Project
data class ProjectJobTokenScopesArgs(val enabled: Output<Boolean>? = null, val project: Output<String>? = null, val projectId: Output<Int>? = null, val targetGroupIds: Output<List<Int>>? = null, val targetProjectIds: Output<List<Int>>? = null) : ConvertibleToJava<ProjectJobTokenScopesArgs>
The gitlab.ProjectJobTokenScopes resource allows to manage the CI/CD Job Token scopes in a project. Any project or group not within the defined set of target_project_ids or target_group_ids, respectively, will be removed, which allows this resource to be used as an explicit deny.
Conflicts with the use of
gitlab.ProjectJobTokenScopewhen used on the same project. Use one or the other to ensure the desired state. If theenabledproperty is false, any project or group will be allowed regardless of the given allowlist attributes. Upstream API: GitLab REST API docs
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as gitlab from "@pulumi/gitlab";
const allowedSingleProject = new gitlab.ProjectJobTokenScopes("allowed_single_project", {
project: "111",
targetProjectIds: [123],
});
const allowedMultipleProject = new gitlab.ProjectJobTokenScopes("allowed_multiple_project", {
project: "111",
targetProjectIds: [
123,
456,
789,
],
});
const allowedMultipleGroups = new gitlab.ProjectJobTokenScopes("allowed_multiple_groups", {
projectId: 111,
targetProjectIds: [],
targetGroupIds: [
321,
654,
],
});
// This will remove all job token scopes, even if added outside of TF.
const explicitDeny = new gitlab.ProjectJobTokenScopes("explicit_deny", {
project: "111",
targetProjectIds: [],
});
// This shows the explicit behavior of the enabled flag with a list of projects and groups.
const allowProjectsAndGroups = new gitlab.ProjectJobTokenScopes("allow_projects_and_groups", {
project: "111",
enabled: true,
targetProjectIds: [
123,
456,
789,
],
targetGroupIds: [
321,
654,
],
});
// This allows all projects and groups (disabling the CI Job Token scope protection)
const allowAll = new gitlab.ProjectJobTokenScopes("allow_all", {
project: "111",
enabled: false,
});Content copied to clipboard
import pulumi
import pulumi_gitlab as gitlab
allowed_single_project = gitlab.ProjectJobTokenScopes("allowed_single_project",
project="111",
target_project_ids=[123])
allowed_multiple_project = gitlab.ProjectJobTokenScopes("allowed_multiple_project",
project="111",
target_project_ids=[
123,
456,
789,
])
allowed_multiple_groups = gitlab.ProjectJobTokenScopes("allowed_multiple_groups",
project_id=111,
target_project_ids=[],
target_group_ids=[
321,
654,
])
# This will remove all job token scopes, even if added outside of TF.
explicit_deny = gitlab.ProjectJobTokenScopes("explicit_deny",
project="111",
target_project_ids=[])
# This shows the explicit behavior of the enabled flag with a list of projects and groups.
allow_projects_and_groups = gitlab.ProjectJobTokenScopes("allow_projects_and_groups",
project="111",
enabled=True,
target_project_ids=[
123,
456,
789,
],
target_group_ids=[
321,
654,
])
# This allows all projects and groups (disabling the CI Job Token scope protection)
allow_all = gitlab.ProjectJobTokenScopes("allow_all",
project="111",
enabled=False)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using GitLab = Pulumi.GitLab;
return await Deployment.RunAsync(() =>
{
var allowedSingleProject = new GitLab.ProjectJobTokenScopes("allowed_single_project", new()
{
Project = "111",
TargetProjectIds = new[]
{
123,
},
});
var allowedMultipleProject = new GitLab.ProjectJobTokenScopes("allowed_multiple_project", new()
{
Project = "111",
TargetProjectIds = new[]
{
123,
456,
789,
},
});
var allowedMultipleGroups = new GitLab.ProjectJobTokenScopes("allowed_multiple_groups", new()
{
ProjectId = 111,
TargetProjectIds = new[] {},
TargetGroupIds = new[]
{
321,
654,
},
});
// This will remove all job token scopes, even if added outside of TF.
var explicitDeny = new GitLab.ProjectJobTokenScopes("explicit_deny", new()
{
Project = "111",
TargetProjectIds = new[] {},
});
// This shows the explicit behavior of the enabled flag with a list of projects and groups.
var allowProjectsAndGroups = new GitLab.ProjectJobTokenScopes("allow_projects_and_groups", new()
{
Project = "111",
Enabled = true,
TargetProjectIds = new[]
{
123,
456,
789,
},
TargetGroupIds = new[]
{
321,
654,
},
});
// This allows all projects and groups (disabling the CI Job Token scope protection)
var allowAll = new GitLab.ProjectJobTokenScopes("allow_all", new()
{
Project = "111",
Enabled = false,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gitlab/sdk/v8/go/gitlab"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := gitlab.NewProjectJobTokenScopes(ctx, "allowed_single_project", &gitlab.ProjectJobTokenScopesArgs{
Project: pulumi.String("111"),
TargetProjectIds: pulumi.IntArray{
pulumi.Int(123),
},
})
if err != nil {
return err
}
_, err = gitlab.NewProjectJobTokenScopes(ctx, "allowed_multiple_project", &gitlab.ProjectJobTokenScopesArgs{
Project: pulumi.String("111"),
TargetProjectIds: pulumi.IntArray{
pulumi.Int(123),
pulumi.Int(456),
pulumi.Int(789),
},
})
if err != nil {
return err
}
_, err = gitlab.NewProjectJobTokenScopes(ctx, "allowed_multiple_groups", &gitlab.ProjectJobTokenScopesArgs{
ProjectId: pulumi.Int(111),
TargetProjectIds: pulumi.IntArray{},
TargetGroupIds: pulumi.IntArray{
pulumi.Int(321),
pulumi.Int(654),
},
})
if err != nil {
return err
}
// This will remove all job token scopes, even if added outside of TF.
_, err = gitlab.NewProjectJobTokenScopes(ctx, "explicit_deny", &gitlab.ProjectJobTokenScopesArgs{
Project: pulumi.String("111"),
TargetProjectIds: pulumi.IntArray{},
})
if err != nil {
return err
}
// This shows the explicit behavior of the enabled flag with a list of projects and groups.
_, err = gitlab.NewProjectJobTokenScopes(ctx, "allow_projects_and_groups", &gitlab.ProjectJobTokenScopesArgs{
Project: pulumi.String("111"),
Enabled: pulumi.Bool(true),
TargetProjectIds: pulumi.IntArray{
pulumi.Int(123),
pulumi.Int(456),
pulumi.Int(789),
},
TargetGroupIds: pulumi.IntArray{
pulumi.Int(321),
pulumi.Int(654),
},
})
if err != nil {
return err
}
// This allows all projects and groups (disabling the CI Job Token scope protection)
_, err = gitlab.NewProjectJobTokenScopes(ctx, "allow_all", &gitlab.ProjectJobTokenScopesArgs{
Project: pulumi.String("111"),
Enabled: pulumi.Bool(false),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gitlab.ProjectJobTokenScopes;
import com.pulumi.gitlab.ProjectJobTokenScopesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var allowedSingleProject = new ProjectJobTokenScopes("allowedSingleProject", ProjectJobTokenScopesArgs.builder()
.project("111")
.targetProjectIds(123)
.build());
var allowedMultipleProject = new ProjectJobTokenScopes("allowedMultipleProject", ProjectJobTokenScopesArgs.builder()
.project("111")
.targetProjectIds(
123,
456,
789)
.build());
var allowedMultipleGroups = new ProjectJobTokenScopes("allowedMultipleGroups", ProjectJobTokenScopesArgs.builder()
.projectId(111)
.targetProjectIds()
.targetGroupIds(
321,
654)
.build());
// This will remove all job token scopes, even if added outside of TF.
var explicitDeny = new ProjectJobTokenScopes("explicitDeny", ProjectJobTokenScopesArgs.builder()
.project("111")
.targetProjectIds()
.build());
// This shows the explicit behavior of the enabled flag with a list of projects and groups.
var allowProjectsAndGroups = new ProjectJobTokenScopes("allowProjectsAndGroups", ProjectJobTokenScopesArgs.builder()
.project("111")
.enabled(true)
.targetProjectIds(
123,
456,
789)
.targetGroupIds(
321,
654)
.build());
// This allows all projects and groups (disabling the CI Job Token scope protection)
var allowAll = new ProjectJobTokenScopes("allowAll", ProjectJobTokenScopesArgs.builder()
.project("111")
.enabled(false)
.build());
}
}Content copied to clipboard
resources:
allowedSingleProject:
type: gitlab:ProjectJobTokenScopes
name: allowed_single_project
properties:
project: '111'
targetProjectIds:
- 123
allowedMultipleProject:
type: gitlab:ProjectJobTokenScopes
name: allowed_multiple_project
properties:
project: '111'
targetProjectIds:
- 123
- 456
- 789
allowedMultipleGroups:
type: gitlab:ProjectJobTokenScopes
name: allowed_multiple_groups
properties:
projectId: 111
targetProjectIds: []
targetGroupIds:
- 321
- 654
# This will remove all job token scopes, even if added outside of TF.
explicitDeny:
type: gitlab:ProjectJobTokenScopes
name: explicit_deny
properties:
project: '111'
targetProjectIds: []
# This shows the explicit behavior of the enabled flag with a list of projects and groups.
allowProjectsAndGroups:
type: gitlab:ProjectJobTokenScopes
name: allow_projects_and_groups
properties:
project: '111'
enabled: true
targetProjectIds:
- 123
- 456
- 789
targetGroupIds:
- 321
- 654
# This allows all projects and groups (disabling the CI Job Token scope protection)
allowAll:
type: gitlab:ProjectJobTokenScopes
name: allow_all
properties:
project: '111'
enabled: falseContent copied to clipboard
Import
Starting in Terraform v1.5.0 you can use an import block to import gitlab_project_job_token_scopes. For example: terraform import { to = gitlab_project_job_token_scopes.example id = "see CLI command below for ID" } Import using the CLI is supported using the following syntax: GitLab project job token scopes can be imported using an id made up of just the project_id
$ pulumi import gitlab:index/projectJobTokenScopes:ProjectJobTokenScopes bar 123Content copied to clipboard