Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
Getting a 409 error calling op-connect from Terraform
We're using Terraform to read and provision 1password secrets, via op-connect.
op-connect container version: 1.6.1
terraform 1password module version: 1.2.0
We use Terraform to provision various resources from cloud services, including 1Password.
When doing only reads of 1password resources, all works fine. When doing a single write, all is fine.
However, when an apply requires two or more create/update operations, only the first will succeed. The subsequent ones return:
��� Could not update item 'xxxxx' from vault
��� 'yyyyy', got error: status 400: Network: (DB: (409)
��� (Conflict), Internal server conflict.), DB: (409) (Conflict), Internal
��� server conflict.
Re-running the apply will make the second one apply correctly, and so on.
This seems to be some sort of rate limit, or incompatibility with the way Terraform works (TF will read current status, build an apply plan, and then apply the actions). There is another thread here with someone experiencing something very similar using Ansible.
Is this a known bug, or is there a recommended way to configure for this? Will the problem go away if we move to using Service Accounts (IE, is the problem with op-connect rather than 1Password itself)?
1Password Version: 2.30
Extension Version: Not Provided
OS Version: Linux
Browser: Not Provided
1 Reply
Update - this is caused by 2 API update requests being done in parallel on the same vault. If terraform completes one before starting the next then it works. Adding :
--parallelism=1lets things work, but it really impacts performance if you have a lot of other resources. We need some way to say that 1password resources must be applied single-threaded but its fine for other resource types to be applied in parallel.
There is the same problem in ansible, and you need to use these to prevent multiple concurrent updates of 1password:
serial: 1 # this stops multiple hosts being updated at once forks: 1 # this stops multiple concurrent updates on the same host, may not be necessaryto ensure you dont get 2 happening at once.
Why is this? It seems to be a failing of the API.
