Feature Request: allow onepassword_item resource to be created without a password

[MarshallAsch]

Summary

Allow some way for the password field to be left blank during resource creation.

Use cases

For some password entries it is not desirable to have a password field. (for example AWS IAM access keys, a better format may be to use something like the following (created through the 1password website) where the secrets are stored in additional fields that can be named appropriately.

However, when using the the Terraform resource leaving out the password parameter leads to the generation of a new random password which may not be desirable. (explicitly setting it to an empty string has the same result).

Proposed solution

In order to maintain backwards compatibility a null, or "" password must continue to generate a new random password.
Instead, the password_recipe.length parameter can be modified to allow a password length of 0, or a new password_recipe.generate = False to be specified to disable the generation of random passwords.

Is there a workaround to accomplish this today?

As far as I can tell there is no way to not include the password field in any resources generated by Terrafrom. The closest I have been able to get is to set the password to a clearly non password value of not a real password.

References & Prior Work

• min length validation
• generate if ""

[hangpark]

I need this feature too. For backward compatibility, what about introducing allow_empty_password field on the schema? In this case set up, if there is neither a password nor a password recipe in the tf configuration, disabling password generating would be good enough I think. Of course, @MarshallAsch's proposal sounds good, too.