Merge pull request #422 from gitlabhq/project-push-rules

Move gitlab_project_push_rules to gitlab_project.push_rules

Author: armsnyder

docs/data-sources/project.md

@@ -33,7 +33,7 @@ The following attributes are exported:
 * `path_with_namespace` - The path of the repository with namespace.
 
 * `namespace_id` - The namespace (group or user) of the project. Defaults to your user.
-  See [`gitlab_group`](../r/group.html) for an example.
+  See [`gitlab_group`](../resources/group) for an example.
 
 * `description` - A description of the project.
 
@@ -71,4 +71,36 @@ The following attributes are exported:
 
 * `remove_source_branch_after_merge` - Enable `Delete source branch` option by default for all new merge requests
 
-* `packages_enabled` - Enable packages repository for the project.
+* `packages_enabled` - Enable packages repository for the project.
+
+* `push_rules` Push rules for the project (documented below).
+
+## Nested Blocks
+
+### push_rules
+
+For information on push rules, consult the [GitLab documentation](https://docs.gitlab.com/ce/push_rules/push_rules.html#push-rules).
+
+#### Attributes
+
+* `author_email_regex` - All commit author emails must match this regex, e.g. `@my-company.com$`.
+
+* `branch_name_regex` - All branch names must match this regex, e.g. `(feature|hotfix)\/*`.
+
+* `commit_message_regex` - All commit messages must match this regex, e.g. `Fixed \d+\..*`.
+
+* `commit_message_negative_regex` - No commit message is allowed to match this regex, for example `ssh\:\/\/`.
+
+* `file_name_regex` - All commited filenames must not match this regex, e.g. `(jar|exe)$`.
+
+* `commit_committer_check` - Users can only push commits to this repository that were committed with one of their own verified emails.
+
+* `deny_delete_tag` - Deny deleting a tag.
+
+* `member_check` - Restrict commits by author (email) to existing GitLab users.
+
+* `prevent_secrets` - GitLab will reject any files that are likely to contain secrets.
+
+* `reject_unsigned_commits` - Reject commit when it’s not signed through GPG.
+
+* `max_file_size` - Maximum file size (MB).

docs/resources/project.md

@@ -80,6 +80,8 @@ The following arguments are supported:
 
 * `packages_enabled` - (Optional) Enable packages repository for the project.
 
+* `push_rules` (Optional) Push rules for the project (documented below).
+
 ## Attributes Reference
 
 The following additional attributes are exported:
@@ -100,6 +102,35 @@ The following additional attributes are exported:
 
 * `remove_source_branch_after_merge` - Enable `Delete source branch` option by default for all new merge requests.
 
+## Nested Blocks
+
+### push_rules
+
+For information on push rules, consult the [GitLab documentation](https://docs.gitlab.com/ce/push_rules/push_rules.html#push-rules).
+
+#### Arguments
+
+* `author_email_regex` - (Optional) All commit author emails must match this regex, e.g. `@my-company.com$`.
+
+* `branch_name_regex` - (Optional) All branch names must match this regex, e.g. `(feature|hotfix)\/*`.
+
+* `commit_message_regex` - (Optional) All commit messages must match this regex, e.g. `Fixed \d+\..*`.
+
+* `commit_message_negative_regex` - (Optional) No commit message is allowed to match this regex, for example `ssh\:\/\/`.
+
+* `file_name_regex` - (Optional) All commited filenames must not match this regex, e.g. `(jar|exe)$`.
+
+* `commit_committer_check` - (Optional, bool) Users can only push commits to this repository that were committed with one of their own verified emails.
+
+* `deny_delete_tag` - (Optional, bool) Deny deleting a tag.
+
+* `member_check` - (Optional, bool) Restrict commits by author (email) to existing GitLab users.
+
+* `prevent_secrets` - (Optional, bool) GitLab will reject any files that are likely to contain secrets.
+
+* `reject_unsigned_commits` - (Optional, bool) Reject commit when it’s not signed through GPG.
+
+* `max_file_size` - (Optional, int) Maximum file size (MB).
 
 ## Importing projects
 

docs/resources/project_push_rules.md

@@ -1,8 +1,10 @@
 package gitlab
 
 import (
+	"errors"
 	"fmt"
 	"log"
+	"net/http"
 
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 	"github.com/xanzy/go-gitlab"
@@ -19,12 +21,10 @@ func dataSourceGitlabProject() *schema.Resource {
 			},
 			"name": {
 				Type:     schema.TypeString,
-				Optional: true,
 				Computed: true,
 			},
 			"path": {
 				Type:     schema.TypeString,
-				Optional: true,
 				Computed: true,
 			},
 			"path_with_namespace": {
@@ -33,89 +33,125 @@ func dataSourceGitlabProject() *schema.Resource {
 			},
 			"description": {
 				Type:     schema.TypeString,
-				Optional: true,
 				Computed: true,
 			},
 			"default_branch": {
 				Type:     schema.TypeString,
-				Optional: true,
 				Computed: true,
 			},
 			"request_access_enabled": {
 				Type:     schema.TypeBool,
-				Optional: true,
 				Computed: true,
 			},
 			"issues_enabled": {
 				Type:     schema.TypeBool,
-				Optional: true,
 				Computed: true,
 			},
 			"merge_requests_enabled": {
 				Type:     schema.TypeBool,
-				Optional: true,
 				Computed: true,
 			},
 			"pipelines_enabled": {
 				Type:     schema.TypeBool,
-				Optional: true,
 				Computed: true,
 			},
 			"wiki_enabled": {
 				Type:     schema.TypeBool,
-				Optional: true,
 				Computed: true,
 			},
 			"snippets_enabled": {
 				Type:     schema.TypeBool,
-				Optional: true,
 				Computed: true,
 			},
 			"lfs_enabled": {
 				Type:     schema.TypeBool,
-				Optional: true,
 				Computed: true,
 			},
 			"visibility_level": {
 				Type:     schema.TypeString,
-				Optional: true,
 				Computed: true,
 			},
 			"namespace_id": {
 				Type:     schema.TypeInt,
-				Optional: true,
 				Computed: true,
 			},
 			"ssh_url_to_repo": {
 				Type:     schema.TypeString,
-				Optional: true,
 				Computed: true,
 			},
 			"http_url_to_repo": {
 				Type:     schema.TypeString,
-				Optional: true,
 				Computed: true,
 			},
 			"web_url": {
 				Type:     schema.TypeString,
-				Optional: true,
 				Computed: true,
 			},
 			"runners_token": {
 				Type:     schema.TypeString,
-				Optional: true,
 				Computed: true,
 			},
 			"archived": {
 				Type:     schema.TypeBool,
-				Optional: true,
 				Computed: true,
 			},
 			"remove_source_branch_after_merge": {
 				Type:     schema.TypeBool,
-				Optional: true,
 				Computed: true,
 			},
+			"push_rules": {
+				Type:     schema.TypeList,
+				MaxItems: 1,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"author_email_regex": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"branch_name_regex": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"commit_message_regex": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"commit_message_negative_regex": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"file_name_regex": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"commit_committer_check": {
+							Type:     schema.TypeBool,
+							Computed: true,
+						},
+						"deny_delete_tag": {
+							Type:     schema.TypeBool,
+							Computed: true,
+						},
+						"member_check": {
+							Type:     schema.TypeBool,
+							Computed: true,
+						},
+						"prevent_secrets": {
+							Type:     schema.TypeBool,
+							Computed: true,
+						},
+						"reject_unsigned_commits": {
+							Type:     schema.TypeBool,
+							Computed: true,
+						},
+						"max_file_size": {
+							Type:     schema.TypeInt,
+							Computed: true,
+						},
+					},
+				},
+			},
 		},
 	}
 }
@@ -152,5 +188,18 @@ func dataSourceGitlabProjectRead(d *schema.ResourceData, meta interface{}) error
 	d.Set("runners_token", found.RunnersToken)
 	d.Set("archived", found.Archived)
 	d.Set("remove_source_branch_after_merge", found.RemoveSourceBranchAfterMerge)
+
+	log.Printf("[DEBUG] Reading Gitlab project %q push rules", d.Id())
+
+	pushRules, _, err := client.Projects.GetProjectPushRules(d.Id())
+	var httpError *gitlab.ErrorResponse
+	if errors.As(err, &httpError) && httpError.Response.StatusCode == http.StatusNotFound {
+		log.Printf("[DEBUG] Failed to get push rules for project %q: %v", d.Id(), err)
+	} else if err != nil {
+		return fmt.Errorf("Failed to get push rules for project %q: %w", d.Id(), err)
+	}
+
+	d.Set("push_rules", flattenProjectPushRules(pushRules))
+
 	return nil
 }