordis commented 3 months ago

@edif2008 as far I can tell, I think it is a permission issue, give read only permission and see if you can replicate it

kenske commented 3 months ago

The problem in my case was that the 1password connect server did not have write access to the vault. After I replaced the token with one that had write access, I was able to apply the changes. Hopefully this error message can be fixed to show something more helpful.