Provides a workspace resource.
Basic usage:
resource "tfe_organization" "test-organization" {
name = "my-org-name"
email = "admin@company.com"
}
resource "tfe_workspace" "test" {
name = "my-workspace-name"
organization = tfe_organization.test-organization.name
tag_names = ["test", "app"]
}
Usage with vcs_repo:
resource "tfe_organization" "test-organization" {
name = "my-org-name"
email = "admin@company.com"
}
resource "tfe_oauth_client" "test" {
organization = tfe_organization.test-organization
api_url = "https://api.github.com"
http_url = "https://github.com"
oauth_token = "oauth_token_id"
service_provider = "github"
}
resource "tfe_workspace" "parent" {
name = "parent-ws"
organization = tfe_organization.test-organization
queue_all_runs = false
vcs_repo {
branch = "main"
identifier = "my-org-name/vcs-repository"
oauth_token_id = tfe_oauth_client.test.oauth_token_id
}
}
The following arguments are supported:
name
- (Required) Name of the workspace.agent_pool_id
- (Optional) Deprecated The ID of an agent pool to assign to the workspace. Use tfe_workspace_settings instead.allow_destroy_plan
- (Optional) Whether destroy plans can be queued on the workspace.assessments_enabled
- (Optional) Whether to regularly run health assessments such as drift detection on the workspace. Defaults to false
.auto_apply
- (Optional) Whether to automatically apply changes when a Terraform plan is successful. Defaults to false
.auto_apply_run_trigger
- (Optional) Whether to automatically apply changes for runs that were created by run triggers from another workspace. Defaults to false
.description
- (Optional) A description for the workspace.execution_mode
- (Optional) Deprecated Which execution mode to use. Use tfe_workspace_settings instead.file_triggers_enabled
- (Optional) Whether to filter runs based on the changed files
in a VCS push. Defaults to true
. If enabled, the working directory and
trigger prefixes describe a set of paths which must contain changes for a
VCS push to trigger a run. If disabled, any push will trigger a run.force_delete
- (Optional) If this attribute is present on a workspace that is being deleted through the provider, it will use the existing force delete API. If this attribute is not present or false it will safe delete the workspace.global_remote_state
- (Optional) Whether the workspace allows all workspaces in the organization to access its state data during runs. If false, then only specifically approved workspaces can access its state (remote_state_consumer_ids
).operations
- Deprecated Whether to use remote execution mode.
Defaults to true
. When set to false
, the workspace will be used for
state storage only. This value _must not_ be provided if execution_mode
is
provided.organization
- (Optional) Name of the organization. If omitted, organization must be defined in the provider config.project_id
- (Optional) ID of the project where the workspace should be created.queue_all_runs
- (Optional) Whether the workspace should start
automatically performing runs immediately after its creation. Defaults to
true
. When set to false
, runs triggered by a webhook (such as a commit
in VCS) will not be queued until at least one run has been manually queued.
Note: This default differs from the HCP Terraform API default, which
is false
. The provider uses true
as any workspace provisioned with
false
would need to then have a run manually queued out-of-band before
accepting webhooks.remote_state_consumer_ids
- (Optional) The set of workspace IDs set as explicit remote state consumers for the given workspace.source_name
- (Optional) A friendly name for the application or client
creating this workspace. If set, this will be displayed on the workspace as
"Created via source_url
to also be set.source_url
- (Optional) A URL for the application or client creating this
workspace. This can be the URL of a related resource in another app, or a
link to documentation or other info about the client.
Requires source_name
to also be set.
Note: The API does not (currently) allow this to be updated after a
workspace has been created, so modifying this value will result in the
workspace being replaced. To disable this, use an ignore changes lifecycle meta-argumentspeculative_enabled
- (Optional) Whether this workspace allows speculative
plans. Defaults to true
. Setting this to false
prevents HCP Terraform
or the Terraform Enterprise instance from running plans on pull requests,
which can improve security if the VCS repository is public or includes
untrusted contributors.structured_run_output_enabled
- (Optional) Whether this workspace should
show output from Terraform runs using the enhanced UI when available.
Defaults to true
. Setting this to false
ensures that all runs in this
workspace will display their output as text logs.ssh_key_id
- (Optional) The ID of an SSH key to assign to the workspace.tag_names
- (Optional) A list of tag names for this workspace. Note that tags must only contain lowercase letters, numbers, colons, or hyphens.ignore_additional_tag_names
- (Optional) Explicitly ignores tag_names
_not_ defined by config so they will not be overwritten by the configured
tags. This creates exceptional behavior in terraform with respect
to tag_names
and is not recommended. This value must be applied before it
will be used.terraform_version
- (Optional) The version of Terraform to use for this
workspace. This can be either an exact version or a
version constraint
(like ~> 1.0.0
); if you specify a constraint, the workspace will always use
the newest release that meets that constraint. Defaults to the latest
available version.trigger_patterns
- (Optional) List of glob patterns that describe the files HCP Terraform monitors for changes. Trigger patterns are always appended to the root directory of the repository. Mutually exclusive with trigger-prefixes
.trigger_prefixes
- (Optional) List of repository-root-relative paths which describe all locations
to be tracked for changes.vcs_repo
- (Optional) Settings for the workspace's VCS repository, enabling the UI/VCS-driven run workflow.
Omit this argument to utilize the CLI-driven and API-driven
workflows, where runs are not driven by webhooks on your VCS provider.working_directory
- (Optional) A relative path that Terraform will execute within. Defaults to the root of your repository.The vcs_repo
block supports:
identifier
- (Required) A reference to your VCS repository in the format
<vcs organization>/<repository>
where <vcs organization>
and <repository>
refer to the organization and repository
in your VCS provider. The format for Azure DevOps is <ado organization>/<ado project>/_git/<ado repository>
.branch
- (Optional) The repository branch that Terraform will execute from.
This defaults to the repository's default branch (e.g. main).github_app_installation_id
- (Optional) The installation id of the Github App. This conflicts with oauth_token_id
and can only be used if oauth_token_id
is not used.ingress_submodules
- (Optional) Whether submodules should be fetched when
cloning the VCS repository. Defaults to false
.oauth_token_id
- (Optional) The VCS Connection (OAuth Connection + Token) to use.
This ID can be obtained from a tfe_oauth_client
resource. This conflicts with github_app_installation_id
and can only be used if github_app_installation_id
is not used.tags_regex
- (Optional) A regular expression used to trigger a Workspace run for matching Git tags. This option conflicts with trigger_patterns
and trigger_prefixes
. Should only set this value if the former is not being used.In addition to all arguments above, the following attributes are exported:
id
- The workspace ID.resource_count
- The number of resources managed by the workspace.html_url
- The URL to the browsable HTML overview of the workspace.Workspaces can be imported; use <WORKSPACE ID>
or <ORGANIZATION NAME>/<WORKSPACE NAME>
as the
import ID. For example:
terraform import tfe_workspace.test ws-CH5in3chf8RJjrVd
terraform import tfe_workspace.test my-org-name/my-wkspace-name