lex-tfe 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 70b7f70e681039dbaccf9544ca6a99eba1506c8918fb3b01245e4d4c6e7e971e
+  data.tar.gz: 44fac6f7f48a727df2d5d416b62c7f2572216434817560d0db75d9d323ba4084
+SHA512:
+  metadata.gz: 618c76447a6b4091b56c77c85ee47c4c651239bdc242fef20d6d0eb01b60170e876ceb07c5d4d3149d5effdaebf72c9db140e883fc733936699322876dbac559
+  data.tar.gz: 8486d8c5fae9938417fbde075d0153fbb0633087f9cf1f45586039a8ed805e006de90167ba761958f78f75d31052899a63c9979efcfb9b91fbe9ada6b60eb07e

data/.github/workflows/ci.yml

@@ -0,0 +1,16 @@
+name: CI
+on:
+  push:
+    branches: [main]
+  pull_request:
+
+jobs:
+  ci:
+    uses: LegionIO/.github/.github/workflows/ci.yml@main
+
+  release:
+    needs: ci
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    uses: LegionIO/.github/.github/workflows/release.yml@main
+    secrets:
+      rubygems-api-key: ${{ secrets.RUBYGEMS_API_KEY }}

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.rubocop.yml

@@ -0,0 +1,57 @@
+AllCops:
+  TargetRubyVersion: 3.4
+  NewCops: enable
+  SuggestExtensions: false
+
+Layout/LineLength:
+  Max: 160
+
+Layout/SpaceAroundEqualsInParameterDefault:
+  EnforcedStyle: space
+
+Layout/HashAlignment:
+  EnforcedHashRocketStyle: table
+  EnforcedColonStyle: table
+
+Metrics/MethodLength:
+  Max: 50
+
+Metrics/ClassLength:
+  Max: 1500
+
+Metrics/ModuleLength:
+  Max: 1500
+
+Metrics/BlockLength:
+  Max: 40
+  Exclude:
+    - 'spec/**/*'
+
+Metrics/ParameterLists:
+  Max: 8
+
+Metrics/AbcSize:
+  Max: 60
+
+Metrics/CyclomaticComplexity:
+  Max: 15
+
+Metrics/PerceivedComplexity:
+  Max: 17
+
+Style/Documentation:
+  Enabled: false
+
+Style/SymbolArray:
+  Enabled: true
+
+Style/FrozenStringLiteralComment:
+  Enabled: true
+  EnforcedStyle: always
+
+Naming/FileName:
+  Enabled: false
+
+Naming/MethodParameterName:
+  AllowedNames:
+    - id

data/CHANGELOG.md

@@ -0,0 +1,11 @@
+# Changelog
+
+## [0.1.0]
+
+### Added
+- Initial release
+- Runners: Workspaces, Runs, Plans, Applies, Variables, VariableSets, Projects, Organizations, StateVersions, PolicySets
+- Standalone Client class with configurable url, token, and read_only
+- Read-only mode support via ReadOnlyError on mutating operations
+- Bearer token authentication
+- JSON:API content type support

data/Gemfile

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+gemspec
+
+group :test do
+  gem 'rake'
+  gem 'rspec'
+  gem 'rspec_junit_formatter'
+  gem 'rubocop'
+  gem 'simplecov'
+end

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Matthew Iverson
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,186 @@
+# lex-tfe
+
+LegionIO Extension for Terraform Enterprise (TFE) and HCP Terraform. Provides runners for managing workspaces, runs, plans, applies, variables, variable sets, projects, organizations, state versions, and policy sets via the TFE REST API v2.
+
+## Installation
+
+Add to your Gemfile:
+
+```ruby
+gem 'lex-tfe'
+```
+
+Or install directly:
+
+```bash
+gem install lex-tfe
+```
+
+## Configuration
+
+Settings are read from `Legion::Settings[:extensions][:tfe]` when running inside the LegionIO framework:
+
+| Setting    | Description                                           | Default                        |
+|------------|-------------------------------------------------------|--------------------------------|
+| `url`      | TFE/HCP Terraform base URL                            | `https://app.terraform.io`     |
+| `token`    | API token (Bearer auth)                               | `nil`                          |
+| `read_only`| Prevent create/update/delete operations               | `false`                        |
+
+Supported base URLs:
+- `https://app.terraform.io` — HCP Terraform (SaaS)
+- `https://terraform.uhg.com` — UHG app team TFE cluster
+- `https://tfe-arc.uhg.com` — UHG Grid platform TFE cluster
+- Any custom TFE instance
+
+## Standalone Client Usage
+
+```ruby
+require 'lex-tfe'
+
+client = Legion::Extensions::Tfe::Client.new(
+  url:       'https://terraform.uhg.com',
+  token:     'your-api-token',
+  read_only: false
+)
+
+# List workspaces in an organization
+client.list(organization: 'my-org')
+
+# Get a specific workspace
+client.get(workspace_id: 'ws-abc123')
+
+# Create a workspace
+client.create(organization: 'my-org', name: 'new-workspace', auto_apply: true)
+
+# Trigger a run
+client.create_run(workspace_id: 'ws-abc123', message: 'triggered by CI', auto_apply: true)
+
+# List variables
+client.list_variables(workspace_id: 'ws-abc123')
+
+# Create a variable
+client.create_variable(
+  workspace_id: 'ws-abc123',
+  key:          'AWS_REGION',
+  value:        'us-east-2',
+  category:     'env'
+)
+```
+
+### Read-only mode
+
+```ruby
+client = Legion::Extensions::Tfe::Client.new(
+  url:       'https://terraform.uhg.com',
+  token:     'read-only-token',
+  read_only: true
+)
+
+# Safe - read operations work normally
+client.list(organization: 'my-org')
+
+# Raises Legion::Extensions::Tfe::ReadOnlyError
+client.create(organization: 'my-org', name: 'ws', read_only: client.opts[:read_only])
+```
+
+## Runners
+
+### Workspaces
+
+| Method      | Description                            |
+|-------------|----------------------------------------|
+| `list`      | List workspaces in an organization     |
+| `get`       | Get a workspace by ID                  |
+| `create`    | Create a workspace                     |
+| `update`    | Update a workspace                     |
+| `delete`    | Delete a workspace                     |
+| `lock`      | Lock a workspace                       |
+| `unlock`    | Unlock a workspace                     |
+
+### Runs
+
+| Method        | Description                     |
+|---------------|---------------------------------|
+| `list_runs`   | List runs for a workspace       |
+| `get_run`     | Get a run by ID                 |
+| `create_run`  | Queue a new run                 |
+| `apply_run`   | Apply a run                     |
+| `discard_run` | Discard a run                   |
+| `cancel_run`  | Cancel a run                    |
+
+### Plans
+
+| Method                 | Description                  |
+|------------------------|------------------------------|
+| `get_plan`             | Get a plan by ID             |
+| `get_plan_json_output` | Get the plan JSON output     |
+| `get_plan_log`         | Get the plan log             |
+
+### Applies
+
+| Method          | Description             |
+|-----------------|-------------------------|
+| `get_apply`     | Get an apply by ID      |
+| `get_apply_log` | Get the apply log       |
+
+### Variables
+
+| Method             | Description                       |
+|--------------------|-----------------------------------|
+| `list_variables`   | List workspace variables          |
+| `create_variable`  | Create a workspace variable       |
+| `update_variable`  | Update a workspace variable       |
+| `delete_variable`  | Delete a workspace variable       |
+
+### Variable Sets
+
+| Method                  | Description                              |
+|-------------------------|------------------------------------------|
+| `list_variable_sets`    | List variable sets in an organization    |
+| `get_variable_set`      | Get a variable set by ID                 |
+| `create_variable_set`   | Create a variable set                    |
+| `update_variable_set`   | Update a variable set                    |
+| `delete_variable_set`   | Delete a variable set                    |
+| `list_varset_variables` | List variables in a variable set         |
+| `add_varset_variable`   | Add a variable to a variable set         |
+
+### Projects
+
+| Method           | Description                          |
+|------------------|--------------------------------------|
+| `list_projects`  | List projects in an organization     |
+| `get_project`    | Get a project by ID                  |
+| `create_project` | Create a project                     |
+| `update_project` | Update a project                     |
+| `delete_project` | Delete a project                     |
+
+### Organizations
+
+| Method               | Description              |
+|----------------------|--------------------------|
+| `list_organizations` | List all organizations   |
+| `get_organization`   | Get an organization      |
+
+### State Versions
+
+| Method                    | Description                             |
+|---------------------------|-----------------------------------------|
+| `list_state_versions`     | List state versions for a workspace     |
+| `get_state_version`       | Get a state version by ID               |
+| `get_current_state_version` | Get the current state version         |
+
+### Policy Sets
+
+| Method                      | Description                                 |
+|-----------------------------|---------------------------------------------|
+| `list_policy_sets`          | List policy sets in an organization         |
+| `get_policy_set`            | Get a policy set by ID                      |
+| `list_workspace_policy_sets`| List policy sets attached to a workspace    |
+
+## Development
+
+```bash
+bundle install
+bundle exec rspec
+bundle exec rubocop
+```

data/lex-tfe.gemspec

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+require_relative 'lib/legion/extensions/tfe/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'lex-tfe'
+  spec.version       = Legion::Extensions::Tfe::VERSION
+  spec.authors       = ['Matthew Iverson']
+  spec.email         = ['matthewdiverson@gmail.com']
+
+  spec.summary       = 'LEX TFE'
+  spec.description   = 'Connects LegionIO to Terraform Enterprise / HCP Terraform'
+  spec.homepage      = 'https://github.com/LegionIO/lex-tfe'
+  spec.license       = 'MIT'
+  spec.required_ruby_version = '>= 3.4'
+
+  spec.metadata['homepage_uri']        = spec.homepage
+  spec.metadata['source_code_uri']     = 'https://github.com/LegionIO/lex-tfe'
+  spec.metadata['documentation_uri']   = 'https://github.com/LegionIO/lex-tfe'
+  spec.metadata['changelog_uri']       = 'https://github.com/LegionIO/lex-tfe'
+  spec.metadata['bug_tracker_uri']     = 'https://github.com/LegionIO/lex-tfe/issues'
+  spec.metadata['rubygems_mfa_required'] = 'true'
+
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'faraday', '>= 2.0'
+end

data/lib/legion/extensions/tfe/client.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+require 'legion/extensions/tfe/helpers/client'
+require 'legion/extensions/tfe/runners/workspaces'
+require 'legion/extensions/tfe/runners/runs'
+require 'legion/extensions/tfe/runners/plans'
+require 'legion/extensions/tfe/runners/applies'
+require 'legion/extensions/tfe/runners/variables'
+require 'legion/extensions/tfe/runners/variable_sets'
+require 'legion/extensions/tfe/runners/projects'
+require 'legion/extensions/tfe/runners/organizations'
+require 'legion/extensions/tfe/runners/state_versions'
+require 'legion/extensions/tfe/runners/policy_sets'
+
+module Legion
+  module Extensions
+    module Tfe
+      class Client
+        include Helpers::Client
+        include Runners::Workspaces
+        include Runners::Runs
+        include Runners::Plans
+        include Runners::Applies
+        include Runners::Variables
+        include Runners::VariableSets
+        include Runners::Projects
+        include Runners::Organizations
+        include Runners::StateVersions
+        include Runners::PolicySets
+
+        attr_reader :opts
+
+        def initialize(url: 'https://app.terraform.io', token: nil, read_only: false, **extra)
+          @opts = { url: url, token: token, read_only: read_only, **extra }
+        end
+
+        def connection(**override)
+          super(**@opts.merge(override.compact))
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/tfe/errors.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module Legion
+  module Extensions
+    module Tfe
+      class ReadOnlyError < StandardError; end
+    end
+  end
+end

data/lib/legion/extensions/tfe/helpers/client.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+require 'faraday'
+
+module Legion
+  module Extensions
+    module Tfe
+      module Helpers
+        module Client
+          def connection(url: 'https://app.terraform.io', token: nil, **_opts)
+            Faraday.new(url: url) do |conn|
+              conn.request :json
+              conn.response :json, content_type: /\bjson$/
+              conn.headers['Authorization'] = "Bearer #{token}" if token
+              conn.headers['Content-Type'] = 'application/vnd.api+json'
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/tfe/runners/applies.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+require 'legion/extensions/tfe/helpers/client'
+
+module Legion
+  module Extensions
+    module Tfe
+      module Runners
+        module Applies
+          include Legion::Extensions::Tfe::Helpers::Client
+
+          def get_apply(apply_id:, url: nil, token: nil, **)
+            resp = connection(url: url, token: token).get("/api/v2/applies/#{apply_id}")
+            resp.body
+          end
+
+          def get_apply_log(apply_id:, url: nil, token: nil, **)
+            resp = connection(url: url, token: token).get("/api/v2/applies/#{apply_id}/log-read")
+            resp.body
+          end
+
+          include Legion::Extensions::Helpers::Lex if Legion::Extensions.const_defined?(:Helpers) &&
+                                                      Legion::Extensions::Helpers.const_defined?(:Lex)
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/tfe/runners/organizations.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+require 'legion/extensions/tfe/helpers/client'
+
+module Legion
+  module Extensions
+    module Tfe
+      module Runners
+        module Organizations
+          include Legion::Extensions::Tfe::Helpers::Client
+
+          def list_organizations(url: nil, token: nil, **)
+            resp = connection(url: url, token: token).get('/api/v2/organizations')
+            resp.body
+          end
+
+          def get_organization(organization:, url: nil, token: nil, **)
+            resp = connection(url: url, token: token).get("/api/v2/organizations/#{organization}")
+            resp.body
+          end
+
+          include Legion::Extensions::Helpers::Lex if Legion::Extensions.const_defined?(:Helpers) &&
+                                                      Legion::Extensions::Helpers.const_defined?(:Lex)
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/tfe/runners/plans.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require 'legion/extensions/tfe/helpers/client'
+
+module Legion
+  module Extensions
+    module Tfe
+      module Runners
+        module Plans
+          include Legion::Extensions::Tfe::Helpers::Client
+
+          def get_plan(plan_id:, url: nil, token: nil, **)
+            resp = connection(url: url, token: token).get("/api/v2/plans/#{plan_id}")
+            resp.body
+          end
+
+          def get_plan_json_output(plan_id:, url: nil, token: nil, **)
+            resp = connection(url: url, token: token).get("/api/v2/plans/#{plan_id}/json-output")
+            resp.body
+          end
+
+          def get_plan_log(plan_id:, url: nil, token: nil, **)
+            resp = connection(url: url, token: token).get("/api/v2/plans/#{plan_id}/log-read")
+            resp.body
+          end
+
+          include Legion::Extensions::Helpers::Lex if Legion::Extensions.const_defined?(:Helpers) &&
+                                                      Legion::Extensions::Helpers.const_defined?(:Lex)
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/tfe/runners/policy_sets.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require 'legion/extensions/tfe/helpers/client'
+
+module Legion
+  module Extensions
+    module Tfe
+      module Runners
+        module PolicySets
+          include Legion::Extensions::Tfe::Helpers::Client
+
+          def list_policy_sets(organization:, url: nil, token: nil, **)
+            resp = connection(url: url, token: token).get("/api/v2/organizations/#{organization}/policy-sets")
+            resp.body
+          end
+
+          def get_policy_set(policy_set_id:, url: nil, token: nil, **)
+            resp = connection(url: url, token: token).get("/api/v2/policy-sets/#{policy_set_id}")
+            resp.body
+          end
+
+          def list_workspace_policy_sets(workspace_id:, url: nil, token: nil, **)
+            resp = connection(url: url, token: token).get("/api/v2/workspaces/#{workspace_id}/relationships/policy-sets")
+            resp.body
+          end
+
+          include Legion::Extensions::Helpers::Lex if Legion::Extensions.const_defined?(:Helpers) &&
+                                                      Legion::Extensions::Helpers.const_defined?(:Lex)
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/tfe/runners/projects.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+require 'legion/extensions/tfe/errors'
+require 'legion/extensions/tfe/helpers/client'
+
+module Legion
+  module Extensions
+    module Tfe
+      module Runners
+        module Projects
+          include Legion::Extensions::Tfe::Helpers::Client
+
+          def list_projects(organization:, url: nil, token: nil, **)
+            resp = connection(url: url, token: token).get("/api/v2/organizations/#{organization}/projects")
+            resp.body
+          end
+
+          def get_project(project_id:, url: nil, token: nil, **)
+            resp = connection(url: url, token: token).get("/api/v2/projects/#{project_id}")
+            resp.body
+          end
+
+          def create_project(organization:, name:, url: nil, token: nil, read_only: false, **)
+            raise ReadOnlyError, 'Write operations disabled (read_only mode)' if read_only
+
+            payload = { data: { type: 'projects', attributes: { name: name } } }
+            resp = connection(url: url, token: token).post("/api/v2/organizations/#{organization}/projects", payload)
+            resp.body
+          end
+
+          def update_project(project_id:, url: nil, token: nil, read_only: false, **attrs)
+            raise ReadOnlyError, 'Write operations disabled (read_only mode)' if read_only
+
+            payload = { data: { type: 'projects', attributes: attrs } }
+            resp = connection(url: url, token: token).patch("/api/v2/projects/#{project_id}", payload)
+            resp.body
+          end
+
+          def delete_project(project_id:, url: nil, token: nil, read_only: false, **)
+            raise ReadOnlyError, 'Write operations disabled (read_only mode)' if read_only
+
+            connection(url: url, token: token).delete("/api/v2/projects/#{project_id}")
+          end
+
+          include Legion::Extensions::Helpers::Lex if Legion::Extensions.const_defined?(:Helpers) &&
+                                                      Legion::Extensions::Helpers.const_defined?(:Lex)
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/tfe/runners/runs.rb

@@ -0,0 +1,72 @@
+# frozen_string_literal: true
+
+require 'legion/extensions/tfe/errors'
+require 'legion/extensions/tfe/helpers/client'
+
+module Legion
+  module Extensions
+    module Tfe
+      module Runners
+        module Runs
+          include Legion::Extensions::Tfe::Helpers::Client
+
+          def list_runs(workspace_id:, url: nil, token: nil, page: 1, per_page: 20, **)
+            params = { 'page[number]' => page, 'page[size]' => per_page }
+            resp = connection(url: url, token: token).get("/api/v2/workspaces/#{workspace_id}/runs", params)
+            resp.body
+          end
+
+          def get_run(run_id:, url: nil, token: nil, **)
+            resp = connection(url: url, token: token).get("/api/v2/runs/#{run_id}")
+            resp.body
+          end
+
+          def create_run(workspace_id:, url: nil, token: nil, read_only: false, message: nil, auto_apply: false, **)
+            raise ReadOnlyError, 'Write operations disabled (read_only mode)' if read_only
+
+            attrs = { auto_apply: auto_apply }
+            attrs[:message] = message if message
+            payload = {
+              data: {
+                type:          'runs',
+                attributes:    attrs,
+                relationships: {
+                  workspace: { data: { type: 'workspaces', id: workspace_id } }
+                }
+              }
+            }
+            resp = connection(url: url, token: token).post('/api/v2/runs', payload)
+            resp.body
+          end
+
+          def apply_run(run_id:, url: nil, token: nil, read_only: false, comment: nil, **)
+            raise ReadOnlyError, 'Write operations disabled (read_only mode)' if read_only
+
+            payload = comment ? { comment: comment } : {}
+            resp = connection(url: url, token: token).post("/api/v2/runs/#{run_id}/actions/apply", payload)
+            resp.body
+          end
+
+          def discard_run(run_id:, url: nil, token: nil, read_only: false, comment: nil, **)
+            raise ReadOnlyError, 'Write operations disabled (read_only mode)' if read_only
+
+            payload = comment ? { comment: comment } : {}
+            resp = connection(url: url, token: token).post("/api/v2/runs/#{run_id}/actions/discard", payload)
+            resp.body
+          end
+
+          def cancel_run(run_id:, url: nil, token: nil, read_only: false, comment: nil, **)
+            raise ReadOnlyError, 'Write operations disabled (read_only mode)' if read_only
+
+            payload = comment ? { comment: comment } : {}
+            resp = connection(url: url, token: token).post("/api/v2/runs/#{run_id}/actions/cancel", payload)
+            resp.body
+          end
+
+          include Legion::Extensions::Helpers::Lex if Legion::Extensions.const_defined?(:Helpers) &&
+                                                      Legion::Extensions::Helpers.const_defined?(:Lex)
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/tfe/runners/state_versions.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+require 'legion/extensions/tfe/helpers/client'
+
+module Legion
+  module Extensions
+    module Tfe
+      module Runners
+        module StateVersions
+          include Legion::Extensions::Tfe::Helpers::Client
+
+          def list_state_versions(workspace_id:, url: nil, token: nil, **)
+            params = { 'filter[workspace][name]' => workspace_id }
+            resp = connection(url: url, token: token).get('/api/v2/state-versions', params)
+            resp.body
+          end
+
+          def get_state_version(state_version_id:, url: nil, token: nil, **)
+            resp = connection(url: url, token: token).get("/api/v2/state-versions/#{state_version_id}")
+            resp.body
+          end
+
+          def get_current_state_version(workspace_id:, url: nil, token: nil, **)
+            resp = connection(url: url, token: token).get("/api/v2/workspaces/#{workspace_id}/current-state-version")
+            resp.body
+          end
+
+          include Legion::Extensions::Helpers::Lex if Legion::Extensions.const_defined?(:Helpers) &&
+                                                      Legion::Extensions::Helpers.const_defined?(:Lex)
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/tfe/runners/variable_sets.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+require 'legion/extensions/tfe/errors'
+require 'legion/extensions/tfe/helpers/client'
+
+module Legion
+  module Extensions
+    module Tfe
+      module Runners
+        module VariableSets
+          include Legion::Extensions::Tfe::Helpers::Client
+
+          def list_variable_sets(organization:, url: nil, token: nil, **)
+            resp = connection(url: url, token: token).get("/api/v2/organizations/#{organization}/varsets")
+            resp.body
+          end
+
+          def get_variable_set(variable_set_id:, url: nil, token: nil, **)
+            resp = connection(url: url, token: token).get("/api/v2/varsets/#{variable_set_id}")
+            resp.body
+          end
+
+          def create_variable_set(organization:, name:, url: nil, token: nil, read_only: false, **attrs)
+            raise ReadOnlyError, 'Write operations disabled (read_only mode)' if read_only
+
+            payload = { data: { type: 'varsets', attributes: { name: name }.merge(attrs) } }
+            resp = connection(url: url, token: token).post("/api/v2/organizations/#{organization}/varsets", payload)
+            resp.body
+          end
+
+          def update_variable_set(variable_set_id:, url: nil, token: nil, read_only: false, **attrs)
+            raise ReadOnlyError, 'Write operations disabled (read_only mode)' if read_only
+
+            payload = { data: { type: 'varsets', attributes: attrs } }
+            resp = connection(url: url, token: token).patch("/api/v2/varsets/#{variable_set_id}", payload)
+            resp.body
+          end
+
+          def delete_variable_set(variable_set_id:, url: nil, token: nil, read_only: false, **)
+            raise ReadOnlyError, 'Write operations disabled (read_only mode)' if read_only
+
+            connection(url: url, token: token).delete("/api/v2/varsets/#{variable_set_id}")
+          end
+
+          def list_varset_variables(variable_set_id:, url: nil, token: nil, **)
+            resp = connection(url: url, token: token).get("/api/v2/varsets/#{variable_set_id}/relationships/vars")
+            resp.body
+          end
+
+          def add_varset_variable(variable_set_id:, key:, value:, url: nil, token: nil, read_only: false, **attrs)
+            raise ReadOnlyError, 'Write operations disabled (read_only mode)' if read_only
+
+            var_attrs = { key: key, value: value, category: 'terraform' }.merge(attrs)
+            payload = { data: { type: 'vars', attributes: var_attrs } }
+            resp = connection(url: url, token: token).post("/api/v2/varsets/#{variable_set_id}/relationships/vars",
+                                                           payload)
+            resp.body
+          end
+
+          include Legion::Extensions::Helpers::Lex if Legion::Extensions.const_defined?(:Helpers) &&
+                                                      Legion::Extensions::Helpers.const_defined?(:Lex)
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/tfe/runners/variables.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+require 'legion/extensions/tfe/errors'
+require 'legion/extensions/tfe/helpers/client'
+
+module Legion
+  module Extensions
+    module Tfe
+      module Runners
+        module Variables
+          include Legion::Extensions::Tfe::Helpers::Client
+
+          def list_variables(workspace_id:, url: nil, token: nil, **)
+            resp = connection(url: url, token: token).get("/api/v2/workspaces/#{workspace_id}/vars")
+            resp.body
+          end
+
+          # category: 'terraform' or 'env'
+          # sensitive: true/false
+          # hcl: true/false
+          def create_variable(workspace_id:, key:, value:, url: nil, token: nil, read_only: false, **attrs)
+            raise ReadOnlyError, 'Write operations disabled (read_only mode)' if read_only
+
+            var_attrs = { key: key, value: value, category: 'terraform', sensitive: false, hcl: false }.merge(attrs)
+            payload = {
+              data: {
+                type:          'vars',
+                attributes:    var_attrs,
+                relationships: {
+                  workspace: { data: { type: 'workspaces', id: workspace_id } }
+                }
+              }
+            }
+            resp = connection(url: url, token: token).post('/api/v2/vars', payload)
+            resp.body
+          end
+
+          def update_variable(variable_id:, url: nil, token: nil, read_only: false, **attrs)
+            raise ReadOnlyError, 'Write operations disabled (read_only mode)' if read_only
+
+            payload = { data: { type: 'vars', id: variable_id, attributes: attrs } }
+            resp = connection(url: url, token: token).patch("/api/v2/vars/#{variable_id}", payload)
+            resp.body
+          end
+
+          def delete_variable(variable_id:, url: nil, token: nil, read_only: false, **)
+            raise ReadOnlyError, 'Write operations disabled (read_only mode)' if read_only
+
+            connection(url: url, token: token).delete("/api/v2/vars/#{variable_id}")
+          end
+
+          include Legion::Extensions::Helpers::Lex if Legion::Extensions.const_defined?(:Helpers) &&
+                                                      Legion::Extensions::Helpers.const_defined?(:Lex)
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/tfe/runners/workspaces.rb

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+require 'legion/extensions/tfe/errors'
+require 'legion/extensions/tfe/helpers/client'
+
+module Legion
+  module Extensions
+    module Tfe
+      module Runners
+        module Workspaces
+          include Legion::Extensions::Tfe::Helpers::Client
+
+          def list(organization:, url: nil, token: nil, page: 1, per_page: 20, search: nil, **)
+            params = { 'page[number]' => page, 'page[size]' => per_page }
+            params['search[name]'] = search if search
+            resp = connection(url: url, token: token).get("/api/v2/organizations/#{organization}/workspaces", params)
+            resp.body
+          end
+
+          def get(workspace_id:, url: nil, token: nil, **)
+            resp = connection(url: url, token: token).get("/api/v2/workspaces/#{workspace_id}")
+            resp.body
+          end
+
+          def create(organization:, name:, url: nil, token: nil, read_only: false, **attrs)
+            raise ReadOnlyError, 'Write operations disabled (read_only mode)' if read_only
+
+            payload = { data: { type: 'workspaces', attributes: { name: name }.merge(attrs) } }
+            resp = connection(url: url, token: token).post("/api/v2/organizations/#{organization}/workspaces", payload)
+            resp.body
+          end
+
+          def update(workspace_id:, url: nil, token: nil, read_only: false, **attrs)
+            raise ReadOnlyError, 'Write operations disabled (read_only mode)' if read_only
+
+            payload = { data: { type: 'workspaces', attributes: attrs } }
+            resp = connection(url: url, token: token).patch("/api/v2/workspaces/#{workspace_id}", payload)
+            resp.body
+          end
+
+          def delete(workspace_id:, url: nil, token: nil, read_only: false, **)
+            raise ReadOnlyError, 'Write operations disabled (read_only mode)' if read_only
+
+            connection(url: url, token: token).delete("/api/v2/workspaces/#{workspace_id}")
+          end
+
+          def lock(workspace_id:, reason: nil, url: nil, token: nil, read_only: false, **)
+            raise ReadOnlyError, 'Write operations disabled (read_only mode)' if read_only
+
+            payload = reason ? { reason: reason } : {}
+            resp = connection(url: url, token: token).post("/api/v2/workspaces/#{workspace_id}/actions/lock", payload)
+            resp.body
+          end
+
+          def unlock(workspace_id:, url: nil, token: nil, read_only: false, **)
+            raise ReadOnlyError, 'Write operations disabled (read_only mode)' if read_only
+
+            resp = connection(url: url, token: token).post("/api/v2/workspaces/#{workspace_id}/actions/unlock")
+            resp.body
+          end
+
+          include Legion::Extensions::Helpers::Lex if Legion::Extensions.const_defined?(:Helpers) &&
+                                                      Legion::Extensions::Helpers.const_defined?(:Lex)
+        end
+      end
+    end
+  end
+end

data/lib/legion/extensions/tfe/version.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module Legion
+  module Extensions
+    module Tfe
+      VERSION = '0.1.0'
+    end
+  end
+end

data/lib/legion/extensions/tfe.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+require 'legion/extensions/tfe/version'
+require 'legion/extensions/tfe/errors'
+require 'legion/extensions/tfe/helpers/client'
+require 'legion/extensions/tfe/runners/workspaces'
+require 'legion/extensions/tfe/runners/runs'
+require 'legion/extensions/tfe/runners/plans'
+require 'legion/extensions/tfe/runners/applies'
+require 'legion/extensions/tfe/runners/variables'
+require 'legion/extensions/tfe/runners/variable_sets'
+require 'legion/extensions/tfe/runners/projects'
+require 'legion/extensions/tfe/runners/organizations'
+require 'legion/extensions/tfe/runners/state_versions'
+require 'legion/extensions/tfe/runners/policy_sets'
+require 'legion/extensions/tfe/client'
+
+module Legion
+  module Extensions
+    module Tfe
+      extend Legion::Extensions::Core if Legion::Extensions.const_defined? :Core
+    end
+  end
+end

metadata

@@ -0,0 +1,83 @@
+--- !ruby/object:Gem::Specification
+name: lex-tfe
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Matthew Iverson
+bindir: bin
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.0'
+description: Connects LegionIO to Terraform Enterprise / HCP Terraform
+email:
+- matthewdiverson@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".github/workflows/ci.yml"
+- ".rspec"
+- ".rubocop.yml"
+- CHANGELOG.md
+- Gemfile
+- LICENSE
+- README.md
+- lex-tfe.gemspec
+- lib/legion/extensions/tfe.rb
+- lib/legion/extensions/tfe/client.rb
+- lib/legion/extensions/tfe/errors.rb
+- lib/legion/extensions/tfe/helpers/client.rb
+- lib/legion/extensions/tfe/runners/applies.rb
+- lib/legion/extensions/tfe/runners/organizations.rb
+- lib/legion/extensions/tfe/runners/plans.rb
+- lib/legion/extensions/tfe/runners/policy_sets.rb
+- lib/legion/extensions/tfe/runners/projects.rb
+- lib/legion/extensions/tfe/runners/runs.rb
+- lib/legion/extensions/tfe/runners/state_versions.rb
+- lib/legion/extensions/tfe/runners/variable_sets.rb
+- lib/legion/extensions/tfe/runners/variables.rb
+- lib/legion/extensions/tfe/runners/workspaces.rb
+- lib/legion/extensions/tfe/version.rb
+homepage: https://github.com/LegionIO/lex-tfe
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/LegionIO/lex-tfe
+  source_code_uri: https://github.com/LegionIO/lex-tfe
+  documentation_uri: https://github.com/LegionIO/lex-tfe
+  changelog_uri: https://github.com/LegionIO/lex-tfe
+  bug_tracker_uri: https://github.com/LegionIO/lex-tfe/issues
+  rubygems_mfa_required: 'true'
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '3.4'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.6.9
+specification_version: 4
+summary: LEX TFE
+test_files: []