Merge branch 'main' into MaxTTLPhase2

Author: sana-faraz

CHANGELOG.md

@@ -1,7 +1,17 @@
 ## Unreleased
+FEATURES:
+* Adds a warning message to `r/tfe_team_token`, `r/tfe_organization_token` and `r/tfe_audit_trail_token` resources to indicate that if no `expired_at` attribute is set, the token will expire in 2 years. By @sana-faraz [#1976](https://github.com/hashicorp/terraform-provider-tfe/pull/1976)
+
+BREAKING CHANGES:
+* `r/tfe_variable`: Fixed a bug where value_wo continuously resulted in new changes on every terraform apply. By @uk1288 [#1983](https://github.com/hashicorp/terraform-provider-tfe/pull/1983)
+* `r/tfe_variable`: Added the `value_wo_version` write-only attribute to allow triggering value_wo updates, by @uk1288 ([#1983](https://github.com/hashicorp/terraform-provider-tfe/pull/1983))
+* `r/tfe_test_variable`: Added the `value_wo_version` write-only attribute to allow triggering `value_wo` updates, by @uk1288 ([#1985](https://github.com/hashicorp/terraform-provider-tfe/pull/1985))
+* `r/tfe_team_notification_configuration`: Added the `token_wo_version` write-only attribute to allow triggering `token_wo` updates, by @uk1288 ([#1995](https://github.com/hashicorp/terraform-provider-tfe/pull/1995))
+* `r/tfe_notification_configuration`: Added the `token_wo_version` write-only attribute to allow triggering token_wo updates, by @uk1288 [#2001](https://github.com/hashicorp/terraform-provider-tfe/pull/2001)
 
 FEATURES:
 * Adds `tfe_query_run` action, allowing users to invoke remote Terraform queries on HCP Terraform and Terraform Enterprise, by @sebasslash [#1982](https://github.com/hashicorp/terraform-provider-tfe/pull/1982)
+* Adds `d/tfe_current_user` data source for retrieving information about the user associated with the configured API token, by @ShaunakRembhotkar
 
 ## v0.74.1
 

internal/provider/data_source_current_user.go

@@ -0,0 +1,107 @@
+// Copyright IBM Corp. 2018, 2025
+// SPDX-License-Identifier: MPL-2.0
+
+package provider
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+)
+
+var (
+	_ datasource.DataSource              = &dataSourceCurrentUser{}
+	_ datasource.DataSourceWithConfigure = &dataSourceCurrentUser{}
+)
+
+func NewCurrentUserDataSource() datasource.DataSource {
+	return &dataSourceCurrentUser{}
+}
+
+type dataSourceCurrentUser struct {
+	config ConfiguredClient
+}
+
+type modelCurrentUser struct {
+	ID               types.String `tfsdk:"id"`
+	Username         types.String `tfsdk:"username"`
+	Email            types.String `tfsdk:"email"`
+	IsServiceAccount types.Bool   `tfsdk:"is_service_account"`
+}
+
+func (d *dataSourceCurrentUser) Metadata(_ context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+	resp.TypeName = req.ProviderTypeName + "_current_user"
+}
+
+func (d *dataSourceCurrentUser) Schema(_ context.Context, _ datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		MarkdownDescription: "Get the current user associated with the API token.",
+
+		Attributes: map[string]schema.Attribute{
+			"id": schema.StringAttribute{
+				Computed:            true,
+				MarkdownDescription: "Service-generated identifier for the user.",
+			},
+			"username": schema.StringAttribute{
+				Computed:            true,
+				MarkdownDescription: "The username of the current user.",
+			},
+			"email": schema.StringAttribute{
+				Computed:            true,
+				MarkdownDescription: "The email address of the current user.",
+			},
+			"is_service_account": schema.BoolAttribute{
+				Computed:            true,
+				MarkdownDescription: "Whether the current user is a service account.",
+			},
+		},
+	}
+}
+
+func (d *dataSourceCurrentUser) Configure(_ context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) {
+	if req.ProviderData == nil {
+		return
+	}
+
+	client, ok := req.ProviderData.(ConfiguredClient)
+	if !ok {
+		resp.Diagnostics.AddError(
+			"Unexpected Data Source Configure Type",
+			fmt.Sprintf("Expected ConfiguredClient, got %T. This is a bug in the tfe provider, so please report it on GitHub.", req.ProviderData),
+		)
+
+		return
+	}
+
+	d.config = client
+}
+
+func (d *dataSourceCurrentUser) Read(ctx context.Context, _ datasource.ReadRequest, resp *datasource.ReadResponse) {
+	tflog.Debug(ctx, "Reading current user")
+
+	user, err := d.config.Client.Users.ReadCurrent(ctx)
+	if err != nil {
+		resp.Diagnostics.AddError("Unable to read current user", err.Error())
+		return
+	}
+
+	model := modelCurrentUser{
+		ID:               types.StringValue(user.ID),
+		Username:         types.StringValue(user.Username),
+		Email:            types.StringValue(user.Email),
+		IsServiceAccount: types.BoolValue(user.IsServiceAccount),
+	}
+
+	tflog.Trace(ctx, "Read current user successfully", map[string]any{
+		"user_id":            user.ID,
+		"username":           user.Username,
+		"is_service_account": user.IsServiceAccount,
+	})
+
+	diags := resp.State.Set(ctx, &model)
+	resp.Diagnostics.Append(diags...)
+}

internal/provider/data_source_current_user_test.go

@@ -0,0 +1,33 @@
+// Copyright IBM Corp. 2018, 2025
+// SPDX-License-Identifier: MPL-2.0
+
+package provider
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+)
+
+func TestAccCurrentUserDataSource_basic(t *testing.T) {
+	resourceAddress := "data.tfe_current_user.test"
+	resource.Test(t, resource.TestCase{
+		PreCheck:                 func() { testAccPreCheck(t) },
+		ProtoV6ProviderFactories: testAccMuxedProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCurrentUserDataSourceConfig_basic(),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttrSet(resourceAddress, "id"),
+					resource.TestCheckResourceAttrSet(resourceAddress, "username"),
+					resource.TestCheckResourceAttrSet(resourceAddress, "email"),
+					resource.TestCheckResourceAttrSet(resourceAddress, "is_service_account"),
+				),
+			},
+		},
+	})
+}
+
+func testAccCurrentUserDataSourceConfig_basic() string {
+	return `data "tfe_current_user" "test" {}`
+}

internal/provider/planmodifiers/warn_if_null_on_create.go

@@ -0,0 +1,37 @@
+// Copyright IBM Corp. 2018, 2025
+// SPDX-License-Identifier: MPL-2.0
+
+package planmodifiers
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
+)
+
+type warnIfNullOnCreateModifier struct {
+	message string
+}
+
+func (m warnIfNullOnCreateModifier) Description(ctx context.Context) string {
+	return "Warning that the attribute value is null during resource creation"
+}
+
+func (m warnIfNullOnCreateModifier) MarkdownDescription(ctx context.Context) string {
+	return m.Description(ctx)
+}
+
+func (m warnIfNullOnCreateModifier) PlanModifyString(ctx context.Context, req planmodifier.StringRequest, resp *planmodifier.StringResponse) {
+	if req.State.Raw.IsNull() && req.ConfigValue.IsNull() {
+		resp.Diagnostics.AddWarning(
+			m.message,
+			"",
+		)
+	}
+}
+
+func WarnIfNullOnCreate(message string) planmodifier.String {
+	return warnIfNullOnCreateModifier{
+		message: message,
+	}
+}

internal/provider/provider_next.go

@@ -143,6 +143,7 @@ func (p *frameworkProvider) Actions(ctx context.Context) []func() action.Action
 
 func (p *frameworkProvider) DataSources(ctx context.Context) []func() datasource.DataSource {
 	return []func() datasource.DataSource{
+		NewCurrentUserDataSource,
 		NewHYOKCustomerKeyVersionDataSource,
 		NewHYOKEncryptedDataKeyDataSource,
 		NewNoCodeModuleDataSource,

internal/provider/resource_tfe_audit_trail_token.go

@@ -21,6 +21,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
 	"github.com/hashicorp/terraform-plugin-framework/types"
 	"github.com/hashicorp/terraform-plugin-log/tflog"
+	"github.com/hashicorp/terraform-provider-tfe/internal/provider/planmodifiers"
 )
 
 type resourceAuditTrailToken struct {
@@ -99,8 +100,13 @@ func (r *resourceAuditTrailToken) Schema(ctx context.Context, req resource.Schem
 				Description: "The time when the audit trail token will expire. This must be a valid ISO8601 timestamp.",
 				CustomType:  timetypes.RFC3339Type{},
 				Optional:    true,
+				Computed:    true,
 				PlanModifiers: []planmodifier.String{
 					stringplanmodifier.RequiresReplace(),
+					stringplanmodifier.UseStateForUnknown(),
+					planmodifiers.WarnIfNullOnCreate(
+						"Audit Trail Token expiration null values defaults to 24 months",
+					),
 				},
 			},
 			"organization": schema.StringAttribute{

internal/provider/resource_tfe_audit_trail_token_test.go

@@ -163,6 +163,37 @@ func TestAccTFEAuditTrailToken_withInvalidExpiry(t *testing.T) {
 	})
 }
 
+func TestAccTFEAuditTrailToken_withBlankExpiry(t *testing.T) {
+	skipUnlessBeta(t)
+	token := &tfe.OrganizationToken{}
+
+	tfeClient, err := getClientUsingEnv()
+	if err != nil {
+		t.Fatal(err)
+	}
+	org, orgCleanup := createBusinessOrganization(t, tfeClient)
+	t.Cleanup(orgCleanup)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:                 func() { testAccPreCheck(t) },
+		ProtoV6ProviderFactories: testAccMuxedProviders,
+		CheckDestroy:             testAccCheckTFEAuditTrailTokenDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccTFEAuditTrailToken_withBlankExpiry(org.Name),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckTFEAuditTrailTokenExists(
+						"tfe_audit_trail_token.foobar", token),
+					resource.TestCheckResourceAttr(
+						"tfe_audit_trail_token.foobar", "organization", org.Name),
+					resource.TestCheckResourceAttrSet(
+						"tfe_audit_trail_token.foobar", "expired_at"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccTFEAuditTrailToken_import(t *testing.T) {
 	tfeClient, err := getClientUsingEnv()
 	if err != nil {
@@ -281,7 +312,6 @@ func testAccTFEAuditTrailToken_withBlankExpiry(orgName string) string {
 	return fmt.Sprintf(`
 resource "tfe_audit_trail_token" "foobar" {
   organization = "%s"
-  expired_at = ""
 }`, orgName)
 }