Add Terraform plugin

[AndyTitu]

Overview

This PR introduces the definition logic for enabling a Terraform shell plugin and similar plugins to be supported.

It also introduces the Terraform shell plugin, as an example

Thought process

Credential Usage SDK definition is to be modified to support a SelectFrom CredentialSelection field. This struct defines how a credential selection is to take place in op. This is mutually exclusive with the Name Plugin and Provisioner fields of CredentialUsage.

Additionally the Credential Usage struct will be specified with an Optional field to determine at init step whether the executable can be run without this credential or not.
NeedsAuth will also be added at the level of a credential usage to enable more granular selection of when to provision a credential or not based on the use case.

Type of change

• Created a new plugin
• Improved an existing plugin
• Fixed a bug in an existing plugin
• Improved contributor utilities or experience

Related Issue(s)

• Resolves: New plugin: Terraform #140

How To Test

This can only be tested by internal contributors.

1. op plugin init terraform - configure with whatever credentials you want
2. terraform init in a new dir
3. make sure the main.tf uses the providers for which you've configured the credentials
4. terraform plan - this should work without saying that no credentials were found, even though no credentials are on disk.

Changelog

Authenticate the Terraform CLI using Touch ID and other unlock options with 1Password Shell Plugins.

[florisvdg]

Would be good to update your PR description with the latest changes in the code.

[jpcoenen]

🚀

[pattobrien]

@jpcoenen any reason the terraform plugin was not included with the official v2.19.0 release last week?

[AndyTitu]

@jpcoenen any reason the terraform plugin was not included with the official v2.19.0 release last week?

Hi @pattobrien 👋. The terraform shell plugin was not included in the stable channel yet because we are still validating wether our current approach works nicely enough for users. The way in which we could validate this is though feedback and iteration, so we're open to hear yours! We did receive some feedback already which is pointing us towards some potential improvements, so we're looking into that for the time being.

[pattobrien]

@AndyTitu got it! Thanks for the info - any chance the feedback is publicly discussed? would be more than happy to contribute, just point me to where I can do so. 👍🏼

[sfnelson]

We're using 1password to give terraform access to Github tokens. It's great, but it's getting painful to keep using the old beta build that includes access and we're worried it's going to break as 1password moves forwards. I know it's not perfect, but could we please get this plugin released so we're not relying on an old build?

[SeanHood]

I've been using the terraform plugin in op for a few months now, but I'm now getting these errors:

$ op -v
2.23.0-beta.01

$ op whoami
[ERROR] 2024/04/24 23:48:28 connecting to desktop app: 1Password CLI couldn't connect to the 1Password desktop app. To fix this, update the desktop app to the latest version. If you're still having trouble connecting, restart the app. If you're using version 8.10.12 or earlier of the app, the 1Password CLI binary must be located in /usr/local/bin/op.

After moving op from ~/.local/bin to /usr/local/bin I get:

$ op whoami
[ERROR] 2024/04/24 23:52:07 connecting to desktop app: connection reset, make sure 1Password CLI is installed correctly, then open the 1Password app, select 1Password > Settings > Developer and make sure the 'Integrate with 1Password CLI' setting is turned on. If you're still having trouble connecting, restart the app.

I don't get any of these errors when trying v2.27.0 of op however this lacks the Terraform plugin.

Is anyone seeing similar on this old build?

[sfnelson]

Yes, we've had the same issue. Since the latest 1Password release (April) we can't use the old op beta build anymore. I suspect there's a binary incompatibility or a deliberate version delta limit between the old beta CLI build and the new 1Password application.

As a workaround I've installed the current op build and compiled my own version of the terraform plugin, i.e.

git clone git@github.com:1Password/shell-plugins.git
cd shell-plugins
make terraform/build
op plugin init terraform

This isn't great as I get a giant warning every time I run terraform, and I'm going to have to keep re-building every time there's a release, but at least I can run my terraform builds.

[rterbush]

I've run into this issue as well. I'm now on op version 2.28.0. Previous version seemed to still have support for the terraform plugin.