hashicorp
diff --git a/‎CHANGELOG.md
+13 b/‎CHANGELOG.md
+13
diff --git a/‎configuration_version_integration_test.go
+2-1 b/‎configuration_version_integration_test.go
+2-1
diff --git a/‎docs/CONTRIBUTING.md
+23-10 b/‎docs/CONTRIBUTING.md
+23-10
diff --git a/‎go.mod
+1 b/‎go.mod
+1
diff --git a/‎go.sum
+2 b/‎go.sum
+2
diff --git a/‎helper_test.go
+6-5 b/‎helper_test.go
+6-5
diff --git a/‎mocks/run_mocks.go
+14 b/‎mocks/run_mocks.go
+14
diff --git a/‎mocks/workspace_mocks.go
+28 b/‎mocks/workspace_mocks.go
+28
diff --git a/‎organization.go
+9 b/‎organization.go
+9
diff --git a/‎organization_integration_test.go
+36 b/‎organization_integration_test.go
+36
diff --git a/‎policy_check_integration_test.go
+5-5 b/‎policy_check_integration_test.go
+5-5
diff --git a/‎policy_set.go
+33-10 b/‎policy_set.go
+33-10
@@ -2,7 +2,20 @@
 
 ## Enhancements
 
+* Add OPA support to the Policy Set API's by @mrinalirao [#575](https://github.com/hashicorp/go-tfe/pull/575)
+
+# v1.12.0
+
+## Enhancements
+
+* Add `search[wildcard-name]` to `WorkspaceListOptions` by @laurenolivia [#569](https://github.com/hashicorp/go-tfe/pull/569)
 * Add `NotificationTriggerAssessmentCheckFailed` notification trigger type by @rexredinger [#549](https://github.com/hashicorp/go-tfe/pull/549)
+* Add `RemoteTFEVersion()` to the `Client` interface, which exposes the `X-TFE-Version` header set by a remote TFE instance by @sebasslash [#563](https://github.com/hashicorp/go-tfe/pull/563)
+* Validate the module version as a version instead of an ID [#409](https://github.com/hashicorp/go-tfe/pull/409)
+* Add `AllowForceDeleteWorkspaces` setting to `Organizations` by @JarrettSpiker [#539](https://github.com/hashicorp/go-tfe/pull/539)
+* Add `SafeDelete` and `SafeDeleteID` APIs to `Workspaces` by @JarrettSpiker [#539](https://github.com/hashicorp/go-tfe/pull/539)
+* Add `ForceExecute()` to `Runs` to allow force executing a run by @annawinkler [#570](https://github.com/hashicorp/go-tfe/pull/570)
+* Pre-plan and Pre-Apply Run Tasks are now generally available (beta comments removed) by @glennsarti [#555](https://github.com/hashicorp/go-tfe/pull/555)
 
 # v1.11.0
 
 
@@ -263,7 +263,8 @@ func TestConfigurationVersionsArchive(t *testing.T) {
 		// configuration version should not be archived, since it's the latest version
 		err = client.ConfigurationVersions.Archive(ctx, cv.ID)
 		assert.Error(t, err)
-		assert.EqualError(t, err, "transition not allowed")
+		assert.ErrorContains(t, err, "transition not allowed")
+		assert.ErrorContains(t, err, "configuration could not be archived because it is current")
 
 		// create subsequent version, since the latest configuration version cannot be archived
 		newCv, newCvCleanup := createConfigurationVersion(t, client, w)
 
@@ -25,20 +25,10 @@ There are instances where several new resources being added (i.e Workspace Run T
 
 The test suite contains many acceptance tests that are run against the latest version of Terraform Enterprise. You can read more about running the tests against your own Terraform Enterprise environment in [TESTS.md](TESTS.md). Our CI system (Github Actions) will not test your fork until a one-time approval takes place.
 
-<<<<<<< HEAD
-<<<<<<< HEAD
-=======
 ## Test Splitting
 
 Our CI workflow makes use of multiple nodes to run our tests in a more efficient manner. To prevent your test from running across all nodes, you **must** add `skipIfNotCINode(t)` to your top level test before any other helper or test logic.
 
->>>>>>> e307d93 (rename from checktestnode to skipIfNotCINode)
-=======
-## Test Splitting
-
-Our CI workflow makes use of multiple nodes to run our tests in a more efficient manner. To prevent your test from running across all nodes, you **must** add `checkTestNodeEnv(t)` to your top level test before any other helper or test logic.
-
->>>>>>> d0e4157 (Update contributing docs to mention test splitting)
 ## Editor Settings
 
 We've included VSCode settings to assist with configuring the go extension. For other editors that integrate with the [Go Language Server](https://github.com/golang/tools/tree/master/gopls), the main thing to do is to add the `integration` build tags so that the test files are found by the language server. See `.vscode/settings.json` for more details.
@@ -412,3 +402,26 @@ func validateExampleIncludeParams(params []ExampleIncludeOpt) error {
 	return nil
 }
 ```
+
+## Rebasing a fork to trigger CI (Maintainers Only)
+
+Pull requests that originate from a fork will not have access to this repository's secrets, thus resulting in the inability to test against our CI instance. In order to trigger the CI action workflow, there is a handy script `./scripts/rebase-fork.sh` that automates the steps for you. It will:
+
+* Checkout the fork PR locally onto your machine and create a new branch prefixed as follows: `local/{name_of_fork_branch}`
+* Push your newly created branch to Github, appending an empty commit stating the original branch that was rebased.
+* Copy the contents of the fork's pull request (title and description) and create a new pull request, triggering the CI workflow.
+
+**Important**: This script does not handle subsequent commits to the original PR and would require you to rebase them manually. Therefore, it is important that authors include test results in their description and changes are approved before this script is executed.
+
+This script depends on `gh` and `jq`. It also requires you to `gh auth login`, providing a SSO-authorized personal access token with the following scopes enabled:
+
+- repo
+- read:org
+- read:discussion
+
+### Example Usage
+
+```sh
+./scripts/rebase-fork.sh 557
+```
+
@@ -9,6 +9,7 @@ require (
 	github.com/hashicorp/go-retryablehttp v0.7.1
 	github.com/hashicorp/go-slug v0.10.0
 	github.com/hashicorp/go-uuid v1.0.3
+	github.com/hashicorp/go-version v1.6.0
 	github.com/hashicorp/jsonapi v0.0.0-20210826224640-ee7dae0fb22d
 	github.com/stretchr/testify v1.8.1
 	golang.org/x/time v0.0.0-20190308202827-9d24e82272b4
 
@@ -18,6 +18,8 @@ github.com/hashicorp/go-slug v0.10.0 h1:mh4DDkBJTh9BuEjY/cv8PTo7k9OjT4PcW8PgZnJ4
 github.com/hashicorp/go-slug v0.10.0/go.mod h1:Ib+IWBYfEfJGI1ZyXMGNbu2BU+aa3Dzu41RKLH301v4=
 github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
 github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek=
+github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/jsonapi v0.0.0-20210826224640-ee7dae0fb22d h1:9ARUJJ1VVynB176G1HCwleORqCaXm/Vx0uUi0dL26I0=
 github.com/hashicorp/jsonapi v0.0.0-20210826224640-ee7dae0fb22d/go.mod h1:Yog5+CPEM3c99L1CL2CFCYoSzgWm5vTU58idbRUaLik=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 
@@ -499,7 +499,7 @@ func createPolicySetParameter(t *testing.T, client *Client, ps *PolicySet) (*Pol
 	var psCleanup func()
 
 	if ps == nil {
-		ps, psCleanup = createPolicySet(t, client, nil, nil, nil)
+		ps, psCleanup = createPolicySet(t, client, nil, nil, nil, "")
 	}
 
 	ctx := context.Background()
@@ -525,7 +525,7 @@ func createPolicySetParameter(t *testing.T, client *Client, ps *PolicySet) (*Pol
 	}
 }
 
-func createPolicySet(t *testing.T, client *Client, org *Organization, policies []*Policy, workspaces []*Workspace) (*PolicySet, func()) {
+func createPolicySet(t *testing.T, client *Client, org *Organization, policies []*Policy, workspaces []*Workspace, kind PolicyKind) (*PolicySet, func()) {
 	var orgCleanup func()
 
 	if org == nil {
@@ -537,6 +537,7 @@ func createPolicySet(t *testing.T, client *Client, org *Organization, policies [
 		Name:       String(randomString(t)),
 		Policies:   policies,
 		Workspaces: workspaces,
+		Kind:       kind,
 	})
 	if err != nil {
 		t.Fatal(err)
@@ -559,7 +560,7 @@ func createPolicySetVersion(t *testing.T, client *Client, ps *PolicySet) (*Polic
 	var psCleanup func()
 
 	if ps == nil {
-		ps, psCleanup = createPolicySet(t, client, nil, nil, nil)
+		ps, psCleanup = createPolicySet(t, client, nil, nil, nil, "")
 	}
 
 	ctx := context.Background()
@@ -1598,10 +1599,10 @@ func createWorkspaceWithOptions(t *testing.T, client *Client, org *Organization,
 	}
 
 	return w, func() {
-		if err := client.Workspaces.Delete(ctx, org.Name, w.Name); err != nil {
+		if err := client.Workspaces.DeleteByID(ctx, w.ID); err != nil {
 			t.Errorf("Error destroying workspace! WARNING: Dangling resources\n"+
 				"may exist! The full error is shown below.\n\n"+
-				"Workspace: %s\nError: %s", w.Name, err)
+				"Workspace: %s\nError: %s", w.ID, err)
 		}
 
 		if orgCleanup != nil {
 
@@ -78,6 +78,9 @@ type Organization struct {
 	TrialExpiresAt                                    time.Time                `jsonapi:"attr,trial-expires-at,iso8601"`
 	TwoFactorConformant                               bool                     `jsonapi:"attr,two-factor-conformant"`
 	SendPassingStatusesForUntriggeredSpeculativePlans bool                     `jsonapi:"attr,send-passing-statuses-for-untriggered-speculative-plans"`
+	// Note: This will be false for TFE versions older than v202211, where the setting was introduced.
+	// On those TFE versions, safe delete does not exist, so ALL deletes will be force deletes.
+	AllowForceDeleteWorkspaces bool `jsonapi:"attr,allow-force-delete-workspaces"`
 }
 
 // Capacity represents the current run capacity of an organization.
@@ -166,6 +169,9 @@ type OrganizationCreateOptions struct {
 
 	// Optional: SendPassingStatusesForUntriggeredSpeculativePlans toggles behavior of untriggered speculative plans to send status updates to version control systems like GitHub.
 	SendPassingStatusesForUntriggeredSpeculativePlans *bool `jsonapi:"attr,send-passing-statuses-for-untriggered-speculative-plans,omitempty"`
+
+	// Optional: AllowForceDeleteWorkspaces toggles behavior of allowing workspace admins to delete workspaces with resources under management.
+	AllowForceDeleteWorkspaces *bool `jsonapi:"attr,allow-force-delete-workspaces,omitempty"`
 }
 
 // OrganizationUpdateOptions represents the options for updating an organization.
@@ -202,6 +208,9 @@ type OrganizationUpdateOptions struct {
 
 	// SendPassingStatusesForUntriggeredSpeculativePlans toggles behavior of untriggered speculative plans to send status updates to version control systems like GitHub.
 	SendPassingStatusesForUntriggeredSpeculativePlans *bool `jsonapi:"attr,send-passing-statuses-for-untriggered-speculative-plans,omitempty"`
+
+	// Optional: AllowForceDeleteWorkspaces toggles behavior of allowing workspace admins to delete workspaces with resources under management.
+	AllowForceDeleteWorkspaces *bool `jsonapi:"attr,allow-force-delete-workspaces,omitempty"`
 }
 
 // ReadRunQueueOptions represents the options for showing the queue.
 
@@ -565,7 +565,43 @@ func TestOrganizationsReadRunTasksEntitlement(t *testing.T) {
 		assert.NotEmpty(t, entitlements.ID)
 		assert.True(t, entitlements.RunTasks)
 	})
+}
+
+func TestOrganizationsAllowForceDeleteSetting(t *testing.T) {
+	skipIfNotCINode(t)
 
+	client := testClient(t)
+	ctx := context.Background()
+
+	t.Run("creates and updates allow force delete", func(t *testing.T) {
+		options := OrganizationCreateOptions{
+			Name:                       String(randomString(t)),
+			Email:                      String(randomString(t) + "@tfe.local"),
+			AllowForceDeleteWorkspaces: Bool(true),
+		}
+
+		org, err := client.Organizations.Create(ctx, options)
+		require.NoError(t, err)
+
+		t.Cleanup(func() {
+			err := client.Organizations.Delete(ctx, org.Name)
+			if err != nil {
+				t.Errorf("error deleting organization (%s): %s", org.Name, err)
+			}
+		})
+
+		assert.Equal(t, *options.Name, org.Name)
+		assert.Equal(t, *options.Email, org.Email)
+		assert.True(t, org.AllowForceDeleteWorkspaces)
+
+		org, err = client.Organizations.Update(ctx, org.Name, OrganizationUpdateOptions{AllowForceDeleteWorkspaces: Bool(false)})
+		require.NoError(t, err)
+		assert.False(t, org.AllowForceDeleteWorkspaces)
+
+		org, err = client.Organizations.Read(ctx, org.Name)
+		require.NoError(t, err)
+		assert.False(t, org.AllowForceDeleteWorkspaces)
+	})
 }
 
 func orgItemsContainsName(items []*Organization, name string) bool {
 
@@ -31,7 +31,7 @@ func TestPolicyChecksList(t *testing.T) {
 	defer policyCleanup2()
 	wTest, wsCleanup := createWorkspace(t, client, orgTest)
 	defer wsCleanup()
-	createPolicySet(t, client, orgTest, []*Policy{pTest1, pTest2}, []*Workspace{wTest})
+	createPolicySet(t, client, orgTest, []*Policy{pTest1, pTest2}, []*Workspace{wTest}, "")
 
 	rTest, runCleanup := createPolicyCheckedRun(t, client, wTest)
 	defer runCleanup()
@@ -95,7 +95,7 @@ func TestPolicyChecksRead(t *testing.T) {
 
 	pTest, _ := createUploadedPolicy(t, client, true, orgTest)
 	wTest, _ := createWorkspace(t, client, orgTest)
-	createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest})
+	createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest}, "")
 
 	rTest, _ := createPolicyCheckedRun(t, client, wTest)
 	require.Equal(t, 1, len(rTest.PolicyChecks))
@@ -142,7 +142,7 @@ func TestPolicyChecksOverride(t *testing.T) {
 
 		wTest, wTestCleanup := createWorkspace(t, client, orgTest)
 		defer wTestCleanup()
-		createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest})
+		createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest}, "")
 		rTest, tTestCleanup := createPolicyCheckedRun(t, client, wTest)
 		defer tTestCleanup()
 
@@ -167,7 +167,7 @@ func TestPolicyChecksOverride(t *testing.T) {
 
 		wTest, wTestCleanup := createWorkspace(t, client, orgTest)
 		defer wTestCleanup()
-		createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest})
+		createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest}, "")
 		rTest, rTestCleanup := createPolicyCheckedRun(t, client, wTest)
 		defer rTestCleanup()
 
@@ -201,7 +201,7 @@ func TestPolicyChecksLogs(t *testing.T) {
 	defer pTestCleanup()
 	wTest, wTestCleanup := createWorkspace(t, client, orgTest)
 	defer wTestCleanup()
-	createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest})
+	createPolicySet(t, client, orgTest, []*Policy{pTest}, []*Workspace{wTest}, "")
 
 	rTest, rTestCleanup := createPolicyCheckedRun(t, client, wTest)
 	defer rTestCleanup()
 
@@ -10,6 +10,15 @@ import (
 // Compile-time proof of interface implementation.
 var _ PolicySets = (*policySets)(nil)
 
+// PolicyKind is an indicator of the underlying technology that the policy or policy set supports.
+// There are two kinds documented in the enum.
+type PolicyKind string
+
+const (
+	OPA      PolicyKind = "opa"
+	Sentinel PolicyKind = "sentinel"
+)
+
 // PolicySets describes all the policy set related methods that the Terraform
 // Enterprise API supports.
 //
@@ -61,16 +70,18 @@ type PolicySetList struct {
 
 // PolicySet represents a Terraform Enterprise policy set.
 type PolicySet struct {
-	ID             string    `jsonapi:"primary,policy-sets"`
-	Name           string    `jsonapi:"attr,name"`
-	Description    string    `jsonapi:"attr,description"`
-	Global         bool      `jsonapi:"attr,global"`
-	PoliciesPath   string    `jsonapi:"attr,policies-path"`
-	PolicyCount    int       `jsonapi:"attr,policy-count"`
-	VCSRepo        *VCSRepo  `jsonapi:"attr,vcs-repo"`
-	WorkspaceCount int       `jsonapi:"attr,workspace-count"`
-	CreatedAt      time.Time `jsonapi:"attr,created-at,iso8601"`
-	UpdatedAt      time.Time `jsonapi:"attr,updated-at,iso8601"`
+	ID             string     `jsonapi:"primary,policy-sets"`
+	Name           string     `jsonapi:"attr,name"`
+	Description    string     `jsonapi:"attr,description"`
+	Kind           PolicyKind `jsonapi:"attr,kind"`
+	Overridable    *bool      `jsonapi:"attr,overridable"`
+	Global         bool       `jsonapi:"attr,global"`
+	PoliciesPath   string     `jsonapi:"attr,policies-path"`
+	PolicyCount    int        `jsonapi:"attr,policy-count"`
+	VCSRepo        *VCSRepo   `jsonapi:"attr,vcs-repo"`
+	WorkspaceCount int        `jsonapi:"attr,workspace-count"`
+	CreatedAt      time.Time  `jsonapi:"attr,created-at,iso8601"`
+	UpdatedAt      time.Time  `jsonapi:"attr,updated-at,iso8601"`
 
 	// Relations
 	// The organization to which the policy set belongs to.
@@ -105,6 +116,10 @@ type PolicySetListOptions struct {
 	// Optional: A search string (partial policy set name) used to filter the results.
 	Search string `url:"search[name],omitempty"`
 
+	// **Note: This field is still in BETA and subject to change.**
+	// Optional: A kind string used to filter the results by the policy set kind.
+	Kind PolicyKind `url:"filter[kind],omitempty"`
+
 	// Optional: A list of relations to include. See available resources
 	// https://www.terraform.io/cloud-docs/api-docs/policy-sets#available-related-resources
 	Include []PolicySetIncludeOpt `url:"include,omitempty"`
@@ -136,6 +151,14 @@ type PolicySetCreateOptions struct {
 	// Optional: Whether or not the policy set is global.
 	Global *bool `jsonapi:"attr,global,omitempty"`
 
+	// **Note: This field is still in BETA and subject to change.**
+	// Optional: The underlying technology that the policy set supports
+	Kind PolicyKind `jsonapi:"attr,kind,omitempty"`
+
+	// **Note: This field is still in BETA and subject to change.**
+	// Optional: Whether or not users can override this policy when it fails during a run. Only valid for OPA policies.
+	Overridable *bool `jsonapi:"attr,overridable,omitempty"`
+
 	// Optional: The sub-path within the attached VCS repository to ingress. All
 	// files and directories outside of this sub-path will be ignored.
 	// This option may only be specified when a VCS repo is present.