From 4c8fb8d42d071367b804111c107608885b52ea93 Mon Sep 17 00:00:00 2001 From: Christian Doucette Date: Tue, 28 Oct 2025 16:28:19 -0400 Subject: [PATCH 1/5] Initial commit (functionality but not tests) --- internal/client/client.go | 20 ++++++++++---------- internal/client/config.go | 20 +++++++++++++++----- internal/provider/provider.go | 17 ++++++++++++++--- internal/provider/provider_next.go | 6 +++++- 4 files changed, 44 insertions(+), 19 deletions(-) diff --git a/internal/client/client.go b/internal/client/client.go index 7d4a0373a..1c7e41449 100644 --- a/internal/client/client.go +++ b/internal/client/client.go @@ -81,10 +81,10 @@ func getTokenFromCreds(services *disco.Disco, hostname svchost.Hostname) string // // Internally, this function caches configured clients using the specified // parameters -func GetClient(tfeHost, token string, insecure bool) (*tfe.Client, error) { - config, err := configure(tfeHost, token, insecure) +func GetClient(tfeHost, token string, insecure bool) (*tfe.Client, bool, error) { + config, sendCredentialDeprecationWarning, err := configure(tfeHost, token, insecure) if err != nil { - return nil, err + return nil, sendCredentialDeprecationWarning, err } clientCache.Lock() @@ -93,13 +93,13 @@ func GetClient(tfeHost, token string, insecure bool) (*tfe.Client, error) { // Try to retrieve the client from cache cached := clientCache.GetByConfig(config) if cached != nil { - return cached, nil + return cached, sendCredentialDeprecationWarning, nil } // Discover the Terraform Enterprise address. host, err := config.Services.Discover(config.TFEHost) if err != nil { - return nil, fmt.Errorf("failed to create client: %w", err) + return nil, sendCredentialDeprecationWarning, fmt.Errorf("failed to create client: %w", err) } // Get the full Terraform Enterprise service address. @@ -109,7 +109,7 @@ func GetClient(tfeHost, token string, insecure bool) (*tfe.Client, error) { service, err := host.ServiceURL(tfeServiceID) target := &disco.ErrVersionNotSupported{} if err != nil && !errors.As(err, &target) { - return nil, fmt.Errorf("failed to create client: %w", err) + return nil, sendCredentialDeprecationWarning, fmt.Errorf("failed to create client: %w", err) } // If discoErr is nil we save the first error. When multiple services @@ -133,7 +133,7 @@ func GetClient(tfeHost, token string, insecure bool) (*tfe.Client, error) { // First check any constraints we might have received. if constraints != nil { if err := CheckConstraints(constraints); err != nil { - return nil, err + return nil, sendCredentialDeprecationWarning, err } } } @@ -141,7 +141,7 @@ func GetClient(tfeHost, token string, insecure bool) (*tfe.Client, error) { // When we don't have any constraints errors, also check for discovery // errors before we continue. if discoErr != nil { - return nil, discoErr + return nil, sendCredentialDeprecationWarning, discoErr } // Create a new TFE client. @@ -151,13 +151,13 @@ func GetClient(tfeHost, token string, insecure bool) (*tfe.Client, error) { HTTPClient: config.HTTPClient, }) if err != nil { - return nil, fmt.Errorf("failed to create client: %w", err) + return nil, sendCredentialDeprecationWarning, fmt.Errorf("failed to create client: %w", err) } client.RetryServerErrors(true) clientCache.Set(client, config) - return client, nil + return client, sendCredentialDeprecationWarning, nil } // CheckConstraints checks service version constrains against our own diff --git a/internal/client/config.go b/internal/client/config.go index e4e879361..ba1c057c1 100644 --- a/internal/client/config.go +++ b/internal/client/config.go @@ -165,9 +165,17 @@ func credentialsSource(credentials CredentialsMap) auth.CredentialsSource { return creds } +// Using presence of TFC_AGENT_VERSION to determine if this provider is running on HCP Terraform / enterprise +func providerRunningInCloud() bool { + _, present := os.LookupEnv("TFC_AGENT_VERSION") + return present +} + // configure accepts the provider-level configuration values and creates a // clientConfiguration using fallback values from the environment or CLI configuration. -func configure(tfeHost, token string, insecure bool) (*ClientConfiguration, error) { +func configure(tfeHost, token string, insecure bool) (*ClientConfiguration, bool, error) { + sendCredentialDeprecationWarning := false + if tfeHost == "" { if os.Getenv("TFE_HOSTNAME") != "" { tfeHost = os.Getenv("TFE_HOSTNAME") @@ -186,7 +194,7 @@ func configure(tfeHost, token string, insecure bool) (*ClientConfiguration, erro v := os.Getenv("TFE_SSL_SKIP_VERIFY") insecure, err = strconv.ParseBool(v) if err != nil { - return nil, fmt.Errorf("TFE_SSL_SKIP_VERIFY has unrecognized value %q", v) + return nil, sendCredentialDeprecationWarning, fmt.Errorf("TFE_SSL_SKIP_VERIFY has unrecognized value %q", v) } } @@ -198,7 +206,7 @@ func configure(tfeHost, token string, insecure bool) (*ClientConfiguration, erro // Parse the hostname for comparison, hostname, err := svchost.ForComparison(tfeHost) if err != nil { - return nil, fmt.Errorf("invalid hostname %q: %w", tfeHost, err) + return nil, sendCredentialDeprecationWarning, fmt.Errorf("invalid hostname %q: %w", tfeHost, err) } httpClient := tfe.DefaultConfig().HTTPClient @@ -232,17 +240,19 @@ func configure(tfeHost, token string, insecure bool) (*ClientConfiguration, erro // If a token wasn't set in the provider configuration block, try and fetch it // from the environment or from Terraform's CLI configuration or configured credential helper. + if token == "" { if os.Getenv("TFE_TOKEN") != "" { token = getTokenFromEnv() } else { + sendCredentialDeprecationWarning = providerRunningInCloud() token = getTokenFromCreds(services, hostname) } } // If we still don't have a token at this point, we return an error. if token == "" { - return nil, ErrMissingAuthToken + return nil, sendCredentialDeprecationWarning, ErrMissingAuthToken } return &ClientConfiguration{ @@ -251,5 +261,5 @@ func configure(tfeHost, token string, insecure bool) (*ClientConfiguration, erro TFEHost: hostname, Token: token, Insecure: insecure, - }, nil + }, sendCredentialDeprecationWarning, nil } diff --git a/internal/provider/provider.go b/internal/provider/provider.go index 6637a0abd..0e9403aa8 100644 --- a/internal/provider/provider.go +++ b/internal/provider/provider.go @@ -153,19 +153,30 @@ func configure() schema.ConfigureContextFunc { providerOrganization = os.Getenv("TFE_ORGANIZATION") } - tfeClient, err := configureClient(rd) + tfeClient, sendCredentialDeprecationWarning, err := configureClient(rd) if err != nil { return nil, diag.FromErr(err) } + var diagnosticWarnings diag.Diagnostics = nil + if sendCredentialDeprecationWarning { + diagnosticWarnings = diag.Diagnostics{ + diag.Diagnostic{ + Severity: diag.Warning, + Summary: "Authentication method invalid for TFE Provider with HCP Terraform and Terraform Enterprise", + Detail: "Use a TFE_TOKEN variable in the workspace or the token argument for the provider. This authentication method will be deprecated in a future version.", + }, + } + } + return ConfiguredClient{ tfeClient, providerOrganization, - }, nil + }, diagnosticWarnings } } -func configureClient(d *schema.ResourceData) (*tfe.Client, error) { +func configureClient(d *schema.ResourceData) (*tfe.Client, bool, error) { hostname := d.Get("hostname").(string) token := d.Get("token").(string) insecure := d.Get("ssl_skip_verify").(bool) diff --git a/internal/provider/provider_next.go b/internal/provider/provider_next.go index 0102d5d4d..2378bb2b0 100644 --- a/internal/provider/provider_next.go +++ b/internal/provider/provider_next.go @@ -111,13 +111,17 @@ func (p *frameworkProvider) Configure(ctx context.Context, req provider.Configur } } - tfeClient, err := client.GetClient(data.Hostname.ValueString(), data.Token.ValueString(), data.SSLSkipVerify.ValueBool()) + tfeClient, sendCredentialDeprecationWarning, err := client.GetClient(data.Hostname.ValueString(), data.Token.ValueString(), data.SSLSkipVerify.ValueBool()) if err != nil { res.Diagnostics.AddError("Failed to initialize HTTP client", err.Error()) return } + if sendCredentialDeprecationWarning { + res.Diagnostics.AddWarning("Authentication method invalid for TFE Provider with HCP Terraform and Terraform Enterprise", "Use a TFE_TOKEN variable in the workspace or the token argument for the provider. This authentication method will be deprecated in a future version.") + } + configuredClient := ConfiguredClient{ Client: tfeClient, Organization: data.Organization.ValueString(), From 617e2d2bd696674466c0b61217e5229273c948e1 Mon Sep 17 00:00:00 2001 From: Christian Doucette Date: Wed, 29 Oct 2025 18:46:45 -0400 Subject: [PATCH 2/5] Refactor based on review comments --- internal/client/client.go | 38 +++++++++++++++------ internal/client/config.go | 54 ++++++++++++++++-------------- internal/provider/provider.go | 11 +++--- internal/provider/provider_next.go | 8 ++--- 4 files changed, 67 insertions(+), 44 deletions(-) diff --git a/internal/client/client.go b/internal/client/client.go index 1c7e41449..28b867878 100644 --- a/internal/client/client.go +++ b/internal/client/client.go @@ -74,6 +74,23 @@ func getTokenFromCreds(services *disco.Disco, hostname svchost.Hostname) string return "" } +// TFE Client along with other necessary information for the provider to run it +type ProviderClient struct { + TfeClient *tfe.Client + tokenSource TokenSource +} + +// Using presence of TFC_AGENT_VERSION to determine if this provider is running on HCP Terraform / enterprise +func providerRunningInCloud() bool { + _, envVariablePresent := os.LookupEnv("TFC_AGENT_VERSION") + return envVariablePresent +} + +func (pc *ProviderClient) SendAuthenticationWarning() bool { + return pc.tokenSource == CredentialFiles && providerRunningInCloud() + +} + // GetClient encapsulates the logic for configuring a go-tfe client instance for // the provider, including fallback to values from environment variables. This // is useful because we're muxing multiple provider servers together and each @@ -81,10 +98,11 @@ func getTokenFromCreds(services *disco.Disco, hostname svchost.Hostname) string // // Internally, this function caches configured clients using the specified // parameters -func GetClient(tfeHost, token string, insecure bool) (*tfe.Client, bool, error) { - config, sendCredentialDeprecationWarning, err := configure(tfeHost, token, insecure) +func GetClient(tfeHost, token string, insecure bool) (*ProviderClient, error) { + config, err := configure(tfeHost, token, insecure) + if err != nil { - return nil, sendCredentialDeprecationWarning, err + return nil, err } clientCache.Lock() @@ -93,13 +111,13 @@ func GetClient(tfeHost, token string, insecure bool) (*tfe.Client, bool, error) // Try to retrieve the client from cache cached := clientCache.GetByConfig(config) if cached != nil { - return cached, sendCredentialDeprecationWarning, nil + return &ProviderClient{cached, config.TokenSource}, nil } // Discover the Terraform Enterprise address. host, err := config.Services.Discover(config.TFEHost) if err != nil { - return nil, sendCredentialDeprecationWarning, fmt.Errorf("failed to create client: %w", err) + return nil, fmt.Errorf("failed to create client: %w", err) } // Get the full Terraform Enterprise service address. @@ -109,7 +127,7 @@ func GetClient(tfeHost, token string, insecure bool) (*tfe.Client, bool, error) service, err := host.ServiceURL(tfeServiceID) target := &disco.ErrVersionNotSupported{} if err != nil && !errors.As(err, &target) { - return nil, sendCredentialDeprecationWarning, fmt.Errorf("failed to create client: %w", err) + return nil, fmt.Errorf("failed to create client: %w", err) } // If discoErr is nil we save the first error. When multiple services @@ -133,7 +151,7 @@ func GetClient(tfeHost, token string, insecure bool) (*tfe.Client, bool, error) // First check any constraints we might have received. if constraints != nil { if err := CheckConstraints(constraints); err != nil { - return nil, sendCredentialDeprecationWarning, err + return nil, err } } } @@ -141,7 +159,7 @@ func GetClient(tfeHost, token string, insecure bool) (*tfe.Client, bool, error) // When we don't have any constraints errors, also check for discovery // errors before we continue. if discoErr != nil { - return nil, sendCredentialDeprecationWarning, discoErr + return nil, discoErr } // Create a new TFE client. @@ -151,13 +169,13 @@ func GetClient(tfeHost, token string, insecure bool) (*tfe.Client, bool, error) HTTPClient: config.HTTPClient, }) if err != nil { - return nil, sendCredentialDeprecationWarning, fmt.Errorf("failed to create client: %w", err) + return nil, fmt.Errorf("failed to create client: %w", err) } client.RetryServerErrors(true) clientCache.Set(client, config) - return client, sendCredentialDeprecationWarning, nil + return &ProviderClient{client, config.TokenSource}, nil } // CheckConstraints checks service version constrains against our own diff --git a/internal/client/config.go b/internal/client/config.go index ba1c057c1..19dfab4cc 100644 --- a/internal/client/config.go +++ b/internal/client/config.go @@ -41,13 +41,22 @@ type ConfigHost struct { Services map[string]interface{} `hcl:"services"` } -// ClientConfiguration is the refined information needed to configure a tfe.Client +type TokenSource int + +const ( + ProviderArgument TokenSource = iota + EnvironmentVariable + CredentialFiles +) + +// ClientConfiguration is the refined information needed to configureClient a tfe.Client type ClientConfiguration struct { - Services *disco.Disco - HTTPClient *http.Client - TFEHost svchost.Hostname - Token string - Insecure bool + Services *disco.Disco + HTTPClient *http.Client + TFEHost svchost.Hostname + Token string + TokenSource TokenSource + Insecure bool } // Key returns a string that is comparable to other ClientConfiguration values @@ -165,17 +174,9 @@ func credentialsSource(credentials CredentialsMap) auth.CredentialsSource { return creds } -// Using presence of TFC_AGENT_VERSION to determine if this provider is running on HCP Terraform / enterprise -func providerRunningInCloud() bool { - _, present := os.LookupEnv("TFC_AGENT_VERSION") - return present -} - // configure accepts the provider-level configuration values and creates a // clientConfiguration using fallback values from the environment or CLI configuration. -func configure(tfeHost, token string, insecure bool) (*ClientConfiguration, bool, error) { - sendCredentialDeprecationWarning := false - +func configure(tfeHost, token string, insecure bool) (*ClientConfiguration, error) { if tfeHost == "" { if os.Getenv("TFE_HOSTNAME") != "" { tfeHost = os.Getenv("TFE_HOSTNAME") @@ -194,7 +195,7 @@ func configure(tfeHost, token string, insecure bool) (*ClientConfiguration, bool v := os.Getenv("TFE_SSL_SKIP_VERIFY") insecure, err = strconv.ParseBool(v) if err != nil { - return nil, sendCredentialDeprecationWarning, fmt.Errorf("TFE_SSL_SKIP_VERIFY has unrecognized value %q", v) + return nil, fmt.Errorf("TFE_SSL_SKIP_VERIFY has unrecognized value %q", v) } } @@ -206,7 +207,7 @@ func configure(tfeHost, token string, insecure bool) (*ClientConfiguration, bool // Parse the hostname for comparison, hostname, err := svchost.ForComparison(tfeHost) if err != nil { - return nil, sendCredentialDeprecationWarning, fmt.Errorf("invalid hostname %q: %w", tfeHost, err) + return nil, fmt.Errorf("invalid hostname %q: %w", tfeHost, err) } httpClient := tfe.DefaultConfig().HTTPClient @@ -241,25 +242,28 @@ func configure(tfeHost, token string, insecure bool) (*ClientConfiguration, bool // If a token wasn't set in the provider configuration block, try and fetch it // from the environment or from Terraform's CLI configuration or configured credential helper. + tokenSource := ProviderArgument if token == "" { if os.Getenv("TFE_TOKEN") != "" { token = getTokenFromEnv() + tokenSource = EnvironmentVariable } else { - sendCredentialDeprecationWarning = providerRunningInCloud() token = getTokenFromCreds(services, hostname) + tokenSource = CredentialFiles } } // If we still don't have a token at this point, we return an error. if token == "" { - return nil, sendCredentialDeprecationWarning, ErrMissingAuthToken + return nil, ErrMissingAuthToken } return &ClientConfiguration{ - Services: services, - HTTPClient: httpClient, - TFEHost: hostname, - Token: token, - Insecure: insecure, - }, sendCredentialDeprecationWarning, nil + Services: services, + HTTPClient: httpClient, + TFEHost: hostname, + Token: token, + TokenSource: tokenSource, + Insecure: insecure, + }, nil } diff --git a/internal/provider/provider.go b/internal/provider/provider.go index 0e9403aa8..e24da15f6 100644 --- a/internal/provider/provider.go +++ b/internal/provider/provider.go @@ -153,30 +153,31 @@ func configure() schema.ConfigureContextFunc { providerOrganization = os.Getenv("TFE_ORGANIZATION") } - tfeClient, sendCredentialDeprecationWarning, err := configureClient(rd) + providerClient, err := configureClient(rd) if err != nil { return nil, diag.FromErr(err) } var diagnosticWarnings diag.Diagnostics = nil - if sendCredentialDeprecationWarning { + + if providerClient.SendAuthenticationWarning() { diagnosticWarnings = diag.Diagnostics{ diag.Diagnostic{ Severity: diag.Warning, - Summary: "Authentication method invalid for TFE Provider with HCP Terraform and Terraform Enterprise", + Summary: "Authentication with configuration file is invalid for TFE Provider running on HCP Terraform or Terraform Enterprise", Detail: "Use a TFE_TOKEN variable in the workspace or the token argument for the provider. This authentication method will be deprecated in a future version.", }, } } return ConfiguredClient{ - tfeClient, + providerClient.TfeClient, providerOrganization, }, diagnosticWarnings } } -func configureClient(d *schema.ResourceData) (*tfe.Client, bool, error) { +func configureClient(d *schema.ResourceData) (*client.ProviderClient, error) { hostname := d.Get("hostname").(string) token := d.Get("token").(string) insecure := d.Get("ssl_skip_verify").(bool) diff --git a/internal/provider/provider_next.go b/internal/provider/provider_next.go index 2378bb2b0..80fbad19d 100644 --- a/internal/provider/provider_next.go +++ b/internal/provider/provider_next.go @@ -111,19 +111,19 @@ func (p *frameworkProvider) Configure(ctx context.Context, req provider.Configur } } - tfeClient, sendCredentialDeprecationWarning, err := client.GetClient(data.Hostname.ValueString(), data.Token.ValueString(), data.SSLSkipVerify.ValueBool()) + providerClient, err := client.GetClient(data.Hostname.ValueString(), data.Token.ValueString(), data.SSLSkipVerify.ValueBool()) if err != nil { res.Diagnostics.AddError("Failed to initialize HTTP client", err.Error()) return } - if sendCredentialDeprecationWarning { - res.Diagnostics.AddWarning("Authentication method invalid for TFE Provider with HCP Terraform and Terraform Enterprise", "Use a TFE_TOKEN variable in the workspace or the token argument for the provider. This authentication method will be deprecated in a future version.") + if providerClient.SendAuthenticationWarning() { + res.Diagnostics.AddWarning("Authentication with configuration files is invalid for TFE Provider running on HCP Terraform or Terraform Enterprise", "Use a TFE_TOKEN variable in the workspace or the token argument for the provider. This authentication method will be deprecated in a future version.") } configuredClient := ConfiguredClient{ - Client: tfeClient, + Client: providerClient.TfeClient, Organization: data.Organization.ValueString(), } From 4de1e4ed28daf0fbbd787680947f4e926e1301ab Mon Sep 17 00:00:00 2001 From: Christian Doucette Date: Thu, 30 Oct 2025 15:57:21 -0400 Subject: [PATCH 3/5] Clean up and makes things that can be private --- internal/client/client.go | 9 ++++----- internal/client/config.go | 18 +++++++++--------- internal/provider/provider.go | 2 +- 3 files changed, 14 insertions(+), 15 deletions(-) diff --git a/internal/client/client.go b/internal/client/client.go index 28b867878..4bb12f036 100644 --- a/internal/client/client.go +++ b/internal/client/client.go @@ -77,7 +77,7 @@ func getTokenFromCreds(services *disco.Disco, hostname svchost.Hostname) string // TFE Client along with other necessary information for the provider to run it type ProviderClient struct { TfeClient *tfe.Client - tokenSource TokenSource + tokenSource tokenSource } // Using presence of TFC_AGENT_VERSION to determine if this provider is running on HCP Terraform / enterprise @@ -87,7 +87,7 @@ func providerRunningInCloud() bool { } func (pc *ProviderClient) SendAuthenticationWarning() bool { - return pc.tokenSource == CredentialFiles && providerRunningInCloud() + return pc.tokenSource == credentialFiles && providerRunningInCloud() } @@ -100,7 +100,6 @@ func (pc *ProviderClient) SendAuthenticationWarning() bool { // parameters func GetClient(tfeHost, token string, insecure bool) (*ProviderClient, error) { config, err := configure(tfeHost, token, insecure) - if err != nil { return nil, err } @@ -111,7 +110,7 @@ func GetClient(tfeHost, token string, insecure bool) (*ProviderClient, error) { // Try to retrieve the client from cache cached := clientCache.GetByConfig(config) if cached != nil { - return &ProviderClient{cached, config.TokenSource}, nil + return &ProviderClient{cached, config.tokenSource}, nil } // Discover the Terraform Enterprise address. @@ -175,7 +174,7 @@ func GetClient(tfeHost, token string, insecure bool) (*ProviderClient, error) { client.RetryServerErrors(true) clientCache.Set(client, config) - return &ProviderClient{client, config.TokenSource}, nil + return &ProviderClient{client, config.tokenSource}, nil } // CheckConstraints checks service version constrains against our own diff --git a/internal/client/config.go b/internal/client/config.go index 19dfab4cc..c0237c7d4 100644 --- a/internal/client/config.go +++ b/internal/client/config.go @@ -41,12 +41,12 @@ type ConfigHost struct { Services map[string]interface{} `hcl:"services"` } -type TokenSource int +type tokenSource int const ( - ProviderArgument TokenSource = iota - EnvironmentVariable - CredentialFiles + providerArgument tokenSource = iota + environmentVariable + credentialFiles ) // ClientConfiguration is the refined information needed to configureClient a tfe.Client @@ -55,7 +55,7 @@ type ClientConfiguration struct { HTTPClient *http.Client TFEHost svchost.Hostname Token string - TokenSource TokenSource + tokenSource tokenSource Insecure bool } @@ -242,14 +242,14 @@ func configure(tfeHost, token string, insecure bool) (*ClientConfiguration, erro // If a token wasn't set in the provider configuration block, try and fetch it // from the environment or from Terraform's CLI configuration or configured credential helper. - tokenSource := ProviderArgument + tokenSource := providerArgument if token == "" { if os.Getenv("TFE_TOKEN") != "" { token = getTokenFromEnv() - tokenSource = EnvironmentVariable + tokenSource = environmentVariable } else { token = getTokenFromCreds(services, hostname) - tokenSource = CredentialFiles + tokenSource = credentialFiles } } @@ -263,7 +263,7 @@ func configure(tfeHost, token string, insecure bool) (*ClientConfiguration, erro HTTPClient: httpClient, TFEHost: hostname, Token: token, - TokenSource: tokenSource, + tokenSource: tokenSource, Insecure: insecure, }, nil } diff --git a/internal/provider/provider.go b/internal/provider/provider.go index e24da15f6..1c6f0405a 100644 --- a/internal/provider/provider.go +++ b/internal/provider/provider.go @@ -164,7 +164,7 @@ func configure() schema.ConfigureContextFunc { diagnosticWarnings = diag.Diagnostics{ diag.Diagnostic{ Severity: diag.Warning, - Summary: "Authentication with configuration file is invalid for TFE Provider running on HCP Terraform or Terraform Enterprise", + Summary: "Authentication with configuration files is invalid for TFE Provider running on HCP Terraform or Terraform Enterprise", Detail: "Use a TFE_TOKEN variable in the workspace or the token argument for the provider. This authentication method will be deprecated in a future version.", }, } From e5323242fc545fe1fb6bdfd30bb257bda1af670a Mon Sep 17 00:00:00 2001 From: Christian Doucette Date: Thu, 13 Nov 2025 17:52:25 -0500 Subject: [PATCH 4/5] changes for tests --- internal/client/client_test.go | 3 ++- internal/provider/provider_test.go | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/internal/client/client_test.go b/internal/client/client_test.go index 3cc4afcd1..bbef2f654 100644 --- a/internal/client/client_test.go +++ b/internal/client/client_test.go @@ -138,7 +138,8 @@ credentials "%s" { t.Setenv(k, v) } // Must always skip SSL verification for this test server - client, err := GetClient(c.hostname, c.token, true) + providerClient, err := GetClient(c.hostname, c.token, true) + client := providerClient.TfeClient if c.expectMissingAuth { if !errors.Is(err, ErrMissingAuthToken) { t.Errorf("Expected ErrMissingAuthToken, got %v", err) diff --git a/internal/provider/provider_test.go b/internal/provider/provider_test.go index 1025e9951..9b3791a75 100644 --- a/internal/provider/provider_test.go +++ b/internal/provider/provider_test.go @@ -150,11 +150,11 @@ func getClientUsingEnv() (*tfe.Client, error) { } token := os.Getenv("TFE_TOKEN") - tfeClient, err := client.GetClient(hostname, token, defaultSSLSkipVerify) + providerClient, err := client.GetClient(hostname, token, defaultSSLSkipVerify) if err != nil { return nil, fmt.Errorf("Error getting client: %w", err) } - return tfeClient, nil + return providerClient.TfeClient, nil } func TestProvider(t *testing.T) { From 5cc65fb336f633c23162a7b03ffcb187342d1ea8 Mon Sep 17 00:00:00 2001 From: Christian Doucette Date: Wed, 26 Nov 2025 15:31:37 -0500 Subject: [PATCH 5/5] Fix linter --- internal/client/client.go | 1 - 1 file changed, 1 deletion(-) diff --git a/internal/client/client.go b/internal/client/client.go index 4bb12f036..0e2357c86 100644 --- a/internal/client/client.go +++ b/internal/client/client.go @@ -88,7 +88,6 @@ func providerRunningInCloud() bool { func (pc *ProviderClient) SendAuthenticationWarning() bool { return pc.tokenSource == credentialFiles && providerRunningInCloud() - } // GetClient encapsulates the logic for configuring a go-tfe client instance for