From 538c6e2224068137861d7dfd6eb68b31eb9624e4 Mon Sep 17 00:00:00 2001
From: Josh Burton <josh@arklabs.nz>
Date: Tue, 12 Dec 2023 08:59:26 +1300
Subject: [PATCH 1/4] Moves op version check from provider initialization to
 before executing op commands

---
 onepassword/cli/op.go   | 39 +++++++++++++++++++++++++++++++++++++++
 onepassword/provider.go | 10 ----------
 2 files changed, 39 insertions(+), 10 deletions(-)

diff --git a/onepassword/cli/op.go b/onepassword/cli/op.go
index 5983d67c..a5d54ff7 100644
--- a/onepassword/cli/op.go
+++ b/onepassword/cli/op.go
@@ -14,6 +14,10 @@ import (
 	"github.com/hashicorp/terraform-plugin-log/tflog"
 )
 
+const (
+	minimumOpCliVersion = "2.23.0" // introduction of stdin json support for `op item update`
+)
+
 type OP struct {
 	binaryPath          string
 	serviceAccountToken string
@@ -41,7 +45,22 @@ func (op *OP) GetVersion(ctx context.Context) (*semver.Version, error) {
 	return version, nil
 }
 
+func (op *OP) checkCliVersion(ctx context.Context) error {
+	cliVersion, err := op.GetVersion(ctx)
+	if err != nil {
+		return fmt.Errorf("failed to get version of op CLI: %w", err)
+	}
+	if cliVersion.LessThan(semver.MustParse(minimumOpCliVersion)) {
+		return fmt.Errorf("current 1Password CLI version is \"%s\". Please upgrade to at least \"%s\"", cliVersion, minimumOpCliVersion)
+	}
+	return nil
+}
+
 func (op *OP) GetVault(ctx context.Context, uuid string) (*onepassword.Vault, error) {
+	versionErr := op.checkCliVersion(ctx)
+	if versionErr != nil {
+		return nil, versionErr
+	}
 	var res *onepassword.Vault
 	err := op.execJson(ctx, &res, nil, p("vault"), p("get"), p(uuid))
 	if err != nil {
@@ -51,6 +70,10 @@ func (op *OP) GetVault(ctx context.Context, uuid string) (*onepassword.Vault, er
 }
 
 func (op *OP) GetVaultsByTitle(ctx context.Context, title string) ([]onepassword.Vault, error) {
+	versionErr := op.checkCliVersion(ctx)
+	if versionErr != nil {
+		return nil, versionErr
+	}
 	var allVaults []onepassword.Vault
 	err := op.execJson(ctx, &allVaults, nil, p("vault"), p("list"))
 	if err != nil {
@@ -67,6 +90,10 @@ func (op *OP) GetVaultsByTitle(ctx context.Context, title string) ([]onepassword
 }
 
 func (op *OP) GetItem(ctx context.Context, itemUuid, vaultUuid string) (*onepassword.Item, error) {
+	versionErr := op.checkCliVersion(ctx)
+	if versionErr != nil {
+		return nil, versionErr
+	}
 	var res *onepassword.Item
 	err := op.execJson(ctx, &res, nil, p("item"), p("get"), p(itemUuid), f("vault", vaultUuid))
 	if err != nil {
@@ -86,6 +113,10 @@ func (op *OP) CreateItem(ctx context.Context, item *onepassword.Item, vaultUuid
 }
 
 func (op *OP) create(ctx context.Context, item *onepassword.Item, vaultUuid string) (*onepassword.Item, error) {
+	versionErr := op.checkCliVersion(ctx)
+	if versionErr != nil {
+		return nil, versionErr
+	}
 	if item.Vault.ID != "" && item.Vault.ID != vaultUuid {
 		return nil, errors.New("item payload contains vault id that does not match vault uuid")
 	}
@@ -122,6 +153,10 @@ func (op *OP) UpdateItem(ctx context.Context, item *onepassword.Item, vaultUuid
 }
 
 func (op *OP) update(ctx context.Context, item *onepassword.Item, vaultUuid string) (*onepassword.Item, error) {
+	versionErr := op.checkCliVersion(ctx)
+	if versionErr != nil {
+		return nil, versionErr
+	}
 	if item.Vault.ID != "" && item.Vault.ID != vaultUuid {
 		return nil, errors.New("item payload contains vault id that does not match vault uuid")
 	}
@@ -151,6 +186,10 @@ func (op *OP) DeleteItem(ctx context.Context, item *onepassword.Item, vaultUuid
 }
 
 func (op *OP) delete(ctx context.Context, item *onepassword.Item, vaultUuid string) (*onepassword.Item, error) {
+	versionErr := op.checkCliVersion(ctx)
+	if versionErr != nil {
+		return nil, versionErr
+	}
 	if item.Vault.ID != "" && item.Vault.ID != vaultUuid {
 		return nil, errors.New("item payload contains vault id that does not match vault uuid")
 	}
diff --git a/onepassword/provider.go b/onepassword/provider.go
index c958e1fd..6536161b 100644
--- a/onepassword/provider.go
+++ b/onepassword/provider.go
@@ -9,14 +9,12 @@ import (
 	"github.com/1Password/terraform-provider-onepassword/onepassword/cli"
 	"github.com/1Password/terraform-provider-onepassword/onepassword/connectctx"
 	"github.com/1Password/terraform-provider-onepassword/version"
-	"github.com/Masterminds/semver/v3"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
 
 const (
 	terraformProviderUserAgent = "terraform-provider-connect/%s"
-	minimumOpCliVersion        = "2.23.0" // introduction of stdin json support for `op item update`
 )
 
 func init() {
@@ -124,14 +122,6 @@ func initializeCLI(ctx context.Context, serviceAccountToken, account, opCliPath
 		op = cli.New(serviceAccountToken, opCliPath, "")
 	}
 
-	cliVersion, err := op.GetVersion(ctx)
-	if err != nil {
-		return nil, diag.FromErr(fmt.Errorf("failed to get version of op CLI: %w", err))
-	}
-	if cliVersion.LessThan(semver.MustParse(minimumOpCliVersion)) {
-		return nil, diag.Errorf("Current 1Password CLI version is \"%s\". Please upgrade to at least \"%s\".", cliVersion, minimumOpCliVersion)
-	}
-
 	return op, nil
 }
 

From d659e1f5eddc8600582b180c0a8dd410a48787a0 Mon Sep 17 00:00:00 2001
From: Volodymyr Zotov <volodymyr.zotov@agilebits.com>
Date: Wed, 13 Dec 2023 11:43:02 -0600
Subject: [PATCH 2/4] Chenc version once when create/update/delete

---
 onepassword/cli/op.go | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/onepassword/cli/op.go b/onepassword/cli/op.go
index a5d54ff7..ba7d7c55 100644
--- a/onepassword/cli/op.go
+++ b/onepassword/cli/op.go
@@ -107,16 +107,16 @@ func (op *OP) GetItemByTitle(ctx context.Context, title string, vaultUuid string
 }
 
 func (op *OP) CreateItem(ctx context.Context, item *onepassword.Item, vaultUuid string) (*onepassword.Item, error) {
+	versionErr := op.checkCliVersion(ctx)
+	if versionErr != nil {
+		return nil, versionErr
+	}
 	return op.withRetry(func() (*onepassword.Item, error) {
 		return op.create(ctx, item, vaultUuid)
 	})
 }
 
 func (op *OP) create(ctx context.Context, item *onepassword.Item, vaultUuid string) (*onepassword.Item, error) {
-	versionErr := op.checkCliVersion(ctx)
-	if versionErr != nil {
-		return nil, versionErr
-	}
 	if item.Vault.ID != "" && item.Vault.ID != vaultUuid {
 		return nil, errors.New("item payload contains vault id that does not match vault uuid")
 	}
@@ -147,16 +147,16 @@ func (op *OP) create(ctx context.Context, item *onepassword.Item, vaultUuid stri
 }
 
 func (op *OP) UpdateItem(ctx context.Context, item *onepassword.Item, vaultUuid string) (*onepassword.Item, error) {
+	versionErr := op.checkCliVersion(ctx)
+	if versionErr != nil {
+		return nil, versionErr
+	}
 	return op.withRetry(func() (*onepassword.Item, error) {
 		return op.update(ctx, item, vaultUuid)
 	})
 }
 
 func (op *OP) update(ctx context.Context, item *onepassword.Item, vaultUuid string) (*onepassword.Item, error) {
-	versionErr := op.checkCliVersion(ctx)
-	if versionErr != nil {
-		return nil, versionErr
-	}
 	if item.Vault.ID != "" && item.Vault.ID != vaultUuid {
 		return nil, errors.New("item payload contains vault id that does not match vault uuid")
 	}
@@ -176,6 +176,10 @@ func (op *OP) update(ctx context.Context, item *onepassword.Item, vaultUuid stri
 }
 
 func (op *OP) DeleteItem(ctx context.Context, item *onepassword.Item, vaultUuid string) error {
+	versionErr := op.checkCliVersion(ctx)
+	if versionErr != nil {
+		return versionErr
+	}
 	_, err := op.withRetry(func() (*onepassword.Item, error) {
 		return op.delete(ctx, item, vaultUuid)
 	})
@@ -186,10 +190,6 @@ func (op *OP) DeleteItem(ctx context.Context, item *onepassword.Item, vaultUuid
 }
 
 func (op *OP) delete(ctx context.Context, item *onepassword.Item, vaultUuid string) (*onepassword.Item, error) {
-	versionErr := op.checkCliVersion(ctx)
-	if versionErr != nil {
-		return nil, versionErr
-	}
 	if item.Vault.ID != "" && item.Vault.ID != vaultUuid {
 		return nil, errors.New("item payload contains vault id that does not match vault uuid")
 	}

From bfa6230df8aa14ec63ed6d90639dd7b7e3ffcc42 Mon Sep 17 00:00:00 2001
From: Volodymyr Zotov <volodymyr.zotov@agilebits.com>
Date: Wed, 13 Dec 2023 12:27:05 -0600
Subject: [PATCH 3/4] Prepare release v1.4.1-beta01

---
 .VERSION     | 2 +-
 CHANGELOG.md | 8 ++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/.VERSION b/.VERSION
index e21e727f..6fea73af 100644
--- a/.VERSION
+++ b/.VERSION
@@ -1 +1 @@
-1.4.0
\ No newline at end of file
+1.4.1-beta01
\ No newline at end of file
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 55b8d65c..b50ab35f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,14 @@
 
 ---
 
+[//]: # (START/v1.4.0-beta01)
+# v1.4.0-beta01
+
+## Fixes
+* Using provider on Terraform Cloud. {#116}
+
+---
+
 [//]: # (START/v1.4.0)
 # v1.4.0
 

From d27abbd59536d368b4bf8ebeee9b0ff5c5c19a0a Mon Sep 17 00:00:00 2001
From: Volodymyr Zotov <volodymyr.zotov@agilebits.com>
Date: Wed, 13 Dec 2023 15:54:42 -0600
Subject: [PATCH 4/4] Fix version in the changelog

---
 CHANGELOG.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b50ab35f..83799038 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,8 +12,8 @@
 
 ---
 
-[//]: # (START/v1.4.0-beta01)
-# v1.4.0-beta01
+[//]: # (START/v1.4.1-beta01)
+# v1.4.1-beta01
 
 ## Fixes
 * Using provider on Terraform Cloud. {#116}