Table: tfe_workspace - Query Terraform Enterprise Workspaces using SQL
Terraform Enterprise is a collaborative, scalable, and enterprise-friendly service provided by HashiCorp that enables teams to use Terraform together. It's designed to suit the collaboration and governance needs of large teams and organizations. Workspaces in Terraform Enterprise are used to manage and track infrastructure deployments.
Table Usage Guide
The tfe_workspace table provides insights into Workspaces within Terraform Enterprise. As a DevOps engineer or a system administrator, explore workspace-specific details through this table, including its ID, name, organization, and other associated metadata. Utilize it to uncover information about workspaces, such as those related to specific organizations, the status of the workspace, and the verification of associated metadata.
Examples
List workspaces
Explore all the workspaces available in your Terraform Enterprise setup to better manage and organize your infrastructure as code projects. This is useful for gaining a holistic view of your current workspaces, identifying potential areas for consolidation or reorganization.
select *from tfe_workspace;select *from tfe_workspace;Get a workspace by ID
Explore the details of a specific workspace in your infrastructure by using its unique identifier. This can help you understand the workspace's current state and configuration, which is useful for troubleshooting or auditing purposes.
select *from tfe_workspacewhere id = 'ws-ocYGM1ouZNZWZoUy';select *from tfe_workspacewhere id = 'ws-ocYGM1ouZNZWZoUy';Get VCS repository settings for workspaces
Explore the configuration of your Version Control System (VCS) repositories linked to your workspaces. This can aid in understanding the specific settings for each repository, such as the associated OAuth token, branch details, and service providers.
select id, name, vcs_repo ->> 'Identifier' as vcs_repo_identifier, vcs_repo ->> 'OAuthTokenID' as vcs_repo_oauth_token_id, vcs_repo ->> 'Branch' as vcs_repo_branch, vcs_repo ->> 'DisplayIdentifier' as vcs_repo_display_identifier, vcs_repo ->> 'IngressSubmodules' as vcs_repo_ingress_submodules, vcs_repo ->> 'RepositoryHTTPURL' as vcs_repo_repository_http_url, vcs_repo ->> 'ServiceProvider' as vcs_repo_service_providerfrom tfe_workspace;select id, name, json_extract(vcs_repo, '$.Identifier') as vcs_repo_identifier, json_extract(vcs_repo, '$.OAuthTokenID') as vcs_repo_oauth_token_id, json_extract(vcs_repo, '$.Branch') as vcs_repo_branch, json_extract(vcs_repo, '$.DisplayIdentifier') as vcs_repo_display_identifier, json_extract(vcs_repo, '$.IngressSubmodules') as vcs_repo_ingress_submodules, json_extract(vcs_repo, '$.RepositoryHTTPURL') as vcs_repo_repository_http_url, json_extract(vcs_repo, '$.ServiceProvider') as vcs_repo_service_providerfrom tfe_workspace;Schema for tfe_workspace
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
| actions | jsonb | ||
| agent_pool | jsonb | ||
| agent_pool_id | text | The ID of the agent pool belonging to the workspace's organization. | |
| allow_destroy_plan | boolean | Whether destroy plans can be queued on the workspace. | |
| apply_duration_average | text | This is the average time runs spend in the apply phase, represented in milliseconds. | |
| can_queue_destroy_plan | boolean | True if the destroy plan can be queued. | |
| created_at | timestamp with time zone | Time when the workspace was created. | |
| current_run | jsonb | ||
| description | text | A description for the workspace. | |
| environment | text | Environment for the workspace runs. | |
| execution_mode | text | Which execution mode to use. Valid values are remote, local, and agent. When set to local, the workspace will be used for state storage only. | |
| file_triggers_enabled | boolean | Whether to filter runs based on the changed files in a VCS push. If enabled, the working-directory and trigger-prefixes describe a set of paths which must contain changes for a VCS push to trigger a run. If disabled, any push will trigger a run. | |
| global_remote_state | boolean | Whether the workspace should allow all workspaces in the organization to access its state data during runs. If false, then only specifically approved workspaces can access its state. | |
| id | text | = | ID of the workspace. |
| locked | boolean | True if the workspace is locked. | |
| migration_environment | text | ||
| name | text | Name of the workspace. | |
| organization | jsonb | ||
| organization_name | text | Name of the organization containing the workspace. | |
| permissions | jsonb | ||
| plan_duration_average | text | This is the average time runs spend in the plan phase, represented in milliseconds. | |
| policy_check_failures | bigint | Reports the number of run failures resulting from a policy check failure. | |
| project_id | text | The workspace's project ID. | |
| queue_all_runs | boolean | Whether runs should be queued immediately after workspace creation. When set to false, runs triggered by a VCS change will not be queued until at least one run is manually queued. | |
| resource_count | bigint | Number of resources in the workspace. | |
| run_failures | bigint | Reports the number of failed runs. | |
| source_name | text | A friendly name for the application or client creating this workspace. | |
| source_url | text | A URL for the application or client creating this workspace. This can be the URL of a related resource in another app, or a link to documentation or other info about the client. | |
| speculative_enabled | boolean | Whether this workspace allows automatic speculative plans. Setting this to false prevents Terraform Cloud from running plans on pull requests, which can improve security if the VCS repository is public or includes untrusted contributors. | |
| ssh_key | jsonb | SSH key assigned to the workspace. | |
| terraform_version | text | The version of Terraform to use for this workspace. Upon creating a workspace, the latest version is selected unless otherwise specified (e.g. 0.11.1). | |
| trigger_prefixes | jsonb | List of repository-root-relative paths which should be tracked for changes, in addition to the working directory. | |
| updated_at | timestamp with time zone | When the workspace was last updated. | |
| vcs_repo | jsonb | Settings for the workspace's VCS repository. If omitted, the workspace is created without a VCS repo. | |
| working_directory | text | A relative path that Terraform will execute within. This defaults to the root of your repository and is typically set to a subdirectory matching the environment when multiple environments exist within the same repository. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- tfeYou can pass the configuration to the command with the --config argument:
steampipe_export_tfe --config '<your_config>' tfe_workspace