Introduction
Within TFC/TFE you can generate an API token to use at the following levels.
- User token
- Team token
- Organization token
What you can do with this token in HCP Terraform/TFE depends on what kind of token it is or the permissions assigned to the user/team for which the API token is generated.
If you are not able to check within HCP Terraform/TFE itself if the token you have has the correct permissions you can use the following solution.
Procedure
Use the token you have to get the organization details. This will also output the permissions you have with this token.
More details about the API can be found here
For better formatted output, the example uses the open-source tool jq which can be found here.
export TOKEN=<your token to test>
curl \
--header "Authorization: Bearer $TOKEN" \
--header "Content-Type: application/vnd.api+json" \
--request GET \
https://app.terraform.io/api/v2/organizations/<your organization> | jq '.data.attributes.permissions'
Output example:
{
"can-update": false,
"can-destroy": false,
"can-access-via-teams": true,
"can-create-module": false,
"can-create-team": true,
"can-create-workspace": true,
"can-manage-users": true,
"can-manage-subscription": false,
"can-manage-sso": false,
"can-update-oauth": true,
"can-update-sentinel": true,
"can-update-ssh-keys": false,
"can-update-api-token": true,
"can-traverse": true,
"can-start-trial": false,
"can-update-agent-pools": true,
"can-manage-tags": true,
"can-manage-varsets": true,
"can-read-varsets": true,
"can-manage-public-providers": false,
"can-create-provider": false,
"can-manage-public-modules": false,
"can-manage-custom-providers": false,
"can-manage-run-tasks": true,
"can-read-run-tasks": true,
"can-manage-assessments": false
}
Additional Information
-
Official documentation for the API tokens can be found here
- Official website jq tool can be found here