Merge original 1Password 'main' and resolve conflicts

CONTRIBUTING.md

@@ -36,7 +36,7 @@ terraform {
   required_providers {
     onepassword = {
       source  = "1Password/onepassword"
-      version = "~> 1.3.0"
+      version = "~> 2.0.0"
     }
   }
 }

README.md

@@ -21,7 +21,7 @@ terraform {
   required_providers {
     onepassword = {
       source = "1Password/onepassword"
-      version = "~> 1.3.0"
+      version = "~> 2.0.0"
     }
   }
 }

docs/data-sources/item.md

@@ -14,8 +14,8 @@ Use this data source to get details of an item by its vault uuid and either the
 
 ```terraform
 data "onepassword_item" "example" {
-  vault = data.onepassword_vault.example.uuid
-  uuid  = onepassword_item.demo_sections.uuid
+  vault = "your-vault-id"
+  title = "your-item-title"
 }
 ```
 
@@ -34,9 +34,10 @@ data "onepassword_item" "example" {
 
 ### Read-Only
 
-- `category` (String) The category of the item. One of ["login" "password" "database" "secure_note"]
+- `category` (String) The category of the item. One of ["login" "password" "database" "secure_note" "document"]
 - `credential` (String, Sensitive) API credential for this item.
 - `database` (String) (Only applies to the database category) The name of the database.
+- `file` (Block List) A list of files attached to the item. (see [below for nested schema](#nestedblock--file))
 - `hostname` (String) (Only applies to the database category) The address where the database can be found
 - `id` (String) The Terraform resource identifier for this item in the format `vaults/<vault_id>/items/<item_id>`.
 - `password` (String, Sensitive) Password for this item.
@@ -47,12 +48,24 @@ data "onepassword_item" "example" {
 - `url` (String) The primary URL for the item.
 - `username` (String) Username for this item.
 
+<a id="nestedblock--file"></a>
+### Nested Schema for `file`
+
+Read-Only:
+
+- `content` (String, Sensitive) The content of the file.
+- `content_base64` (String, Sensitive) The content of the file in base64 encoding. (Use this for binary files.)
+- `id` (String) The UUID of the file.
+- `name` (String) The name of the file.
+
+
 <a id="nestedblock--section"></a>
 ### Nested Schema for `section`
 
 Read-Only:
 
 - `field` (Block List) (see [below for nested schema](#nestedblock--section--field))
+- `file` (Block List) A list of files attached to the section. (see [below for nested schema](#nestedblock--section--file))
 - `id` (String) A unique identifier for the section.
 - `label` (String) The label for the section.
 
@@ -63,6 +76,17 @@ Read-Only:
 
 - `id` (String) A unique identifier for the field.
 - `label` (String) The label for the field.
-- `purpose` (String) Purpose indicates this is a special field: a username, password, or notes field.
-- `type` (String) The type of value stored in the field.
+- `purpose` (String) Purpose indicates this is a special field: a username, password, or notes field. One of ["USERNAME" "PASSWORD" "NOTES"]
+- `type` (String) The type of value stored in the field. One of ["STRING" "CONCEALED" "EMAIL" "URL" "OTP" "DATE" "MONTH_YEAR" "MENU"]
 - `value` (String, Sensitive) The value of the field.
+
+
+<a id="nestedblock--section--file"></a>
+### Nested Schema for `section.file`
+
+Read-Only:
+
+- `content` (String, Sensitive) The content of the file.
+- `content_base64` (String, Sensitive) The content of the file in base64 encoding. (Use this for binary files.)
+- `id` (String) The UUID of the file.
+- `name` (String) The name of the file.

docs/data-sources/vault.md

@@ -14,7 +14,7 @@ Use this data source to get details of a vault by either its name or uuid.
 
 ```terraform
 data "onepassword_vault" "example" {
-  name = var.demo_vault
+  name = "your-vault-name"
 }
 ```
 

docs/resources/item.md

@@ -13,48 +13,27 @@ A 1Password Item.
 ## Example Usage
 
 ```terraform
-resource "onepassword_item" "demo_password" {
-  vault = var.demo_vault
+resource "onepassword_item" "example" {
+  vault = "your-vault-id"
 
-  title    = "Demo Password Recipe"
-  category = "password"
+  title    = "Example Item Title"
+  category = "login"
 
   password_recipe {
     length  = 40
     symbols = false
   }
 
   section {
-    label = "Credential metadata"
+    label = "Example section"
 
     field {
-      label = "Expiration"
+      label = "Example field"
       type  = "DATE"
       value = "2024-01-31"
     }
   }
 }
-
-resource "onepassword_item" "demo_login" {
-  vault = var.demo_vault
-
-  title    = "Demo Terraform Login"
-  category = "login"
-  username = "test@example.com"
-}
-
-resource "onepassword_item" "demo_db" {
-  vault    = var.demo_vault
-  category = "database"
-  type     = "mysql"
-
-  title    = "Demo TF Database"
-  username = "root"
-
-  database = "Example MySQL Instance"
-  hostname = "localhost"
-  port     = 3306
-}
 ```
 
 <!-- schema generated by tfplugindocs -->

examples/data-sources/onepassword_item/data-source.tf

@@ -1,4 +1,4 @@
 data "onepassword_item" "example" {
-  vault = data.onepassword_vault.example.uuid
-  uuid  = onepassword_item.demo_sections.uuid
+  vault = "your-vault-id"
+  title = "your-item-title"
 }

examples/data-sources/onepassword_vault/data-source.tf

@@ -1,3 +1,3 @@
 data "onepassword_vault" "example" {
-  name = var.demo_vault
+  name = "your-vault-name"
 }

examples/main.tf → examples/item/main.tf

@@ -2,19 +2,37 @@ terraform {
   required_providers {
     onepassword = {
       source  = "1Password/onepassword"
-      version = "~> 1.3.0"
+      version = "~> 2.0.0"
     }
   }
 }
 
-provider "onepassword" {
-  url = "http://localhost:8080"
+data "onepassword_vault" "demo_vault" {
+  name = var.demo_vault
+}
+
+resource "onepassword_item" "demo_login" {
+  vault = data.onepassword_vault.demo_vault.uuid
+
+  title    = "Demo Terraform Login Item"
+  category = "login"
+  username = "test@example.com"
+
+  tags = ["Terraform", "Automation"]
+
+  password_recipe {
+    length  = 32
+    digits  = false
+    symbols = false
+  }
+
+  note_value = "An item created with the 1Password Terraform provider"
 }
 
 resource "onepassword_item" "demo_password" {
-  vault = var.demo_vault
+  vault = data.onepassword_vault.demo_vault.uuid
 
-  title    = "Demo Password Recipe"
+  title    = "Demo Terraform Password Item"
   category = "password"
 
   password_recipe {
@@ -33,29 +51,33 @@ resource "onepassword_item" "demo_password" {
   }
 }
 
-resource "onepassword_item" "demo_login" {
-  vault = var.demo_vault
-
-  title    = "Demo Terraform Login"
-  category = "login"
-  username = "test@example.com"
-}
-
 resource "onepassword_item" "demo_db" {
-  vault    = var.demo_vault
+  vault    = data.onepassword_vault.demo_vault.uuid
   category = "database"
   type     = "mysql"
 
-  title    = "Demo TF Database"
+  title    = "Demo Terraform Database Item"
   username = "root"
 
   database = "Example MySQL Instance"
   hostname = "localhost"
   port     = 3306
 }
 
+resource "onepassword_item" "demo_secure_note" {
+  vault = data.onepassword_vault.demo_vault.uuid
+
+  title    = "Demo Terraform Secure Note Item"
+  category = "secure_note"
+
+  note_value = <<EOT
+  Welcome to the Terraform world! 🤩
+  This was an item created with the 1Password Terraform provider.
+  EOT
+}
+
 resource "onepassword_item" "demo_sections" {
-  vault = var.demo_vault
+  vault = data.onepassword_vault.demo_vault.uuid
 
   title    = "Demo Terraform Item with Sections"
   category = "login"
@@ -105,6 +127,6 @@ resource "onepassword_item" "demo_sections" {
 # Example of a Data Source Item with multiple sections and fields.
 # Uncomment it once the item above has been created to see an example of a Data Source
 # data "onepassword_item" "example" {
-#   vault = var.demo_vault
+#   vault = data.onepassword_vault.demo_vault.uuid
 #   uuid  = onepassword_item.demo_sections.uuid
 # }

examples/resources/onepassword_item/resource.tf

@@ -1,42 +1,21 @@
-resource "onepassword_item" "demo_password" {
-  vault = var.demo_vault
+resource "onepassword_item" "example" {
+  vault = "your-vault-id"
 
-  title    = "Demo Password Recipe"
-  category = "password"
+  title    = "Example Item Title"
+  category = "login"
 
   password_recipe {
     length  = 40
     symbols = false
   }
 
   section {
-    label = "Credential metadata"
+    label = "Example section"
 
     field {
-      label = "Expiration"
+      label = "Example field"
       type  = "DATE"
       value = "2024-01-31"
     }
   }
 }
-
-resource "onepassword_item" "demo_login" {
-  vault = var.demo_vault
-
-  title    = "Demo Terraform Login"
-  category = "login"
-  username = "test@example.com"
-}
-
-resource "onepassword_item" "demo_db" {
-  vault    = var.demo_vault
-  category = "database"
-  type     = "mysql"
-
-  title    = "Demo TF Database"
-  username = "root"
-
-  database = "Example MySQL Instance"
-  hostname = "localhost"
-  port     = 3306
-}

internal/onepassword/cli/op.go

@@ -208,6 +208,20 @@ func (op *OP) delete(ctx context.Context, item *onepassword.Item, vaultUuid stri
 	return nil, op.execJson(ctx, nil, nil, p("item"), p("delete"), p(item.ID), f("vault", vaultUuid))
 }
 
+func (op *OP) GetFileContent(ctx context.Context, file *onepassword.File, itemUuid, vaultUuid string) ([]byte, error) {
+	versionErr := op.checkCliVersion(ctx)
+	if versionErr != nil {
+		return nil, versionErr
+	}
+	ref := fmt.Sprintf("op://%s/%s/%s", vaultUuid, itemUuid, file.ID)
+	tflog.Debug(ctx, "reading file content from: "+ref)
+	res, err := op.execRaw(ctx, nil, p("read"), p(ref))
+	if err != nil {
+		return nil, err
+	}
+	return res, nil
+}
+
 func (op *OP) execJson(ctx context.Context, dst any, stdin []byte, args ...opArg) error {
 	result, err := op.execRaw(ctx, stdin, args...)
 	if err != nil {

internal/onepassword/client.go

@@ -18,6 +18,7 @@ type Client interface {
 	CreateItem(ctx context.Context, item *onepassword.Item, vaultUuid string) (*onepassword.Item, error)
 	UpdateItem(ctx context.Context, item *onepassword.Item, vaultUuid string) (*onepassword.Item, error)
 	DeleteItem(ctx context.Context, item *onepassword.Item, vaultUuid string) error
+	GetFileContent(ctx context.Context, file *onepassword.File, itemUUid, vaultUuid string) ([]byte, error)
 }
 
 type ClientConfig struct {

internal/onepassword/connect/connect_client.go

@@ -39,6 +39,10 @@ func (c *Client) DeleteItem(_ context.Context, item *onepassword.Item, vaultUuid
 	return c.connectClient.DeleteItem(item, vaultUuid)
 }
 
+func (w *Client) GetFileContent(_ context.Context, file *onepassword.File, itemUUID, vaultUUID string) ([]byte, error) {
+	return w.connectClient.GetFileContent(file)
+}
+
 func NewClient(connectHost, connectToken, providerUserAgent string) *Client {
 	return &Client{connectClient: connect.NewClientWithUserAgent(connectHost, connectToken, providerUserAgent)}
 }

internal/provider/const.go

@@ -30,6 +30,14 @@ const (
 	sectionIDDescription     = "A unique identifier for the section."
 	sectionLabelDescription  = "The label for the section."
 	sectionFieldsDescription = "A list of custom fields in the section."
+	sectionFilesDescription  = "A list of files attached to the section."
+
+	filesDescription             = "A list of files attached to the item."
+	fileDescription              = "A file attached to the item."
+	fileIDDescription            = "The UUID of the file."
+	fileNameDescription          = "The name of the file."
+	fileContentDescription       = "The content of the file."
+	fileContentBase64Description = "The content of the file in base64 encoding. (Use this for binary files.)"
 
 	fieldDescription        = "A custom field."
 	fieldIDDescription      = "A unique identifier for the field."
@@ -59,6 +67,7 @@ var (
 		strings.ToLower(string(op.Database)),
 		strings.ToLower(string(op.SecureNote)),
 	}
+	dataSourceCategories = append(categories, strings.ToLower(string(op.Document)))
 
 	fieldPurposes = []string{
 		string(op.FieldPurposeUsername),