I notice that go-tfe uses go-slug v0.4.1. There was a security vulnerability that was identified on go-slug version upto v0.4.3 and was fixed on v0.5.0.

More details on CVE-2020-29529

The actual fix on go-slug is here

Based on https://www.terraform.io/docs/cloud/api/policy-sets.html#relationships, I think that https://github.com/hashicorp/go-tfe/blob/master/policy_set.go#L73 should include CurrentVersion and NewestVersion under Relations and that these would point at jsonapi:"relation,current-version" and jsonapi:"relation,newest-version" respectively.

I'm not sure if other changes would be needed.

Teams List API does not support pagination
// List all the teams of the given organization.
List(ctx context.Context, organization string, options TeamListOptions) (*TeamList, error)

    client.Teams.List(ctx, tfeOrgName, gotfe.TeamListOptions{
		ListOptions: gotfe.ListOptions{
			PageNumber: 10,
			PageSize:   10,
		},

It always return all the teams under the organization, however the same pagination works for the workspace List API

When I run go mod vendor I have the following error

go: verifying github.com/hashicorp/[email protected]: checksum mismatch
	downloaded: h1:gekvezBc+9LwN3qC+lesrz0Qg36hhgge9z/an1FCHx4=
	go.sum:     h1:MVdZAkTmDsUi1AT+3NQDsn8n3ssnVSIHwiM6RcUHvE8=

The list function of variable.go does not use url.QueryEscape(workspaceID) so is unable to find the workspace.

passing the workspaceID pre-escaped results in invalid value for workspace ID

The Policy Set Versions API endpoints are not covered.

I am adding that in #150

Hi!

I've created an action that uses go-tfe to create new runs on Terraform Cloud as part of our delivery pipeline. This works pretty well, but the execution of Runs.Create fails occasionally with a fairly cryptic error Invalid Attribute: invalid run parameters

Error in the context of GitHub Actions 👇

You can find the exact code I'm using here: https://github.com/kvrhdn/tfe-run/blob/master/main.go#L68

I haven't been able to pinpoint anything that could cause this:

• it happens both on speculative and non-speculative runs
• it happens both on runs that have changes and runs that don't have
• the error is always caused by Runs.Create, I haven't seen any other error messages
• re-triggering the job sometimes works, but I've also seen it fail multiple times after each other (over a span of 15+ minutes)

So I've been pretty puzzled 😕 Maybe you recognize the error and provide some pointers? Is there anything I can do to log more trace data?

Thanks!

Does go-tfe support the Force Execute option?
https://www.terraform.io/docs/cloud/api/run.html#forcefully-execute-a-run

I couldn't see an option in run.go
https://github.com/hashicorp/go-tfe/blob/master/run.go#L18

I would like to request a feature to add support for updating existing policies VCSRepo or PoliciesPath. Today one can only control attributes during creation.

I see it as adding those attributes to PolicySetUpdateOptions

Terraform Versions have several attributes that can be filtered on:

• official (true or false)
• enabled (true or false)
• beta (true or false)
• usage (when 0 or non zero)

Suggesting adding these filters to the List() function ->

I'm unable to create a workspace with VCS settings: missing required vcs creation params
Simple code snippet:

package main

import (
	"context"
	"github.com/hashicorp/go-tfe"
	"log"
)

func main() {
	client, err := tfe.NewClient(&tfe.Config{Token: "[redacted]"})
	if err != nil {
		log.Fatalln(err)
	}

	_, err = client.Workspaces.Create(context.Background(), "[redacted]", tfe.WorkspaceCreateOptions{
		AllowDestroyPlan:     tfe.Bool(true),
		AutoApply:            tfe.Bool(true),
		Description:          tfe.String("testing"),
		ExecutionMode:        tfe.String("remote"),
		MigrationEnvironment: nil,
		Name:                 tfe.String("quentin-testing-go-tfe"),
		TerraformVersion:     tfe.String("0.14.7"),
		VCSRepo:              &tfe.VCSRepoOptions{
			Branch:            tfe.String("master"),
			Identifier:        tfe.String("[redacted]"),
			OAuthTokenID:      tfe.String("[redacted]"),
			IngressSubmodules:  tfe.Bool(false),
		},
	})

	log.Fatalln(err)
}

Digging into the code, I think the error comes from jsonapi which does not marshal nested objects (and here the VCSRepo object).

I have reproduced https://github.com/hashicorp/go-tfe/blob/master/tfe.go#L551

package main

import (
	"fmt"
	"github.com/hashicorp/go-tfe"
	"github.com/hashicorp/jsonapi"
	"os"
)

func main() {
	onlyVCSSettings := &tfe.VCSRepoOptions{
		Branch:            tfe.String("master"),
		Identifier:        tfe.String("[redacted]"),
		OAuthTokenID:      tfe.String("[redacted]"),
		IngressSubmodules:  tfe.Bool(false),
	}

	entireObject := &tfe.WorkspaceCreateOptions{
		AllowDestroyPlan:     tfe.Bool(true),
		AutoApply:            tfe.Bool(true),
		Description:          tfe.String("testing"),
		ExecutionMode:        tfe.String("remote"),
		MigrationEnvironment: nil,
		Name:                 tfe.String("quentin-testing-go-tfe"),
		TerraformVersion:     tfe.String("0.14.7"),
		VCSRepo:              onlyVCSSettings,
	}

	_ = jsonapi.MarshalPayloadWithoutIncluded(os.Stdout, onlyVCSSettings)
	fmt.Println("----------")
	_ = jsonapi.MarshalPayloadWithoutIncluded(os.Stdout, entireObject)
}

Outputs:

{"data":{"type":"","attributes":{"branch":"master","identifier":"[redacted]","ingress-submodules":false,"oauth-token-id":"[redacted]"}}}
----------
{"data":{"type":"workspaces","attributes":{"allow-destroy-plan":true,"auto-apply":true,"description":"testing","execution-mode":"remote","name":"quentin-testing-go-tfe","terraform-version":"0.14.7","vcs-repo":{"Branch":"master","Identifier":"[redacted]","IngressSubmodules":false,"OAuthTokenID":"[redacted]"}}}}

The SDK does not currently support getting State Version Outputs from the API:
https://www.terraform.io/docs/cloud/api/state-version-outputs.html

Support for "outputs" should be added to the state version struct and new methods added for using those output IDs and getting the output values from the API

Hello

Firstly, thanks for the great library.

I'm upgrading from an ancient go-tfe version and observed in the commit[0] the ability to pass in Organisation Name was removed. The API seem to still support this.

How can I do the following?

		variables, err := client.Variables.List(ctx, tfe.VariableListOptions{
			Organization: &w.Organization.Name,
			Workspace:    &WorkspaceName,
		})

I feel as if I'm missing something obvious here. But see the partial patch below, by the looks of it it simply seems it was dropped and workspaceID was passed in as a parameter to List, but not organisation name.

I'm happy to create a PR and add it as a parameter to List function, however, any particular reason why it's not part of VariableListOptions anymore?

I feel it's better suited there.

Kind regards
Sam

[0]

commit 3c08ccf4d60964869dba86d89a0eec8c8c92ed98

...
 type Variables interface {
 	// List all the variables associated with the given workspace.
-	List(ctx context.Context, options VariableListOptions) (*VariableList, error)
+	List(ctx context.Context, workspaceID string, options VariableListOptions) (*VariableList, error)

...
 // VariableListOptions represents the options for listing variables.
 type VariableListOptions struct {
 	ListOptions
-	Organization *string `url:"filter[organization][name]"`
-	Workspace    *string `url:"filter[workspace][name]"`
 }

Hi,
Would like to request enhancement to list the Terraform Agent details within the agent Pool. The UI shows this detail but it is not available from the APIs.

thx
Murali

Hey there!

Thanks for creating the Golang API for TFE! I had a question about https://www.terraform.io/docs/enterprise/api/index.html#inclusion-of-related-resources and go-tfe's support of related resources.

I was looking through the documentation (https://godoc.org/github.com/hashicorp/go-tfe) and I didn't see an option in the ListOptions struct to pass in additional query parameters. I was specifically trying to identify how to return created-by in a workspace run which doesn't seem currently possible.

Thanks!

In https://github.com/hashicorp/go-tfe/blob/master/configuration_version.go#L59 we list several ConfigurationSource strings including "tfe-api" for the TFE API, "terraform" (for the TFC UI?) and "bitbucket", "github", and "gitlab". But should we also include "ado" in case the VCS system is Azure DevOps Server or Azure DevOps Services? See https://www.terraform.io/docs/cloud/vcs/index.html#supported-vcs-providers

I'm asking because I am adding a new policy_set_version class and wonder if I should include "ado" there.

Hi, I'm having an issue where, I have created a working go script that will create a workspace. When I attempt to run this script inside a golang container, with the same API token, I get unauthorized error. Is this anything you have come across before? My Dockerfile is below, and script

FROM golang:1.12.4

WORKDIR /go/src/app
ADD tfe-build.go tfe-build.go

RUN go get -d -v ./...
RUN go install -v ./...

package main

import (
	"context"
	"log"
	"os"
	"flag"

	tfe "github.com/hashicorp/go-tfe"
)

func main() {
	tfe_workspace_name := flag.String("tfe_workspace_name", "foo", "name of workspace to be created")
	tfe_version := flag.String("tfe_version", "0.11.1", "tfe version to use")
	tfe_working_dir := flag.String("tfe_working_dir", "", "working directory")

	flag.Parse()
	config := &tfe.Config{
		Token: "blahblah.atlasv1.blahblahblahblah",
	}
	client, err := tfe.NewClient(config)
	if err != nil {
		log.Print("cant make client")
		log.Print(config)
		log.Fatal(err)
	}
	log.Print(client)

	// Create a context
	ctx := context.Background()

	// Check is workspace exists
	r, err := client.Workspaces.Read(ctx, "dci", *tfe_workspace_name)
	if err == nil {
		log.Print(r.VCSRepo)
		log.Print("workspace already exists")
		os.Exit(0)
	}

	log.Print(err)
...```

Thanks

It looks like there is an endpoint that is missing from the client, namely the ingress-attributes endpoint.

I can't seem to find direct documentation to it, although it is mentioned on the configuration versions API page in passing. However, it would be super useful to have this as it would allow us to work out when a run is associated to a PR or not

Attempting to unlock a workspace that is locked by a Run errors, which is expected behavior, however the error returned is incorrect.

Setup

If the workspace is locked by a pending Run (i.e. "Needs Confirmation"), an attempt to unlock will fail as expected.

Expected Behavior

If calling via the API, the error response is "Unable to unlock workspace. The workspace is locked by ...".

Example:

$ curl \
--header "Authorization: Bearer $TOKEN" \
--header "Content-Type: application/vnd.api+json" \
--request POST \
https://firefly.tfe.rocks/api/v2/workspaces/ws-Trm11JYZz9dj46wT/actions/unlock | jq .


{
  "errors": [
    {
      "status": "409",
      "title": "conflict",
      "detail": "Unable to unlock workspace. The workspace is locked by Run run-t4AeTqyyWCxpkq4S and may not be unlocked except by them."
    }
  ]
}

It would be expected that the return message from Unlock() would return a message closer to the details of the API response.

Actual Behavior

When calling the Unlock function on that workspace:

Unlock()

ws, err := client.Workspaces.Unlock(ctx, w.ID)

The error response is "workspace already unlocked" which is not actually correct, since the workspace is locked.

I believe this message is being derivate here

https://www.terraform.io/docs/cloud/api/admin/settings.html

Unless I'm missing it, this doesn't seem to be possible using the SDK

Blocks hashicorp/terraform-provider-tfe#267

When TFE creates oauth connection (e.g. for the gh) it also providing secret and uuid as part of the config. It is currently missing in the go binding.

Sample request from TFE on oauth creation:

{
  "data": {
    "attributes": {
      "name": "Example GH",
      "created-at": null,
      "callback-url": null,
      "oauth-token-string": null,
      "connect-path": null,
      "key": "XXXXX",
      "secret": "XXXXXXXX",
      "rsa-public-key": null,
      "uuid": "82213e23-3d48-4061-8960-3c01ef3e2d6e",
      "service-provider": "github",
      "service-provider-display-name": null,
      "api-url": "https://api.github.com",
      "http-url": "https://github.com"
    },
    "relationships": {
      "organization": {
        "data": {
          "type": "organizations",
          "id": "sampl-org-gh"
        }
      }
    },
    "type": "oauth-clients"
  }
}

As these fields are missing it is not possible to automate VCS connection creation using go-tfe with github.com.

The VCS Repo struct should be like the following:

      "vcs-repo": {
        "branch": "",
        "ingress-submodules": true,
        "identifier": "lafentres/terraform-aws-my-module",
        "display-identifier": "lafentres/terraform-aws-my-module",
        "oauth-token-id": "ot-hmAyP66qk2AMVdbJ",
        "webhook-url": "https://app.terraform.io/webhooks/vcs/a12b3456..."
      },

documentation link: https://www.terraform.io/docs/cloud/api/modules.html#sample-response-3

Currently it is using the Workspace VCSRepo struct which lacks webhook-url

type VCSRepo struct {
	Branch            string `json:"branch"`
	DisplayIdentifier string `json:"display-identifier"`
	Identifier        string `json:"identifier"`
	IngressSubmodules bool   `json:"ingress-submodules"`
	OAuthTokenID      string `json:"oauth-token-id"`
}

I propose either creating a new struct specifically for Registry Modules, or adding a new attribute to the workspace VCSRepo. Probably this code should be moved out of Workspace.go if that is the case

As the title mentions, has this been discussed at all?

Reading the function calls available you seem to be using pointers to objects as a way of allowing yourself to declare them null. While your approach is sufficient, and I understand golang's generic disprivilege, it might be more suitable to use a package like https://github.com/volatiletech/null which includes various primitive types along with a boolean "valid" or "not valid" tag. It may be more work, but it seems more appropriate instead of memory addressing everything.

https://www.terraform.io/docs/cloud/api/workspaces.html#request-body

Required in create and read

The tests

package controllers

import (
        "context"
        "fmt"
        "testing"

        "github.com/hashicorp/go-tfe"
)

func getClient() (*tfe.Client, error) {
        cfg := &tfe.Config{
                Token: token,
        }
        cli, err := tfe.NewClient(cfg)
        if err != nil {
                return nil, err
        }
        return cli, nil
}

func TestCurrent(t *testing.T) {

        cli, err := getClient()
        if err != nil {
                t.Fatal(err)
        }
        ctx := context.Background()

        ws, err := cli.Workspaces.Read(ctx, "myorg", "myworkspace")
        if err != nil {
                t.Fatal(err)
        }

        st, err := cli.StateVersions.Current(ctx, ws.ID)
        if err != nil {
                t.Fatal(err)
        }

        for _, o := range st.Outputs {
                fmt.Println(o)
        }
}

func TestCurrentOutputs(t *testing.T) {

        cli, err := getClient()
        if err != nil {
                t.Fatal(err)
        }

        ctx := context.Background()

        ws, err := cli.Workspaces.Read(ctx, "myorg", "myworkspace")
        if err != nil {
                t.Fatal(err)
        }

        st, err := cli.StateVersions.Current(ctx, ws.ID)
        if err != nil {
                t.Fatal(err)
        }

        for _, o := range st.Outputs {
                fmt.Println(o)
                out, err := cli.StateVersionOutputs.Read(ctx, o.ID)
                if err != nil {
                        t.Fatal(err)
                }
                fmt.Println(out)
        }
}

func TestCurrentWithOptions(t *testing.T) {

        cli, err := getClient()
        if err != nil {
                t.Fatal(err)
        }

        ctx := context.Background()

        ws, err := cli.Workspaces.Read(ctx, "myorg", "myworkspace")
        if err != nil {
                t.Fatal(err)
        }

        st, err := cli.StateVersions.CurrentWithOptions(ctx, ws.ID, &tfe.StateVersionCurrentOptions{
                Include: "outputs",
        })
        if err != nil {
                t.Fatal(err)
        }

        for _, o := range st.Outputs {
                fmt.Println(o)
        }
}

The output

=== RUN   TestCurrent
&{wsout-aaaa  false  }
&{wsout-bbbb false  }
--- PASS: TestCurrent (1.25s)
=== RUN   TestCurrentOutputs
&{wsout-aaaa false  }
    stateversionoutputs_test.go:69: Invalid type provided
--- FAIL: TestCurrentOutputs (1.47s)
=== RUN   TestCurrentWithOptions
    stateversionoutputs_test.go:94: Invalid type provided
--- FAIL: TestCurrentWithOptions (1.21s)
FAIL
exit status 1

After some debugging, I noticed that the server returns the response but unmarshalling fails.

I also tried to curl the 2 outputs with the same token and endpoint generated by go-tfe and it works.

curl --header "Authorization: Bearer $TOKEN" https://app.terraform.io/api/v2/state-version-outputs/wsout-aaaa

{
  "data": {
    "id": "wsout-aaaa",
    "type": "state-version-outputs",
    "attributes": {
      "name": "the_secret",
      "sensitive": true,
      "type": "object",
      "value": {
        ...
      }
    },
    "links": {
      "self": "/api/v2/state-version-outputs/wsout-aaaa"
    }
  }
}

It does not appear to be possible to read the tags set against workspaces.

This would be handy as I have a tool that requires making changes to variables automatically and I would like to be able to filter with Workspaces it acts on via a workspace tag

I am wondering if there is already a CLI client that leverages this library? Something like th-helper, but in Go?

If not is there any place to start such a project where we could contribute?

There should be a function to list all the registry modules for an organization

https://www.terraform.io/docs/registry/api.html#list-modules

Hello,

I am trying to create a new workspace and I am getting the following error:

Pointer type in struct is not supported

This is the code I am using.

	config := &tfe.Config{
		Token: "ATLAS_TOKEN",
	}
	client, err := tfe.NewClient(config)
	if err != nil {
		log.Fatal(err)
	}
	ctx := context.Background()

	_, err = client.Workspaces.Create(ctx, "my-org", tfe.WorkspaceCreateOptions{
		Name:             tfe.String("workspace-name"),
		WorkingDirectory: tfe.String("directory"),
		VCSRepo: &tfe.VCSRepoOptions{
			Identifier:   tfe.String("org/repo-name"),
			OAuthTokenID: tfe.String("token"),
			Branch:       tfe.String("master"),
		},
	})

Any help you can provide would be greatly appreciated.

Thanks!

Is there a way to figure out if the current state has resources or has output?

What I want is to check if the latest available state from the given workspace has resources or has output.

	opts := tfe.PolicyCreateOptions{
		Name: tfe.String("Required-Tags-Policy"),
		Enforce: []*tfe.EnforcementOptions{
			{
				Path: tfe.String("Required-Tags-Policy" + ".sentinel"),
				Mode: tfe.EnforcementMode(tfe.EnforcementSoft),
			},
		},
	}
	client.Policies.Create(ctx, "my_sweet_sweet_org", opts)
}

For me, it arrived in PTFE as "EnforcementHard"

Hi, we are investigating using this API for a Terraform Enterprise installation and noticed some anomalies that we hope can be easily explained/solved.

The TFE API returns a status timestamp object as shown below, and the go-tfe API has different attributes, thus some are not populated (expected).
"status-timestamps": {
"applied-at": "2021-05-27T17:51:56+00:00",
"planned-at": "2021-05-27T17:45:06+00:00",
"applying-at": "2021-05-27T17:50:54+00:00",
"planning-at": "2021-05-27T17:44:18+00:00",
"confirmed-at": "2021-05-27T17:50:50+00:00",
"plan-queued-at": "2021-05-27T17:44:14+00:00",
"apply-queued-at": "2021-05-27T17:50:51+00:00",
"plan-queueable-at": "2021-05-27T17:44:12+00:00",
"policy-checked-at": "2021-05-27T17:45:16+00:00"
},

go-tfe returns timestamps such as QueuedAt, FinishedAt, ErroredAt. Our TFE version 202104-1 does not have these properties. Is this API coded against a specific version of Terraform Cloud?

Thanks

Don

Hi,
Would like to request for subscription APIs to be available through go-tfe. Document link here for reference.
https://www.terraform.io/docs/cloud/api/subscriptions.html

thx
Murali

Hello folks,
According to the documentation: https://www.terraform.io/docs/cloud/api/run.html#list-runs-in-a-workspace, GET /workspaces/:workspace_id/runs is missing include parameter:

// RunListOptions represents the options for listing runs.
type RunListOptions struct {
	ListOptions
	Include *string `url:"include"` <-------------- This should be added
}

Can you please add it so we can query /runs endpoint with additional applies data. This can save us a lot of unnecessary additional HTTP requests!

I would like to be able to provide a slice of bytes directly to the upload of the configuration versions instead of requiring that the terraform code be on disk. This would allow for hosting terraform code to run workspaces in cloud storage buckets and reading into memory for transient upload.

Propose a new method on ConfigurationVersions interface of ConfigurationVerions.UploadBytes()

The Workspace struct currently does not have a field to capture the "locked-by" relationship

https://www.terraform.io/docs/cloud/api/workspaces.html#locked_by

Happy to do a PR

Hey there!

We just updated to the latest version of TFE and noticed that there is a new status that is being returned by one of our workspaces via the API:

"status": "planned_and_finished",

Looking at the current set of RunStatus, I don't see a corresponding one for the returned status. Is that expected?

Thanks,
Glenn

This page mentions the Variables API is being deprecated.

I don't yet see in the SDK documentation that the workspace variables API is yet supported

We would like to be able to set the speculative-enabled attribute on a workspace through terraform-provider-tfe (see API doc).

Exposing this attribute as SpeculativeEnabled in go-tfe is the first step towards that goal.

#132 implements that feature.
hashicorp/terraform-provider-tfe#211 is the related issue for terraform-provider-tfe, and hashicorp/terraform-provider-tfe#210 is the related PR.

Hello! I am hoping to use this library to create tooling to publish modules to a private registry, but do not see an upload link attribute in RegistryModuleVersion.

Are there plans to add this attribute? I see a related conversation in PR #150 (Add policy set version)

For example the organizations List function (https://github.com/hashicorp/go-tfe/blob/master/organization.go#L96) accepts an OrganizationListOptions which is simply a wrapper around ListOptions which primarily specifies pagination options.

This requires that consumers of the library manage pagination themselves. However, no pagination information is returned from the List calls forcing callers to create hacks to ensure all pages have been retrieved.

I see two possible fixes:

1. Have the List calls handle pagination internally and return all possible items for each List call.
2. Each List call returns a struct which includes pagination info for the caller to utilize. I utilized int pointers in the example below to account for the fact that occasionally certain pagination fields are null and wanted consistency among all fields.

type OrganizationsListResponse struct {
    Organizations []*Organization
    Pagination struct {
        CurrentPage *int
        NextPage *int
        PrevPage *int
        TotalCount *int
        TotalPages *int        
    }
}

Hi there,
I've read the documentation searching for a way to manage accounts via API. There are supported actions like updating account info or changing passwords, but couldn't find anything for account creation. Digging a bit in this repo I found [user.go] (https://github.com/hashicorp/go-tfe/blob/master/user.go) which looks like the place this could be defined, and seems there is no such thing.
I would expect something like:

POST /account/new

with a JSON payload containing the username, mail and password (which is exactly what /account/new requires when used from a browser)

So, am I missing something, is this supported at all?
If not, is there any particular reason for it?

Thanks in advance.

It would be nice if mocks or go-vcr could be used for the unit tests, as currently testing requires an internet connection, TFE/TF Cloud connection and token to run.

I did a quick spike and this seemed to work:

func getVCRRecorder(t *testing.T, cassetteName string) *recorder.Recorder {

	// Set recording responses with env variable RECORDING
	envRecording, ok := os.LookupEnv("RECORDING")

	mode := recorder.ModeReplaying

	if ok {
		switch envRecording {
		case "false":
			t.Logf("[VCR] - Replay mode enabled")
			mode = recorder.ModeReplaying
		case "disabled", "disable":
			t.Logf("[VCR] - VCR disabled")
			mode = recorder.ModeDisabled
		case "true":
			t.Logf("[VCR] - Recording enabled")
			mode = recorder.ModeRecording
		default:
			t.Logf("[VCR] - Recording enabled")
			mode = recorder.ModeRecording
		}
	}

	filename := fmt.Sprintf("fixtures/%s", cassetteName)

	transport := &http.Transport{	}

	rec, err := recorder.NewAsMode(
		filename,
		mode,
		transport,
	)
	if err != nil {
		t.Fatal(err)
	}
	return rec
}

func testVCRClient(t *testing.T) *Client {

       rec := getVCRRecorder(t, t.Name)
       defer rec.Stop()

      cfg := &Config{
	  HTTPClient: rec,
       }

       client, err := NewClient(cfg)

	if err != nil {
		t.Fatal(err)
	}

	return client
}

Hi All,
I'm getting the following error when executing my CLI (in development) within a Docker container (ubuntu:18.04).

Get "https://app.terraform.io/api/v2/ping": x509: certificate signed by unknown authority 

Strangely enough, I don't get the same error when executing it from my MacBook. Any suggestions of how to solve this issue?

Thank you,
Valter.

Is there a way to configure a workspace to be destroyable with this library, or a way to modify workspace permissions?

I see that a Workspace has CanQueueDestroyPlan, Actions.IsDestroyable, and Pemissions.CanQueueDestroy fields, but none of these are available to set in CreateWorkspaceOptions or UpdateWorkspaceOptions

As a result, a workspace appears to always have CanQueueDestoryPlan set as false, despite IsDestroyable set as true. And when creating a Run that is IsDestroy, I receive "resource not found".

Hi,

Recently the #232 was merged instead of #137, however, the API attribute commit-sha was missed, so it's not possible to get the commit hash. Can this be added too please?

Thanks

Terraform supports output types other than 'string'. For example, this Terraform declaration produces an output type of 'array':

output "instance_ips" {
  value = aws_instance.ubuntu.*.private_ip
}

resulting output:

instance_ips: [
  "10.1.2.3",
  "10.1.2.4",
  "10.1.2.5" 
]

This is why the State Output contains a "type" field, which will be "array" in this case.

However, the tfe-go library defines the State Version Output as:

type StateVersionOutput struct {
	ID        string `jsonapi:"primary,state-version-outputs"`
	Name      string `jsonapi:"attr,name"`
	Sensitive bool   `jsonapi:"attr,sensitive"`
	Type      string `jsonapi:"attr,type"`
	Value     string `jsonapi:"attr,value"`
}

Note that Value is 'string' only.

When .Read is called on an Output of type 'array', the Read call will fail with an error, as the jsonapi is not able to unmarshal the array value into this struct.

Here's an example API response from Terraform with an array:

{
  "data": {
    "id": "wsout-abcdef",
    "type": "state-version-outputs",
    "attributes": {
      "name": "instance_ips",
      "sensitive": false,
      "type": "array",
      "value": [
        "10.180.69.26",
        "10.180.69.11",
        "10.180.69.37"
      ]
    },
    "links": {
      "self": "/api/v2/state-version-outputs/wsout-abcdef"
    }
  }
}

Thanks!
-alex

https://www.terraform.io/docs/cloud/api/admin/organizations.html#update-an-organization

Looking at AdminOrganization, it is missing a flag for global module sharing.

Likewise, the request struct AdminOrganizationUpdateOptions needs the same update.

The client should first check environment variables for credentials, then it should check the terraform.rc file. https://www.terraform.io/docs/commands/cli-config.html#credentials-1