diff --git a/CHANGELOG.md b/CHANGELOG.md index 6aee4f84..7723fcf6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ BUG FIXES: * `AgentPool`: fix an issue when `plan_queued` and `apply_queued` statuses do not trigger agent scaling. [[GH-215](https://github.com/hashicorp/terraform-cloud-operator/pull/215)] * `Helm Chart`: fix an issue with the Deployment template in the Helm chart where `name` in path `spec.template.spec.containers[0]` was duplicated. [[GH-216](https://github.com/hashicorp/terraform-cloud-operator/pull/216)] +* `Workspace`: fix an issue when the Operator panics when `spec.executionMode` is configured as `agent` but `spec.agentPool` is not set which is mandatory in this case. [[GH-242](https://github.com/hashicorp/terraform-cloud-operator/pull/242)] ENHANCEMENT: * `Operator`: Add the ability to skip TLS certificate validation for communication between the Operator and the TFC/E endpoint. A new environment variable `TFC_TLS_SKIP_VERIFY` should be set to `true` to skip the validation. Default: `false`. [[GH-222](https://github.com/hashicorp/terraform-cloud-operator/pull/222)] diff --git a/api/v1alpha2/workspace_validation.go b/api/v1alpha2/workspace_validation.go index 918c5240..9708703a 100644 --- a/api/v1alpha2/workspace_validation.go +++ b/api/v1alpha2/workspace_validation.go @@ -16,6 +16,7 @@ func (w *Workspace) ValidateSpec() error { var allErrs field.ErrorList allErrs = append(allErrs, w.validateSpecAgentPool()...) + allErrs = append(allErrs, w.validateSpecExecutionMode()...) allErrs = append(allErrs, w.validateSpecNotifications()...) allErrs = append(allErrs, w.validateSpecRemoteStateSharing()...) allErrs = append(allErrs, w.validateSpecRunTasks()...) @@ -62,6 +63,22 @@ func (w *Workspace) validateSpecAgentPool() field.ErrorList { return allErrs } +func (w *Workspace) validateSpecExecutionMode() field.ErrorList { + allErrs := field.ErrorList{} + spec := w.Spec.ExecutionMode + + f := field.NewPath("spec").Child("executionMode") + + if spec == "agent" && w.Spec.AgentPool == nil { + allErrs = append(allErrs, field.Required( + f, + "'spec.agentPool' must be set when 'spec.executionMode' is set to 'agent'"), + ) + } + + return allErrs +} + func (w *Workspace) validateSpecNotifications() field.ErrorList { allErrs := field.ErrorList{} spec := w.Spec.Notifications @@ -417,6 +434,5 @@ func (w *Workspace) validateSpecSSHKey() field.ErrorList { // + EnvironmentVariables names duplicate: spec.environmentVariables[].name // + TerraformVariables names duplicate: spec.terraformVariables[].name // + Tags duplicate: spec.tags[] -// + AgentPool must be set when ExecutionMode = 'agent': spec.agentPool <- spec.executionMode['agent'] // // + Invalid CR cannot be deleted until it is fixed -- need to discuss if we want to do something about it diff --git a/api/v1alpha2/workspace_validation_test.go b/api/v1alpha2/workspace_validation_test.go index 371c71b5..5437e83e 100644 --- a/api/v1alpha2/workspace_validation_test.go +++ b/api/v1alpha2/workspace_validation_test.go @@ -60,6 +60,51 @@ func TestValidateWorkspaceSpecAgentPool(t *testing.T) { } } +func TestValidateWorkspaceSpecExecutionMode(t *testing.T) { + successCases := map[string]Workspace{ + "AgentWithAgentPoolWithID": { + Spec: WorkspaceSpec{ + ExecutionMode: "agent", + AgentPool: &WorkspaceAgentPool{ + ID: "this", + }, + }, + }, + "AgentWithAgentPoolWithName": { + Spec: WorkspaceSpec{ + ExecutionMode: "agent", + AgentPool: &WorkspaceAgentPool{ + Name: "this", + }, + }, + }, + } + + for n, c := range successCases { + t.Run(n, func(t *testing.T) { + if errs := c.validateSpecExecutionMode(); len(errs) != 0 { + t.Errorf("Unexpected validation errors: %v", errs) + } + }) + } + + errorCases := map[string]Workspace{ + "AgentWithoutAgentPool": { + Spec: WorkspaceSpec{ + ExecutionMode: "agent", + }, + }, + } + + for n, c := range errorCases { + t.Run(n, func(t *testing.T) { + if errs := c.validateSpecExecutionMode(); len(errs) == 0 { + t.Error("Unexpected failure, at least one error is expected") + } + }) + } +} + func TestValidateWorkspaceSpecNotifications(t *testing.T) { token := "token" url := "https://example.com" diff --git a/controllers/workspace_controller_agents.go b/controllers/workspace_controller_agents.go index c865b45a..c3d074be 100644 --- a/controllers/workspace_controller_agents.go +++ b/controllers/workspace_controller_agents.go @@ -32,6 +32,10 @@ func (r *WorkspaceReconciler) getAgentPoolIDByName(ctx context.Context, w *works func (r *WorkspaceReconciler) getAgentPoolID(ctx context.Context, w *workspaceInstance) (string, error) { specAgentPool := w.instance.Spec.AgentPool + if specAgentPool == nil { + return "", fmt.Errorf("'spec.agentPool' is not set") + } + if specAgentPool.Name != "" { w.log.Info("Reconcile Agent Pool", "msg", "getting agent pool ID by name") return r.getAgentPoolIDByName(ctx, w) diff --git a/docs/api-reference.md b/docs/api-reference.md index bd136e99..c90ccfaf 100644 --- a/docs/api-reference.md +++ b/docs/api-reference.md @@ -74,7 +74,8 @@ AgentPool is the Schema for the agentpools API. | --- | --- | | `apiVersion` _string_ | `app.terraform.io/v1alpha2` | `kind` _string_ | `AgentPool` -| `TypeMeta` _[TypeMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#typemeta-v1-meta)_ | | +| `kind` _string_ | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | +| `apiVersion` _string_ | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | | `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | `spec` _[AgentPoolSpec](#agentpoolspec)_ | | @@ -90,8 +91,8 @@ _Appears in:_ | Field | Description | | --- | --- | -| `name` _string_ | Agent Pool name. More information: - https://developer.hashicorp.com/terraform/cloud-docs/agents/agent-pools | -| `organization` _string_ | Organization name where the Workspace will be created. More information: - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/organizations | +| `name` _string_ | Agent Pool name. More information: - https://developer.hashicorp.com/terraform/cloud-docs/agents/agent-pools | +| `organization` _string_ | Organization name where the Workspace will be created. More information: - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/organizations | | `token` _[Token](#token)_ | API Token to be used for API calls. | | `agentTokens` _[AgentToken](#agenttoken) array_ | List of the agent tokens to generate. | | `agentDeployment` _[AgentDeployment](#agentdeployment)_ | Agent deployment settings | @@ -104,7 +105,7 @@ _Appears in:_ -Agent Token is a secret token that a Terraform Cloud Agent is used to connect to the Terraform Cloud Agent Pool. In `spec` only the field `Name` is allowed, the rest are used in `status`. More infromation: - https://developer.hashicorp.com/terraform/cloud-docs/agents +Agent Token is a secret token that a Terraform Cloud Agent is used to connect to the Terraform Cloud Agent Pool. In `spec` only the field `Name` is allowed, the rest are used in `status`. More infromation: - https://developer.hashicorp.com/terraform/cloud-docs/agents _Appears in:_ - [AgentPoolSpec](#agentpoolspec) @@ -122,7 +123,7 @@ _Appears in:_ -A configuration version is a resource used to reference the uploaded configuration files. More information: - https://developer.hashicorp.com/terraform/cloud-docs/api-docs/configuration-versions - https://developer.hashicorp.com/terraform/cloud-docs/run/api +A configuration version is a resource used to reference the uploaded configuration files. More information: - https://developer.hashicorp.com/terraform/cloud-docs/api-docs/configuration-versions - https://developer.hashicorp.com/terraform/cloud-docs/run/api _Appears in:_ - [ModuleStatus](#modulestatus) @@ -136,7 +137,7 @@ _Appears in:_ -ConsumerWorkspace allows access to the state for specific workspaces within the same organization. Only one of the fields `ID` or `Name` is allowed. At least one of the fields `ID` or `Name` is mandatory. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/state#remote-state-access-controls +ConsumerWorkspace allows access to the state for specific workspaces within the same organization. Only one of the fields `ID` or `Name` is allowed. At least one of the fields `ID` or `Name` is mandatory. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/state#remote-state-access-controls _Appears in:_ - [RemoteStateSharing](#remotestatesharing) @@ -151,7 +152,7 @@ _Appears in:_ -Custom permissions let you assign specific, finer-grained permissions to a team than the broader fixed permission sets provide. More information: - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/permissions#custom-workspace-permissions +Custom permissions let you assign specific, finer-grained permissions to a team than the broader fixed permission sets provide. More information: - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/permissions#custom-workspace-permissions _Appears in:_ - [TeamAccess](#teamaccess) @@ -170,7 +171,7 @@ _Appears in:_ -Module is the Schema for the modules API Module implements the API-driven Run Workflow More information: - https://developer.hashicorp.com/terraform/cloud-docs/run/api +Module is the Schema for the modules API Module implements the API-driven Run Workflow More information: - https://developer.hashicorp.com/terraform/cloud-docs/run/api @@ -178,7 +179,8 @@ Module is the Schema for the modules API Module implements the API-driven Run Wo | --- | --- | | `apiVersion` _string_ | `app.terraform.io/v1alpha2` | `kind` _string_ | `Module` -| `TypeMeta` _[TypeMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#typemeta-v1-meta)_ | | +| `kind` _string_ | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | +| `apiVersion` _string_ | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | | `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | `spec` _[ModuleSpec](#modulespec)_ | | @@ -209,7 +211,7 @@ _Appears in:_ | Field | Description | | --- | --- | -| `source` _string_ | Non local Terraform module source. More information: - https://developer.hashicorp.com/terraform/language/modules/sources | +| `source` _string_ | Non local Terraform module source. More information: - https://developer.hashicorp.com/terraform/language/modules/sources | | `version` _string_ | Terraform module version. | @@ -224,7 +226,7 @@ _Appears in:_ | Field | Description | | --- | --- | -| `organization` _string_ | Organization name where the Workspace will be created. More information: - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/organizations | +| `organization` _string_ | Organization name where the Workspace will be created. More information: - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/organizations | | `token` _[Token](#token)_ | API Token to be used for API calls. | | `module` _[ModuleSource](#modulesource)_ | Module source and version to execute. | | `workspace` _[ModuleWorkspace](#moduleworkspace)_ | Workspace to execute the module. | @@ -270,7 +272,7 @@ _Appears in:_ -Notifications allow you to send messages to other applications based on run and workspace events. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/notifications +Notifications allow you to send messages to other applications based on run and workspace events. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/notifications _Appears in:_ - [WorkspaceSpec](#workspacespec) @@ -281,7 +283,7 @@ _Appears in:_ | `type` _NotificationDestinationType_ | The type of the notification. Valid values: `email`, `generic`, `microsoft-teams`, `slack`. | | `enabled` _boolean_ | Whether the notification configuration should be enabled or not. Default: `true`. | | `token` _string_ | The token of the notification. | -| `triggers` _NotificationTrigger array_ | The list of run events that will trigger notifications. Trigger represents the different TFC notifications that can be sent as a run's progress transitions between different states. There are two categories of triggers: - Health Events: `assessment:check_failure`, `assessment:drifted`, `assessment:failed`. - Run Events: `run:applying`, `run:completed`, `run:created`, `run:errored`, `run:needs_attention`, `run:planning`. | +| `triggers` _NotificationTrigger array_ | The list of run events that will trigger notifications. Trigger represents the different TFC notifications that can be sent as a run's progress transitions between different states. There are two categories of triggers: - Health Events: `assessment:check_failure`, `assessment:drifted`, `assessment:failed`. - Run Events: `run:applying`, `run:completed`, `run:created`, `run:errored`, `run:needs_attention`, `run:planning`. | | `url` _string_ | The URL of the notification. | | `emailAddresses` _string array_ | The list of email addresses that will receive notification emails. It is only available for Terraform Enterprise users. It is not available in Terraform Cloud. | | `emailUsers` _string array_ | The list of users belonging to the organization that will receive notification emails. | @@ -305,7 +307,7 @@ _Appears in:_ -RemoteStateSharing allows remote state access between workspaces. By default, new workspaces in Terraform Cloud do not allow other workspaces to access their state. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/state#accessing-state-from-other-workspaces +RemoteStateSharing allows remote state access between workspaces. By default, new workspaces in Terraform Cloud do not allow other workspaces to access their state. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/state#accessing-state-from-other-workspaces _Appears in:_ - [WorkspaceSpec](#workspacespec) @@ -337,7 +339,7 @@ _Appears in:_ -RunTrigger allows you to connect this workspace to one or more source workspaces. These connections allow runs to queue automatically in this workspace on successful apply of runs in any of the source workspaces. Only one of the fields `ID` or `Name` is allowed. At least one of the fields `ID` or `Name` is mandatory. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/run-triggers +RunTrigger allows you to connect this workspace to one or more source workspaces. These connections allow runs to queue automatically in this workspace on successful apply of runs in any of the source workspaces. Only one of the fields `ID` or `Name` is allowed. At least one of the fields `ID` or `Name` is mandatory. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/run-triggers _Appears in:_ - [WorkspaceSpec](#workspacespec) @@ -352,7 +354,7 @@ _Appears in:_ -SSH key used to clone Terraform modules. Only one of the fields `ID` or `Name` is allowed. At least one of the fields `ID` or `Name` is mandatory. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/ssh-keys +SSH key used to clone Terraform modules. Only one of the fields `ID` or `Name` is allowed. At least one of the fields `ID` or `Name` is mandatory. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/ssh-keys _Appears in:_ - [WorkspaceSpec](#workspacespec) @@ -382,7 +384,7 @@ _Appears in:_ -Teams are groups of Terraform Cloud users within an organization. If a user belongs to at least one team in an organization, they are considered a member of that organization. Only one of the fields `ID` or `Name` is allowed. At least one of the fields `ID` or `Name` is mandatory. More information: - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/teams +Teams are groups of Terraform Cloud users within an organization. If a user belongs to at least one team in an organization, they are considered a member of that organization. Only one of the fields `ID` or `Name` is allowed. At least one of the fields `ID` or `Name` is mandatory. More information: - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/teams _Appears in:_ - [TeamAccess](#teamaccess) @@ -397,16 +399,16 @@ _Appears in:_ -Terraform Cloud workspaces can only be accessed by users with the correct permissions. You can manage permissions for a workspace on a per-team basis. When a workspace is created, only the owners team and teams with the "manage workspaces" permission can access it, with full admin permissions. These teams' access can't be removed from a workspace. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/access +Terraform Cloud workspaces can only be accessed by users with the correct permissions. You can manage permissions for a workspace on a per-team basis. When a workspace is created, only the owners team and teams with the "manage workspaces" permission can access it, with full admin permissions. These teams' access can't be removed from a workspace. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/access _Appears in:_ - [WorkspaceSpec](#workspacespec) | Field | Description | | --- | --- | -| `team` _[Team](#team)_ | Team to grant access. More information: - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/teams | -| `access` _string_ | There are two ways to choose which permissions a given team has on a workspace: fixed permission sets, and custom permissions. More information: - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/permissions#workspace-permissions | -| `custom` _[CustomPermissions](#custompermissions)_ | Custom permissions let you assign specific, finer-grained permissions to a team than the broader fixed permission sets provide. More information: - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/permissions#custom-workspace-permissions | +| `team` _[Team](#team)_ | Team to grant access. More information: - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/teams | +| `access` _string_ | There are two ways to choose which permissions a given team has on a workspace: fixed permission sets, and custom permissions. More information: - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/permissions#workspace-permissions | +| `custom` _[CustomPermissions](#custompermissions)_ | Custom permissions let you assign specific, finer-grained permissions to a team than the broader fixed permission sets provide. More information: - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/permissions#custom-workspace-permissions | #### Token @@ -444,7 +446,7 @@ _Appears in:_ -Variables let you customize configurations, modify Terraform's behavior, and store information like provider credentials. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables +Variables let you customize configurations, modify Terraform's behavior, and store information like provider credentials. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables _Appears in:_ - [WorkspaceSpec](#workspacespec) @@ -463,7 +465,7 @@ _Appears in:_ -VersionControl settings for the workspace's VCS repository, enabling the UI/VCS-driven run workflow. Omit this argument to utilize the CLI-driven and API-driven workflows, where runs are not driven by webhooks on your VCS provider. More information: - https://developer.hashicorp.com/terraform/cloud-docs/run/ui - https://developer.hashicorp.com/terraform/cloud-docs/vcs +VersionControl settings for the workspace's VCS repository, enabling the UI/VCS-driven run workflow. Omit this argument to utilize the CLI-driven and API-driven workflows, where runs are not driven by webhooks on your VCS provider. More information: - https://developer.hashicorp.com/terraform/cloud-docs/run/ui - https://developer.hashicorp.com/terraform/cloud-docs/vcs _Appears in:_ - [WorkspaceSpec](#workspacespec) @@ -487,7 +489,8 @@ Workspace is the Schema for the workspaces API | --- | --- | | `apiVersion` _string_ | `app.terraform.io/v1alpha2` | `kind` _string_ | `Workspace` -| `TypeMeta` _[TypeMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#typemeta-v1-meta)_ | | +| `kind` _string_ | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | +| `apiVersion` _string_ | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | | `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | `spec` _[WorkspaceSpec](#workspacespec)_ | | @@ -496,7 +499,7 @@ Workspace is the Schema for the workspaces API -AgentPool allows Terraform Cloud to communicate with isolated, private, or on-premises infrastructure. Only one of the fields `ID` or `Name` is allowed. At least one of the fields `ID` or `Name` is mandatory. More information: - https://developer.hashicorp.com/terraform/cloud-docs/agents +AgentPool allows Terraform Cloud to communicate with isolated, private, or on-premises infrastructure. Only one of the fields `ID` or `Name` is allowed. At least one of the fields `ID` or `Name` is mandatory. More information: - https://developer.hashicorp.com/terraform/cloud-docs/agents _Appears in:_ - [WorkspaceSpec](#workspacespec) @@ -511,7 +514,7 @@ _Appears in:_ -Run tasks allow Terraform Cloud to interact with external systems at specific points in the Terraform Cloud run lifecycle. Only one of the fields `ID` or `Name` is allowed. At least one of the fields `ID` or `Name` is mandatory. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/run-tasks +Run tasks allow Terraform Cloud to interact with external systems at specific points in the Terraform Cloud run lifecycle. Only one of the fields `ID` or `Name` is allowed. At least one of the fields `ID` or `Name` is mandatory. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/run-tasks _Appears in:_ - [WorkspaceSpec](#workspacespec) @@ -536,25 +539,25 @@ _Appears in:_ | Field | Description | | --- | --- | | `name` _string_ | Workspace name. | -| `organization` _string_ | Organization name where the Workspace will be created. More information: - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/organizations | +| `organization` _string_ | Organization name where the Workspace will be created. More information: - https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/organizations | | `token` _[Token](#token)_ | API Token to be used for API calls. | -| `applyMethod` _string_ | Define either change will be applied automatically(auto) or require an operator to confirm(manual). More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings#auto-apply-and-manual-apply | -| `allowDestroyPlan` _boolean_ | Allows a destroy plan to be created and applied. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings#destruction-and-deletion | +| `applyMethod` _string_ | Define either change will be applied automatically(auto) or require an operator to confirm(manual). More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings#auto-apply-and-manual-apply | +| `allowDestroyPlan` _boolean_ | Allows a destroy plan to be created and applied. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings#destruction-and-deletion | | `description` _string_ | Workspace description. | -| `agentPool` _[WorkspaceAgentPool](#workspaceagentpool)_ | Terraform Cloud Agents allow Terraform Cloud to communicate with isolated, private, or on-premises infrastructure. More information: - https://developer.hashicorp.com/terraform/cloud-docs/agents | -| `executionMode` _string_ | Define where the Terraform code will be executed. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings#execution-mode | -| `runTasks` _[WorkspaceRunTask](#workspaceruntask) array_ | Run tasks allow Terraform Cloud to interact with external systems at specific points in the Terraform Cloud run lifecycle. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/run-tasks | +| `agentPool` _[WorkspaceAgentPool](#workspaceagentpool)_ | Terraform Cloud Agents allow Terraform Cloud to communicate with isolated, private, or on-premises infrastructure. More information: - https://developer.hashicorp.com/terraform/cloud-docs/agents | +| `executionMode` _string_ | Define where the Terraform code will be executed. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings#execution-mode | +| `runTasks` _[WorkspaceRunTask](#workspaceruntask) array_ | Run tasks allow Terraform Cloud to interact with external systems at specific points in the Terraform Cloud run lifecycle. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/run-tasks | | `tags` _string array_ | Workspace tags are used to help identify and group together workspaces. | -| `teamAccess` _[TeamAccess](#teamaccess) array_ | Terraform Cloud workspaces can only be accessed by users with the correct permissions. You can manage permissions for a workspace on a per-team basis. When a workspace is created, only the owners team and teams with the "manage workspaces" permission can access it, with full admin permissions. These teams' access can't be removed from a workspace. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/access | -| `terraformVersion` _string_ | The version of Terraform to use for this workspace. If not specified, the latest available version will be used. More information: - https://www.terraform.io/cloud-docs/workspaces/settings#terraform-version | -| `workingDirectory` _string_ | The directory where Terraform will execute, specified as a relative path from the root of the configuration directory. More information: - https://www.terraform.io/cloud-docs/workspaces/settings#terraform-working-directory | -| `environmentVariables` _[Variable](#variable) array_ | Terraform Environment variables for all plans and applies in this workspace. Variables defined within a workspace always overwrite variables from variable sets that have the same type and the same key. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables#environment-variables | -| `terraformVariables` _[Variable](#variable) array_ | Terraform variables for all plans and applies in this workspace. Variables defined within a workspace always overwrite variables from variable sets that have the same type and the same key. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables#terraform-variables | -| `remoteStateSharing` _[RemoteStateSharing](#remotestatesharing)_ | Remote state access between workspaces. By default, new workspaces in Terraform Cloud do not allow other workspaces to access their state. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/state#accessing-state-from-other-workspaces | -| `runTriggers` _[RunTrigger](#runtrigger) array_ | Run triggers allow you to connect this workspace to one or more source workspaces. These connections allow runs to queue automatically in this workspace on successful apply of runs in any of the source workspaces. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/run-triggers | -| `versionControl` _[VersionControl](#versioncontrol)_ | Settings for the workspace's VCS repository, enabling the UI/VCS-driven run workflow. Omit this argument to utilize the CLI-driven and API-driven workflows, where runs are not driven by webhooks on your VCS provider. More information: - https://www.terraform.io/cloud-docs/run/ui - https://www.terraform.io/cloud-docs/vcs | -| `sshKey` _[SSHKey](#sshkey)_ | SSH key used to clone Terraform modules. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/ssh-keys | -| `notifications` _[Notification](#notification) array_ | Notifications allow you to send messages to other applications based on run and workspace events. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/notifications | +| `teamAccess` _[TeamAccess](#teamaccess) array_ | Terraform Cloud workspaces can only be accessed by users with the correct permissions. You can manage permissions for a workspace on a per-team basis. When a workspace is created, only the owners team and teams with the "manage workspaces" permission can access it, with full admin permissions. These teams' access can't be removed from a workspace. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/access | +| `terraformVersion` _string_ | The version of Terraform to use for this workspace. If not specified, the latest available version will be used. More information: - https://www.terraform.io/cloud-docs/workspaces/settings#terraform-version | +| `workingDirectory` _string_ | The directory where Terraform will execute, specified as a relative path from the root of the configuration directory. More information: - https://www.terraform.io/cloud-docs/workspaces/settings#terraform-working-directory | +| `environmentVariables` _[Variable](#variable) array_ | Terraform Environment variables for all plans and applies in this workspace. Variables defined within a workspace always overwrite variables from variable sets that have the same type and the same key. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables#environment-variables | +| `terraformVariables` _[Variable](#variable) array_ | Terraform variables for all plans and applies in this workspace. Variables defined within a workspace always overwrite variables from variable sets that have the same type and the same key. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables#terraform-variables | +| `remoteStateSharing` _[RemoteStateSharing](#remotestatesharing)_ | Remote state access between workspaces. By default, new workspaces in Terraform Cloud do not allow other workspaces to access their state. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/state#accessing-state-from-other-workspaces | +| `runTriggers` _[RunTrigger](#runtrigger) array_ | Run triggers allow you to connect this workspace to one or more source workspaces. These connections allow runs to queue automatically in this workspace on successful apply of runs in any of the source workspaces. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/run-triggers | +| `versionControl` _[VersionControl](#versioncontrol)_ | Settings for the workspace's VCS repository, enabling the UI/VCS-driven run workflow. Omit this argument to utilize the CLI-driven and API-driven workflows, where runs are not driven by webhooks on your VCS provider. More information: - https://www.terraform.io/cloud-docs/run/ui - https://www.terraform.io/cloud-docs/vcs | +| `sshKey` _[SSHKey](#sshkey)_ | SSH key used to clone Terraform modules. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/ssh-keys | +| `notifications` _[Notification](#notification) array_ | Notifications allow you to send messages to other applications based on run and workspace events. More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/notifications |