Add UserTokensEnabled field for Organizations

Author: JarrettSpiker

CHANGELOG.md

@@ -1,5 +1,8 @@
 # Unreleased
 
+## Enhancements
+* Adds `UserTokensEnabled` field to `Organization` to support enabling/disabling user tokens for an organization by @JarrettSpiker [#???](https://github.com/hashicorp/go-tfe/pull/??)
+
 # v1.91.1
 
 ## Bug Fixes

organization.go

@@ -116,6 +116,7 @@ type Organization struct {
 	SendPassingStatusesForUntriggeredSpeculativePlans bool                     `jsonapi:"attr,send-passing-statuses-for-untriggered-speculative-plans"`
 	RemainingTestableCount                            int                      `jsonapi:"attr,remaining-testable-count"`
 	SpeculativePlanManagementEnabled                  bool                     `jsonapi:"attr,speculative-plan-management-enabled"`
+	UserTokensEnabled                                 bool                     `jsonapi:"attr,user-tokens-enabled"`
 	// Optional: If enabled, SendPassingStatusesForUntriggeredSpeculativePlans needs to be false.
 	AggregatedCommitStatusEnabled bool `jsonapi:"attr,aggregated-commit-status-enabled,omitempty"`
 	// Note: This will be false for TFE versions older than v202211, where the setting was introduced.
@@ -261,6 +262,9 @@ type OrganizationCreateOptions struct {
 
 	// Optional: RegistryMonorepoSupportEnabled toggles whether monorepo support is enabled for the organization
 	RegistryMonorepoSupportEnabled *bool `jsonapi:"attr,registry-monorepo-support-enabled,omitempty"`
+
+	// Optional: UserTokensEnabled toggles whether user tokens may be used to access resources in this organization.
+	UserTokensEnabled *bool `jsonapi:"attr,user-tokens-enabled,omitempty"`
 }
 
 // OrganizationUpdateOptions represents the options for updating an organization.
@@ -319,6 +323,9 @@ type OrganizationUpdateOptions struct {
 
 	// Optional: RegistryMonorepoSupportEnabled toggles whether monorepo support is enabled for the organization
 	RegistryMonorepoSupportEnabled *bool `jsonapi:"attr,registry-monorepo-support-enabled,omitempty"`
+
+	// Optional: UserTokensEnabled toggles whether user tokens may be used to access resources in this organization.
+	UserTokensEnabled *bool `jsonapi:"attr,user-tokens-enabled,omitempty"`
 }
 
 // ReadRunQueueOptions represents the options for showing the queue.

organization_integration_test.go

@@ -291,6 +291,44 @@ func TestOrganizationsUpdate(t *testing.T) {
 		}
 	})
 
+	t.Run("with new UserTokensEnabled option", func(t *testing.T) {
+		orgTest, orgTestCleanup := createOrganization(t, client)
+		t.Cleanup(orgTestCleanup)
+
+		assert.True(t, orgTest.UserTokensEnabled, "user tokens enabled by default")
+
+		// we need to switch to an owner's team token, otherwise the client (which auths with a user token)
+		// wont be able to delete the org after we disable user tokens
+		teamList, err := client.Teams.List(ctx, orgTest.Name, &TeamListOptions{
+			Names: []string{"owners"},
+		})
+		require.NoError(t, err)
+		//it should be the only team, we just created the org...
+		require.Len(t, teamList.Items, 1)
+		ownersTeam := teamList.Items[0]
+
+		ownerToken, ownerTokenCleanup := createTeamToken(t, client, ownersTeam)
+		t.Cleanup(ownerTokenCleanup)
+
+		ownerClient := testClient(t)
+		ownerClient.token = ownerToken.Token
+
+		options := OrganizationUpdateOptions{
+			UserTokensEnabled: Bool(false),
+		}
+
+		org, err := ownerClient.Organizations.Update(ctx, orgTest.Name, options)
+		require.NoError(t, err)
+		assert.False(t, org.UserTokensEnabled, "user tokens disabled")
+
+		options = OrganizationUpdateOptions{
+			UserTokensEnabled: Bool(true),
+		}
+		org, err = ownerClient.Organizations.Update(ctx, orgTest.Name, options)
+		require.NoError(t, err)
+		assert.True(t, org.UserTokensEnabled, "user tokens re-enabled")
+	})
+
 	t.Run("with valid options", func(t *testing.T) {
 		orgTest, orgTestCleanup := createOrganization(t, client)