diff --git a/README.md b/README.md
index f8f7163..0fa0b53 100644
--- a/README.md
+++ b/README.md
@@ -218,8 +218,8 @@ module "aws_account" {
| Name | Source | Version |
|------|--------|---------|
| [account](#module\_account) | schubergphilis/mcaf-account/aws | ~> 0.5.1 |
-| [additional\_tfe\_workspaces](#module\_additional\_tfe\_workspaces) | schubergphilis/mcaf-workspace/aws | ~> 2.0.0 |
-| [tfe\_workspace](#module\_tfe\_workspace) | schubergphilis/mcaf-workspace/aws | ~> 2.0.0 |
+| [additional\_tfe\_workspaces](#module\_additional\_tfe\_workspaces) | schubergphilis/mcaf-workspace/aws | ~> 2.0.1 |
+| [tfe\_workspace](#module\_tfe\_workspace) | schubergphilis/mcaf-workspace/aws | ~> 2.0.1 |
## Resources
@@ -246,7 +246,7 @@ module "aws_account" {
| [name](#input\_name) | Name of the account and default TFE workspace | `string` | n/a | yes |
| [tfe\_workspace](#input\_tfe\_workspace) | TFE workspace settings | object({
add_permissions_boundary = optional(bool, false)
agent_pool_id = optional(string)
agent_role_arns = optional(list(string))
allow_destroy_plan = optional(bool, true)
assessments_enabled = optional(bool, true)
auth_method = optional(string, "iam_role_oidc")
auto_apply = optional(bool, false)
auto_apply_run_trigger = optional(bool, false)
branch = optional(string, "main")
clear_text_env_variables = optional(map(string), {})
clear_text_hcl_variables = optional(map(string), {})
clear_text_terraform_variables = optional(map(string), {})
connect_vcs_repo = optional(bool, true)
default_region = string
description = optional(string)
execution_mode = optional(string, "remote")
file_triggers_enabled = optional(bool, true)
global_remote_state = optional(bool, false)
name = optional(string)
organization = string
policy = optional(string)
policy_arns = optional(list(string), ["arn:aws:iam::aws:policy/AdministratorAccess"])
project_id = optional(string)
queue_all_runs = optional(bool)
remote_state_consumer_ids = optional(set(string))
repository_identifier = optional(string)
role_name = optional(string, "TFEPipeline")
sensitive_env_variables = optional(map(string), {})
sensitive_hcl_variables = optional(map(object({ sensitive = string })), {})
sensitive_terraform_variables = optional(map(string), {})
ssh_key_id = optional(string)
terraform_version = optional(string)
trigger_patterns = optional(list(string))
trigger_prefixes = optional(list(string), ["modules"])
username = optional(string, "TFEPipeline")
vcs_oauth_token_id = string
variable_set_ids = optional(map(string), {})
working_directory = optional(string)
workspace_tags = optional(list(string))
notification_configuration = optional(map(object({
destination_type = string
enabled = optional(bool, true)
url = string
triggers = optional(list(string), [
"run:created",
"run:planning",
"run:needs_attention",
"run:applying",
"run:completed",
"run:errored",
])
})), {})
team_access = optional(map(object({
access = optional(string, null),
permissions = optional(object({
run_tasks = bool
runs = string
sentinel_mocks = string
state_versions = string
variables = string
workspace_locking = bool
}), null)
})), {})
}) | n/a | yes |
| [account\_variable\_set](#input\_account\_variable\_set) | Settings of variable set that is attached to each workspace | object({
name = optional(string)
clear_text_env_variables = optional(map(string), {})
clear_text_hcl_variables = optional(map(string), {})
clear_text_terraform_variables = optional(map(string), {})
}) | `{}` | no |
-| [additional\_tfe\_workspaces](#input\_additional\_tfe\_workspaces) | Additional TFE workspaces | map(object({
add_permissions_boundary = optional(bool, false)
agent_pool_id = optional(string)
agent_role_arns = optional(list(string))
allow_destroy_plan = optional(bool)
assessments_enabled = optional(bool)
auth_method = optional(string)
auto_apply = optional(bool, false)
auto_apply_run_trigger = optional(bool, false)
branch = optional(string)
clear_text_env_variables = optional(map(string), {})
clear_text_hcl_variables = optional(map(string), {})
clear_text_terraform_variables = optional(map(string), {})
connect_vcs_repo = optional(bool, true)
default_region = optional(string)
description = optional(string)
execution_mode = optional(string)
file_triggers_enabled = optional(bool, true)
global_remote_state = optional(bool, false)
name = optional(string)
policy = optional(string)
policy_arns = optional(list(string), ["arn:aws:iam::aws:policy/AdministratorAccess"])
project_id = optional(string)
queue_all_runs = optional(bool)
remote_state_consumer_ids = optional(set(string))
repository_identifier = optional(string)
role_name = optional(string)
sensitive_env_variables = optional(map(string), {})
sensitive_hcl_variables = optional(map(object({ sensitive = string })), {})
sensitive_terraform_variables = optional(map(string), {})
ssh_key_id = optional(string)
terraform_version = optional(string)
trigger_patterns = optional(list(string))
trigger_prefixes = optional(list(string))
username = optional(string)
vcs_oauth_token_id = optional(string)
variable_set_ids = optional(map(string), {})
working_directory = optional(string)
workspace_tags = optional(list(string))
notification_configuration = optional(map(object({
destination_type = string
enabled = optional(bool, true)
url = string
triggers = optional(list(string), [
"run:created",
"run:planning",
"run:needs_attention",
"run:applying",
"run:completed",
"run:errored",
])
})), {})
team_access = optional(map(object({
access = optional(string, null),
permissions = optional(object({
run_tasks = bool
runs = string
sentinel_mocks = string
state_versions = string
variables = string
workspace_locking = bool
}), null)
})), {})
})) | `{}` | no |
+| [additional\_tfe\_workspaces](#input\_additional\_tfe\_workspaces) | Additional TFE workspaces | map(object({
add_permissions_boundary = optional(bool, false)
agent_pool_id = optional(string)
agent_role_arns = optional(list(string))
allow_destroy_plan = optional(bool)
assessments_enabled = optional(bool)
auth_method = optional(string)
auto_apply = optional(bool, false)
auto_apply_run_trigger = optional(bool, false)
branch = optional(string)
clear_text_env_variables = optional(map(string), {})
clear_text_hcl_variables = optional(map(string), {})
clear_text_terraform_variables = optional(map(string), {})
connect_vcs_repo = optional(bool, true)
default_region = optional(string)
description = optional(string)
execution_mode = optional(string)
file_triggers_enabled = optional(bool, true)
global_remote_state = optional(bool, false)
name = optional(string)
policy = optional(string)
policy_arns = optional(list(string), ["arn:aws:iam::aws:policy/AdministratorAccess"])
project_id = optional(string)
queue_all_runs = optional(bool)
remote_state_consumer_ids = optional(set(string))
repository_identifier = optional(string)
role_name = optional(string)
sensitive_env_variables = optional(map(string), {})
sensitive_hcl_variables = optional(map(object({ sensitive = string })), {})
sensitive_terraform_variables = optional(map(string), {})
ssh_key_id = optional(string)
terraform_version = optional(string)
trigger_patterns = optional(list(string))
trigger_prefixes = optional(list(string))
username = optional(string)
vcs_oauth_token_id = optional(string)
variable_set_ids = optional(map(string), {})
working_directory = optional(string)
workspace_tags = optional(list(string))
notification_configuration = optional(map(object({
destination_type = string
enabled = optional(bool, true)
url = string
triggers = optional(list(string), [
"run:created",
"run:planning",
"run:needs_attention",
"run:applying",
"run:completed",
"run:errored",
])
})), null)
team_access = optional(map(object({
access = optional(string, null),
permissions = optional(object({
run_tasks = bool
runs = string
sentinel_mocks = string
state_versions = string
variables = string
workspace_locking = bool
}), null)
})), null)
})) | `{}` | no |
| [create\_default\_workspace](#input\_create\_default\_workspace) | Set to false to skip creating default workspace | `bool` | `true` | no |
| [path](#input\_path) | Optional path for all IAM users, user groups, roles, and customer managed policies created by this module | `string` | `"/"` | no |
| [permissions\_boundaries](#input\_permissions\_boundaries) | n/a | object({
workspace_boundary = optional(string)
workspace_boundary_name = optional(string)
workload_boundary = optional(string)
workload_boundary_name = optional(string)
}) | `{}` | no |
diff --git a/main.tf b/main.tf
index 00eeae2..756733e 100644
--- a/main.tf
+++ b/main.tf
@@ -169,7 +169,7 @@ module "tfe_workspace" {
providers = { aws = aws.account }
source = "schubergphilis/mcaf-workspace/aws"
- version = "~> 2.0.0"
+ version = "~> 2.0.1"
agent_pool_id = var.tfe_workspace.agent_pool_id
agent_role_arns = var.tfe_workspace.agent_role_arns
@@ -221,7 +221,7 @@ module "additional_tfe_workspaces" {
providers = { aws = aws.account }
source = "schubergphilis/mcaf-workspace/aws"
- version = "~> 2.0.0"
+ version = "~> 2.0.1"
agent_pool_id = each.value.agent_pool_id != null ? each.value.agent_pool_id : var.tfe_workspace.agent_pool_id
agent_role_arns = each.value.agent_role_arns != null ? each.value.agent_role_arns : var.tfe_workspace.agent_role_arns
@@ -239,7 +239,7 @@ module "additional_tfe_workspaces" {
file_triggers_enabled = each.value.connect_vcs_repo != false ? each.value.file_triggers_enabled : null
global_remote_state = each.value.global_remote_state
name = coalesce(each.value.name, each.key)
- notification_configuration = each.value.notification_configuration != {} ? each.value.notification_configuration : var.tfe_workspace.notification_configuration
+ notification_configuration = each.value.notification_configuration != null ? each.value.notification_configuration : var.tfe_workspace.notification_configuration
oauth_token_id = each.value.connect_vcs_repo != false ? coalesce(each.value.vcs_oauth_token_id, var.tfe_workspace.vcs_oauth_token_id) : null
oidc_settings = coalesce(each.value.auth_method, var.tfe_workspace.auth_method) == "iam_role_oidc" ? { provider_arn = aws_iam_openid_connect_provider.tfc_provider[0].arn } : null
path = var.path
@@ -256,7 +256,7 @@ module "additional_tfe_workspaces" {
sensitive_hcl_variables = each.value.sensitive_hcl_variables
sensitive_terraform_variables = each.value.sensitive_terraform_variables
ssh_key_id = each.value.ssh_key_id != null ? each.value.ssh_key_id : var.tfe_workspace.ssh_key_id
- team_access = each.value.team_access != {} ? each.value.team_access : var.tfe_workspace.team_access
+ team_access = each.value.team_access != null ? each.value.team_access : var.tfe_workspace.team_access
terraform_organization = var.tfe_workspace.organization
terraform_version = each.value.terraform_version != null ? each.value.terraform_version : var.tfe_workspace.terraform_version
trigger_patterns = each.value.trigger_patterns != null ? each.value.trigger_patterns : var.tfe_workspace.trigger_patterns
diff --git a/variables.tf b/variables.tf
index 02e9278..83a20b8 100644
--- a/variables.tf
+++ b/variables.tf
@@ -94,7 +94,7 @@ variable "additional_tfe_workspaces" {
"run:completed",
"run:errored",
])
- })), {})
+ })), null)
team_access = optional(map(object({
access = optional(string, null),
@@ -106,7 +106,7 @@ variable "additional_tfe_workspaces" {
variables = string
workspace_locking = bool
}), null)
- })), {})
+ })), null)
}))
default = {}
description = "Additional TFE workspaces"