diff --git a/CHANGELOG.md b/CHANGELOG.md index 64d7c64..536b704 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,14 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] +## [1.2.0] - 2025-10-13 + +[Compare with previous version](https://github.com/sparkfabrik/terraform-gitlab-kubernetes-gitlab-agent/compare/1.1.0...1.2.0) + +### Added + +- feat: disable autoassign current user by default + ## [1.1.0] - 2025-10-08 [Compare with previous version](https://github.com/sparkfabrik/terraform-gitlab-kubernetes-gitlab-agent/compare/1.0.0...1.1.0) diff --git a/README.md b/README.md index bfb131c..0c631dd 100644 --- a/README.md +++ b/README.md @@ -77,11 +77,11 @@ provider "gitlab" { ## GitLab Agents user membership -The current user used by the provider is automatically added as `maintainer` to the "GitLab Agents" project. If you don't want this behavior, just set the variable `var.autoassign_current_user_as_maintainer` to `false`. +The current user used by the provider must be added as `maintainer` to the "GitLab Agents" project. By default, this behavior is disabled; just set the variable `var.autoassign_current_user_as_maintainer` to `true` if you want to enable it. Adding the user as `maintainer` to the newly created project ensures they have the permissions to commit and push to it. -**ATTENTION:** If the current user is already added to the project but with a different role than `maintainer`, the apply will fail saying that a membership already exists +**ATTENTION:** If the current user is already added to the project the apply will fail saying that a membership already exists ## Providers diff --git a/main.tf b/main.tf index 70f7d4e..d499eb9 100644 --- a/main.tf +++ b/main.tf @@ -51,8 +51,6 @@ locals { (var.gitlab_agent_variable_name_agent_id) : gitlab_cluster_agent.this.name, (var.gitlab_agent_variable_name_agent_project) : local.project_path_with_namespace, } - - current_user_is_maintainer_of_project = length([for member in data.gitlab_project_membership.this.members : member if member.name == data.gitlab_current_user.this.name && member.access_level == "maintainer"]) > 0 } # Gitlab resources @@ -87,11 +85,6 @@ data "gitlab_project" "enabled_projects" { path_with_namespace = each.value } -# Data source to get all the memberships for the project -data "gitlab_project_membership" "this" { - project_id = local.project_id -} - resource "gitlab_project" "project" { count = local.use_existing_project == 0 ? 1 : 0 name = var.gitlab_project_name @@ -99,7 +92,7 @@ resource "gitlab_project" "project" { } resource "gitlab_project_membership" "project" { - count = var.autoassign_current_user_as_maintainer && !local.current_user_is_maintainer_of_project ? 1 : 0 + count = var.assign_current_user_as_maintainer ? 1 : 0 project = local.project_id user_id = data.gitlab_current_user.this.id access_level = "maintainer" diff --git a/variables.tf b/variables.tf index f755e21..8057aef 100644 --- a/variables.tf +++ b/variables.tf @@ -156,8 +156,8 @@ variable "create_default_pod_anti_affinity" { default = true } -variable "autoassign_current_user_as_maintainer" { - description = "Automatically assign the current GitLab user (from the GitLab provider) as a maintainer of the created project. This is useful to ensure that the user has rights to commit and push the GitLab Agent configuration file." +variable "assign_current_user_as_maintainer" { + description = "Assign the current GitLab user (from the GitLab provider) as a maintainer of the created project. This is useful to ensure that the user has rights to commit and push the GitLab Agent configuration file." type = bool - default = true + default = false }