search

1Password / terraform-provider-onepassword

Use the 1Password Terraform Provider to reference, create, or update items in your 1Password Vaults.
https://developer.1password.com/docs/terraform/
MIT License
325 stars 48 forks source link

2.0.0 url for DATABASE not working #175

Open sdahlbac opened 6 months ago

sdahlbac commented 6 months ago

Your environment

Terraform Provider Version: version = "2.0.0"

Connect Server Version: n/a

CLI Version: 2.28.0

OS: osx

Terraform Version:

tofu -v 
OpenTofu v1.6.0
on darwin_arm64
+ provider registry.opentofu.org/1password/onepassword v2.0.0
+ provider registry.opentofu.org/cyrilgdn/postgresql v1.22.0
+ provider registry.opentofu.org/hashicorp/azurerm v3.104.2
+ provider registry.opentofu.org/hashicorp/helm v2.13.2
+ provider registry.opentofu.org/hashicorp/kubernetes v2.30.0
+ provider registry.opentofu.org/hashicorp/random v3.6.2
+ provider registry.opentofu.org/mongey/kafka v0.7.1

What happened?

resource "kubernetes_secret" "simple-change-detector-secret" {
  metadata {
    name      = "simple-change-detector-secret"
    namespace = kubernetes_namespace.m3data.metadata.0.name
  }
  data = {
    "SENTRY_DSN"        = data.azurerm_key_vault_secret.sentry-dsn.value
    "M3_MSSQL_HOST"     = data.onepassword_item.m3_mssql.url
    "M3_MSSQL_DATABASE" = data.onepassword_item.m3_mssql.database
    "M3_MSSQL_SCHEMA"   = "dbo"
    "M3_MSSQL_USERNAME" = data.onepassword_item.m3_mssql.username
    "M3_MSSQL_PASSWORD" = data.onepassword_item.m3_mssql.password
  }
}

The above worked fine using version = "1.4.3"

but after upgrading to 2.0.0 this is the relevant bits of tfplan json

    {
      "address": "kubernetes_secret.simple-change-detector-secret",
      "mode": "managed",
      "type": "kubernetes_secret",
      "name": "simple-change-detector-secret",
      "provider_name": "registry.opentofu.org/hashicorp/kubernetes",
      "change": {
        "actions": [
          "update"
        ],
        "before": {
          "binary_data": null,
          "data": {
            "M3_MSSQL_DATABASE": "...",
            "M3_MSSQL_HOST": "...",
            "M3_MSSQL_PASSWORD": "...",
            "M3_MSSQL_SCHEMA": "dbo",
            "M3_MSSQL_USERNAME": "...",
            "SENTRY_DSN": "..."
          },
          "id": "m3data/simple-change-detector-secret",
          "immutable": false,
          "metadata": [
            {
              "annotations": {},
              "generate_name": "",
              "generation": 0,
              "labels": {},
              "name": "simple-change-detector-secret",
              "namespace": "m3data",
              "resource_version": "47225134",
              "uid": "01d314bb-c0dc-460a-b923-16f12a923da7"
            }
          ],
          "timeouts": null,
          "type": "Opaque",
          "wait_for_service_account_token": true
        },
        "after": {
          "binary_data": null,
          "data": {
            "M3_MSSQL_DATABASE": "...",
            "M3_MSSQL_PASSWORD": "...",
            "M3_MSSQL_SCHEMA": "dbo",
            "M3_MSSQL_USERNAME": "...",
            "SENTRY_DSN": "..."
          },
          "id": "m3data/simple-change-detector-secret",
          "immutable": false,
          "metadata": [
            {
              "annotations": {},
              "generate_name": "",
              "generation": 0,
              "labels": {},
              "name": "simple-change-detector-secret",
              "namespace": "m3data",
              "resource_version": "47225134",
              "uid": "01d314bb-c0dc-460a-b923-16f12a923da7"
            }
          ],
          "timeouts": null,
          "type": "Opaque",
          "wait_for_service_account_token": true
        },
        "after_unknown": {},
        "before_sensitive": {
          "binary_data": true,
          "data": true,
          "metadata": [
            {
              "annotations": {},
              "labels": {}
            }
          ]
        },
        "after_sensitive": {
          "binary_data": true,
          "data": true,
          "metadata": [
            {
              "annotations": {},
              "labels": {}
            }
          ]
        }
      }
    },

What did you expect to happen?

Data should not randomly disappear

Steps to reproduce

Notes & Logs

d-rupp commented 5 months ago

Can confirm, we are using an "api_credential" entry created via Ansible and with the 2.0 change the url field is just gone from terraform.

Before we could easily access it via data.onepassword_item.itemname.url

sebastianreloaded commented 5 months ago

I think the item category database is broken completely. when i request an item of this category ALL values are null:

{
  "category": "database",
  "database": null,
  "hostname": null,
  "id": "vaults/dumtbu..../items/hrrdbd....",
  "note_value": "",
  "password": null,
  "port": null,
  "section": [],
  "tags": null,
  "title": "DatenbaseItem",
  "type": null,
  "url": null,
  "username": null,
  "uuid": "hrrdbd....",
  "vault": "dumtbu...."
}
sebastianreloaded commented 5 months ago

Ok, for me it is just a localization issue. 1Password uses different field names in the desktop and web client when your language is not english. Those don't properly map with the terraform provider.