Description
Use-cases
We want to manage our trigger_patterns in a terraform monorepo scenario, without giving engineers access to create new terraform workspaces.
Attempted Solutions
We currently have a deps.json file that is created via a pre-commit hook that automatically computes a mapping of workspaces -> local module dependencies. If this file changes our terraform cloud workspace is planned and applied, but because of the sensitivity around creating workspaces due to the heavy use of OIDC auth, we don't auto apply this workspace and require our infra engineers to apply changes here.
We could manage these resources outside of terraform and just ignore_changes completely on the trigger patterns but it would be nice to have the plans and apply audit that terraform provides out of the box.
Proposal
add trigger_patterns to tfe_workspace_settings. this way you could have a workspace that only manages your trigger_patterns that gets auto applied on any changes to dependencies, while not having access to create tfe_workspace resources (enforce via codeowners or sentinel).