Table: tfe_oauth_client - Query Terraform Enterprise OAuth Clients using SQL
An OAuth Client in Terraform Enterprise is a fundamental building block when working with OAuth-based connections in the platform. It represents the applications that are registered to use the OAuth 2.0 authorization framework. OAuth Clients are responsible for managing the OAuth tokens and their associated scopes, providing a secure way to authenticate users and interact with the Terraform Enterprise API.
Table Usage Guide
The tfe_oauth_client table provides insights into OAuth Clients within Terraform Enterprise. As a security administrator, explore OAuth client-specific details through this table, including client credentials, token details, and associated metadata. Utilize it to uncover information about OAuth clients, such as those with specific permissions, the relationships between clients, and the verification of token scopes.
Examples
Basic info
Explore the OAuth client details within your infrastructure to gain insights into their configuration and usage. This can be useful in understanding the client's behavior and identifying any potential issues or areas for improvement.
select *from tfe_oauth_client;select *from tfe_oauth_client;Get OAuth client by ID
Explore which OAuth client corresponds to a specific ID to manage access and permissions more effectively. This can be useful in scenarios where you need to understand the access granted to a particular client or troubleshoot issues related to client permissions.
select *from tfe_oauth_clientwhere id = 'oc-JM8tnPzgdo1wM3jy';select *from tfe_oauth_clientwhere id = 'oc-JM8tnPzgdo1wM3jy';List OAuth clients sorted by age
Analyze the settings to understand the age of your OAuth clients, allowing you to prioritize updates or maintenance based on their age. This can be useful in managing the lifecycle of your OAuth clients and ensuring older clients are still functioning properly.
select id, created_at, date_part('day', age(current_timestamp, created_at)) as age_daysfrom tfe_oauth_clientorder by age_days desc;select id, created_at, julianday('now') - julianday(created_at) as age_daysfrom tfe_oauth_clientorder by age_days desc;Schema for tfe_oauth_client
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
| api_url | text | The API url of the service provider. | |
| callback_url | text | The callback url of the oauth client. | |
| connect_path | text | The connection path of the oauth client. | |
| created_at | timestamp with time zone | Time when the oauth client was created. | |
| http_url | text | The HTTP url of the service provider. | |
| id | text | = | The ID of the oauth client. |
| key | text | The key of the oauth client. | |
| oauth_token | jsonb | The token information you were given by your VCS provider. | |
| organization | jsonb | The organization information. | |
| organization_name | text | Name of the organization containing the oauth client. | |
| rsa_public_key | text | The public key of the oauth client. | |
| service_provider | text | The VCS provider being connected with. Valid options are ado_server, ado_services, github, github_enterprise, gitlab_hosted, gitlab_community_edition, or gitlab_enterprise_edition. | |
| service_provider_name | text | The name of VCS provider being connected with. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- tfeYou can pass the configuration to the command with the --config argument:
steampipe_export_tfe --config '<your_config>' tfe_oauth_client