Open
Conversation
isivaselvan
reviewed
Feb 20, 2026
Collaborator
isivaselvan
left a comment
isivaselvan
left a comment
There was a problem hiding this comment.
Resolve merge conflicts. Add changes and outputs to the conversation.
isivaselvan
reviewed
Feb 20, 2026
| return result | ||
|
|
||
|
|
||
| class TaskResultCallbackOptions: |
Collaborator
There was a problem hiding this comment.
move the TaskResultCallbackOptions into the models folder
isivaselvan
reviewed
Feb 20, 2026
| return result | ||
|
|
||
|
|
||
| class TaskResultOutcome: |
Collaborator
There was a problem hiding this comment.
move the TaskResultOutcome into the models folder
isivaselvan
reviewed
Feb 20, 2026
| from ._base import _Service | ||
|
|
||
|
|
||
| class TaskResultTag: |
Collaborator
There was a problem hiding this comment.
move the TaskResultTag into the models folder
- Add RunTasksIntegration resource with callback method - Add RunTaskRequest model for webhook payload parsing - Add TaskResultCallbackOptions, TaskResultOutcome, TaskResultStatus models - Add example Flask server for run tasks webhooks - Add 15 unit tests for run tasks integration - Update client to include run_tasks_integration property - Export RunTaskRequest model
Flask dependency removed completely from the project
- Add task_result.py with TaskResult, TaskResultStatus, TaskEnforcementLevel models - Add task_stages.py with TaskStage, Stage, TaskStageStatus, Actions, Permissions models - Update run_task.py to import Stage and TaskEnforcementLevel from new modules (remove duplicates) - Update run_tasks_integration.py to use TaskResultStatus enum from task_result - Update run_task_request.py to add model_config for proper serialization - Export all new models in __init__.py - All 22 unit tests passing - Matches go-tfe implementation structure
- Add all new run tasks integration models to __all__ exports - Fix trailing whitespace issues across multiple files - Run ruff format to ensure consistent code style - All 22 unit tests passing - All linting checks pass
This commit adds comprehensive support for Terraform Cloud/Enterprise Run Tasks Integration to the python-tfe SDK. This feature allows developers to create webhook servers that can validate Terraform runs and send results back to TFC/TFE. Key additions: - Production-ready webhook server example with deployment instructions - Complete documentation explaining architecture and flow - Support for multiple cloud deployment platforms (AWS EC2, Heroku, GCP, etc.) - Comprehensive validation examples (cost control, security, compliance) - Clean implementation following HashiCorp patterns
KshitijaChoudhari
force-pushed
the
feat/run-tasks-integration
branch
from
5846e97 to
44d6d4c
Compare
…e task_result, task_stages, team)
* refactor(policy evaluation): Iterator pattern conversion of list method * refactor(policy set outcome): Iterator pattern conversion of list method * refactor(oauth token): Iterator pattern conversion and removal of Uid attribute * refactor(reserved tag key): Iterator pattern conversion, read method removed and service class renamed * feat(registry provider version): added create method in the resource * feat(registry provider version): added list method in the resource * feat(registry provider version): added read method in the resource * feat(registry provider version): added delete and helper methods in the resource * test(registry provider version): added unit tests * query run func update * query run all function update * note update * lint issues fixed * Removed ListOptions from model amd Updated Cancel and force cancel option * func name update in example file * update on version and changelog * Updated changelog --------- Co-authored-by: aayushsingh2502 <aayush.singh@hashicorp.com>
- Add all new run tasks integration models to __all__ exports - Fix trailing whitespace issues across multiple files - Run ruff format to ensure consistent code style - All 22 unit tests passing - All linting checks pass
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR improves and documents the Run Tasks Integration functionality, including the server example and the callback API used by external run-task providers to report results back to Terraform Cloud/Enterprise (TFC/TFE). It contains:
Implementation and tests for the RunTasksIntegration callback API.
A runnable example webhook server at run_tasks_integration.py demonstrating how to receive RunTaskRequest payloads and respond with TaskResultCallbackOptions.
Documentation for the example and end-to-end flow in RUN_TASKS_INTEGRATION_EXAMPLE.md
Unit tests covering models and service behavior in test_run_tasks_integration.py
Files to review:
run_tasks_integration.py
run_tasks_integration.py
test_run_tasks_integration.py
RUN_TASKS_INTEGRATION_EXAMPLE.md
Testing plan
Run unit tests for the run-tasks integration module:
python -m pytest tests/units/test_run_tasks_integration.py
python -m pytest test_run_tasks_integration.py
Create and start the example webhook server:
Start server locally:
python run_tasks_integration.py --port 8888
Expose server (choose one):
ngrok: ngrok http 8888 and use the provided public URL.
Deploy to a cloud instance (EC2, Heroku, Cloud Run) and use its public URL.
Create a Run Task in TFC/TFE:
Configure Run Task URL to your server, choose stage (pre-plan/post-plan) and enforcement (advisory/mandatory).
Attach the Run Task to a workspace and trigger a run in TFC/TFE.
Verify:
The example server receives a RunTaskRequest webhook.
The server calls client.run_tasks_integration.callback() with correct headers and JSON:API body.
Results appear in the TFC/TFE UI (status, message, outcomes, links).
For local automated validation:
Use test_run_tasks_local.py (from docs) or craft a simulated webhook POST with the RunTaskRequest payload to exercise callback logic.
Notes:
To validate JSON:API structure and headers, inspect the server stdout (example prints callback URL and masked token).
For CI, ensure the package is installed in the test environment (test/CI should run make dev-install).
External links
Output from tests
Unit test run for test_run_tasks_integration.py:
15 passed in 0.16s
Rollback Plan
If the integration behavior causes regressions:
Revert the PR branch using git revert or open a revert PR and merge to undo the changes.
If a hotfix is required for published packages, cut a patch release and backport any fixes to the release branch.
For deployments of the example server (if used in production), redeploy the prior stable version and update the Run Task to point to the previous endpoint if needed.
Changes to Security Controls
Important security notes for reviewers and operators:
PCI review checklist
I have documented a clear reason for, and description of, the change I am making.
If applicable, I've documented a plan to revert these changes if they require more than reverting the pull request.
If applicable, I've documented the impact of any changes to security controls.
Examples of changes to security controls include using new access control methods, adding or removing logging pipelines, etc.
If you have any questions, please contact your direct supervisor, GRC (#team-grc), or the PCI working group (#proj-pci-reboot). You can also find more information at PCI Compliance.