From 31fdcf92bafe81364d790167b66391a057c5de94 Mon Sep 17 00:00:00 2001 From: Mykhailo Babych Date: Wed, 4 Jun 2025 10:44:11 +0300 Subject: [PATCH 1/2] feat: Multiple users in allowed_to_* blocks --- main.tf | 51 ++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 48 insertions(+), 3 deletions(-) diff --git a/main.tf b/main.tf index 79edd61..3ac8d4c 100644 --- a/main.tf +++ b/main.tf @@ -1297,7 +1297,22 @@ resource "gitlab_branch_protection" "this" { # Dynamic blocks for allowed_to_push dynamic "allowed_to_push" { - for_each = lookup(each.value.branch, "allowed_to_push", []) + for_each = flatten([ + for entry in lookup(each.value.branch, "allowed_to_push", []) : ( + contains(keys(entry), "user_emails") ? [ + for email in entry.user_emails : { + user_email = email + } + ] : + contains(keys(entry), "user_email") ? [{ + user_email = entry.user_email + }] : + contains(keys(entry), "group") ? [{ + group = entry.group + }] : [] + ) + ]) + content { user_id = contains(keys(local.exists_users), lookup(allowed_to_push.value, "user_email", "")) ? local.exists_users[allowed_to_push.value.user_email].id : null group_id = contains(keys(local.exists_groups), lookup(allowed_to_push.value, "group", "")) ? local.exists_groups[allowed_to_push.value.group][0].group_id : null @@ -1306,7 +1321,22 @@ resource "gitlab_branch_protection" "this" { # Dynamic blocks for allowed_to_merge dynamic "allowed_to_merge" { - for_each = lookup(each.value.branch, "allowed_to_merge", []) + for_each = flatten([ + for entry in lookup(each.value.branch, "allowed_to_merge", []) : ( + contains(keys(entry), "user_emails") ? [ + for email in entry.user_emails : { + user_email = email + } + ] : + contains(keys(entry), "user_email") ? [{ + user_email = entry.user_email + }] : + contains(keys(entry), "group") ? [{ + group = entry.group + }] : [] + ) + ]) + content { user_id = contains(keys(local.exists_users), lookup(allowed_to_merge.value, "user_email", "")) ? local.exists_users[allowed_to_merge.value.user_email].id : null group_id = contains(keys(local.exists_groups), lookup(allowed_to_merge.value, "group", "")) ? local.exists_groups[allowed_to_merge.value.group][0].group_id : null @@ -1315,7 +1345,22 @@ resource "gitlab_branch_protection" "this" { # Dynamic blocks for allowed_to_unprotect dynamic "allowed_to_unprotect" { - for_each = lookup(each.value.branch, "allowed_to_unprotect", []) + for_each = flatten([ + for entry in lookup(each.value.branch, "allowed_to_unprotect", []) : ( + contains(keys(entry), "user_emails") ? [ + for email in entry.user_emails : { + user_email = email + } + ] : + contains(keys(entry), "user_email") ? [{ + user_email = entry.user_email + }] : + contains(keys(entry), "group") ? [{ + group = entry.group + }] : [] + ) + ]) + content { user_id = contains(keys(local.exists_users), lookup(allowed_to_unprotect.value, "user_email", "")) ? local.exists_users[allowed_to_unprotect.value.user_email].id : null group_id = contains(keys(local.exists_groups), lookup(allowed_to_unprotect.value, "group", "")) ? local.exists_groups[allowed_to_unprotect.value.group][0].group_id : null From 8a0402b63f95cc86ca852ac97f06a8654c323171 Mon Sep 17 00:00:00 2001 From: Mykhailo Babych Date: Wed, 4 Jun 2025 10:45:48 +0300 Subject: [PATCH 2/2] chore: Add to examples --- examples/terraform/projects/alpha_projects.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/examples/terraform/projects/alpha_projects.yaml b/examples/terraform/projects/alpha_projects.yaml index e41d813..d74f3c7 100644 --- a/examples/terraform/projects/alpha_projects.yaml +++ b/examples/terraform/projects/alpha_projects.yaml @@ -40,7 +40,10 @@ projects: allow_force_push: true code_owner_approval_required: true allowed_to_push: - - user_email: "user@domain.com" + - user_emails: + - "user1@domain.com" + - "user2@domain.com" + - "user3@domain.com" - group: "roles/project-sre-dev" allowed_to_merge: - user_email: "user@domain.com"