1Password
Creating secure note object fails due to required password field
Your environment
Terraform Provider Version: v2.0.0
Connect Server Version: 1.7.2
CLI Version: 2.30.0
OS: Pop!_OS 22.04 LTS
Terraform Version:
Terraform v1.9.4
on linux_amd64
+ provider registry.terraform.io/1password/onepassword v2.0.0
+ provider registry.terraform.io/barnabyshearer/dockerhub v0.0.15
+ provider registry.terraform.io/hashicorp/google v5.40.0
What happened?
Attempting to create a secure note generated this error message:
│ Error: Provider returned invalid result object after apply
│
│ After the apply operation, the provider still indicated an unknown value for
│ onepassword_item.devtokens.password. All values must be known after apply, so
│ this is always a bug in the provider and should be reported in the provider's
│ own repository. Terraform will still save the other known object values in
│ the state.
Then when I added a password field, I got a second error:
╷
│ Error: Provider produced inconsistent result after apply
│
│ When applying changes to onepassword_item.devtokens, provider
│ "provider[\"registry.terraform.io/1password/onepassword\"]" produced an
│ unexpected new value: .section[0].field[0].type: was cty.StringVal("string"),
│ but now cty.StringVal("STRING").
│
│ This is a bug in the provider, which should be reported in the provider's own
│ issue tracker.
What did you expect to happen?
I expected a secure note to be created without a password field, and I expected the provider to either internally translate the case of the type or to use an enum to validate acceptable type values.
I also sort of expected the "required" password field to appear in the created item, but there is no password field after it's created. I'm ok with that, though. ;)
Steps to reproduce
- Try to create a secure_note item without a password field
- Observe error
- Add a placeholder password field
- Observe that "type = string" in the field is a new error
- upper-case the type to STRING
- Observe that the created resource does not have a password field even though the provider insists that field is required
resource "onepassword_item" "devtokens" {
vault = var.op_automation_vault
title = "developer tokens"
category = "secure_note"
section {
label = "dev_tokens"
field {
label = "a field"
type = "string"
value = "a value"
}
}
}
Notes & Logs
I suppose this is technically two separate bugs.
Hey @dannysauer! 👋🏻
What you might be experiencing when it comes to the provider saying the password being required is the bug at #173. This has been solved in the version 2.1.0, which is also the latest version of the provider.
As for the second element that you've identified, that is indeed a bug. A quick mitigation for it is, as you've mentioned, changing the type to STRING. Thank you for catching this. 😄
Oh, that's awesome! Sounds like I have a bug in the Renovate config which is supposed to be updating the 1password provider in my Terraform. :D
Confirmed that deleting the item and recreating without a password field works for me with the new provider. Though, I ran into #97 in the process, so had to delete the item from the state before recreating. ;)
Thanks, @edif2008. Should I open a new bug for the case sensitivity thing, or retitle this one?
To keep it clean and clear, I would recommend opening a new issue, since this one started off as not being able to create a Secure Note item without a password and in the process the additional bug was found.
Once you make that new issue, I will close this one.
Thank you again for your great cooperation and providing valuable feedback to further improve the Terraform provider. 😄
#214 should do the job for continuing to track the string/STRING issue.
Closing this as the original issue got addressed and the new bug identified is continued in #214