Repositories
- git-access-control (users and teams)
- git-repositories (repos and groups)
Why separate repos
- Separation of concerns principle.
- Least Privilege principle.
- Terraform works faster.
- A few rules/scenarios:
- An user can be a member of more than one team
GitLab Permissions and Roles
GitLab Modules Example
# repo: git-access-control
module "team_example" {
source = "./modules/team_gitlab"
team_name = "Team Example"
team_path = "team-example"
members = {
# username and role
"john-doe" = "developer"
"jim-ross" = "developer"
}
groups = {
# group name and access level
"/organization/billing" = "developer"
}
repositories = {
# repo name and access level
"/ops/infra/nginx-proxy" = "developer"
"/ops/infra/gitlab-runner" = "developer"
}
}
# repo: git-repositories
module "operations" {
source = "./modules/group_with_subgroups"
name = "Operations"
path = "ops"
groups = {
Infrastructure = "infra"
}
repos = {
Infrastructure = [
"nginx-proxy",
"gitlab-runner",
]
}
}
GitHub Team Module Example
# repo: git-access-control
module "team_example" {
source = "./modules/team_github"
team_name = "Team Example"
members = {
# username and role
"john-doe" = "maintainer"
"jim-ross" = "member"
}
repositories = {
# repo name and permission
"billing-api" = "push"
}
}
