Disable all but an allow list of Terraform Versions on TFE

tf_version.sh

#!/bin/bash

# ----- Initialize Environment -----

# export TFE_HOSTNAME="tfe.company.com"
# export TFE_TOKEN="zzz.atlasv1.zzz"

# Allowed values should be seperated by a space
allow_list=(0.12.24 0.12.20 0.11.14)

# ----- Validate Environment -----

if ! hash jq 2>/dev/null; then
  echo 'The jq package must be installed and must exist in $PATH. Exiting...'
  exit 2
fi
if [ -z "${TFE_HOSTNAME}" ]; then
  echo "The Terraform Enterprise domain name must be defined. Exiting..."
  exit 3
fi
if [ -z "${TFE_TOKEN}" ]; then
  echo "The Terraform Enterprise Site Admin's User token must be defined. Exiting..."
  exit 3
fi
if [ -z "${allow_list}" ]; then
  echo "The allowed versions (allow_list) must be defined. Exiting..."
  exit 3
fi

# Call API using pagination to get every version
function get_terraform_versions () {
  # Only echo response data
  next_link="https://${TFE_HOSTNAME}/api/v2/admin/terraform-versions?page[number]=1&page[size]=100"
  while [[ "$next_link" != "null" ]]
  do    
    curl_response=$(curl -s "${next_link}" \
    --header "Authorization: Bearer ${TFE_TOKEN}" \
    --header "Content-Type: application/vnd.api+json")
    parsed_data=$(echo "${curl_response}" | jq -crj '.data[] | [.id, .attributes.enabled, .attributes.version]')
    echo $parsed_data

    next_link=$(echo "${curl_response}" | jq -r '.links.next')
  done
}

function disable_terraform_version () {
  local id=$1
  local version=$2
  local enabled=$3
  if [[ "${enabled}" == "false" ]]; then
    echo "Disable Terraform Version (${version}): Already disabled"
  else
    echo "Disable Terraform Version (${version}): Disabling..."
    result=$(curl -s -X PATCH "https://${TFE_HOSTNAME}/api/v2/admin/terraform-versions/$id" \
      --header "Authorization: Bearer ${TFE_TOKEN}" \
      --header "Content-Type: application/vnd.api+json" \
      --data-binary @- <<EOF
{
  "data": {
    "type": "terraform-versions",
    "attributes": {
      "enabled": false
    }
  }
}
EOF
    )

    echo "Disable Terraform Version (${version}): Disabled"
  fi
}


function enable_terraform_version () {
  local id=$1
  local version=$2
  local enabled=$3
  if [[ "${enabled}" == "true" ]]; then
    echo "Enable Terraform Version (${version}): Already enabled"
  else
    echo "Enable Terraform Version (${version}): Enabling..."
    result=$(curl -s -X PATCH "https://${TFE_HOSTNAME}/api/v2/admin/terraform-versions/$id" \
      --header "Authorization: Bearer ${TFE_TOKEN}" \
      --header "Content-Type: application/vnd.api+json" \
      --data-binary @- <<EOF
{
  "data": {
    "type": "terraform-versions",
    "attributes": {
      "enabled": true
    }
  }
}
EOF
    )

    echo "Enable Terraform Version (${version}): Enabled"
  fi
}

echo "Query TFE for versions to disable..."
all_versions=$(get_terraform_versions | jq -crs 'map([.[0], .[1], .[2]]) | .[] | @base64')

for row in $all_versions; do
  decoded_row=$(echo "$row" | base64 --decode)
  _id() {
    echo "$decoded_row" | jq -r .[0]
  }
  _enabled() {
    echo "$decoded_row" | jq -r .[1]
  }
  _version() {
    echo "$decoded_row" | jq -r .[2]
  }
  if [[ " ${allow_list[@]} " =~ " $(_version) " ]]; then
    enable_terraform_version $(_id) $(_version) $(_enabled)
  else
    disable_terraform_version $(_id) $(_version) $(_enabled)
  fi
done