Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

biometric unlock many times #140

Open
sdahlbac opened this issue Jan 15, 2024 · 7 comments
Open

biometric unlock many times #140

sdahlbac opened this issue Jan 15, 2024 · 7 comments
Labels
bug Something isn't working

Comments

@sdahlbac
Copy link
Contributor

Your environment

Terraform Provider Version:

tofu -v
OpenTofu v1.6.0
on darwin_arm64

  • provider registry.opentofu.org/1password/onepassword v1.4.0
  • provider registry.opentofu.org/cyrilgdn/postgresql v1.21.0
  • provider registry.opentofu.org/hashicorp/aws v5.32.1
  • provider registry.opentofu.org/hashicorp/kubernetes v2.25.2
  • provider registry.opentofu.org/hashicorp/random v3.6.0
  • provider registry.opentofu.org/mongey/kafka v0.5.4

Connect Server Version:
N/A

CLI Version:
op -v
2.24.0

OS: osx/arm

Terraform Version: OpenTofu v1.6.0

What happened?

Everything works, but instead of biometric unlock just once, I need to do it 5 times

What did you expect to happen?

a single biometric unlock should suffice

Steps to reproduce

  1. tofu plan

Notes & Logs

@sdahlbac sdahlbac added the bug Something isn't working label Jan 15, 2024
@simonweil
Copy link

simonweil commented Jan 17, 2024

I'm seeing this too and it is very annoying...
I can't run the plan and go make a coffee :(

@volodymyrZotov
Copy link
Contributor

Hi @sdahlbac . Thank you for raising this! Agree, that's annoying...😬
This happens as terraform processes each resource in parallel and each of the parallel processes would need to be authenticated by the CLI. This is a known issue and it will be fixed on the OP CLI side. Stay tuned for future CLI releases.

Meanwhile you can mitigate the issue by running the apply command sequentially

terraform apply -parallelism=1

@volodymyrZotov volodymyrZotov added enhancement New feature or request and removed bug Something isn't working labels Jan 18, 2024
@vponoikoait
Copy link

+1

@sdahlbac
Copy link
Contributor Author

@volodymyrZotov any updates on this?

@asininemonkey
Copy link

Another month and no update. Anything?

@SimonBarendse
Copy link
Member

SimonBarendse commented Oct 30, 2024

Hi folks,

As @volodymyrZotov investigated the way Terraform calls into the CLI from different processes for every resource doesn't play well with how the CLI is authorized (per process). This is an intentional design of 1Password CLI auth preventing every process running on your machine from being able to access your 1Password account.

We're currently planning to add (biometric) auth prompt support to the 1Password Go SDK. Once that's tackled, we can replace the calls to CLI in this Terraform project with SDK. That should solve this issue as well as a few others (a.o. #204, #148, #130, #141, #191, #163). All these issues have in common that they're caused by the friction from using CLI while Terraform is better suited to integrate via SDK.

Adding Auth Prompt support to SDKs is a relatively large effort, and I'm not expecting movement on this issue until a couple months into the new year at the earliest.

In the meantime, you can use either the workaround @volodymyrZotov shared above of running your Terraform commands without parallelism:

terraform apply -parallelism=1

or you can use a 1Password Service Account to auth Terraform instead of using a biometric prompt.

@SimonBarendse SimonBarendse added bug Something isn't working and removed enhancement New feature or request labels Oct 30, 2024
@sdahlbac
Copy link
Contributor Author

Thanks for the update

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

6 participants