According to HCP Terraform API Token docs you should be able to get a User API Token that has all permissions of the User.
I am on HCP Terrafor Standard tier. As my User in my created org, I can go into HCP Terraform and view and create variable sets. I am running Terrraform via HCP Terraform from a GitHub Actions pipeline, and it can use my User API token to authenticate and view my org via data source.
However, my token does not allow me to access anything beyond the org itself, contrary to the documentation.
I have a pretty simple config to use tfe provider to create a var set (shortened for simplicity):
data "tfe_organization" "hcp_organization" {
name = var.tfe_organization
}
resource "tfe_variable_set" "my_variable_set" {
organization = data.tfe_organization.hcp_organization.name
}
Running this config gives this error from the line creating the var set: "Error creating variable set <my_variable_set>, for organization: <my_org>: resource not found"
Debugging this via curl, I use the user token in this: curl -H "Authorization: Bearer $TFE_TOKEN" https://app.terraform.io/api/v2/organizations/<my_org>/variable-sets and get {"errors":[{"status":"404","title":"not found"}]}
From what I can find, this is likely due to permissions on the API Token, but that begs the question how can I actually get a User token that does what the docs say and gives me matching permissions, including permissions to perform mutations on my HCP org via tfe provider?
I have been at a loss for a few days with no response from Terraform support and am wondering if you need to have an Enterprise account to make this work or something.
