release/0.15.0 (#317)

* refactor(copy-projects): extract project creation logic into a separate function

* feat(compare): add compare command with workspaces subcommand

* feat(compare): enhance workspace comparison command with default values and validation

* feat(compare): add suffix and prefix filters for workspace comparison

* feat(workspaces): add flags to skip empty workspaces and create destination project

* feat(workspaces): add project existence check and description during workspace copy

* feat(lock-teams): Add command to lock team permissions in organization

* removing secret

* fix(tokens): Remove hardcoded TFC tokens for security

* wsListOptions naming

* Added exclude workspaces

* Add 'plan-only' flag to workspaces copy command for dry-run functionality

* Add workspace name prefix and suffix options to workspaces copy command

* Add log message for workspace copy operation in copyWorkspaces function

* Add workspace name length validation and tagging during migration

* Remove compare command and associated workspace comparison logic

* Refactor workspace tagging to use binding

* Add .DS_Store to .gitignore to prevent tracking of macOS system files

* Update workspace copy command documentation and flags

* Refactor team migration messages and update documentation for org-to-project migration

* Update org-to-project migration flag description for clarity

* Refactor `tfm lock teams` command documentation and remove alias

* Standardize workspace naming convention by enforcing prefix and suffix, and log renaming actions

* Standardize workspace renaming examples with consistent prefix and suffix format

* updates from self review

Author: benjamin-lykins

.gitignore

@@ -17,3 +17,5 @@ terraform_config_metadata.json
 
 # Goreleaser build dir
 dist/
+
+*.DS_Store*

cmd/copy/projects.go

@@ -341,10 +341,7 @@ func copyProjects(c tfclient.ClientContexts, projMapCfg map[string]string) error
 			o.AddMessageUserProvided2(destProjectName, "exists in destination will not migrate", srcproject.Name)
 		} else {
 
-			srcproject, err := c.DestinationClient.Projects.Create(c.DestinationContext, c.DestinationOrganizationName, tfe.ProjectCreateOptions{
-				Type: "",
-				Name: destProjectName,
-			})
+			srcproject, err := createProject(c, destProjectName)
 
 			if err != nil {
 				fmt.Println("Could not create Project.\n\n Error:", err.Error())
@@ -355,3 +352,25 @@ func copyProjects(c tfclient.ClientContexts, projMapCfg map[string]string) error
 	}
 	return nil
 }
+
+func createProject(c tfclient.ClientContexts, projectName string) (*tfe.Project, error) {
+	o.AddMessageUserProvided("Creating Project in destination: ", projectName)
+
+	// Check if project name is >=  3 characters and <= 40 characters
+	// Return error if not
+	if len(projectName) <= 3 || len(projectName) >= 40 {
+		return nil, errors.New("Project name must be between 3 and 40 characters")
+	}
+
+	// Create the project in the destination organization
+	project, err := c.DestinationClient.Projects.Create(c.DestinationContext, c.DestinationOrganizationName, tfe.ProjectCreateOptions{
+		Name:        projectName,
+		Description: helper.ViperString("created by tfm"),
+	})
+
+	if err != nil {
+		return nil, errors.Wrap(err, "Failed to create Project in destination")
+	}
+
+	return project, nil
+}

cmd/copy/teams.go

@@ -4,8 +4,6 @@
 package copy
 
 import (
-	"fmt"
-
 	"strings"
 
 	"github.com/hashicorp-services/tfm/output"
@@ -16,7 +14,8 @@ import (
 )
 
 var (
-	o output.Output
+	o            output.Output
+	orgToProject bool
 
 	// `tfemig copy teams` command
 	teamCopyCmd = &cobra.Command{
@@ -38,6 +37,7 @@ func init() {
 
 	// Add commands
 	CopyCmd.AddCommand(teamCopyCmd)
+	teamCopyCmd.Flags().BoolVarP(&orgToProject, "org-to-project", "o", false, "Migrate with organization access set to read-only.")
 
 }
 
@@ -137,34 +137,70 @@ func copyTeams(c tfclient.ClientContexts) error {
 	for _, srcteam := range srcTeams {
 		exists := doesTeamExist(srcteam.Name, destTeams)
 		if exists {
-			fmt.Println("Exists in destination will not migrate", srcteam.Name)
+			o.AddMessageUserProvided("Exists in destination will not migrate", srcteam.Name)
 		} else {
-			fmt.Println("Migrating", srcteam.Name)
-			srcteam, err := c.DestinationClient.Teams.Create(c.DestinationContext, c.DestinationOrganizationName, tfe.TeamCreateOptions{
-				Type:      "",
-				Name:      &srcteam.Name,
-				SSOTeamID: &srcteam.SSOTeamID,
-				OrganizationAccess: &tfe.OrganizationAccessOptions{
-					ManagePolicies:        &srcteam.OrganizationAccess.ManagePolicies,
-					ManagePolicyOverrides: &srcteam.OrganizationAccess.ManagePolicyOverrides,
-					ManageWorkspaces:      &srcteam.OrganizationAccess.ManageWorkspaces,
-					ManageVCSSettings:     &srcteam.OrganizationAccess.ManageVCSSettings,
-					ManageProviders:       &srcteam.OrganizationAccess.ManageProviders,
-					ManageModules:         &srcteam.OrganizationAccess.ManageModules,
-					ManageRunTasks:        &srcteam.OrganizationAccess.ManageRunTasks,
-					// release v202302-1
-					ManageProjects: &srcteam.OrganizationAccess.ManageProjects,
-					ReadWorkspaces: &srcteam.OrganizationAccess.ReadWorkspaces,
-					ReadProjects:   &srcteam.OrganizationAccess.ReadProjects,
-					// release 202303-1
-					ManageMembership: &srcteam.OrganizationAccess.ManageMembership,
-				},
-				Visibility: &srcteam.Visibility,
-			})
-			if err != nil {
-				return err
+			if orgToProject {
+				o.AddMessageUserProvided("Migrating with read-only access", srcteam.Name)
+
+				// Take teams from source and create them in destination.
+				// if orgToProject is true, it will create teams in the destination with higher organization access removed.
+				team, err := c.DestinationClient.Teams.Create(c.DestinationContext, c.DestinationOrganizationName, tfe.TeamCreateOptions{
+					Type:      "",
+					Name:      &srcteam.Name,
+					SSOTeamID: &srcteam.SSOTeamID,
+					OrganizationAccess: &tfe.OrganizationAccessOptions{
+						ManagePolicies:        tfe.Bool(false),
+						ManagePolicyOverrides: tfe.Bool(false),
+						ManageWorkspaces:      tfe.Bool(false),
+						ManageVCSSettings:     tfe.Bool(false),
+						ManageProviders:       tfe.Bool(false),
+						ManageModules:         tfe.Bool(false),
+						ManageRunTasks:        tfe.Bool(false),
+						// release v202302-1
+						ManageProjects: tfe.Bool(false),
+						ReadWorkspaces: tfe.Bool(false),
+						ReadProjects:   tfe.Bool(false),
+						// release 202303-1
+						ManageMembership: tfe.Bool(false),
+					},
+					Visibility: &srcteam.Visibility,
+				})
+
+				if err != nil {
+					return err
+				}
+
+				o.AddDeferredMessageRead("Created team in destination organization", team.Name)
+				o.AddDeferredMessageRead("New ID", team.ID)
+
+			} else {
+				o.AddMessageUserProvided("Migrating", srcteam.Name)
+				srcteam, err := c.DestinationClient.Teams.Create(c.DestinationContext, c.DestinationOrganizationName, tfe.TeamCreateOptions{
+					Type:      "",
+					Name:      &srcteam.Name,
+					SSOTeamID: &srcteam.SSOTeamID,
+					OrganizationAccess: &tfe.OrganizationAccessOptions{
+						ManagePolicies:        &srcteam.OrganizationAccess.ManagePolicies,
+						ManagePolicyOverrides: &srcteam.OrganizationAccess.ManagePolicyOverrides,
+						ManageWorkspaces:      &srcteam.OrganizationAccess.ManageWorkspaces,
+						ManageVCSSettings:     &srcteam.OrganizationAccess.ManageVCSSettings,
+						ManageProviders:       &srcteam.OrganizationAccess.ManageProviders,
+						ManageModules:         &srcteam.OrganizationAccess.ManageModules,
+						ManageRunTasks:        &srcteam.OrganizationAccess.ManageRunTasks,
+						// release v202302-1
+						ManageProjects: &srcteam.OrganizationAccess.ManageProjects,
+						ReadWorkspaces: &srcteam.OrganizationAccess.ReadWorkspaces,
+						ReadProjects:   &srcteam.OrganizationAccess.ReadProjects,
+						// release 202303-1
+						ManageMembership: &srcteam.OrganizationAccess.ManageMembership,
+					},
+					Visibility: &srcteam.Visibility,
+				})
+				if err != nil {
+					return err
+				}
+				o.AddDeferredMessageRead("Migrated", srcteam.Name)
 			}
-			o.AddDeferredMessageRead("Migrated", srcteam.Name)
 		}
 	}
 	return nil