Try SpotterAdd, update or remove team access to a workspace
| "added in version" 0.1.0 of esp.terraform"
Authors: Krzysztof Lewandowski (@klewan)
Install with ansible-galaxy collection install esp.terraform:==0.1.0
collections:
- name: esp.terraform
version: 0.1.0Adds, updates or removes team access to a workspace.
Teams and workspaces may be referred either by their ids or their names.
A team-workspace resource represents a team's local permissions on a specific workspace.
A single team-workspace resource contains the relationship between the Team and Workspace, including the privileges the team has on the workspace.
- name: Add or update Team access to a Workspace
esp.terraform.tfe_team_access:
url: 'https://terraform.example.com'
token: '{{ token }}'
organization: foo
team: developers
workspace: my-workspace
attributes:
"access": custom
"runs": apply
"variables": none
"state-versions": read-outputs
"sentinel-mocks": read
"workspace-locking": false
state: present
validate_certs: no
- name: Remove Team access to a Workspace
esp.terraform.tfe_team_access:
url: 'https://terraform.example.com'
token: '{{ token }}'
organization: foo
team: developers
workspace: my-workspace
state: absent
validate_certs: no
url:
description:
- Terraform Enterprise URL.
required: false
type: str
team:
description:
- The ID or name of the team to add to the workspace, or remove from the workspace.
required: false
type: str
sleep:
default: 5
description:
- Number of seconds to sleep between API retries.
type: int
state:
choices:
- absent
- present
default: present
description:
- Whether the team access should exist or not.
required: true
type: str
token:
description:
- All requests to Terraform Enterprise must be authenticated with a bearer token.
- There are three kinds of token available, i.e. user tokens, team tokens and organization
tokens.
- See L(Authentication,https://www.terraform.io/docs/cloud/api/index.html#authentication).
required: true
type: str
retries:
default: 3
description:
- Number of retries to call Terraform API URL before failure.
type: int
use_proxy:
default: true
description:
- If C(no), it will not use a proxy, even if one is defined in an environment variable
on the target hosts.
type: bool
workspace:
description:
- The workspace name or ID to which the team is to be added or removed.
required: false
type: str
attributes:
description:
- Definition of the access properties.
- Required when C(state=present).
required: false
suboptions:
access:
choices:
- read
- plan
- write
- admin
- custom
description:
- The type of access to grant.
required: true
type: str
runs:
choices:
- read
- plan
- apply
description:
- If access is custom, the permission to grant for the workspace's runs. Can only
be used when C(access=custom).
required: false
type: str
sentinel-mocks:
choices:
- none
- read
description:
- If access is custom, the permission to grant for the workspace's Sentinel mocks.
Can only be used when C(access=custom).
required: false
type: str
state-versions:
choices:
- none
- read-outputs
- read
- write
description:
- If access is custom, the permission to grant for the workspace's state versions.
Can only be used when C(access=custom).
required: false
type: str
variables:
choices:
- none
- read
- write
description:
- If access is custom, the permission to grant for the workspace's variables.
Can only be used when C(access=custom).
required: false
type: str
workspace-locking:
description:
- If access is custom, the permission granting the ability to manually lock or
unlock the workspace. Can only be used when C(access=custom).
required: false
type: bool
type: dict
organization:
description:
- Organization name.
required: true
type: str
relationship:
description:
- The ID of the team/workspace relationship to remove.
- Applicable only when C(state=absent).
- Alternatively use C(team) and C(workspace) options if you don't know relationship
ID.
required: false
type: str
validate_certs:
default: true
description:
- If C(no), SSL certificates will not be validated.
- This should only set to C(no) used on personally controlled sites using self-signed
certificates.
type: bool
json:
contains:
data:
description: Details on the team access.
returned: success
sample:
attributes:
access: custom
runs: apply
sentinel-mocks: read
state-versions: read-outputs
variables: none
workspace-locking: false
id: tws-qj8ugVEZLV9JsLLw
links:
self: /api/v2/team-workspaces/tws-qj8ugVEZLV9JsLLw
relationships:
team:
data:
id: team-EMyKbSwR3FbgpDop
type: teams
links:
related: /api/v2/teams/team-EMyKbSwR3FbgpDop
workspace:
data:
id: ws-upBS5wz93fDhtwpn
type: workspaces
links:
related: /api/v2/organizations/foo/workspaces/my-workspace
type: team-workspaces
type: dict
description: Details on the team access.
returned: success
type: dict