The gitlab_group
resource allows to manage the lifecycle of a group.
Upstream API: GitLab REST API docs
resource "gitlab_group" "example" {
name = "example"
path = "example"
description = "An example group"
}
# Create a project in the example group
resource "gitlab_project" "example" {
name = "example"
description = "An example project"
namespace_id = gitlab_group.example.id
}
# Group with custom push rules
resource "gitlab_group" "example-two" {
name = "example-two"
path = "example-two"
description = "An example group with push rules"
push_rules {
author_email_regex = "@example\\.com$"
commit_committer_check = true
member_check = true
prevent_secrets = true
}
}
name
(String) The name of the group.path
(String) The path of the group.auto_devops_enabled
(Boolean) Default to Auto DevOps pipeline for all projects within this group.avatar
(String) A local path to the avatar image to upload. Note: not available for imported resources.avatar_hash
(String) The hash of the avatar image. Use filesha256("path/to/avatar.png")
whenever possible. Note: this is used to trigger an update of the avatar. If it's not given, but an avatar is given, the avatar will be updated each time.default_branch_protection
(Number) See https://docs.gitlab.com/ee/api/groups.html#options-for-default_branch_protection. Valid values are: 0
, 1
, 2
, 3
, 4
.description
(String) The group's description.emails_disabled
(Boolean, Deprecated) Disable email notifications.emails_enabled
(Boolean) Enable email notifications.extra_shared_runners_minutes_limit
(Number) Can be set by administrators only. Additional CI/CD minutes for this group.ip_restriction_ranges
(List of String) A list of IP addresses or subnet masks to restrict group access. Will be concatenated together into a comma separated string. Only allowed on top level groups.lfs_enabled
(Boolean) Enable/disable Large File Storage (LFS) for the projects in this group.membership_lock
(Boolean) Users cannot be added to projects in this group.mentions_disabled
(Boolean) Disable the capability of a group from getting mentioned.parent_id
(Number) Id of the parent group (creates a nested group).prevent_forking_outside_group
(Boolean) Defaults to false. When enabled, users can not fork projects from this group to external namespaces.project_creation_level
(String) Determine if developers can create projects in the group. Valid values are: noone
, maintainer
, developer
push_rules
(Block List, Max: 1) Push rules for the group. (see below for nested schema)request_access_enabled
(Boolean) Allow users to request member access.require_two_factor_authentication
(Boolean) Require all users in this group to setup Two-factor authentication.share_with_group_lock
(Boolean) Prevent sharing a project with another group within this group.shared_runners_minutes_limit
(Number) Can be set by administrators only. Maximum number of monthly CI/CD minutes for this group. Can be nil (default; inherit system default), 0 (unlimited), or > 0.shared_runners_setting
(String) Enable or disable shared runners for a group’s subgroups and projects. Valid values are: enabled
, disabled_and_overridable
, disabled_and_unoverridable
, disabled_with_override
.subgroup_creation_level
(String) Allowed to create subgroups. Valid values are: owner
, maintainer
.two_factor_grace_period
(Number) Defaults to 48. Time before Two-factor authentication is enforced (in hours).visibility_level
(String) The group's visibility. Can be private
, internal
, or public
. Valid values are: private
, internal
, public
.wiki_access_level
(String) The group's wiki access level. Only available on Premium and Ultimate plans. Valid values are disabled
, private
, enabled
.avatar_url
(String) The URL of the avatar image.full_name
(String) The full name of the group.full_path
(String) The full path of the group.id
(String) The ID of this resource.runners_token
(String, Sensitive) The group level registration token to use during runner setup.web_url
(String) Web URL of the group.push_rules
Optional:
author_email_regex
(String) All commit author emails must match this regex, e.g. @my-company.com$
.branch_name_regex
(String) All branch names must match this regex, e.g. (feature|hotfix)\/*
.commit_committer_check
(Boolean) Only commits pushed using verified emails are allowed. Note This attribute is only supported in GitLab versions >= 16.4.commit_message_negative_regex
(String) No commit message is allowed to match this regex, for example ssh\:\/\/
.commit_message_regex
(String) All commit messages must match this regex, e.g. Fixed \d+\..*
.deny_delete_tag
(Boolean) Deny deleting a tag.file_name_regex
(String) Filenames matching the regular expression provided in this attribute are not allowed, for example, (jar|exe)$
.max_file_size
(Number) Maximum file size (MB) allowed.member_check
(Boolean) Allows only GitLab users to author commits.prevent_secrets
(Boolean) GitLab will reject any files that are likely to contain secrets.reject_unsigned_commits
(Boolean) Only commits signed through GPG are allowed. Note This attribute is only supported in GitLab versions >= 16.4.Import is supported using the following syntax:
# You can import a group state using `terraform import <resource> <id>`. The
# `id` can be whatever the [details of a group][details_of_a_group] api takes for
# its `:id` value, so for example:
terraform import gitlab_group.example example