Allow terraform cloud instances other than app.terraform.io

[Convez]

Extension Version

v2.29.2

Problem Statement

Currently the terraform cloud part of the extension can handle the app.terraform.io instance of terraform cloud.

However, this doesn't take into account enterprise instances of terraform cloud.

Expected User Experience

It would be nice to be able to configure which instance of terraform cloud the extension is targetting. Ideally it would also be possible to switch the "active profile".

Proposal

The simplest way would be a new settings field with the target instance hostname, or current active profile.

As the credentials.tfrc.json file already support multiple hosts, this file can be the source of the selection for the current "active profile".

Before the "Cloud authentication method" window appearing after clicking on the "Login to Terraform Cloud" button, an "Insert Terraform Cloud Hostname" window would appear

References

No response

Help Wanted

• [X] I'm interested in contributing a fix myself

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

[jpogran]

Hey @Convez, thanks for the feature suggestion! We agree, and created https://github.com/hashicorp/vscode-terraform/issues/1505 back at the start of our integration to track that.

I originally thought it would be a User/Workspace level setting, but I like the idea to pull the info from the TFC credentials file.

[plattenschieber]

I had the same idea, but stumbled upon another issue on my way. The terraform login command will save the credentials in another place than the extension is expecting on Windows: (cp.)

Terraform will store the token in plain text in the following file
for use by subsequent commands:
    C:\Users\xxx\AppData\Roaming\terraform.d\credentials.tfrc.json

[Convez]

I had the same idea, but stumbled upon another issue on my way. The terraform login command will save the credentials in another place than the extension is expecting on Windows: (cp.)

Terraform will store the token in plain text in the following file
for use by subsequent commands:
    C:\Users\xxx\AppData\Roaming\terraform.d\credentials.tfrc.json

Thanks for that, I'll update my PR.

[willjprice]

Is there a status update on this enhancement? I would love to be able to use this extension in my org.

[trutled3]

@jpogran @willjprice - I am also interested in the status update on this enhancement to utilize this within my org as well.

[jpogran]

Hello everyone. I've updated https://github.com/hashicorp/vscode-terraform/pull/1678 directly, but I will also update here.

Hey @Convez, thanks for your patience. There are/have been several things in the air that either needed to land or be started before I could come back to this. The good news is I am picking this back up now.

I've rebased and made a small commit updating some HCP Terraform renaming, which is minor. Then I have tested it against a test TFE instance that has over 10,000 workspaces, and the good news is it works which was a concern of ours since we didn't load test this extension with TFE workloads in mind. The bad news is I've hit two bugs, but only one is related to this PR.

The one related to this PR is it not remembering the hostname after closing out VS Code. This seems to hit mostly with the temp profile, but did happen with my personal install. I think I found the resolution by storing the hostname along with the token in the secret store. This way it is present when the extension starts again. I still have to test it with expired tokens to make sure all the auth related scenarios still work, but I think that resolves it. The bug not related to your PR is refreshing the workspace view after loading a significant number of workspaces seems to fail with a duplicate key. I'll resolve that separately.

The next steps is to finish out the testing auth scenarios, then we can go through the review process and get this merged.

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.