BeyondTrust · btfhernandez · May 22, 2026 · May 29, 2026
@@ -10,6 +10,7 @@ import (
 
 	providerFramework "terraform-provider-passwordsafe/providers/provider_framework" // new version of provider, ephemeral resources implemented. (terraform-plugin-framework)
 	providerSdkv2 "terraform-provider-passwordsafe/providers/provider_sdkv2"         // first version of provider. (terraform-plugin-sdk/v2)
+	"terraform-provider-passwordsafe/providers/utils"
 
 	"github.com/hashicorp/terraform-plugin-mux/tf5muxserver"
 )
@@ -34,13 +35,19 @@ func main() {
 
 	var serveOpts []tf5server.ServeOpt
 
-	err = tf5server.Serve(
+	serveErr := tf5server.Serve(
 		"registry.terraform.io/providers/BeyondTrust/passwordsafe",
 		muxServer.ProviderServer,
 		serveOpts...,
 	)
 
-	if err != nil {
-		log.Fatal(err)
+	// Signout unconditionally before checking serveErr — log.Fatal would call
+	// os.Exit and skip any deferreds, so do not defer this.
+	if shutdownErr := utils.ShutdownSharedAuth(); shutdownErr != nil {
+		log.Printf("warning: shared auth signout failed: %v", shutdownErr)
+	}
+
+	if serveErr != nil {
+		log.Fatal(serveErr)
 	}
 }
@@ -109,22 +109,6 @@ func (d *AssetDataSource) Read(ctx context.Context, req datasource.ReadRequest,
 		return
 	}
 
-	if resp.Diagnostics.HasError() {
-		return
-	}
-
-	_, err := utils.Authenticate(*d.providerInfo.authenticationObj, &utils.AuthMu, &utils.SignInCount, zapLogger)
-	if err != nil {
-		resp.Diagnostics.AddError("Error getting Authentication", err.Error())
-		return
-	}
-
-	defer func() {
-		if err := utils.SignOut(*d.providerInfo.authenticationObj, &utils.AuthMu, &utils.SignInCount, zapLogger); err != nil {
-			resp.Diagnostics.AddError("Error signing out", err.Error())
-		}
-	}()
-
 	// instantiating asset obj
 	asssetObj, _ := assets.NewAssetObj(*d.providerInfo.authenticationObj, zapLogger)
 

@@ -4,7 +4,6 @@ package provider_framework
 
 import (
 	"context"
-	"terraform-provider-passwordsafe/providers/utils"
 
 	"github.com/BeyondTrust/go-client-library-passwordsafe/api/assets"
 	"github.com/BeyondTrust/go-client-library-passwordsafe/api/authentication"
@@ -71,8 +70,13 @@ func (r *assetResource) Delete(ctx context.Context, req resource.DeleteRequest,
 		return
 	}
 
-	err := utils.DeleteAssetByID(*r.providerInfo.authenticationObj, data.AssetID.ValueInt32(), &utils.AuthMu, &utils.SignInCount, zapLogger)
+	assetObj, err := assets.NewAssetObj(*r.providerInfo.authenticationObj, zapLogger)
 	if err != nil {
+		resp.Diagnostics.AddError("Error creating asset object", err.Error())
+		return
+	}
+
+	if err := assetObj.DeleteAssetById(int(data.AssetID.ValueInt32())); err != nil {
 		resp.Diagnostics.AddError("Error deleting asset", err.Error())
 		return
 	}
@@ -148,23 +152,11 @@ func NewAssetByWorkgGroypIdResource() resource.Resource {
 }
 
 func getAssetObj(resp *resource.CreateResponse, authenticationObj authentication.AuthenticationObj, dataInterface interface{}) (*assets.AssetObj, error) {
-
-	_, err := utils.Authenticate(authenticationObj, &utils.AuthMu, &utils.SignInCount, zapLogger)
-	if err != nil {
-		resp.Diagnostics.AddError("Error getting Authentication", err.Error())
-		return nil, err
-	}
-
 	assetGroupObj, err := assets.NewAssetObj(authenticationObj, zapLogger)
-
 	if err != nil {
 		resp.Diagnostics.AddError("Error creating authentication object", err.Error())
-		if signOutErr := utils.SignOut(authenticationObj, &utils.AuthMu, &utils.SignInCount, zapLogger); signOutErr != nil {
-			resp.Diagnostics.AddError("Error Signing Out", signOutErr.Error())
-		}
 		return nil, err
 	}
-
 	return assetGroupObj, nil
 }
 
@@ -183,12 +175,6 @@ func (r *assetResourceByWorkGroupId) Create(ctx context.Context, req resource.Cr
 		return
 	}
 
-	defer func() {
-		if err := utils.SignOut(*r.providerInfo.authenticationObj, &utils.AuthMu, &utils.SignInCount, zapLogger); err != nil {
-			resp.Diagnostics.AddError("Error Signing Out", err.Error())
-		}
-	}()
-
 	assetDetails := entities.AssetDetails{
 		IPAddress:       data.IPAddress.ValueString(),
 		AssetName:       data.AssetName.ValueString(),
@@ -219,8 +205,13 @@ func (r *assetResourceByWorkGroupId) Delete(ctx context.Context, req resource.De
 		return
 	}
 
-	err := utils.DeleteAssetByID(*r.providerInfo.authenticationObj, data.AssetID.ValueInt32(), &utils.AuthMu, &utils.SignInCount, zapLogger)
+	assetObj, err := assets.NewAssetObj(*r.providerInfo.authenticationObj, zapLogger)
 	if err != nil {
+		resp.Diagnostics.AddError("Error creating asset object", err.Error())
+		return
+	}
+
+	if err := assetObj.DeleteAssetById(int(data.AssetID.ValueInt32())); err != nil {
 		resp.Diagnostics.AddError("Error deleting asset", err.Error())
 		return
 	}
@@ -307,12 +298,6 @@ func (r *assetResourceByWorkGroupName) Create(ctx context.Context, req resource.
 		return
 	}
 
-	defer func() {
-		if err := utils.SignOut(*r.providerInfo.authenticationObj, &utils.AuthMu, &utils.SignInCount, zapLogger); err != nil {
-			resp.Diagnostics.AddError("Error Signing Out", err.Error())
-		}
-	}()
-
 	assetDetails := entities.AssetDetails{
 		IPAddress:       data.IPAddress.ValueString(),
 		AssetName:       data.AssetName.ValueString(),
@@ -343,8 +328,13 @@ func (r *assetResourceByWorkGroupName) Delete(ctx context.Context, req resource.
 		return
 	}
 
-	err := utils.DeleteAssetByID(*r.providerInfo.authenticationObj, data.AssetID.ValueInt32(), &utils.AuthMu, &utils.SignInCount, zapLogger)
+	assetObj, err := assets.NewAssetObj(*r.providerInfo.authenticationObj, zapLogger)
 	if err != nil {
+		resp.Diagnostics.AddError("Error creating asset object", err.Error())
+		return
+	}
+
+	if err := assetObj.DeleteAssetById(int(data.AssetID.ValueInt32())); err != nil {
 		resp.Diagnostics.AddError("Error deleting asset", err.Error())
 		return
 	}

@@ -92,18 +92,6 @@ func (d *DatabaseDataSource) Read(ctx context.Context, req datasource.ReadReques
 		return
 	}
 
-	_, err := utils.Authenticate(*d.providerInfo.authenticationObj, &utils.AuthMu, &utils.SignInCount, zapLogger)
-	if err != nil {
-		resp.Diagnostics.AddError("Error getting Authentication", err.Error())
-		return
-	}
-
-	defer func() {
-		if err := utils.SignOut(*d.providerInfo.authenticationObj, &utils.AuthMu, &utils.SignInCount, zapLogger); err != nil {
-			resp.Diagnostics.AddError("Error signing out", err.Error())
-		}
-	}()
-
 	// instantiating database obj
 	databaseObj, _ := databases.NewDatabaseObj(*d.providerInfo.authenticationObj, zapLogger)
 

@@ -4,7 +4,6 @@ package provider_framework
 
 import (
 	"context"
-	"terraform-provider-passwordsafe/providers/utils"
 
 	"github.com/BeyondTrust/go-client-library-passwordsafe/api/entities"
 	"github.com/hashicorp/terraform-plugin-framework/path"
@@ -107,12 +106,6 @@ func (r *databaseResource) Create(ctx context.Context, req resource.CreateReques
 		return
 	}
 
-	_, err := utils.Authenticate(*r.providerInfo.authenticationObj, &utils.AuthMu, &utils.SignInCount, zapLogger)
-	if err != nil {
-		resp.Diagnostics.AddError("Error getting Authentication", err.Error())
-		return
-	}
-
 	// instantiating database obj
 	databaseObj, err := databases.NewDatabaseObj(*r.providerInfo.authenticationObj, zapLogger)
 
@@ -140,12 +133,6 @@ func (r *databaseResource) Create(ctx context.Context, req resource.CreateReques
 
 	data.DatabaseID = types.Int32Value(int32(createdDataBase.DatabaseID))
 
-	err = utils.SignOut(*r.providerInfo.authenticationObj, &utils.AuthMu, &utils.SignInCount, zapLogger)
-	if err != nil {
-		resp.Diagnostics.AddError("Error Signing Out", err.Error())
-		return
-	}
-
 	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
 }
 
@@ -166,12 +153,6 @@ func (r *databaseResource) Delete(ctx context.Context, req resource.DeleteReques
 		return
 	}
 
-	_, err := utils.Authenticate(*r.providerInfo.authenticationObj, &utils.AuthMu, &utils.SignInCount, zapLogger)
-	if err != nil {
-		resp.Diagnostics.AddError("Error getting Authentication", err.Error())
-		return
-	}
-
 	// instantiating database obj
 	databaseObj, err := databases.NewDatabaseObj(*r.providerInfo.authenticationObj, zapLogger)
 	if err != nil {
@@ -185,12 +166,6 @@ func (r *databaseResource) Delete(ctx context.Context, req resource.DeleteReques
 		resp.Diagnostics.AddError("Error deleting database", err.Error())
 		return
 	}
-
-	err = utils.SignOut(*r.providerInfo.authenticationObj, &utils.AuthMu, &utils.SignInCount, zapLogger)
-	if err != nil {
-		resp.Diagnostics.AddError("Error Signing Out", err.Error())
-		return
-	}
 }
 
 func (r *databaseResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) {

@@ -4,7 +4,6 @@ package provider_framework
 
 import (
 	"context"
-	"terraform-provider-passwordsafe/providers/utils"
 
 	"github.com/BeyondTrust/go-client-library-passwordsafe/api/secrets"
 	"github.com/hashicorp/terraform-plugin-framework/datasource"
@@ -96,18 +95,6 @@ func (d *FolderDataSource) Read(ctx context.Context, req datasource.ReadRequest,
 		return
 	}
 
-	_, err := utils.Authenticate(*d.providerInfo.authenticationObj, &utils.AuthMu, &utils.SignInCount, zapLogger)
-	if err != nil {
-		resp.Diagnostics.AddError("Error getting Authentication", err.Error())
-		return
-	}
-
-	defer func() {
-		if err := utils.SignOut(*d.providerInfo.authenticationObj, &utils.AuthMu, &utils.SignInCount, zapLogger); err != nil {
-			resp.Diagnostics.AddError("Error signing out", err.Error())
-		}
-	}()
-
 	// instantiating secrets obj (contains folder methods)
 	secretObj, _ := secrets.NewSecretObj(*d.providerInfo.authenticationObj, zapLogger, maxFileSecretSizeBytes, false)
 

@@ -80,18 +80,6 @@ func (d *FunctionalAccountDataResource) Read(ctx context.Context, req datasource
 		return
 	}
 
-	_, err := utils.Authenticate(*d.providerInfo.authenticationObj, &utils.AuthMu, &utils.SignInCount, zapLogger)
-	if err != nil {
-		resp.Diagnostics.AddError("Error getting Authentication", err.Error())
-		return
-	}
-
-	defer func() {
-		if err := utils.SignOut(*d.providerInfo.authenticationObj, &utils.AuthMu, &utils.SignInCount, zapLogger); err != nil {
-			resp.Diagnostics.AddError("Error signing out", err.Error())
-		}
-	}()
-
 	// instantiating functional account obj
 	functionalAccountObj, _ := functional_accounts.NewFuncionalAccount(*d.providerInfo.authenticationObj, zapLogger)
 

@@ -4,7 +4,6 @@ package provider_framework
 
 import (
 	"context"
-	"terraform-provider-passwordsafe/providers/utils"
 
 	"github.com/BeyondTrust/go-client-library-passwordsafe/api/entities"
 	"github.com/BeyondTrust/go-client-library-passwordsafe/api/functional_accounts"
@@ -146,12 +145,6 @@ func (r *FunctionalAccountResource) Create(ctx context.Context, req resource.Cre
 		return
 	}
 
-	_, err := utils.Authenticate(*r.providerInfo.authenticationObj, &utils.AuthMu, &utils.SignInCount, zapLogger)
-	if err != nil {
-		resp.Diagnostics.AddError("Error getting Authentication", err.Error())
-		return
-	}
-
 	// instantiating functional account obj
 	functionalAccountObj, err := functional_accounts.NewFuncionalAccount(*r.providerInfo.authenticationObj, zapLogger)
 
@@ -187,12 +180,6 @@ func (r *FunctionalAccountResource) Create(ctx context.Context, req resource.Cre
 
 	data.FunctionalAccountID = types.Int32Value(int32(createdFunctionalAccount.FunctionalAccountID))
 
-	err = utils.SignOut(*r.providerInfo.authenticationObj, &utils.AuthMu, &utils.SignInCount, zapLogger)
-	if err != nil {
-		resp.Diagnostics.AddError("Error Signing Out", err.Error())
-		return
-	}
-
 	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
 
 }
@@ -214,12 +201,6 @@ func (r *FunctionalAccountResource) Delete(ctx context.Context, req resource.Del
 		return
 	}
 
-	_, err := utils.Authenticate(*r.providerInfo.authenticationObj, &utils.AuthMu, &utils.SignInCount, zapLogger)
-	if err != nil {
-		resp.Diagnostics.AddError("Error getting Authentication", err.Error())
-		return
-	}
-
 	// instantiating functional account obj
 	functionalAccountObj, err := functional_accounts.NewFuncionalAccount(*r.providerInfo.authenticationObj, zapLogger)
 	if err != nil {
@@ -233,12 +214,6 @@ func (r *FunctionalAccountResource) Delete(ctx context.Context, req resource.Del
 		resp.Diagnostics.AddError("Error deleting functional account", err.Error())
 		return
 	}
-
-	err = utils.SignOut(*r.providerInfo.authenticationObj, &utils.AuthMu, &utils.SignInCount, zapLogger)
-	if err != nil {
-		resp.Diagnostics.AddError("Error Signing Out", err.Error())
-		return
-	}
 }
 
 func (r *FunctionalAccountResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) {

@@ -114,18 +114,6 @@ func (d *ManagedAccountDataSource) Read(ctx context.Context, req datasource.Read
 		return
 	}
 
-	_, err := utils.Authenticate(*d.providerInfo.authenticationObj, &utils.AuthMu, &utils.SignInCount, zapLogger)
-	if err != nil {
-		resp.Diagnostics.AddError("Error getting Authentication", err.Error())
-		return
-	}
-
-	defer func() {
-		if err := utils.SignOut(*d.providerInfo.authenticationObj, &utils.AuthMu, &utils.SignInCount, zapLogger); err != nil {
-			resp.Diagnostics.AddError("Error signing out", err.Error())
-		}
-	}()
-
 	// instantiating managed acocunt obj.
 	managedAccountObj, _ := managed_accounts.NewManagedAccountObj(*d.providerInfo.authenticationObj, zapLogger)
 

@@ -4,7 +4,6 @@ package provider_framework
 
 import (
 	"context"
-	"terraform-provider-passwordsafe/providers/utils"
 
 	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
 	"github.com/hashicorp/terraform-plugin-framework/ephemeral"
@@ -85,12 +84,6 @@ func (e *EphemeralManagedAccount) Open(ctx context.Context, request ephemeral.Op
 		return
 	}
 
-	_, err := utils.Authenticate(*e.providerInfo.authenticationObj, &utils.AuthMu, &utils.SignInCount, zapLogger)
-	if err != nil {
-		response.Diagnostics.AddError("Error getting Authentication", err.Error())
-		return
-	}
-
 	// instantiating managed account obj
 	manageAccountObj, err := managed_accounts.NewManagedAccountObj(*e.providerInfo.authenticationObj, zapLogger)
 
@@ -110,12 +103,6 @@ func (e *EphemeralManagedAccount) Open(ctx context.Context, request ephemeral.Op
 	// setting secret to value attribute
 	data.Value = types.StringValue(gotManagedAccount)
 
-	err = utils.SignOut(*e.providerInfo.authenticationObj, &utils.AuthMu, &utils.SignInCount, zapLogger)
-	if err != nil {
-		response.Diagnostics.AddError("Error Signing Out", err.Error())
-		return
-	}
-
 	response.Diagnostics.Append(response.Result.Set(ctx, &data)...)
 
 }