Merge pull request #1552 from hashicorp/create-pull-request/patch

release: v0.62.0

website/docs/cdktf/csharp/d/variable_set.html.markdown

@@ -51,5 +51,6 @@ The following arguments are supported:
 * `WorkspaceIds` - IDs of the workspaces that use the variable set.
 * `VariableIds` - IDs of the variables attached to the variable set.
 * `ProjectIds` - IDs of the projects that use the variable set.
+* `ParentProjectId` - ID of the project that owns the variable set.
 
-<!-- cache-key: cdktf-0.17.0-pre.15 input-69cc7771506b3265795fe469ee556bc13e62b7222aa6d0f36adeae7b5aa799c2 -->
+<!-- cache-key: cdktf-0.17.0-pre.15 input-bf1bfbd6988140f428db72c174b6b91d124e83198e36d64ed719ce367b5f38fe -->

website/docs/cdktf/csharp/index.html.markdown

@@ -77,7 +77,7 @@ automatically installed by `terraform init` in the future:
 terraform {
   required_providers {
     tfe = {
-      version = "~> 0.60.0"
+      version = "~> 0.62.0"
     }
   }
 }
@@ -90,7 +90,7 @@ The above snippet using `RequiredProviders` is for Terraform 0.13+; if you are u
 
 ```hcl
 provider "tfe" {
-  version = "~> 0.60.0"
+  version = "~> 0.62.0"
   ...
 }
 ```
@@ -103,7 +103,7 @@ For more information on provider installation and constraining provider versions
 provider "tfe" {
   hostname = var.hostname # Optional, defaults to HCP Terraform `AppTerraformIo`
   token    = var.token
-  version  = "~> 0.60.0"
+  version  = "~> 0.62.0"
 }
 
 # Create an organization
@@ -129,4 +129,4 @@ The following arguments are supported:
   arguments. Ensure that the organization already exists prior to using this argument.
   This can also be specified using the `TfeOrganization` environment variable.
 
-<!-- cache-key: cdktf-0.17.0-pre.15 input-a77df58c9615ebcb917fe58dd81f9e798ce819182034bd2e639ba91520a1ccad -->
+<!-- cache-key: cdktf-0.17.0-pre.15 input-c53fd50c149df357cf3dca9ae2dec851fb9e70077b6d8995cede275a4c0c61f6 -->

website/docs/cdktf/csharp/r/audit_trail_token.html.markdown

@@ -0,0 +1,78 @@
+---
+layout: "tfe"
+page_title: "Terraform Enterprise: tfe_audit_trail_token"
+description: |-
+  Generates a new audit trail token in organization, replacing any existing token.
+---
+
+
+<!-- Please do not edit this file, it is generated. -->
+# tfe_audit_trail_token
+
+Generates a new audit trail token in organization, replacing any existing token.
+
+Note that only organizations that have the [audit-logging entitlement](https://developer.hashicorp.com/terraform/cloud-docs/api-docs#audit-logging) may create audit trail tokens.
+
+## Example Usage
+
+Basic usage:
+
+```csharp
+using Constructs;
+using HashiCorp.Cdktf;
+/*Provider bindings are generated by running cdktf get.
+See https://cdk.tf/provider-generation for more details.*/
+using Gen.Providers.Tfe;
+class MyConvertedCode : TerraformStack
+{
+    public MyConvertedCode(Construct scope, string name) : base(scope, name)
+    {
+        new AuditTrailToken.AuditTrailToken(this, "test", new AuditTrailTokenConfig {
+            Organization = "my-org-name"
+        });
+    }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `Organization` - (Optional) Name of the organization. If omitted, organization must be defined in the provider config.
+* `ForceRegenerate` - (Optional) If set to `True`, a new token will be
+  generated even if a token already exists. This will invalidate the existing
+  token!
+* `ExpiredAt` - (Optional) The token's expiration date. The expiration date must be a date/time string in RFC3339
+format (e.g., "2024-12-31T23:59:59Z"). If no expiration date is supplied, the expiration date will default to null and
+never expire.
+
+## Example Usage
+
+When a token has an expiry:
+
+```hcl
+resource "time_rotating" "example" {
+  rotation_days = 30
+}
+
+resource "tfe_audit_trail_token" "test" {
+  organization = data.tfe_organization.org.name
+  expired_at = time_rotating.example.rotation_rfc3339
+}
+```
+
+## Attributes Reference
+
+* `Id` - The ID of the token.
+* `Token` - The generated token.
+
+## Import
+
+Audit trail tokens can be imported; use `<ORGANIZATION NAME>` as the import ID.
+For example:
+
+```shell
+terraform import tfe_audit_trail_token.test my-org-name
+```
+
+<!-- cache-key: cdktf-0.17.0-pre.15 input-2c87d1201e89a4243d53e9ef85752b50f8797786174b1c7744ecc61fd3ced2cd -->

website/docs/cdktf/csharp/r/project_variable_set.html.markdown

@@ -5,9 +5,15 @@ description: |-
   Add a variable set to a project
 ---
 
+
+<!-- Please do not edit this file, it is generated. -->
 # tfe_project_variable_set
 
-Adds and removes variable sets from a project
+Adds and removes a project from a variable set's scope.
+
+-> **Note:** This resource controls whether a project has access to a variable set, not whether
+a project owns the variable set. Ownership is specified by setting the `ParentProjectId` on the
+`TfeVariableSet` resource.
 
 ## Example Usage
 
@@ -70,4 +76,4 @@ Project Variable Sets can be imported; use `<ORGANIZATION>/<PROJECT ID>/<VARIABL
 terraform import tfe_project_variable_set.test 'my-org-name/prj-F1NpdVBuCF3xc5Rp/Test Varset'
 ```
 
-<!-- cache-key: cdktf-0.17.0-pre.15 input-3ed7efa700c9f0adbd77edbead72946a667e2f16005af09d2a97b4351f63db90 -->
+<!-- cache-key: cdktf-0.17.0-pre.15 input-daf47945bcce294b7bb84fb1557fe718d31e19868ca6657bf229429e9d6bb394 -->

website/docs/cdktf/csharp/r/variable_set.html.markdown

@@ -164,6 +164,95 @@ class MyConvertedCode : TerraformStack
 }
 ```
 
+Creating a project-owned variable set that is applied to all workspaces in the project:
+
+```csharp
+using Constructs;
+using HashiCorp.Cdktf;
+/*Provider bindings are generated by running cdktf get.
+See https://cdk.tf/provider-generation for more details.*/
+using Gen.Providers.Tfe;
+class MyConvertedCode : TerraformStack
+{
+    public MyConvertedCode(Construct scope, string name) : base(scope, name)
+    {
+        var tfeOrganizationTest = new Organization.Organization(this, "test", new OrganizationConfig {
+            Email = "admin@company.com",
+            Name = "my-org-name"
+        });
+        var tfeProjectTest = new Project.Project(this, "test_1", new ProjectConfig {
+            Name = "projectname",
+            Organization = Token.AsString(tfeOrganizationTest.Name)
+        });
+        /*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
+        tfeProjectTest.OverrideLogicalId("test");
+        var tfeVariableSetTest = new VariableSet.VariableSet(this, "test_2", new VariableSetConfig {
+            Description = "Varset that is owned and managed by a project.",
+            Name = "Project-owned Varset",
+            Organization = Token.AsString(tfeOrganizationTest.Name),
+            ParentProjectId = Token.AsString(tfeProjectTest.Id)
+        });
+        /*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
+        tfeVariableSetTest.OverrideLogicalId("test");
+        var tfeProjectVariableSetTest =
+        new ProjectVariableSet.ProjectVariableSet(this, "test_3", new ProjectVariableSetConfig {
+            ProjectId = Token.AsString(tfeProjectTest.Id),
+            VariableSetId = Token.AsString(tfeVariableSetTest.Id)
+        });
+        /*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
+        tfeProjectVariableSetTest.OverrideLogicalId("test");
+    }
+}
+```
+
+Creating a project-owned variable set that is applied to specific workspaces:
+
+```csharp
+using Constructs;
+using HashiCorp.Cdktf;
+/*Provider bindings are generated by running cdktf get.
+See https://cdk.tf/provider-generation for more details.*/
+using Gen.Providers.Tfe;
+class MyConvertedCode : TerraformStack
+{
+    public MyConvertedCode(Construct scope, string name) : base(scope, name)
+    {
+        var tfeOrganizationTest = new Organization.Organization(this, "test", new OrganizationConfig {
+            Email = "admin@company.com",
+            Name = "my-org-name"
+        });
+        var tfeProjectTest = new Project.Project(this, "test_1", new ProjectConfig {
+            Name = "projectname",
+            Organization = Token.AsString(tfeOrganizationTest.Name)
+        });
+        /*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
+        tfeProjectTest.OverrideLogicalId("test");
+        var tfeVariableSetTest = new VariableSet.VariableSet(this, "test_2", new VariableSetConfig {
+            Description = "Varset that is owned and managed by a project.",
+            Name = "Project-owned Varset",
+            Organization = Token.AsString(tfeOrganizationTest.Name),
+            ParentProjectId = Token.AsString(tfeProjectTest.Id)
+        });
+        /*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
+        tfeVariableSetTest.OverrideLogicalId("test");
+        var tfeWorkspaceTest = new Workspace.Workspace(this, "test_3", new WorkspaceConfig {
+            Name = "my-workspace-name",
+            Organization = Token.AsString(tfeOrganizationTest.Name),
+            ProjectId = Token.AsString(tfeProjectTest.Id)
+        });
+        /*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
+        tfeWorkspaceTest.OverrideLogicalId("test");
+        var tfeWorkspaceVariableSetTest =
+        new WorkspaceVariableSet.WorkspaceVariableSet(this, "test_4", new WorkspaceVariableSetConfig {
+            VariableSetId = Token.AsString(tfeVariableSetTest.Id),
+            WorkspaceId = Token.AsString(tfeWorkspaceTest.Id)
+        });
+        /*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
+        tfeWorkspaceVariableSetTest.OverrideLogicalId("test");
+    }
+}
+```
+
 ## Argument Reference
 
 The following arguments are supported:
@@ -177,6 +266,8 @@ The following arguments are supported:
   Must not be set if `Global` is set. This argument is mutually exclusive with using the resource
   [tfe_workspace_variable_set](workspace_variable_set.html) which is the preferred method of associating a workspace
   with a variable set.
+* `ParentProjectId` - (Optional) ID of the project that should own the variable set. If set, than the value of `Global` must be `False`.
+  To assign whether a variable set should be applied to a project, use the [`TfeProjectVariableSet`](project_variable_set.html) resource.
 
 ## Attributes Reference
 
@@ -190,4 +281,4 @@ Variable sets can be imported; use `<VARIABLE SET ID>` as the import ID. For exa
 terraform import tfe_variable_set.test varset-5rTwnSaRPogw6apb
 ```
 
-<!-- cache-key: cdktf-0.17.0-pre.15 input-56c480ce5d76f75a9c6444491a533a03a70a4fb8de37cdeb7ea6b6fdb26d44c4 -->
+<!-- cache-key: cdktf-0.17.0-pre.15 input-e43c37b8fda384ac825900c2a05dad46b7405306e02b1151313679fb612e7a61 -->

website/docs/cdktf/csharp/r/workspace.html.markdown

@@ -13,8 +13,6 @@ Provides a workspace resource.
 
 ~> **NOTE:** Setting the execution mode and agent pool affinity directly on the workspace is deprecated in favor of using both [tfe_workspace_settings](workspace_settings) and [tfe_organization_default_settings](organization_default_settings), since they allow more precise control and fully support [agent_pool_allowed_workspaces](agent_pool_allowed_workspaces). Use caution when unsetting `ExecutionMode`, as it now leaves any prior value unmanaged instead of reverting to the old default value of `"remote"`.
 
-~> **NOTE:** Using `GlobalRemoteState` or `RemoteStateConsumerIds` requires using the provider with HCP Terraform or an instance of Terraform Enterprise at least as recent as v202104-1.
-
 ## Example Usage
 
 Basic usage:
@@ -101,7 +99,7 @@ The following arguments are supported:
   trigger prefixes describe a set of paths which must contain changes for a
   VCS push to trigger a run. If disabled, any push will trigger a run.
 * `ForceDelete` - (Optional) If this attribute is present on a workspace that is being deleted through the provider, it will use the existing force delete API. If this attribute is not present or false it will safe delete the workspace.
-* `GlobalRemoteState` - (Optional) Whether the workspace allows all workspaces in the organization to access its state data during runs. If false, then only specifically approved workspaces can access its state (`RemoteStateConsumerIds`).
+* `GlobalRemoteState` - (Optional) **Deprecated** Whether the workspace allows all workspaces in the organization to access its state data during runs. Use [tfe_workspace_settings](workspace_settings) instead.
 * `Operations` - **Deprecated** Whether to use remote execution mode.
   Defaults to `True`. When set to `False`, the workspace will be used for
   state storage only. This value _must not_ be provided if `ExecutionMode` is
@@ -116,7 +114,7 @@ The following arguments are supported:
   is `False`. The provider uses `True` as any workspace provisioned with
   `False` would need to then have a run manually queued out-of-band before
   accepting webhooks.
-* `RemoteStateConsumerIds` - (Optional) The set of workspace IDs set as explicit remote state consumers for the given workspace.
+* `RemoteStateConsumerIds` - (Optional) **Deprecated** The set of workspace IDs set as explicit remote state consumers for the given workspace. Use [tfe_workspace_settings](workspace_settings) instead.
 * `SourceName` - (Optional) A friendly name for the application or client
    creating this workspace. If set, this will be displayed on the workspace as
    "Created via <SOURCE NAME>".
@@ -193,4 +191,4 @@ terraform import tfe_workspace.test ws-CH5in3chf8RJjrVd
 terraform import tfe_workspace.test my-org-name/my-wkspace-name
 ```
 
-<!-- cache-key: cdktf-0.17.0-pre.15 input-d77de336a5a7ff992f384172426e4a08194946368dc6e0a8c28f78a10116913f -->
+<!-- cache-key: cdktf-0.17.0-pre.15 input-2359c8613d3559ab7c7a4c6129993314e7d1492991970cbde73305dbd190c688 -->

website/docs/cdktf/csharp/r/workspace_settings.markdown

@@ -81,6 +81,42 @@ class MyConvertedCode : TerraformStack
 }
 ```
 
+Using `RemoteStateConsumerIds`:
+
+```csharp
+using Constructs;
+using HashiCorp.Cdktf;
+/*Provider bindings are generated by running cdktf get.
+See https://cdk.tf/provider-generation for more details.*/
+using Gen.Providers.Tfe;
+class MyConvertedCode : TerraformStack
+{
+    public MyConvertedCode(Construct scope, string name) : base(scope, name)
+    {
+        /*In most cases loops should be handled in the programming language context and
+            not inside of the Terraform context. If you are looping over something external, e.g. a variable or a file input
+            you should consider using a for loop. If you are looping over something only known to Terraform, e.g. a result of a data source
+            you need to keep this like it is.*/
+        var tfeWorkspaceTestForEachIterator = TerraformIterator.FromList(Token.AsAny(Fn.Toset(new [] { "qa", "production" })));
+        var tfeWorkspaceTest = new Workspace.Workspace(this, "test", new WorkspaceConfig {
+            Name = "${" + tfeWorkspaceTestForEachIterator.Value + "}-test",
+            ForEach = tfeWorkspaceTestForEachIterator
+        });
+        /*In most cases loops should be handled in the programming language context and
+            not inside of the Terraform context. If you are looping over something external, e.g. a variable or a file input
+            you should consider using a for loop. If you are looping over something only known to Terraform, e.g. a result of a data source
+            you need to keep this like it is.*/
+        var tfeWorkspaceSettingsTestSettingsForEachIterator = TerraformIterator.FromList(Token.AsAny(Fn.Toset(new [] { "qa", "production" })));
+        new WorkspaceSettings.WorkspaceSettings(this, "test-settings", new WorkspaceSettingsConfig {
+            GlobalRemoteState = false,
+            RemoteStateConsumerIds = Token.AsList(Fn.Toset(Fn.Compact(Token.AsList(new [] { Conditional(Op.Eq(tfeWorkspaceSettingsTestSettingsForEachIterator.Value, "production"), PropertyAccess(tfeWorkspaceTest, new [] { "\"qa\"", "id" }), "") })))),
+            WorkspaceId = Token.AsString(PropertyAccess(PropertyAccess(tfeWorkspaceTest, new [] { tfeWorkspaceSettingsTestSettingsForEachIterator.Value }), new [] { "id" })),
+            ForEach = tfeWorkspaceSettingsTestSettingsForEachIterator
+        });
+    }
+}
+```
+
 This resource may be used as a data source when no optional arguments are defined:
 
 ```csharp
@@ -119,6 +155,8 @@ The following arguments are supported:
   to be set to `Agent`. This value _must not_ be provided if `ExecutionMode` is set to any other value.
 * `ExecutionMode` - (Optional) Which [execution mode](https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings#execution-mode)
   to use. Using HCP Terraform, valid values are `Remote`, `Local` or `Agent`. When set to `Local`, the workspace will be used for state storage only. **Important:** If you omit this attribute, the resource configures the workspace to use your organization's default execution mode (which in turn defaults to `Remote`), removing any explicit value that might have previously been set for the workspace.
+* `GlobalRemoteState` - (Optional) Whether the workspace allows all workspaces in the organization to access its state data during runs. If false, then only specifically approved workspaces can access its state (`RemoteStateConsumerIds`). By default, HashiCorp recommends you do not allow other workspaces to access their state. We recommend that you follow the principle of least privilege and only enable state access between workspaces that specifically need information from each other.
+* `RemoteStateConsumerIds` - (Optional) The set of workspace IDs set as explicit remote state consumers for the given workspace. To set this attribute, global_remote_state must be false.
 
 ## Attributes Reference
 
@@ -142,4 +180,4 @@ terraform import tfe_workspace_settings.test ws-CH5in3chf8RJjrVd
 terraform import tfe_workspace_settings.test my-org-name/my-wkspace-name
 ```
 
-<!-- cache-key: cdktf-0.17.0-pre.15 input-e567651e80d935c1297d2d63ac7bf6052ff86525f29c4e5f59a3395787d5761b -->
+<!-- cache-key: cdktf-0.17.0-pre.15 input-a714b9c49f712177772ab35d2cee545ccc98acb4ad551946c130f0e00257d4d5 -->

website/docs/cdktf/csharp/r/workspace_variable_set.html.markdown

@@ -9,7 +9,7 @@ description: |-
 <!-- Please do not edit this file, it is generated. -->
 # tfe_workspace_variable_set
 
-Adds and removes variable sets from a workspace
+Adds and removes a workspace from a variable set's scope.
 
 -> **Note:** `TfeVariableSet` has a deprecated argument `WorkspaceIds` that should not be used alongside this resource. They attempt to manage the same attachments and are mutually exclusive.
 
@@ -74,4 +74,4 @@ Workspace Variable Sets can be imported; use `<ORGANIZATION>/<WORKSPACE NAME>/<V
 terraform import tfe_workspace_variable_set.test 'my-org-name/workspace/My Variable Set'
 ```
 
-<!-- cache-key: cdktf-0.17.0-pre.15 input-0e93a89fc33e5f30b980a6183974fb86043d6296ff2c7122f52cfeca3fdd3ba4 -->
+<!-- cache-key: cdktf-0.17.0-pre.15 input-6dfe4c82273213a8c39d4cf9a21f083a573d571789d1952df673e7cfe729ed8d -->

website/docs/cdktf/go/d/variable_set.html.markdown

@@ -54,5 +54,6 @@ The following arguments are supported:
 * `WorkspaceIds` - IDs of the workspaces that use the variable set.
 * `VariableIds` - IDs of the variables attached to the variable set.
 * `ProjectIds` - IDs of the projects that use the variable set.
+* `ParentProjectId` - ID of the project that owns the variable set.
 
-<!-- cache-key: cdktf-0.17.0-pre.15 input-69cc7771506b3265795fe469ee556bc13e62b7222aa6d0f36adeae7b5aa799c2 -->
+<!-- cache-key: cdktf-0.17.0-pre.15 input-bf1bfbd6988140f428db72c174b6b91d124e83198e36d64ed719ce367b5f38fe -->