Created
June 1, 2022 10:49
-
-
Save carljavier/fe1193e66741b61129fe8ea19a68add0 to your computer and use it in GitHub Desktop.
TFE Team Access, Plan/Apply
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Two Teams, one is admin (apply) , and the other can only plan | |
| resource "tfe_team" "gcp-network-admin" { | |
| name = "gcp-network-admin" | |
| organization = "my-org-name" | |
| } | |
| resource "tfe_team" "gcp-network-plan" { | |
| name = "gcp-network-plan" | |
| organization = "my-org-name" | |
| } | |
| # Workspace Create | |
| resource "tfe_workspace" "test" { | |
| name = "my-workspace-name" | |
| organization = "my-org-name" | |
| } | |
| # Assign Team to Workspace | |
| resource "tfe_team_access" "plan" { | |
| access = "plan" | |
| team_id = tfe_team.gcp-network-plan.id | |
| workspace_id = tfe_workspace.test.id | |
| } | |
| resource "tfe_team_access" "apply" { | |
| access = "apply" | |
| team_id = tfe_team.gcp-network-apply.id | |
| workspace_id = tfe_workspace.test.id | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Scenario
Only want TFC/TFE users to be able to locally plan from their machines. Users would typically create a user TF Token. They would be put into the team that only had "plan" access.
Only the "pipeline" or a cicd box or specific users should have the ability to "apply". A team API token can then be used in the pipeline that is allowed to "apply".