Project
The gitlab.ProjectJobTokenScopes resource allows to manage the CI/CD Job Token scopes in a project. Any project not within the defined set in this attribute will be removed, which allows this resource to be used as an explicit deny.
Conflicts with the use of
gitlab.ProjectJobTokenScopewhen used on the same project. Use one or the other to ensure the desired state. Upstream API: GitLab REST API docs
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as gitlab from "@pulumi/gitlab";
const allowedSingleProject = new gitlab.ProjectJobTokenScopes("allowed_single_project", {
project: "111",
targetProjectIds: [123],
});
const allowedMultipleProject = new gitlab.ProjectJobTokenScopes("allowed_multiple_project", {
project: "111",
targetProjectIds: [
123,
456,
789,
],
});
const allowedMultipleGroups = new gitlab.ProjectJobTokenScopes("allowed_multiple_groups", {
projectId: 111,
targetProjectIds: [],
targetGroupIds: [
321,
654,
],
});
// This will remove all job token scopes, even if added outside of TF.
const explicitDeny = new gitlab.ProjectJobTokenScopes("explicit_deny", {
project: "111",
targetProjectIds: [],
});Content copied to clipboard
import pulumi
import pulumi_gitlab as gitlab
allowed_single_project = gitlab.ProjectJobTokenScopes("allowed_single_project",
project="111",
target_project_ids=[123])
allowed_multiple_project = gitlab.ProjectJobTokenScopes("allowed_multiple_project",
project="111",
target_project_ids=[
123,
456,
789,
])
allowed_multiple_groups = gitlab.ProjectJobTokenScopes("allowed_multiple_groups",
project_id=111,
target_project_ids=[],
target_group_ids=[
321,
654,
])
# This will remove all job token scopes, even if added outside of TF.
explicit_deny = gitlab.ProjectJobTokenScopes("explicit_deny",
project="111",
target_project_ids=[])Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using GitLab = Pulumi.GitLab;
return await Deployment.RunAsync(() =>
{
var allowedSingleProject = new GitLab.ProjectJobTokenScopes("allowed_single_project", new()
{
Project = "111",
TargetProjectIds = new[]
{
123,
},
});
var allowedMultipleProject = new GitLab.ProjectJobTokenScopes("allowed_multiple_project", new()
{
Project = "111",
TargetProjectIds = new[]
{
123,
456,
789,
},
});
var allowedMultipleGroups = new GitLab.ProjectJobTokenScopes("allowed_multiple_groups", new()
{
ProjectId = 111,
TargetProjectIds = new[] {},
TargetGroupIds = new[]
{
321,
654,
},
});
// This will remove all job token scopes, even if added outside of TF.
var explicitDeny = new GitLab.ProjectJobTokenScopes("explicit_deny", new()
{
Project = "111",
TargetProjectIds = new[] {},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gitlab/sdk/v8/go/gitlab"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := gitlab.NewProjectJobTokenScopes(ctx, "allowed_single_project", &gitlab.ProjectJobTokenScopesArgs{
Project: pulumi.String("111"),
TargetProjectIds: pulumi.IntArray{
pulumi.Int(123),
},
})
if err != nil {
return err
}
_, err = gitlab.NewProjectJobTokenScopes(ctx, "allowed_multiple_project", &gitlab.ProjectJobTokenScopesArgs{
Project: pulumi.String("111"),
TargetProjectIds: pulumi.IntArray{
pulumi.Int(123),
pulumi.Int(456),
pulumi.Int(789),
},
})
if err != nil {
return err
}
_, err = gitlab.NewProjectJobTokenScopes(ctx, "allowed_multiple_groups", &gitlab.ProjectJobTokenScopesArgs{
ProjectId: pulumi.Int(111),
TargetProjectIds: pulumi.IntArray{},
TargetGroupIds: pulumi.IntArray{
pulumi.Int(321),
pulumi.Int(654),
},
})
if err != nil {
return err
}
// This will remove all job token scopes, even if added outside of TF.
_, err = gitlab.NewProjectJobTokenScopes(ctx, "explicit_deny", &gitlab.ProjectJobTokenScopesArgs{
Project: pulumi.String("111"),
TargetProjectIds: pulumi.IntArray{},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gitlab.ProjectJobTokenScopes;
import com.pulumi.gitlab.ProjectJobTokenScopesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var allowedSingleProject = new ProjectJobTokenScopes("allowedSingleProject", ProjectJobTokenScopesArgs.builder()
.project("111")
.targetProjectIds(123)
.build());
var allowedMultipleProject = new ProjectJobTokenScopes("allowedMultipleProject", ProjectJobTokenScopesArgs.builder()
.project("111")
.targetProjectIds(
123,
456,
789)
.build());
var allowedMultipleGroups = new ProjectJobTokenScopes("allowedMultipleGroups", ProjectJobTokenScopesArgs.builder()
.projectId(111)
.targetProjectIds()
.targetGroupIds(
321,
654)
.build());
// This will remove all job token scopes, even if added outside of TF.
var explicitDeny = new ProjectJobTokenScopes("explicitDeny", ProjectJobTokenScopesArgs.builder()
.project("111")
.targetProjectIds()
.build());
}
}Content copied to clipboard
resources:
allowedSingleProject:
type: gitlab:ProjectJobTokenScopes
name: allowed_single_project
properties:
project: '111'
targetProjectIds:
- 123
allowedMultipleProject:
type: gitlab:ProjectJobTokenScopes
name: allowed_multiple_project
properties:
project: '111'
targetProjectIds:
- 123
- 456
- 789
allowedMultipleGroups:
type: gitlab:ProjectJobTokenScopes
name: allowed_multiple_groups
properties:
projectId: 111
targetProjectIds: []
targetGroupIds:
- 321
- 654
# This will remove all job token scopes, even if added outside of TF.
explicitDeny:
type: gitlab:ProjectJobTokenScopes
name: explicit_deny
properties:
project: '111'
targetProjectIds: []Content copied to clipboard
Import
GitLab project job token scopes can be imported using an id made up of just the project_id
$ pulumi import gitlab:index/projectJobTokenScopes:ProjectJobTokenScopes bar 123Content copied to clipboard