pulumi-gitlab-kotlin/com.pulumi.gitlab.kotlin/ProjectJobTokenScopes

ProjectJobTokenScopes

class ProjectJobTokenScopes : KotlinCustomResource

The gitlab.ProjectJobTokenScopes resource allows to manage the CI/CD Job Token scopes in a project. Any project not within the defined set in this attribute will be removed, which allows this resource to be used as an explicit deny.

Conflicts with the use of gitlab.ProjectJobTokenScope when used on the same project. Use one or the other to ensure the desired state. Upstream API: GitLab REST API docs

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as gitlab from "@pulumi/gitlab";
const allowedSingleProject = new gitlab.ProjectJobTokenScopes("allowed_single_project", {
    project: "111",
    targetProjectIds: [123],
});
const allowedMultipleProject = new gitlab.ProjectJobTokenScopes("allowed_multiple_project", {
    project: "111",
    targetProjectIds: [
        123,
        456,
        789,
    ],
});
const allowedMultipleGroups = new gitlab.ProjectJobTokenScopes("allowed_multiple_groups", {
    projectId: 111,
    targetProjectIds: [],
    targetGroupIds: [
        321,
        654,
    ],
});
// This will remove all job token scopes, even if added outside of TF.
const explicitDeny = new gitlab.ProjectJobTokenScopes("explicit_deny", {
    project: "111",
    targetProjectIds: [],
});

import pulumi
import pulumi_gitlab as gitlab
allowed_single_project = gitlab.ProjectJobTokenScopes("allowed_single_project",
    project="111",
    target_project_ids=[123])
allowed_multiple_project = gitlab.ProjectJobTokenScopes("allowed_multiple_project",
    project="111",
    target_project_ids=[
        123,
        456,
        789,
    ])
allowed_multiple_groups = gitlab.ProjectJobTokenScopes("allowed_multiple_groups",
    project_id=111,
    target_project_ids=[],
    target_group_ids=[
        321,
        654,
    ])
# This will remove all job token scopes, even if added outside of TF.
explicit_deny = gitlab.ProjectJobTokenScopes("explicit_deny",
    project="111",
    target_project_ids=[])

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using GitLab = Pulumi.GitLab;
return await Deployment.RunAsync(() =>
{
    var allowedSingleProject = new GitLab.ProjectJobTokenScopes("allowed_single_project", new()
    {
        Project = "111",
        TargetProjectIds = new[]
        {
            123,
        },
    });
    var allowedMultipleProject = new GitLab.ProjectJobTokenScopes("allowed_multiple_project", new()
    {
        Project = "111",
        TargetProjectIds = new[]
        {
            123,
            456,
            789,
        },
    });
    var allowedMultipleGroups = new GitLab.ProjectJobTokenScopes("allowed_multiple_groups", new()
    {
        ProjectId = 111,
        TargetProjectIds = new[] {},
        TargetGroupIds = new[]
        {
            321,
            654,
        },
    });
    // This will remove all job token scopes, even if added outside of TF.
    var explicitDeny = new GitLab.ProjectJobTokenScopes("explicit_deny", new()
    {
        Project = "111",
        TargetProjectIds = new[] {},
    });
});

package main
import (
	"github.com/pulumi/pulumi-gitlab/sdk/v8/go/gitlab"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := gitlab.NewProjectJobTokenScopes(ctx, "allowed_single_project", &gitlab.ProjectJobTokenScopesArgs{
			Project: pulumi.String("111"),
			TargetProjectIds: pulumi.IntArray{
				pulumi.Int(123),
			},
		})
		if err != nil {
			return err
		}
		_, err = gitlab.NewProjectJobTokenScopes(ctx, "allowed_multiple_project", &gitlab.ProjectJobTokenScopesArgs{
			Project: pulumi.String("111"),
			TargetProjectIds: pulumi.IntArray{
				pulumi.Int(123),
				pulumi.Int(456),
				pulumi.Int(789),
			},
		})
		if err != nil {
			return err
		}
		_, err = gitlab.NewProjectJobTokenScopes(ctx, "allowed_multiple_groups", &gitlab.ProjectJobTokenScopesArgs{
			ProjectId:        pulumi.Int(111),
			TargetProjectIds: pulumi.IntArray{},
			TargetGroupIds: pulumi.IntArray{
				pulumi.Int(321),
				pulumi.Int(654),
			},
		})
		if err != nil {
			return err
		}
		// This will remove all job token scopes, even if added outside of TF.
		_, err = gitlab.NewProjectJobTokenScopes(ctx, "explicit_deny", &gitlab.ProjectJobTokenScopesArgs{
			Project:          pulumi.String("111"),
			TargetProjectIds: pulumi.IntArray{},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gitlab.ProjectJobTokenScopes;
import com.pulumi.gitlab.ProjectJobTokenScopesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var allowedSingleProject = new ProjectJobTokenScopes("allowedSingleProject", ProjectJobTokenScopesArgs.builder()
            .project("111")
            .targetProjectIds(123)
            .build());
        var allowedMultipleProject = new ProjectJobTokenScopes("allowedMultipleProject", ProjectJobTokenScopesArgs.builder()
            .project("111")
            .targetProjectIds(
                123,
                456,
                789)
            .build());
        var allowedMultipleGroups = new ProjectJobTokenScopes("allowedMultipleGroups", ProjectJobTokenScopesArgs.builder()
            .projectId(111)
            .targetProjectIds()
            .targetGroupIds(
                321,
                654)
            .build());
        // This will remove all job token scopes, even if added outside of TF.
        var explicitDeny = new ProjectJobTokenScopes("explicitDeny", ProjectJobTokenScopesArgs.builder()
            .project("111")
            .targetProjectIds()
            .build());
    }
}

resources:
  allowedSingleProject:
    type: gitlab:ProjectJobTokenScopes
    name: allowed_single_project
    properties:
      project: '111'
      targetProjectIds:
        - 123
  allowedMultipleProject:
    type: gitlab:ProjectJobTokenScopes
    name: allowed_multiple_project
    properties:
      project: '111'
      targetProjectIds:
        - 123
        - 456
        - 789
  allowedMultipleGroups:
    type: gitlab:ProjectJobTokenScopes
    name: allowed_multiple_groups
    properties:
      projectId: 111
      targetProjectIds: []
      targetGroupIds:
        - 321
        - 654
  # This will remove all job token scopes, even if added outside of TF.
  explicitDeny:
    type: gitlab:ProjectJobTokenScopes
    name: explicit_deny
    properties:
      project: '111'
      targetProjectIds: []

Import

Starting in Terraform v1.5.0 you can use an import block to import gitlab_project_job_token_scopes. For example: terraform import { to = gitlab_project_job_token_scopes.example id = "see CLI command below for ID" } Import using the CLI is supported using the following syntax: GitLab project job token scopes can be imported using an id made up of just the project_id

$ pulumi import gitlab:index/projectJobTokenScopes:ProjectJobTokenScopes bar 123

Properties

val id: Output<String>

project

val project: Output<String>

The ID or full path of the project.

projectId

val ~~projectId~~: Output<Int>

The ID of the project.

pulumiChildResources

val pulumiChildResources: Set<KotlinResource>

pulumiResourceName

val pulumiResourceName: String

pulumiResourceType

val pulumiResourceType: String

targetGroupIds

val targetGroupIds: Output<List<Int>>

A set of group IDs that are in the CI/CD job token inbound allowlist.

targetProjectIds

val targetProjectIds: Output<List<Int>>

A set of project IDs that are in the CI/CD job token inbound allowlist.

urn

val urn: Output<String>