Problem
When trying to use the TFE provider to create workspaces and having Github app connected to TFE server
while using organization token as below.
Example code:
resource "tfe_workspace" "this" {
name = "<workspace_name>"
organization = "<organization_name>"
source_name = "<repo_name>"
source_url = https://<tfe_fqdn>/app/org/workspaces/<workspace_name>"
queue_all_runs = false
vcs_repo {
identifier = "xxx/xxx"
github_app_installation_id = "ghain-xxxx"
}
}
terraform {
required_providers {
tfe = {
version = ">=0.65.2"
}
}
}
provider "tfe" {
hostname = "<tfe_fqdn>"
token = "<Organization_token>"
}
Error received
Error: Error creating workspace <workspace_name> for organization <org_name>: invalid attribute
│
│ Repository doesn't exist or isn't accessible
│
│ with tfe_workspace.this,
│ on workspaces.tf line 1, in resource "tfe_workspace" "this":
│ 1: resource "tfe_workspace" "this" {
│
Prerequisites
- VCS is Github app and using org or team token
-
Using TFE provider to create workspace
Cause
- This is expected behavior as this is how Terraform interacts with GitHub app. The permissions of an individual user are passed through when TFE contacts GitHub. This token needs to be associated with a user that has rights to interact with any GitHub repo(s) necessary for the Terraform in this repo to function.
As as per Terraform documentation:Only an HCP Terraform user can own a GitHub App token.
Team and Organization API tokens are not able to own a GitHub App token.
Solutions:
-
Only use a User token with Github app and TFE provider. Neither organization nor team token would work.
Outcome
Once using Admin user token the workspaces are normally created.