tf-modules/gitlab-group
2
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

Compare commits

base: tf-modules:feature/init
Branches Tags
tf-modules:master tf-modules:renovate/configure tf-modules:feature/init
..
compare: tf-modules:renovate/configure
Branches Tags
tf-modules:renovate/configure tf-modules:master tf-modules:feature/init

2 Commits
feature/in ... renovate/c

Author SHA1 Message Date
Renovate Bot
d51472a703 Add renovate.json 2025-11-02 00:02:15 +00:00
Aleksander Cynarski
a88d8da4ed chore: defaults 2025-11-01 23:37:52 +01:00
11 changed files with 210 additions and 41 deletions
Expand all files Collapse all files

52
README.md
View File

@@ -1 +1,51 @@
# terraform module ## Requirements
| Name | Version |
|------|---------|
| <a name="requirement_gitlab"></a> [gitlab](#requirement\_gitlab) | 18.0.0 |
## Providers
| Name | Version |
|------|---------|
| <a name="provider_gitlab"></a> [gitlab](#provider\_gitlab) | 18.0.0 |
## Modules
No modules.
## Resources
| Name | Type |
|------|------|
| [gitlab_group.group](https://registry.terraform.io/providers/gitlabhq/gitlab/18.0.0/docs/resources/group) | resource |
| [gitlab_group_badge.badge](https://registry.terraform.io/providers/gitlabhq/gitlab/18.0.0/docs/resources/group_badge) | resource |
| [gitlab_group_label.label](https://registry.terraform.io/providers/gitlabhq/gitlab/18.0.0/docs/resources/group_label) | resource |
| [gitlab_group_ldap_link.link_gitlab_group_with_ad_group](https://registry.terraform.io/providers/gitlabhq/gitlab/18.0.0/docs/resources/group_ldap_link) | resource |
| [gitlab_group_variable.variable](https://registry.terraform.io/providers/gitlabhq/gitlab/18.0.0/docs/resources/group_variable) | resource |
| [gitlab_group.parent](https://registry.terraform.io/providers/gitlabhq/gitlab/18.0.0/docs/data-sources/group) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_allowed_avatar_types_json"></a> [allowed\_avatar\_types\_json](#input\_allowed\_avatar\_types\_json) | Path to allowed avatar types json | `string` | `""` | no |
| <a name="input_avatar"></a> [avatar](#input\_avatar) | Type of the icon for the group (default: from type) | `string` | `""` | no |
| <a name="input_avatars_dir"></a> [avatars\_dir](#input\_avatars\_dir) | Avatars directory png files | `string` | `""` | no |
| <a name="input_badges"></a> [badges](#input\_badges) | n/a | <pre>map(object({<br/> link_url = string<br/> image_url = string<br/> }))</pre> | `{}` | no |
| <a name="input_default_branch"></a> [default\_branch](#input\_default\_branch) | The group's default branch | `string` | `"main"` | no |
| <a name="input_description"></a> [description](#input\_description) | Description of the gitlab group | `string` | n/a | yes |
| <a name="input_labels"></a> [labels](#input\_labels) | n/a | <pre>map(object({<br/> description = string<br/> color = string<br/> }))</pre> | `{}` | no |
| <a name="input_name"></a> [name](#input\_name) | Name of the gitlab group | `string` | n/a | yes |
| <a name="input_parent_group"></a> [parent\_group](#input\_parent\_group) | Gitlab parent group | `string` | n/a | yes |
| <a name="input_permissions"></a> [permissions](#input\_permissions) | Group permission mapping | <pre>map(object({<br/> permission = string<br/> }))</pre> | `{}` | no |
| <a name="input_variables"></a> [variables](#input\_variables) | n/a | <pre>map(object({<br/> value = string<br/> description = optional(string)<br/> protected = optional(bool)<br/> masked = optional(bool)<br/> environment_scope = optional(string)<br/> }))</pre> | `{}` | no |
| <a name="input_visibility"></a> [visibility](#input\_visibility) | The group's visibility | `string` | `"private"` | no |
## Outputs
| Name | Description |
|------|-------------|
| <a name="output_full_path"></a> [full\_path](#output\_full\_path) | Full path in gitlab for created group |
| <a name="output_group_name"></a> [group\_name](#output\_group\_name) | Name of created group |
| <a name="output_id"></a> [id](#output\_id) | ID of created group |

2
data.tf
View File

@@ -1,4 +1,4 @@
data "gitlab_group" "parent" { data "gitlab_group" "parent" {
count = var.parent_group != "" ? 1 : 0 count = var.parent_group != "" ? 1 : 0
full_path = var.parent_group full_path = var.parent_group
} }

14
data/allowed_icon_types.json Normal file
View File

@@ -0,0 +1,14 @@
[
"",
"ansible",
"archived",
"containers",
"devops",
"golang",
"gitlab",
"infrastructure",
"packer",
"python",
"terraform",
"typescript"
]

BIN
images/golang.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 195 KiB

BIN
images/typescript.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 18 KiB

21
locals.tf
View File

@@ -1,13 +1,18 @@
locals { locals {
default_ci_variables = { avatars_dir = var.avatars_dir == "" ? "${path.root}/images" : var.avatars_dir
for key, var in var.ci_variables : key => merge(
allowed_avatar_types_json = var.allowed_avatar_types_json == "" ? "${path.root}/data/allowed_avatar_group_types.json" : var.allowed_avatar_types_json
allowed_avatar_types = jsondecode(file("${local.allowed_avatar_types_json}"))
# Define the allowed project types as a map
avatar = try(file("${local.avatars_dir}/${var.avatar}.png"), null) == null ? "${local.avatars_dir}/${var.avatar}.png" : null
permissions_list = {
for key, var in var.permissions : key => merge(
{ {
description = lookup(var, "description", ""), group = key,
protected = lookup(var, "protected", false), permission = var.permission
masked = lookup(var, "masked", false), }
environment_scope = lookup(var, "environment_scope", "*"),
},
var
) )
} }
} }

46
main.tf
View File

@@ -1,14 +1,33 @@
resource "gitlab_group" "group" { resource "gitlab_group" "group" {
name = var.name name = var.name
path = var.name path = var.name
description = var.description description = var.description
parent_id = var.parent_group != "" ? data.gitlab_group.parent[0].id : null parent_id = var.parent_group != "" ? data.gitlab_group.parent[0].id : null
avatar = var.type != "" ? "${path.module}/images/${var.type}.png" : null default_branch = var.default_branch
avatar_hash = var.type != "" ? filesha256("${path.module}/images/${var.type}.png") : null avatar = local.avatar == null ? null : "${local.avatar}"
avatar_hash = local.avatar == null ? null : filesha256("${local.avatar}")
} }
resource "gitlab_group_variable" "ci_variables" { resource "gitlab_group_label" "label" {
for_each = local.default_ci_variables for_each = var.labels
group = gitlab_group.group.id
name = each.key
description = each.value.description
color = each.value.color
}
resource "gitlab_group_badge" "badge" {
for_each = var.badges
group = gitlab_group.group.id
name = each.key
link_url = each.value.link_url
image_url = each.value.image_url
}
resource "gitlab_group_variable" "variable" {
for_each = var.variables
group = gitlab_group.group.id group = gitlab_group.group.id
key = each.key key = each.key
@@ -19,3 +38,14 @@ resource "gitlab_group_variable" "ci_variables" {
environment_scope = each.value.environment_scope environment_scope = each.value.environment_scope
} }
resource "gitlab_group_ldap_link" "link_gitlab_group_with_ad_group" {
for_each = local.permissions_list
group = gitlab_group.group.full_path
cn = each.value.group
group_access = each.value.permission
ldap_provider = "ldapmain"
}

11
output.tf
View File

@@ -1,7 +1,14 @@
output "full_path" { output "full_path" {
value = gitlab_group.group.full_path description = "Full path in gitlab for created group"
value = gitlab_group.group.full_path
} }
output "id" { output "id" {
value = gitlab_group.group.id description = "ID of created group"
value = gitlab_group.group.id
}
output "group_name" {
description = "Name of created group"
value = gitlab_group.group.name
} }

2
provider.tf
View File

@@ -2,7 +2,7 @@ terraform {
required_providers { required_providers {
gitlab = { gitlab = {
source = "gitlabhq/gitlab" source = "gitlabhq/gitlab"
version = "17.3.1" version = "18.0.0"
} }
} }
} }

3
renovate.json Normal file
View File

@@ -0,0 +1,3 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json"
}

100
variable.tf
View File

@@ -1,38 +1,74 @@
variable "parent_group" {
type = string
default = ""
description = "Parent group ID"
}
variable "name" { variable "name" {
type = string type = string
description = "Group name" description = "Name of the gitlab group"
} }
variable "description" { variable "description" {
type = string type = string
description = "Group description" description = "Description of the gitlab group"
} }
variable "type" { variable "parent_group" {
type = string type = string
description = "Group type" description = "Gitlab parent group"
default = "" }
variable "visibility" {
type = string
default = "private"
description = "The group's visibility"
validation { validation {
condition = contains([ condition = contains([
"", "private",
"container", "internal",
"golang", "public"
"typescript", ], var.visibility)
"cicd" error_message = "Unsupported group visibility"
], var.type) }
}
variable "default_branch" {
type = string
default = "main"
description = "The group's default branch"
}
variable "allowed_avatar_types_json" {
type = string
default = ""
description = "Path to allowed avatar types json"
}
variable "avatar" {
type = string
description = "Type of the icon for the group (default: from type)"
default = ""
validation {
condition = contains(local.allowed_avatar_types, var.avatar)
error_message = "Unsupported group type" error_message = "Unsupported group type"
} }
} }
variable "ci_variables" { variable "labels" {
type = map(object({
description = string
color = string
}))
default = {}
}
variable "badges" {
type = map(object({
link_url = string
image_url = string
}))
default = {}
}
variable "variables" {
type = map(object({ type = map(object({
value = string value = string
description = optional(string) description = optional(string)
@@ -40,6 +76,30 @@ variable "ci_variables" {
masked = optional(bool) masked = optional(bool)
environment_scope = optional(string) environment_scope = optional(string)
})) }))
description = "CI variables to be set for the group" default = {}
}
variable "permissions" {
type = map(object({
permission = string
}))
validation {
condition = alltrue([for k, v in var.permissions :
v.permission == "owner" ||
v.permission == "maintainer" ||
v.permission == "developer" ||
v.permission == "reporter" ||
v.permission == "guest"
])
error_message = "Each permission must be one of the following values: owner, maintainer, developer, reporter, guest"
}
description = "Group permission mapping"
default = {} default = {}
} }
variable "avatars_dir" {
description = "Avatars directory png files"
type = string
default = ""
}