When listing all the users in Terraform Enterprise using the API endpoint (/api/v2/admin/users) there might be more users visible than expected.
You might see additional users that have the is-service-account attribute set to true
For a better formatted output the example uses the open-source tool jq which can be found here
The following API is an example command to get the users from the TFE environment.
--header "Authorization: Bearer $TOKEN" \
--header "Content-Type: application/vnd.api+json" \
--request GET \
https://$TFE_HOSTNAME/api/v2/admin/users | jq '.data.attributes'
The output could show you users like the following
These users are not directed created by admin, but these are the API user that represents that associated with the token generated by a team with internal id.
- Service Account
The "is-service-account": true shows this is created by Terraform Enterprise and internal use only
From the username/email description we see for which part of Terraform Enterprise they were created.
- This relates to a VCS provider named test that points to Github .
- This relates to a team in Terraform Enterprise for which an API token was created and used. To get the details about which Teams group this relates to you will have to perform the following steps.
- ssh to Terraform Enterprise instance
- Execute the following command to login to the Rails Console
docker exec -it tfe-atlas /bin/bash -c "/usr/bin/init.sh /app/scripts/wait-for-token -- bash -i -c 'cd /app && ./bin/rails c'"
- Verify to which the team belongs
User.find_by(:username => 'api-team_5').memberships.team
- The result will be the following. In this case it relates to the team test-group
#<Team id: 5, organization_id: 1, name: "test-group", created_at: "2023-02-17 10:39:57.362492000 +0000"