Changing `field` s of a `section` gives unexpected results (re-labeling of existing fields and thus data moved)

[daniel-ciaglia]

Your environment

Terraform Provider Version: 1.1.4 (latest) Connect Server Version: 1.5.7 OS: MacOS 13.3 on M1 Terraform Version: 1.4.4

What happened?

• create a basic item

• create a section with 3 fields (no values)

• fields named a_password, b_password, z_password

• terraform apply

• added values manually to fields

• added a new field name c_password

• terraform apply

• ~ field {
        id    = "hmaa7pivgm6qro75zlelovwab4"
      ~ label = "z_password" -> "c_password"
        # (1 unchanged attribute hidden)
    }
  + field {
      + label = "z_password"
      + type  = "CONCEALED"
    }

• label for field z_password was changed to c_password and thus manual data are now available in the wrong field

What did you expect to happen?

• new field with label c_password

Steps to reproduce

1. see above, source code attached below, authentication is stored in AWS Secrets manager for Connect authentication
2. I tried to give an id to the field, but this id was happily changed as well

---

Source code

terraform {
  required_version = ">= 1.4.0"

  required_providers {
    onepassword = {
      source  = "1Password/onepassword"
      version = "~> 1.1.4"
    }
  }
}

# ########################## 1Password config ############################
# the configuration for connecting to 1password Agent

data "aws_secretsmanager_secret" "onepassword_token" {
  name = "onepassword-token"
}
data "aws_secretsmanager_secret_version" "onepassword_token" {
  secret_id = data.aws_secretsmanager_secret.onepassword_token.id
}

provider "onepassword" {
  url   = "http://localhost:8080"
  token = data.aws_secretsmanager_secret_version.onepassword_token.secret_string
}

locals {
  one_password_vault = "your-vault-goes-here"
}

data "onepassword_vault" "this" {
  name = local.one_password_vault
}

# plain resources
resource "onepassword_item" "plain" {
  vault = data.onepassword_vault.this.uuid

  title    = "plain"
  category = "password"

  section {
    label = "collector"
     field {
      label = "a_password"
      type  = "CONCEALED"
    }
    field {
      label = "b_password"
      type  = "CONCEALED"
    }
    # initially commented out
    # field {
    #   label = "c_password"
    #   type  = "CONCEALED"
    # }
    field {
      label = "z_password"
      type  = "CONCEALED"
    }
  }
}