tfe_team visibility not being set as defined in Terraform Cloud

[Nathan8575]

Terraform Cloud

I am using Terraform Cloud

Terraform version

Terraform Cloud remote apply, workspace version 1.8.2

Terraform Configuration Files

resource "tfe_team" "admin" {
  name        = "TF-${var.project_name}-admins"
  sso_team_id = azuread_group.admins.object_id
}

Debug Output

# module.create_project["cpt"].tfe_team.admin will be updated in-place
  ~ resource "tfe_team" "admin" {
        id          = "team-e1UQs1EFHU2krdoc"
        name        = "TF-cpt-admins"
      ~ visibility  = "organization" -> "secret"
        # (1 unchanged attribute hidden)

        # (1 unchanged block hidden)
    }

Expected Behavior

Teams are created in Terraform Cloud with the documented default visibility of "secret" and can be changed if needed.

Actual Behavior

The team is created with visibility set to "organization" which keeps triggering an "update in-place" when running a plan and apply. The apply produces no error but does not change the visibility of the team in Terraform Cloud.

Explicitly defining the visibility in tfe_team does not change the behaviour.

Additional Context

• Using provider version 0.54
• Remote apply using a Terraform Cloud provided agent.

[Nathan8575]

Managed to find out what was causing my issue. The issue happens when using an organization token. Unsure if this is an issue with the provider or with Terraform Cloud as according to documentation a organization token should have sufficient access.

A ticket was raised with HashiCorp support and they were able to reproduce the behaviour. Internal ticket IPL-6465 was raised.