Update auth params

examples/provider/provider.tf

@@ -1,6 +1,6 @@
 provider "onepassword" {
-  url                   = "http://localhost:8080"
-  token                 = "CONNECT_TOKEN"
+  connect_url           = "http://localhost:8080"
+  connect_token         = "CONNECT_TOKEN"
   service_account_token = "SERVICE_ACCOUNT_TOKEN"
-  account               = "ACCOUNT_ID_OR_SIGN_IN_ADDRESS"
+  account               = "ACCOUNT_NAME"
 }

internal/onepassword/client.go

@@ -41,5 +41,5 @@ func NewClient(ctx context.Context, config ClientConfig) (Client, error) {
 			ProviderUserAgent: config.ProviderUserAgent,
 		}), nil
 	}
-	return nil, errors.New("Invalid provider configuration. Either Connect credentials (\"token\" and \"url\") or Service Account (\"service_account_token\" or \"account\") credentials should be set.")
+	return nil, errors.New("Invalid provider configuration. Either Connect credentials (\"connect_token\" and \"connect_url\") or Service Account (\"service_account_token\") or \"account\"  should be set.")
 }

internal/provider/provider.go

@@ -5,11 +5,14 @@ import (
 	"fmt"
 	"os"
 
+	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
 	"github.com/hashicorp/terraform-plugin-framework/datasource"
 	"github.com/hashicorp/terraform-plugin-framework/function"
+	"github.com/hashicorp/terraform-plugin-framework/path"
 	"github.com/hashicorp/terraform-plugin-framework/provider"
 	"github.com/hashicorp/terraform-plugin-framework/provider/schema"
 	"github.com/hashicorp/terraform-plugin-framework/resource"
+	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
 	"github.com/hashicorp/terraform-plugin-framework/types"
 
 	"github.com/1Password/terraform-provider-onepassword/v2/internal/onepassword"
@@ -29,10 +32,13 @@ type OnePasswordProvider struct {
 
 // OnePasswordProviderModel describes the provider data model.
 type OnePasswordProviderModel struct {
-	ConnectHost         types.String `tfsdk:"url"`
-	ConnectToken        types.String `tfsdk:"token"`
+	ConnectHost         types.String `tfsdk:"connect_url"`
+	ConnectToken        types.String `tfsdk:"connect_token"`
 	ServiceAccountToken types.String `tfsdk:"service_account_token"`
 	Account             types.String `tfsdk:"account"`
+	// Old field names - these are deprecated and will be removed in a future version.
+	ConnectHostOld  types.String `tfsdk:"url"`
+	ConnectTokenOld types.String `tfsdk:"token"`
 }
 
 func (p *OnePasswordProvider) Metadata(ctx context.Context, req provider.MetadataRequest, resp *provider.MetadataResponse) {
@@ -43,15 +49,40 @@ func (p *OnePasswordProvider) Metadata(ctx context.Context, req provider.Metadat
 func (p *OnePasswordProvider) Schema(ctx context.Context, req provider.SchemaRequest, resp *provider.SchemaResponse) {
 	resp.Schema = schema.Schema{
 		Attributes: map[string]schema.Attribute{
-			"url": schema.StringAttribute{
+			"connect_url": schema.StringAttribute{
 				MarkdownDescription: "The HTTP(S) URL where your 1Password Connect server can be found. Can also be sourced `OP_CONNECT_HOST` environment variable. Provider will use 1Password Connect server if set.",
 				Optional:            true,
 			},
-			"token": schema.StringAttribute{
+			"connect_token": schema.StringAttribute{
 				MarkdownDescription: "A valid token for your 1Password Connect server. Can also be sourced from `OP_CONNECT_TOKEN` environment variable. Provider will use 1Password Connect server if set.",
 				Optional:            true,
 				Sensitive:           true,
 			},
+			"url": schema.StringAttribute{
+				MarkdownDescription: "The HTTP(S) URL where your 1Password Connect server can be found. Can also be sourced `OP_CONNECT_HOST` environment variable. Provider will use 1Password Connect server if set. Deprecated: Use `connect_url` instead.",
+				Optional:            true,
+				Validators: []validator.String{
+					stringvalidator.ConflictsWith(
+						path.Expressions{
+							path.MatchRoot("connect_url"),
+						}...,
+					),
+				},
+				DeprecationMessage: "The \"url\" field is deprecated and will be removed in a future version. Use \"connect_url\" instead.",
+			},
+			"token": schema.StringAttribute{
+				MarkdownDescription: "A valid token for your 1Password Connect server. Can also be sourced from `OP_CONNECT_TOKEN` environment variable. Provider will use 1Password Connect server if set. Deprecated: Use `connect_token` instead.",
+				Optional:            true,
+				Sensitive:           true,
+				Validators: []validator.String{
+					stringvalidator.ConflictsWith(
+						path.Expressions{
+							path.MatchRoot("connect_token"),
+						}...,
+					),
+				},
+				DeprecationMessage: "The \"token\" field is deprecated and will be removed in a future version. Use \"connect_token\" instead.",
+			},
 			"service_account_token": schema.StringAttribute{
 				MarkdownDescription: "A valid 1Password service account token. Can also be sourced from `OP_SERVICE_ACCOUNT_TOKEN` environment variable.",
 				Optional:            true,
@@ -88,6 +119,15 @@ func (p *OnePasswordProvider) Configure(ctx context.Context, req provider.Config
 	if !config.ConnectToken.IsNull() {
 		connectToken = config.ConnectToken.ValueString()
 	}
+
+	// Old field names - these are deprecated and will be removed in a future version.
+	if !config.ConnectHostOld.IsNull() {
+		connectHost = config.ConnectHostOld.ValueString()
+	}
+	if !config.ConnectTokenOld.IsNull() {
+		connectToken = config.ConnectTokenOld.ValueString()
+	}
+
 	if !config.ServiceAccountToken.IsNull() {
 		serviceAccountToken = config.ServiceAccountToken.ValueString()
 	}
@@ -100,8 +140,6 @@ func (p *OnePasswordProvider) Configure(ctx context.Context, req provider.Config
 	// the other one is prompted for, but Terraform then forgets the value for the one that
 	// is defined in the code. This confusing user-experience can be avoided by handling the
 	// requirement of one of the attributes manually.
-	//
-	// TODO: Investigate if wrapping this as a (framework) validator can be a better fit.
 	if serviceAccountToken != "" || account != "" {
 		if connectToken != "" || connectHost != "" {
 			resp.Diagnostics.AddError("Config conflict", "Either Connect credentials (\"connect_token\" and \"connect_url\") or \"service_account_token\" or \"account\" can be set. Multiple are set. Only one credential must be set.")

internal/provider/provider_test.go

@@ -18,7 +18,7 @@ var testAccProtoV6ProviderFactories = map[string]func() (tfprotov6.ProviderServe
 func testAccProviderConfig(url string) string {
 	return fmt.Sprintf(`
 	  provider "onepassword" {
-		url = "%s"
-		token = "<PASSWORD>"
+		connect_url = "%s"
+		connect_token = "<PASSWORD>"
 	  }`, url)
 }

test/e2e/item_resource_test.go

@@ -554,8 +554,8 @@ func TestAccItemResourceTags(t *testing.T) {
 		tags []string
 	}{
 		{"CREATE_ITEM_WITH_2_TAGS", []string{"firstTestTag", "secondTestTag"}},
-		// {"ADD_3RD_TAG", []string{"firstTestTag", "secondTestTag", "thirdTestTag"}},
-		// {"REMOVE_2_TAGS", []string{"firstTestTag"}},
+		{"ADD_3RD_TAG", []string{"firstTestTag", "secondTestTag", "thirdTestTag"}},
+		{"REMOVE_2_TAGS", []string{"firstTestTag"}},
 	}
 
 	testVaultID := vault.GetTestVaultID(t)