#!/usr/bin/env bash
# vim:ts=4:sts=4:sw=4:et
#
# Author: Hari Sekhon
# Date: 2021-11-12 14:37:10 +0000 (Fri, 12 Nov 2021)
#
# https://github.com/harisekhon/bash-tools
#
# License: see accompanying Hari Sekhon LICENSE file
#
# If you're using my code you're welcome to connect with me on LinkedIn and optionally send me feedback to help steer this or other code I publish
#
# https://www.linkedin.com/in/harisekhon
#
set -euo pipefail
[ -n " ${ DEBUG :- } " ] && set -x
srcdir = " $( dirname " ${ BASH_SOURCE [0] } " ) "
# shellcheck disable=SC1090
. " $srcdir /lib/utils.sh "
# shellcheck disable=SC1090
. " $srcdir /lib/git.sh "
# shellcheck disable=SC2034,SC2154
usage_description = "
Queries the Terraform Cloud API
Authentication requites the environment variable \$ TERRAFORM_TOKEN to be set
Can specify \$ CURL_OPTS for options to pass to curl or provide them as arguments
Set up a personal access token here:
https://app.terraform.io/app/settings/tokens
API Reference:
https://www.terraform.io/docs/cloud/api/index.html
For convenience, the following tokens in the format ':token' or '{token}' are automatically replaced if the environment variables are available, for easy copy-pasting from API documentation:
:org, :organization, :organization_name \$ TERRAFORM_ORGANIZATION
:workspace, :workspace_id \$ TERRAFORM_WORKSPACE
:user, :userid, :user_id \$ TERRAFORM_USER_ID, otherwise must make extra call to API to determine
Examples:
# Get Account Details for the currently authenticated user:
${ 0 ##*/ } /account/details | jq .
# Get Account Details for a given user (doesn't contain email like /account/details self-describing endpoint):
${ 0 ##*/ } /users/{ userid} | jq .
# Get your user ID (export as \$TERRAFORM_USER_ID for other queries):
${ 0 ##*/ } /account/details | jq .data.id
export TERRAFORM_USER_ID = \" \$ ( ${ 0 ##*/ } /account/details | jq .data.id) \"
# List organizations:
${ 0 ##*/ } /organizations | jq .
# List workspaces:
${ 0 ##*/ } /organizations/:organization_name/workspaces | jq .
# List an organization's variable sets:
${ 0 ##*/ } /organizations/:organization_name/varsets | jq .
# List workspace variables (see terraform_cloud_workspace_set_vars.sh for an easy way to add/update them):
${ 0 ##*/ } /workspaces/:workspace_id/vars | jq .
# See terraform_cloud_*_vars.sh for easier listing/adding/updating/deleting variables in workspaces and variable sets
# Lock/Unlock a workspace:
${ 0 ##*/ } /workspaces/:workspace_id/actions/lock -X POST | jq .
${ 0 ##*/ } /workspaces/:workspace_id/actions/unlock -X POST | jq .
# List workspace resources:
${ 0 ##*/ } /workspaces/:workspace_id/resources | jq .
# IP Ranges used by Terraform Cloud (see terraform_cloud_ip_ranges.sh for a processed version, one per line):
${ 0 ##*/ } /meta/ip-ranges | jq .
# Registry Modules for an org:
${ 0 ##*/ } /organizations/{ org} /registry-modules | jq .
# Get Agent Pools:
${ 0 ##*/ } /organizations/{ organization} /agent-pools | jq .
# Get Audit Trails:
${ 0 ##*/ } /organization/audit-trail | jq .
# Get Feature Sets:
${ 0 ##*/ } /feature-sets | jq .
# Get your user authentication tokens (eg. to check for old tokens programmatically):
${ 0 ##* } /users/{ userid} /authentication-tokens | jq .
# Create a new user token:
${ 0 ##* } /users/{ userid} /authentication-tokens -X POST | jq .
# Delete a user token:
${ 0 ##* } /authentication-tokens/{ id} -X DELETE | jq .
"
# used by usage() in lib/utils.sh
# shellcheck disable=SC2034
usage_args = "/path [<curl_options>]"
url_base = "https://app.terraform.io/api/v2"
help_usage " $@ "
min_args 1 " $@ "
curl_api_opts " $@ "
check_env_defined TERRAFORM_TOKEN
export TOKEN = " $TERRAFORM_TOKEN "
url_path = " ${ 1 :- } "
shift || :
# stripping url_base for convenience in case copying and pasting from docs
url_path = " ${ url_path //https : \/ \/ app .terraform.io \/ api \/ v2 } "
url_path = " ${ url_path ##/ } "
if [ [ " $url_path " = ~ [ \{ :] org( anization) ?( _?name) ?\} ? ] ] ; then
if [ -n " ${ TERRAFORM_ORGANIZATION :- } " ] ; then
url_path = " ${ url_path // : organization_name / $TERRAFORM_ORGANIZATION } "
url_path = " ${ url_path // : organization / $TERRAFORM_ORGANIZATION } "
url_path = " ${ url_path // : org / $TERRAFORM_ORGANIZATION } "
url_path = " ${ url_path // \{ organization_name \} / $TERRAFORM_ORGANIZATION } "
url_path = " ${ url_path // \{ organization \} / $TERRAFORM_ORGANIZATION } "
url_path = " ${ url_path // \{ org \} / $TERRAFORM_ORGANIZATION } "
else
die "organization placeholder found but \$TERRAFORM_ORGANIZATION is not set"
fi
fi
if [ [ " $url_path " = ~ [ \{ :] workspace( _?id) ?\} ? ] ] ; then
if [ -n " ${ TERRAFORM_WORKSPACE :- } " ] ; then
url_path = " ${ url_path // : workspace_id / $TERRAFORM_WORKSPACE } "
url_path = " ${ url_path // : workspace / $TERRAFORM_WORKSPACE } "
url_path = " ${ url_path // \{ workspace_id \} / $TERRAFORM_WORKSPACE } "
url_path = " ${ url_path // \{ workspace \} / $TERRAFORM_WORKSPACE } "
else
die "workspace placeholder found but \$TERRAFORM_WORKSPACE is not set"
fi
fi
if [ [ " $url_path " = ~ [ \{ :] ?user( _?id) ?\} ? ] ] ; then
if [ -n " ${ TERRAFORM_USER_ID :- } " ] ; then
url_path = " ${ url_path // : user_id / $TERRAFORM_USER_ID } "
url_path = " ${ url_path // : userid / $TERRAFORM_USER_ID } "
url_path = " ${ url_path // : user / $TERRAFORM_USER_ID } "
url_path = " ${ url_path // \{ user \} / $TERRAFORM_USER_ID } "
url_path = " ${ url_path // \{ userid \} / $TERRAFORM_USER_ID } "
url_path = " ${ url_path // \{ user_id \} / $TERRAFORM_USER_ID } "
else
user_id = " $( " $srcdir /curl_auth.sh " " ${ CURL_OPTS [@] } " " $url_base /account/details " | jq -r .data.id) "
url_path = " ${ url_path // : user_id / $user_id } "
url_path = " ${ url_path // : userid / $user_id } "
url_path = " ${ url_path // : user / $user_id } "
url_path = " ${ url_path // \{ user \} / $user_id } "
url_path = " ${ url_path // \{ userid \} / $user_id } "
url_path = " ${ url_path // \{ user_id \} / $user_id } "
fi
fi
" $srcdir /curl_auth.sh " " $url_base / $url_path " " ${ CURL_OPTS [@] } " " $@ "