Gitlab Terraform Module

27 May ยท 29 min read

Gitlab Terraform Module

Our DevOps team has run into a problem when it comes to assigning membership to numerous projects. We designed a Terraform module and simplified it to prevent going through hundreds of lines of configuration code. You can use the Terraform module to create logical abstractions on top of a resource collection. In other words, a module enables you to aggregate resources and reuse them later, potentially several times.  

Our DevOps team has been working on a terraform module to help establish Gitlab resources and allocate membership as needed over the last few weeks. 

There are three submodules in this module:  

  1. groups,
  2. projects,
  3. users.

You should have some experience with Terraform and Gitlab, at the very least understanding how to arrange your projects and how Gitlab membership works. One requirement is that you have Terraform installed, which you can check using the command 'terraform -version.' We'll walk you through how to use this module in a few simple steps. 

Generate Gitlab Access Token

Terraform need this key to access your Gitlab account; otherwise, Terraform will be unable to create projects, groups, or user membership. To begin, click on your profile image in the upper right corner, then select *Preferences* from the menu on the left, then select *Access Tokens*. 

Configure Provider and State

You must first configure the provider and Terraform state before you can use the module. Because the provider is Gitlab and the state location is Terraform Cloud, you can create a file called 'versions.tf' and add the code from below to it. 

``` 

terraform { 

required_version  =  ">=1.1.6" 

backend "remote"{ 

hostname = "app.terraform.io" 

organization  =  "your_organization" 

workspaces { 

name = "your_workspace" 

required_providers { 

gitlab = { 

source = "gitlabhq/gitlab" 

version = "3.11.1" 

provider  "gitlab" { 

token  =  var.gitlab_token 

``` 

As you can see, we're using 'var.gitlab token' in the provider Gitlab, which requires a variable named 'GitLab token'. Terraform allows you to declare variables in the same folder as the provider or state, although it is recommended that you use a separate folder titled 'variables.tf' as a best practice. Here's an illustration: 

``` 

variable  "gitlab_token" { 

description  =  "Gitlab token" 

type  =  string 

``` 

Gitlab module usage

It's time to use the Gitlab module now that we've completed all of the preceding procedures. We'll use all three submodules in this example. The first is for Gitlab groups. Because Gitlab has a problem with creating root groups that haven't been resolved yet, you'll need to import root groups. [Gitlab Issue 244345](https://gitlab.com/gitlab-org/gitlab/-/issues/244345). As previously said, you must import the root group; here is the command to do so. 

``` 

terraform import 'module.gitlab-group-module-dev.gitlab_group.group["dev"]' <group_id> 

``` 

Create `main.tf` file and past every code block from below in that file 

``` 

locals { 

created_groups = merge(module.gitlab_group_module_dev.created_groups, module.gitlab_group_module_components.created_groups) 

module  "gitlab_group_module_dev" { 

source  =  "../modules/gitlab-group-module" 

groups =  { 

dev = { 

auto_devops_enabled = false 

default_branch_protection = 2 

emails_disabled = false 

lfs_enabled = true 

mentions_disabled = false 

name = "dev1" 

parent_id = 0 

path = "dev2249" 

project_creation_level = "developer" 

request_access_enabled = true 

require_two_factor_authentication = false 

share_with_group_lock = false 

subgroup_creation_level = "maintainer" 

two_factor_grace_period = 48 

visibility_level = "private" 

``` 

We now have a root group in the state and can establish further hierarchical groups. The code for the group usage submodule is presented below. 

``` 

module "gitlab-group-module-components" { 

  source = "../modules/gitlab-group-module" 

  groups = { 

    frontend = { 

      name      = "Frontend" 

      path      = "frontend" 

      parent_id = module.gitlab-group-module-dev.created_groups["dev"].id 

    } 

    backend = { 

      name      = "Backend" 

      path      = "backend" 

      parent_id = module.gitlab-group-module-dev.created_groups["dev"].id 

    } 

  } 

``` 

You can search for projects and users once you've formed groups. We'll start by showing you how to use Submodule for projects. 

``` 

module "gitlab-project-module" { 

  source = "../modules/gitlab-project-module" 

  projects = { 

    react_example_project = { 

      name         = "React example project" 

      namespace_id = local.created_groups["frontend"].id 

      push_rules = { 

        commit_committer_check = true 

      } 

    } 

    django_example_project = { 

      name         = "Django example project" 

      namespace_id = local.created_groups["backend"].id 

    } 

  } 

``` 

Users and their membership are the subjects of the final submodule. You must pass groups and projects for each user, as shown in the code below so that the module can assign membership. 

``` 

module "gitlab-user-module" { 

  source   = "../modules/gitlab-user-module" 

  groups   = local.created_groups 

  projects = module.gitlab-project-module.created_projects 

  users = { 

    johnharper = { 

      create   = false 

      username = "john.harper" 

      email    = "john.harper@example.com" 

      name     = "John Harper" 

      groups = { 

        frontend = { 

          access_level = "maintainer" 

          expires_at   = null 

        } 

        dev = { 

          access_level = "guest" 

        } 

      } 

    } 

    chrisharper = { 

      username = "chris.harper" 

      email    = "chris.harper@example.com" 

      name     = "Chris Harper" 

      groups = { 

        backend = { 

          access_level = "developer" 

          expires_at   = "2030-12-31" 

        } 

        dev = { 

          access_level = "guest" 

          expires_at   = "2030-12-31" 

        } 

      } 

      projects = { 

        react_example_project = { 

          access_level = "maintainer" 

        } 

      } 

    } 

  } 

``` 

You can now run the code after passing all of these module examples into the'main.tf' file. You may now use terraform init to tell Terraform what to do. You can then run 'terraform plan' and 'terraform apply' after init. 

Here are some pictures after you apply. 

Here are the links if you need access to our code: 

Gitlab Terraform module link Terraform registry https://registry.terraform.io/modules/EvoltDev/gitlab/gitlab/latest 

Gitlab Terraform module link Github 

https://github.com/EvoltDev/terraform-gitlab-gitlab 

Comment as

Login or comment as

0 comments