Description
Background
Currently when SetEnv() is used, for example to set a custom plugin cache directory
tf.SetEnv(map[string]string{
"TF_PLUGIN_CACHE_DIR": "./foobar",
})then Terraform receives any environment variables set in the map + a handful of default Terraform (TF_*) ones we set internally.
Without SetEnv() we transparently pass through [almost] all environment variables, except for the Terraform ones which we want to be set explicitly as setting these would affect the behaviour/implementation which relies on specific output format or behaviour (e.g. no log lines in the output and no colouring).
This has a potentially unexpected negative side effect in that variables such as TMP, PATH and other common ones, which the Go stdlib relies on, are unavailable, breaking certain parts of the Terraform workflow.
For example, it is not possible to run terraform init on Windows without TMP unless it runs with elevated permissions, because Terraform uses ioutil.TempFile(). Temporary files are created in $TMP on Windows, which is typically set to C:\Users\Radek\AppData\Local\Temp which only needs permissions of a regular user. If that variable isn't available, then Go defaults to C:\Windows which typically requires elevated permissions.
Proposal
Consider passing through all environment variables when SetEnv() is used, or allow-list a handful of common ones, such as TMP.
Workaround
It is possible to work around this problem using e.g.
tf.SetEnv(map[string]string{
"TF_PLUGIN_CACHE_DIR": "./foobar",
"TMP": os.Getenv("TMP"),
})but it's likely there are other parts of Terraform which rely on other variables. e.g. I can imagine the need for HOME (Unix) HOMEPATH (Windows) or APPDATA in order to look up the CLI config file. https://developer.hashicorp.com/terraform/cli/config/config-file