Skip to content

Fix 1Password domain resolution in firewall script #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
richardkiene merged 1 commit into from
Aug 23, 2025
Merged

Fix 1Password domain resolution in firewall script #9

richardkiene merged 1 commit into from
Aug 23, 2025

Conversation

@richardkiene
Copy link
Contributor

@richardkiene richardkiene commented Aug 23, 2025

Summary

Fixes the firewall script's 1Password domain resolution that was broken due to IFS (Internal Field Separator) configuration.

Problem

The strict IFS=$'\n\t' setting at the top of the script was preventing proper iteration over space-separated strings. This caused the firewall script to concatenate all 1Password subdomains and TLDs into a single string instead of iterating through them individually.

Symptoms:

  • op whoami worked (cached auth check)
  • op vault list hung indefinitely (needed network access)
  • Firewall logs showed: Resolving 1password my.1password app.1password api.1password events.1password b5n.1password.com eu ca...
  • The IP 34.199.143.37 for my.1password.com was not in the allowlist

Solution

Changed from space-separated strings to bash arrays for the 1Password subdomain and TLD lists. Arrays work correctly regardless of IFS settings.

Changes

  • Convert onepassword_subdomains from string to array
  • Convert onepassword_tlds from string to array
  • Update loop syntax to use array expansion "${array[@]}"

Testing

Verified that with arrays:

  • Each domain is resolved individually
  • All 3 IPs for my.1password.com are captured
  • The loops work correctly even with strict IFS=$'\n\t'

Impact

This fix ensures all 1Password domains are properly resolved and their IPs added to the firewall allowlist, allowing the 1Password CLI to function correctly in the devcontainer.

@richardkiene
Fix 1Password domain resolution in firewall script
5d59c2d 
The strict IFS=$'\n\t' setting was preventing proper iteration over
space-separated strings for 1Password domains. This caused the firewall
script to try resolving all domains as a single concatenated string
instead of individual domains.

Changed to use bash arrays for subdomain and TLD lists, which work
correctly regardless of IFS settings.

Fixes:
- my.1password.com and other 1Password domains not being resolved
- op vault list hanging due to blocked network connections
- All 1Password API endpoints now properly allowlisted
@richardkiene richardkiene merged commit 1b91b54 into main Aug 23, 2025
1 check passed
@richardkiene richardkiene deleted the fix/1password-firewall-domain-resolution branch August 23, 2025 01:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@richardkiene