Internal Server Error on Docker Image version 1.2.0

rohannagar
rohannagar
Community Member
in Secrets Automation

When calling DELETE on the latest version of the connect-api, I get the error: Unable to delete item aqs7f6ago7qf3ujsmdix546rgm: Permission: (101) You do not have permission to perform this action

Even though my access token has full read and write access.

Full logs:

op-connect-api_1   | {"log_message":"(I) DELETE /v1/vaults/5ve5wfpdu2kxxhj2jdozmes5re/items/aqs7f6ago7qf3ujsmdix546rgm","timestamp":"2021-05-24T16:20:01.668397745Z","level":3,"scope":{"request_id":"4dab5757-a7f9-4483-a71c-741c97cad0b6"}}
op-connect-api_1   | {"log_message":"(E) Unable to delete item aqs7f6ago7qf3ujsmdix546rgm: Permission: (101) You do not have permission to perform this action","timestamp":"2021-05-24T16:20:01.972315271Z","level":1,"scope":{"request_id":"4dab5757-a7f9-4483-a71c-741c97cad0b6","jti":"olcl7m5ujgh57cokvwzw2icjvy"}}
op-connect-api_1   | {"log_message":"(I) DELETE /v1/vaults/5ve5wfpdu2kxxhj2jdozmes5re/items/aqs7f6ago7qf3ujsmdix546rgm completed (500: Internal Server Error)","timestamp":"2021-05-24T16:20:01.972505127Z","level":3,"scope":{"request_id":"4dab5757-a7f9-4483-a71c-741c97cad0b6","jti":"olcl7m5ujgh57cokvwzw2icjvy"}}

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • David_ag
    David_ag
    edited May 2021

    Hello!

    We recently rolled out some changes to how 1Password handles deleting items, which you can read about here: https://blog.1password.com/introducing-archive/

    These changes also impacted how Connect deletes items from vaults. Fortunately, fixing the issue doesn't require any destructive actions:

    Via CLI
    You can use the 1Password CLI to grant Read/Write/Delete permissions to the server. Use the op add connect server <service_account_id> <vault_id> command (docs).

    There is no fine-grained access control via the CLI at this time, so if you did not intend for the server to have "Read" access, you will need to remove it through the web interface.

    You can do this by logging in the 1Password Web UI and navigating to Integrations, selecting your Connect server, then editing vault access on the details page.

    Via Web UI
    We have a fix queued up that ensures new Connect servers will have the correct "Delete" permissions, if granted. You will also be able to add the Delete permission using the instructions I provided above for adjusting your server's access.

    I appreciate your report and your patience while we get a fix out the door!

  • rohannagar
    rohannagar
    Community Member

    Thanks for the explanation @David_ag. I will wait for the web UI update to add the new Delete permission. Appreciate the help!

  • David_ag
    David_ag

    Following up to let you know the UI changes are now live and you should be able to add the Archive Items & Delete Items permissions. Let us know if there are any further issues :smile:

  • rohannagar
    rohannagar
    Community Member

    Thanks for the update! I was able to add the permission and delete is now working again :chuffed:

This discussion has been closed.