Merge pull request #262 from 1Password/jill/add-account-e2e-tests

Add account e2e tests

Author: JillRegan

Makefile

@@ -1,7 +1,7 @@
 export MAIN_BRANCH ?= main
 
 .DEFAULT_GOAL := help
-.PHONY: test testacc build clean test/coverage release/prepare release/tag .check_bump_type .check_git_clean help test-e2e test-e2e-service-account test-e2e-connect
+.PHONY: test testacc build clean test/coverage release/prepare release/tag .check_bump_type .check_git_clean help test-e2e test-e2e-service-account test-e2e-connect test-e2e-account
 
 GIT_BRANCH := $(shell git symbolic-ref --short HEAD 2>/dev/null || echo "")
 WORKTREE_CLEAN := $(shell git status --porcelain 1>/dev/null 2>&1; echo $$?)
@@ -33,6 +33,15 @@ test-e2e-connect: ## Run e2e tests using Connect (requires OP_CONNECT_TOKEN and
 	@echo "[INFO] Running e2e tests with Connect authentication..."
 	@sh -c 'unset OP_SERVICE_ACCOUNT_TOKEN; OP_CONNECT_TOKEN="$(OP_CONNECT_TOKEN)" OP_CONNECT_HOST="$(OP_CONNECT_HOST)" TF_ACC=1 go test -v ./test/e2e/... -timeout 30m'
 
+test-e2e-account: ## Run e2e test using account methodology with Touch ID (requires OP_ACCOUNT and OP_TEST_VAULT_NAME, manual only). Creates multiple items to verify biometrics is only prompted once.
+	@test -n "$(OP_ACCOUNT)" || (echo "[ERROR] OP_ACCOUNT environment variable is not set."; exit 1)
+	@test -n "$(OP_TEST_VAULT_NAME)" || (echo "[ERROR] OP_TEST_VAULT_NAME environment variable is not set."; exit 1)
+	@echo "[INFO] Running e2e test with account-based authentication (Touch ID)..."
+	@echo "[WARNING] This test will prompt for Touch ID/biometric authentication."
+	@echo "[WARNING] Please ensure you add a vault titled 'terraform-provider-acceptance-tests' or set OP_TEST_VAULT_NAME environment variable for this test to pass."
+	@echo "[INFO] Ensure that biometrics are only prompted once."
+	@sh -c 'unset OP_CONNECT_TOKEN OP_CONNECT_HOST OP_SERVICE_ACCOUNT_TOKEN; OP_ACCOUNT="$(OP_ACCOUNT)" TF_ACC=1 go test -v ./test/e2e/... -run TestAccItemResource -timeout 30m'
+
 build: clean	## Build project
 	go build -o ./dist/terraform-provider-onepassword .
 

test/e2e/item_resource_test.go

@@ -19,6 +19,7 @@ import (
 	"github.com/1Password/terraform-provider-onepassword/v2/test/e2e/utils/password"
 	"github.com/1Password/terraform-provider-onepassword/v2/test/e2e/utils/sections"
 	uuidutil "github.com/1Password/terraform-provider-onepassword/v2/test/e2e/utils/uuid"
+	"github.com/1Password/terraform-provider-onepassword/v2/test/e2e/utils/vault"
 )
 
 type testResourceItem struct {
@@ -116,6 +117,8 @@ func TestAccItemResource(t *testing.T) {
 		{category: model.SecureNote, name: "SecureNote"},
 	}
 
+	testVaultID := vault.GetTestVaultID(t)
+
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
 			// Generate unique identifier for this test run to avoid conflicts in parallel execution
@@ -214,6 +217,8 @@ func TestAccItemResourcePasswordGeneration(t *testing.T) {
 		{name: "InvalidLength65", recipe: password.PasswordRecipe{Length: 65}},
 	}
 
+	testVaultID := vault.GetTestVaultID(t)
+
 	// Test both Login and Password items
 	items := []model.ItemCategory{model.Login, model.Password}
 
@@ -266,6 +271,8 @@ func TestAccItemResourcePasswordGeneration_InvalidLetters(t *testing.T) {
 		{name: "LettersFalse", letters: false},
 	}
 
+	testVaultID := vault.GetTestVaultID(t)
+
 	item := testItemsToCreate[model.Login]
 
 	for _, tc := range testCases {
@@ -315,6 +322,8 @@ func TestAccItemResourceSectionFieldPasswordGeneration(t *testing.T) {
 		{name: "InvalidLength", recipe: password.PasswordRecipe{Length: 0}},
 	}
 
+	testVaultID := vault.GetTestVaultID(t)
+
 	item := testItemsToCreate[model.Login]
 
 	for _, tc := range testCases {
@@ -470,6 +479,8 @@ func TestAccItemResourceSectionsAndFields(t *testing.T) {
 
 	items := []model.ItemCategory{model.Login}
 
+	testVaultID := vault.GetTestVaultID(t)
+
 	for _, tc := range testCases {
 		for _, item := range items {
 			item := testItemsToCreate[item]
@@ -547,6 +558,8 @@ func TestAccItemResourceTags(t *testing.T) {
 		// {"REMOVE_2_TAGS", []string{"firstTestTag"}},
 	}
 
+	testVaultID := vault.GetTestVaultID(t)
+
 	var testSteps []resource.TestStep
 
 	for _, step := range testCases {
@@ -577,6 +590,8 @@ func TestAccRecreateNonExistingItem(t *testing.T) {
 	uniqueID := uuid.New().String()
 
 	item := testItemsToCreate[model.Login]
+	testVaultID := vault.GetTestVaultID(t)
+
 	// Create a copy of item attributes and update title with unique ID
 	createAttrs := maps.Clone(item.Attrs)
 	createAttrs["title"] = addUniqueIDToTitle(createAttrs["title"].(string), uniqueID)
@@ -661,6 +676,8 @@ func TestAccItemResource_DetectManualChanges(t *testing.T) {
 	// Generate unique identifier for this test run to avoid conflicts in parallel execution
 	uniqueID := uuid.New().String()
 	var itemUUID string
+	testVaultID := vault.GetTestVaultID(t)
+
 	initialAttrs := maps.Clone(testItemsToCreate[model.Login].Attrs)
 
 	initialAttrs["title"] = addUniqueIDToTitle(initialAttrs["title"].(string), uniqueID)

test/e2e/utils/client/client.go

@@ -12,6 +12,7 @@ func CreateTestClient(ctx context.Context) (onepassword.Client, error) {
 		ConnectHost:         os.Getenv("OP_CONNECT_HOST"),
 		ConnectToken:        os.Getenv("OP_CONNECT_TOKEN"),
 		ServiceAccountToken: os.Getenv("OP_SERVICE_ACCOUNT_TOKEN"),
+		Account:             os.Getenv("OP_ACCOUNT"),
 		OpCLIPath:           "op",
 		ProviderUserAgent:   "terraform-provider-onepassword/test",
 	})

test/e2e/utils/vault/vault.go

@@ -0,0 +1,46 @@
+package vault
+
+import (
+	"context"
+	"os"
+	"sync"
+	"testing"
+
+	"github.com/1Password/terraform-provider-onepassword/v2/test/e2e/utils/client"
+)
+
+var (
+	testVaultIDOnce sync.Once
+	testVaultID     string
+)
+
+// GetTestVaultID returns the vault ID by querying by name once and caching the result.
+func GetTestVaultID(t *testing.T) string {
+	testVaultIDOnce.Do(func() {
+		vaultName := os.Getenv("OP_TEST_VAULT_NAME")
+		if vaultName == "" {
+			vaultName = "terraform-provider-acceptance-tests"
+		}
+
+		ctx := context.Background()
+		client, err := client.CreateTestClient(ctx)
+		if err != nil {
+			t.Fatalf("failed to create test client: %v", err)
+		}
+
+		vaults, err := client.GetVaultsByTitle(ctx, vaultName)
+		if err != nil {
+			t.Fatalf("failed to get vault by name %q: %v", vaultName, err)
+		}
+
+		if len(vaults) == 0 {
+			t.Fatalf("no vault found with name %q", vaultName)
+		}
+		if len(vaults) > 1 {
+			t.Fatalf("multiple vaults found with name %q", vaultName)
+		}
+
+		testVaultID = vaults[0].ID
+	})
+	return testVaultID
+}