Migration to Terraform provider framework

.github/workflows/build.yml

@@ -7,15 +7,18 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Set up Go 1.x
-      uses: actions/setup-go@v4
+      uses: actions/setup-go@v5
       with:
-        go-version: ^1.19
+        go-version: ^1.21
 
     - name: Check out code into the Go module directory
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Build
       run: go build -v ./...
 
     - name: Test
       run: go test -v ./... -cover
+      env:
+        TF_ACC: "1"
+      timeout-minutes: 10

.github/workflows/docs.yml

@@ -7,17 +7,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Set up Go 1.x
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version: ^1.19
 
       - name: Install Terraform
-        uses: hashicorp/setup-terraform@v2
+        uses: hashicorp/setup-terraform@v3
         with:
           terraform_wrapper: false
 
       - name: Check out code into the Go module directory
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Generate docs
         run: go generate

.github/workflows/release-pr.yml

@@ -16,7 +16,7 @@ jobs:
     steps:
       - id: is_release_branch_without_pr
         name: Find matching PR
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |
@@ -42,7 +42,7 @@ jobs:
     name: Create Release Pull Request
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Parse release version
         id: get_version

.github/workflows/release.yml

@@ -11,27 +11,25 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       -
         name: Set up Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version: ^1.19
       -
         name: Import GPG key
         id: import_gpg
-        # TODO: move this to HashiCorp namespace or find alternative that is just simple gpg commands
-        # see https://github.com/hashicorp/terraform-provider-scaffolding/issues/22
-        uses: paultyng/[email protected]
-        env:
+        uses: crazy-max/ghaction-import-gpg@v6
+        with:
           # These secrets will need to be configured for the repository:
-          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
-          PASSPHRASE: ${{ secrets.PASSPHRASE }}
+          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
+          passphrase: ${{ secrets.PASSPHRASE }}
       -
         name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v4
+        uses: goreleaser/goreleaser-action@v5
         with:
           version: 1.19.1
           args: release --clean

.goreleaser.yml

@@ -33,6 +33,9 @@ archives:
 - format: zip
   name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}'
 checksum:
+  extra_files:
+    - glob: 'terraform-registry-manifest.json'
+      name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json'
   name_template: '{{ .ProjectName }}_{{ .Version }}_SHA256SUMS'
   algorithm: sha256
 signs:
@@ -48,6 +51,9 @@ signs:
       - "--detach-sign"
       - "${artifact}"
 release:
+  extra_files:
+    - glob: 'terraform-registry-manifest.json'
+      name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json'
   # If you want to manually examine the release before its live, uncomment this line:
   draft: true
 changelog:

Makefile

@@ -1,7 +1,7 @@
 export MAIN_BRANCH ?= main
 
 .DEFAULT_GOAL := help
-.PHONY: test build clean test/coverage release/prepare release/tag .check_bump_type .check_git_clean help
+.PHONY: test testacc build clean test/coverage release/prepare release/tag .check_bump_type .check_git_clean help
 
 GIT_BRANCH := $(shell git symbolic-ref --short HEAD)
 WORKTREE_CLEAN := $(shell git status --porcelain 1>/dev/null 2>&1; echo $$?)
@@ -17,6 +17,9 @@ test:	## Run test suite
 test/coverage:	## Run test suite with coverage report
 	go test -v ./... -cover
 
+testacc: ## Run acceptance tests
+	TF_ACC=1 go test ./... -v $(TESTARGS) -timeout 120m
+
 build: clean	## Build project
 	go build -o ./dist/terraform-provider-onepassword .
 

docs/data-sources/item.md

@@ -1,6 +1,6 @@
 ---
 # generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "onepassword_item Data Source - terraform-provider-onepassword"
+page_title: "onepassword_item Data Source - onepassword"
 subcategory: ""
 description: |-
   Use this data source to get details of an item by its vault uuid and either the title or the uuid of the item.
@@ -14,7 +14,7 @@ Use this data source to get details of an item by its vault uuid and either the
 
 ```terraform
 data "onepassword_item" "example" {
-  vault = var.demo_vault
+  vault = data.onepassword_vault.example.uuid
   uuid  = onepassword_item.demo_sections.uuid
 }
 ```
@@ -34,34 +34,34 @@ data "onepassword_item" "example" {
 
 ### Read-Only
 
-- `category` (String) The category of the item. One of ["login" "password" "database"]
+- `category` (String) The category of the item. One of ["login" "password" "database" "secure_note"]
 - `database` (String) (Only applies to the database category) The name of the database.
 - `hostname` (String) (Only applies to the database category) The address where the database can be found
-- `id` (String) The Terraform resource identifier for this item in the format `vaults/<vault_id>/items/<item_id>`
+- `id` (String) The Terraform resource identifier for this item in the format `vaults/<vault_id>/items/<item_id>`.
 - `password` (String, Sensitive) Password for this item.
 - `port` (String) (Only applies to the database category) The port the database is listening on.
-- `section` (List of Object) A list of custom sections in an item (see [below for nested schema](#nestedatt--section))
+- `section` (Block List) A list of custom sections in an item (see [below for nested schema](#nestedblock--section))
 - `tags` (List of String) An array of strings of the tags assigned to the item.
 - `type` (String) (Only applies to the database category) The type of database. One of ["db2" "filemaker" "msaccess" "mssql" "mysql" "oracle" "postgresql" "sqlite" "other"]
 - `url` (String) The primary URL for the item.
 - `username` (String) Username for this item.
 
-<a id="nestedatt--section"></a>
+<a id="nestedblock--section"></a>
 ### Nested Schema for `section`
 
 Read-Only:
 
-- `field` (List of Object) (see [below for nested schema](#nestedobjatt--section--field))
-- `id` (String)
-- `label` (String)
+- `field` (Block List) (see [below for nested schema](#nestedblock--section--field))
+- `id` (String) A unique identifier for the section.
+- `label` (String) The label for the section.
 
-<a id="nestedobjatt--section--field"></a>
+<a id="nestedblock--section--field"></a>
 ### Nested Schema for `section.field`
 
 Read-Only:
 
-- `id` (String)
-- `label` (String)
-- `purpose` (String)
-- `type` (String)
-- `value` (String)
+- `id` (String) A unique identifier for the field.
+- `label` (String) The label for the field.
+- `purpose` (String) Purpose indicates this is a special field: a username, password, or notes field.
+- `type` (String) The type of value stored in the field.
+- `value` (String, Sensitive) The value of the field.

docs/data-sources/vault.md

@@ -1,6 +1,6 @@
 ---
 # generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "onepassword_vault Data Source - terraform-provider-onepassword"
+page_title: "onepassword_vault Data Source - onepassword"
 subcategory: ""
 description: |-
   Use this data source to get details of a vault by either its name or uuid.
@@ -10,7 +10,13 @@ description: |-
 
 Use this data source to get details of a vault by either its name or uuid.
 
+## Example Usage
 
+```terraform
+data "onepassword_vault" "example" {
+  name = var.demo_vault
+}
+```
 
 <!-- schema generated by tfplugindocs -->
 ## Schema

docs/index.md

@@ -81,8 +81,8 @@ Environment variables are a more secure way to set configuration options because
 
 - `account` (String) A valid account's sign-in address or ID to use biometrics unlock. Can also be sourced from `OP_ACCOUNT` environment variable. Provider will use the 1Password CLI if set.
 - `op_cli_path` (String) The path to the 1Password CLI binary. Can also be sourced from `OP_CLI_PATH` environment variable. Defaults to `op`.
-- `service_account_token` (String) A valid 1Password service account token. Can also be sourced from `OP_SERVICE_ACCOUNT_TOKEN` environment variable. Provider will use the 1Password CLI if set.
-- `token` (String) A valid token for your 1Password Connect server. Can also be sourced from `OP_CONNECT_TOKEN` environment variable. Provider will use 1Password Connect server if set.
+- `service_account_token` (String, Sensitive) A valid 1Password service account token. Can also be sourced from `OP_SERVICE_ACCOUNT_TOKEN` environment variable. Provider will use the 1Password CLI if set.
+- `token` (String, Sensitive) A valid token for your 1Password Connect server. Can also be sourced from `OP_CONNECT_TOKEN` environment variable. Provider will use 1Password Connect server if set.
 - `url` (String) The HTTP(S) URL where your 1Password Connect server can be found. Can also be sourced `OP_CONNECT_HOST` environment variable. Provider will use 1Password Connect server if set.
 
 ## Item fields

docs/resources/item.md

@@ -1,14 +1,14 @@
 ---
 # generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "onepassword_item Resource - terraform-provider-onepassword"
+page_title: "onepassword_item Resource - onepassword"
 subcategory: ""
 description: |-
-  A 1Password item.
+  A 1Password Item.
 ---
 
 # onepassword_item (Resource)
 
-A 1Password item.
+A 1Password Item.
 
 ## Example Usage
 
@@ -66,11 +66,12 @@ resource "onepassword_item" "demo_db" {
 
 ### Optional
 
-- `category` (String) The category of the item. One of ["login" "password" "database"]
+- `category` (String) The category of the item. One of ["login" "password" "database" "secure_note"]
 - `database` (String) (Only applies to the database category) The name of the database.
 - `hostname` (String) (Only applies to the database category) The address where the database can be found
+- `note_value` (String, Sensitive) Secure Note value.
 - `password` (String, Sensitive) Password for this item.
-- `password_recipe` (Block List, Max: 1) Password for this item. (see [below for nested schema](#nestedblock--password_recipe))
+- `password_recipe` (Block List) The recipe used to generate a new value for a password. (see [below for nested schema](#nestedblock--password_recipe))
 - `port` (String) (Only applies to the database category) The port the database is listening on.
 - `section` (Block List) A list of custom sections in an item (see [below for nested schema](#nestedblock--section))
 - `tags` (List of String) An array of strings of the tags assigned to the item.
@@ -120,9 +121,9 @@ Required:
 Optional:
 
 - `id` (String) A unique identifier for the field.
-- `password_recipe` (Block List, Max: 1) Password for this item. (see [below for nested schema](#nestedblock--section--field--password_recipe))
+- `password_recipe` (Block List) The recipe used to generate a new value for a password. (see [below for nested schema](#nestedblock--section--field--password_recipe))
 - `purpose` (String) Purpose indicates this is a special field: a username, password, or notes field. One of ["USERNAME" "PASSWORD" "NOTES"]
-- `type` (String) The type of value stored in the field. One of ["STRING" "EMAIL" "CONCEALED" "URL" "OTP" "DATE" "MONTH_YEAR" "MENU"]
+- `type` (String) The type of value stored in the field. One of ["STRING" "CONCEALED" "EMAIL" "URL" "OTP" "DATE" "MONTH_YEAR" "MENU"]
 - `value` (String, Sensitive) The value of the field.
 
 <a id="nestedblock--section--field--password_recipe"></a>

examples/data-sources/onepassword_item/data-source.tf

@@ -1,4 +1,4 @@
 data "onepassword_item" "example" {
-  vault = var.demo_vault
+  vault = data.onepassword_vault.example.uuid
   uuid  = onepassword_item.demo_sections.uuid
 }

examples/data-sources/onepassword_vault/data-source.tf

@@ -0,0 +1,3 @@
+data "onepassword_vault" "example" {
+  name = var.demo_vault
+}

examples/variable.tf

@@ -1,3 +1,3 @@
 variable "demo_vault" {
-  description = "The UUID of a Vault that has been added to your 1Password Connect API"
+  description = "The name of the Vault that the provider will use to read or write items."
 }