Skip to content

Remove unreliable 1Password postStartCommand check #10

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
richardkiene merged 2 commits into from
Aug 23, 2025
Merged

Remove unreliable 1Password postStartCommand check #10

richardkiene merged 2 commits into from
Aug 23, 2025

Conversation

@richardkiene
Copy link
Contributor

@richardkiene richardkiene commented Aug 23, 2025

Summary

Removes the 1Password verification from postStartCommand as it was giving false warnings.

Problem

The postStartCommand was running op vault list to verify 1Password authentication, but it consistently showed a warning even when 1Password was properly configured and working:

  • The warning appeared during container startup
  • But op whoami and op vault list worked fine when run manually in the terminal
  • This created confusion about whether 1Password was actually working

Root Cause

The shell context where postStartCommand runs has different environment variable handling than interactive shells. Empty OP_CONNECT_HOST and OP_CONNECT_TOKEN variables interfere with the service account token, even though setup-1password.sh attempts to unset them.

Solution

Remove the postStartCommand verification entirely. The setup-1password.sh script already provides clear feedback during postCreateCommand, and users can verify authentication with op whoami if needed.

Changes

  • Removed postStartCommand from .devcontainer/devcontainer.json
  • Removed postStartCommand from template version in src/liquescent-devcontainer/.devcontainer/devcontainer.json

Impact

  • No more false warnings during container startup
  • Cleaner startup output
  • Users can still verify 1Password status by running op whoami manually if needed

@richardkiene
Fix 1Password domain resolution in firewall script
5d59c2d 
The strict IFS=$'\n\t' setting was preventing proper iteration over
space-separated strings for 1Password domains. This caused the firewall
script to try resolving all domains as a single concatenated string
instead of individual domains.

Changed to use bash arrays for subdomain and TLD lists, which work
correctly regardless of IFS settings.

Fixes:
- my.1password.com and other 1Password domains not being resolved
- op vault list hanging due to blocked network connections
- All 1Password API endpoints now properly allowlisted
@richardkiene
Remove unreliable 1Password postStartCommand verification
4f7126f 
The postStartCommand check for 1Password was giving false warnings even when
1Password was properly authenticated. This was due to environment variable
handling differences in the shell context where postStartCommand runs.

Since the setup-1password.sh script already provides clear feedback during
postCreateCommand, and users can easily verify with 'op whoami' if needed,
the postStartCommand check adds more confusion than value.

Removed from both the main devcontainer.json and the template version.
@richardkiene richardkiene merged commit 366999f into main Aug 23, 2025
1 check passed
@richardkiene richardkiene deleted the fix/remove-1password-poststart-check branch August 23, 2025 05:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@richardkiene