The gitlab_group_protected_environment
resource allows to manage the lifecycle of a protected environment in a group.
Upstream API: GitLab REST API docs
# Example with deployment access level
resource "gitlab_group_protected_environment" "example_with_access_level" {
group = 12345
required_approval_count = 1
environment = "production"
deploy_access_levels = [
{
access_level = "developer"
}
]
}
# Example with group-based deployment level
resource "gitlab_group_protected_environment" "example_with_group" {
group = 12345
environment = "staging"
deploy_access_levels = [
{
group_id = 456
}
]
}
# Example with user-based deployment level
resource "gitlab_group_protected_environment" "example_with_user" {
group = 12345
environment = "other"
deploy_access_levels = [
{
user_id = 789
}
]
}
# Example with multiple deployment access levels
resource "gitlab_group_protected_environment" "example_with_multiple" {
group = 12345
required_approval_count = 2
environment = "development"
deploy_access_levels = [
{
access_level = "developer"
},
{
group_id = 456
},
{
user_id = 789
}
]
}
# Example with access-level based approval rules
resource "gitlab_group_protected_environment" "example_with_multiple" {
group = 12345
required_approval_count = 2
environment = "testing"
deploy_access_levels = [
{
access_level = "developer"
}
]
approval_rules = [
{
access_level = "developer"
}
]
}
# Example with multiple approval rules, using access level, user, and group
resource "gitlab_group_protected_environment" "example_with_multiple" {
group = 12345
required_approval_count = 2
environment = "production"
deploy_access_levels = [
{
access_level = "developer"
}
]
approval_rules = [
{
user_id = 789
},
{
access_level = "developer"
},
{
group_id = 456
}
]
}
deploy_access_levels
(Attributes Set) Array of access levels allowed to deploy, with each described by a hash. (see below for nested schema)environment
(String) The deployment tier of the environment. Valid values are production
, staging
, testing
, development
, other
.group
(String) The ID or full path of the group which the protected environment is created against.approval_rules
(Attributes Set) Array of approval rules to deploy, with each described by a hash. (see below for nested schema)required_approval_count
(Number) The number of approvals required to deploy to this environment.id
(String) The ID of this Terraform resource. In the format of <group>:<environment-name>
.deploy_access_levels
Optional:
access_level
(String) Levels of access required to deploy to this protected environment. Valid values are developer
, maintainer
.group_id
(Number) The ID of the group allowed to deploy to this protected environment. The group must be a sub-group under the given group.group_inheritance_type
(Number) Group inheritance allows deploy access levels to take inherited group membership into account. Valid values are 0
, 1
. 0
=> Direct group membership only, 1
=> All inherited groups. Default: 0
user_id
(Number) The ID of the user allowed to deploy to this protected environment. The user must be a member of the group with Maintainer role or higher.Read-Only:
access_level_description
(String) Readable description of level of access.id
(Number) The unique ID of the Deploy Access Level object.approval_rules
Optional:
access_level
(String) Levels of access allowed to approve a deployment to this protected environment. Valid values are developer
, maintainer
.group_id
(Number) The ID of the group allowed to approve a deployment to this protected environment. TThe group must be a sub-group under the given group. This is mutually exclusive with user_id.group_inheritance_type
(Number) Group inheritance allows access rules to take inherited group membership into account. Valid values are 0
, 1
. 0
=> Direct group membership only, 1
=> All inherited groups. Default: 0
required_approvals
(Number) The number of approval required to allow deployment to this protected environment. This is mutually exclusive with user_id.user_id
(Number) The ID of the user allowed to approve a deployment to this protected environment. The user must be a member of the group with Maintainer role or higher. This is mutually exclusive with group_id and required_approvals.Read-Only:
access_level_description
(String) Readable description of level of access.id
(Number) The unique ID of the Approval Rules object.Import is supported using the following syntax:
# GitLab group protected environments can be imported using an id made up of `groupId:environmentName`, e.g.
terraform import gitlab_group_protected_environment.bar 123:production