support default_branch_protection on group (#706)

domcyrus · Marco Cadetg · web-flow · commit 42a38e417d89 · 2021-09-28T12:18:14.000+02:00
* support default_branch_protection on group

Co-authored-by: Marco Cadetg &lt;Marco_Cadetg@swissre.com&gt;
diff --git a/docs/data-sources/group.md b/docs/data-sources/group.md
@@ -58,4 +58,6 @@ The resource exports the following attributes:
 
 * `runners_token` - The group level registration token to use during runner setup.
 
+* `default_branch_protection` - Whether developers and maintainers can push to the applicable default branch.
+
 [doc]: https://docs.gitlab.com/ee/api/groups.html#details-of-a-group
diff --git a/docs/resources/group.md b/docs/resources/group.md
@@ -81,6 +81,11 @@ The resource exports the following attributes:
 
 * `runners_token` - The group level registration token to use during runner setup.
 
+* `default_branch_protection` - (Optional) Int, defaults to 2.
+Whether developers and maintainers can push to the applicable default branch.
+0 no protection, 1 partial protection, 2 full protection
+https://docs.gitlab.com/ee/api/groups.html#options-for-default_branch_protection
+
 ## Import
 
 You can import a group state using `terraform import <resource> <id>`.  The
diff --git a/gitlab/data_source_gitlab_group.go b/gitlab/data_source_gitlab_group.go
@@ -69,6 +69,10 @@ func dataSourceGitlabGroup() *schema.Resource {
 				Computed:  true,
 				Sensitive: true,
 			},
+			"default_branch_protection": {
+				Type:     schema.TypeInt,
+				Computed: true,
+			},
 		},
 	}
 }
@@ -112,6 +116,7 @@ func dataSourceGitlabGroupRead(d *schema.ResourceData, meta interface{}) error {
 	d.Set("visibility_level", group.Visibility)
 	d.Set("parent_id", group.ParentID)
 	d.Set("runners_token", group.RunnersToken)
+	d.Set("default_branch_protection", group.DefaultBranchProtection)
 
 	d.SetId(fmt.Sprintf("%d", group.ID))
 
diff --git a/gitlab/data_source_gitlab_group_test.go b/gitlab/data_source_gitlab_group_test.go
@@ -55,6 +55,7 @@ func testAccDataSourceGitlabGroup(src, n string) resource.TestCheckFunc {
 			"request_access_enabled",
 			"visibility_level",
 			"parent_id",
+			"default_branch_protection",
 		}
 
 		for _, attribute := range testAttributes {
diff --git a/gitlab/resource_gitlab_group.go b/gitlab/resource_gitlab_group.go
@@ -53,6 +53,12 @@ func resourceGitlabGroup() *schema.Resource {
 				Optional: true,
 				Default:  true,
 			},
+			"default_branch_protection": {
+				Type:         schema.TypeInt,
+				Optional:     true,
+				Default:      2,
+				ValidateFunc: validation.IntInSlice([]int{0, 1, 2}),
+			},
 			"request_access_enabled": {
 				Type:     schema.TypeBool,
 				Optional: true,
@@ -177,6 +183,10 @@ func resourceGitlabGroupCreate(d *schema.ResourceData, meta interface{}) error {
 		options.ParentID = gitlab.Int(v.(int))
 	}
 
+	if v, ok := d.GetOk("default_branch_protection"); ok {
+		options.DefaultBranchProtection = gitlab.Int(v.(int))
+	}
+
 	log.Printf("[DEBUG] create gitlab group %q", *options.Name)
 
 	group, _, err := client.Groups.CreateGroup(options)
@@ -228,6 +238,7 @@ func resourceGitlabGroupRead(d *schema.ResourceData, meta interface{}) error {
 	d.Set("parent_id", group.ParentID)
 	d.Set("runners_token", group.RunnersToken)
 	d.Set("share_with_group_lock", group.ShareWithGroupLock)
+	d.Set("default_branch_protection", group.DefaultBranchProtection)
 
 	return nil
 }
@@ -295,6 +306,10 @@ func resourceGitlabGroupUpdate(d *schema.ResourceData, meta interface{}) error {
 		options.ShareWithGroupLock = gitlab.Bool(d.Get("share_with_group_lock").(bool))
 	}
 
+	if d.HasChange("default_branch_protection") {
+		options.DefaultBranchProtection = gitlab.Int(d.Get("default_branch_protection").(int))
+	}
+
 	log.Printf("[DEBUG] update gitlab group %s", d.Id())
 
 	_, _, err := client.Groups.UpdateGroup(d.Id(), options)
diff --git a/gitlab/resource_gitlab_group_test.go b/gitlab/resource_gitlab_group_test.go
@@ -2,13 +2,14 @@ package gitlab
 
 import (
 	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
 	"github.com/hashicorp/terraform-plugin-sdk/helper/acctest"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/terraform"
 	"github.com/xanzy/go-gitlab"
-	"net/http"
-	"testing"
-	"time"
 )
 
 func TestAccGitlabGroup_basic(t *testing.T) {
@@ -26,14 +27,15 @@ func TestAccGitlabGroup_basic(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckGitlabGroupExists("gitlab_group.foo", &group),
 					testAccCheckGitlabGroupAttributes(&group, &testAccGitlabGroupExpectedAttributes{
-						Name:                  fmt.Sprintf("foo-name-%d", rInt),
-						Path:                  fmt.Sprintf("foo-path-%d", rInt),
-						Description:           "Terraform acceptance tests",
-						LFSEnabled:            true,
-						Visibility:            "public",     // default value
-						ProjectCreationLevel:  "maintainer", // default value
-						SubGroupCreationLevel: "owner",      // default value
-						TwoFactorGracePeriod:  48,           // default value
+						Name:                    fmt.Sprintf("foo-name-%d", rInt),
+						Path:                    fmt.Sprintf("foo-path-%d", rInt),
+						Description:             "Terraform acceptance tests",
+						LFSEnabled:              true,
+						Visibility:              "public",     // default value
+						ProjectCreationLevel:    "maintainer", // default value
+						SubGroupCreationLevel:   "owner",      // default value
+						TwoFactorGracePeriod:    48,           // default value
+						DefaultBranchProtection: 2,            // default value
 					}),
 				),
 			},
@@ -43,20 +45,21 @@ func TestAccGitlabGroup_basic(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckGitlabGroupExists("gitlab_group.foo", &group),
 					testAccCheckGitlabGroupAttributes(&group, &testAccGitlabGroupExpectedAttributes{
-						Name:                  fmt.Sprintf("bar-name-%d", rInt),
-						Path:                  fmt.Sprintf("bar-path-%d", rInt),
-						Description:           "Terraform acceptance tests! Updated description",
-						LFSEnabled:            false,
-						Visibility:            "public", // default value
-						RequestAccessEnabled:  true,
-						ProjectCreationLevel:  "developer",
-						SubGroupCreationLevel: "maintainer",
-						RequireTwoFactorAuth:  true,
-						TwoFactorGracePeriod:  56,
-						AutoDevopsEnabled:     true,
-						EmailsDisabled:        true,
-						MentionsDisabled:      true,
-						ShareWithGroupLock:    true,
+						Name:                    fmt.Sprintf("bar-name-%d", rInt),
+						Path:                    fmt.Sprintf("bar-path-%d", rInt),
+						Description:             "Terraform acceptance tests! Updated description",
+						LFSEnabled:              false,
+						Visibility:              "public", // default value
+						RequestAccessEnabled:    true,
+						ProjectCreationLevel:    "developer",
+						SubGroupCreationLevel:   "maintainer",
+						RequireTwoFactorAuth:    true,
+						TwoFactorGracePeriod:    56,
+						AutoDevopsEnabled:       true,
+						EmailsDisabled:          true,
+						MentionsDisabled:        true,
+						ShareWithGroupLock:      true,
+						DefaultBranchProtection: 1,
 					}),
 				),
 			},
@@ -66,14 +69,15 @@ func TestAccGitlabGroup_basic(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckGitlabGroupExists("gitlab_group.foo", &group),
 					testAccCheckGitlabGroupAttributes(&group, &testAccGitlabGroupExpectedAttributes{
-						Name:                  fmt.Sprintf("foo-name-%d", rInt),
-						Path:                  fmt.Sprintf("foo-path-%d", rInt),
-						Description:           "Terraform acceptance tests",
-						LFSEnabled:            true,
-						Visibility:            "public",     // default value
-						ProjectCreationLevel:  "maintainer", // default value
-						SubGroupCreationLevel: "owner",      // default value
-						TwoFactorGracePeriod:  48,           // default value
+						Name:                    fmt.Sprintf("foo-name-%d", rInt),
+						Path:                    fmt.Sprintf("foo-path-%d", rInt),
+						Description:             "Terraform acceptance tests",
+						LFSEnabled:              true,
+						Visibility:              "public",     // default value
+						ProjectCreationLevel:    "maintainer", // default value
+						SubGroupCreationLevel:   "owner",      // default value
+						TwoFactorGracePeriod:    48,           // default value
+						DefaultBranchProtection: 2,            // default value
 					}),
 				),
 			},
@@ -120,15 +124,16 @@ func TestAccGitlabGroup_nested(t *testing.T) {
 					testAccCheckGitlabGroupExists("gitlab_group.foo2", &group2),
 					testAccCheckGitlabGroupExists("gitlab_group.nested_foo", &nestedGroup),
 					testAccCheckGitlabGroupAttributes(&nestedGroup, &testAccGitlabGroupExpectedAttributes{
-						Name:                  fmt.Sprintf("nfoo-name-%d", rInt),
-						Path:                  fmt.Sprintf("nfoo-path-%d", rInt),
-						Description:           "Terraform acceptance tests",
-						LFSEnabled:            true,
-						Visibility:            "public",     // default value
-						ProjectCreationLevel:  "maintainer", // default value
-						SubGroupCreationLevel: "owner",      // default value
-						TwoFactorGracePeriod:  48,           // default value
-						Parent:                &group,
+						Name:                    fmt.Sprintf("nfoo-name-%d", rInt),
+						Path:                    fmt.Sprintf("nfoo-path-%d", rInt),
+						Description:             "Terraform acceptance tests",
+						LFSEnabled:              true,
+						Visibility:              "public",     // default value
+						ProjectCreationLevel:    "maintainer", // default value
+						SubGroupCreationLevel:   "owner",      // default value
+						TwoFactorGracePeriod:    48,           // default value
+						DefaultBranchProtection: 2,            // default value
+						Parent:                  &group,
 					}),
 				),
 			},
@@ -139,15 +144,16 @@ func TestAccGitlabGroup_nested(t *testing.T) {
 					testAccCheckGitlabGroupExists("gitlab_group.foo2", &group2),
 					testAccCheckGitlabGroupExists("gitlab_group.nested_foo", &nestedGroup),
 					testAccCheckGitlabGroupAttributes(&nestedGroup, &testAccGitlabGroupExpectedAttributes{
-						Name:                  fmt.Sprintf("nfoo-name-%d", rInt),
-						Path:                  fmt.Sprintf("nfoo-path-%d", rInt),
-						Description:           "Terraform acceptance tests - new parent",
-						LFSEnabled:            true,
-						Visibility:            "public",     // default value
-						ProjectCreationLevel:  "maintainer", // default value
-						SubGroupCreationLevel: "owner",      // default value
-						TwoFactorGracePeriod:  48,           // default value
-						Parent:                &group2,
+						Name:                    fmt.Sprintf("nfoo-name-%d", rInt),
+						Path:                    fmt.Sprintf("nfoo-path-%d", rInt),
+						Description:             "Terraform acceptance tests - new parent",
+						LFSEnabled:              true,
+						Visibility:              "public",     // default value
+						ProjectCreationLevel:    "maintainer", // default value
+						SubGroupCreationLevel:   "owner",      // default value
+						TwoFactorGracePeriod:    48,           // default value
+						DefaultBranchProtection: 2,            // default value
+						Parent:                  &group2,
 					}),
 				),
 			},
@@ -158,14 +164,15 @@ func TestAccGitlabGroup_nested(t *testing.T) {
 					testAccCheckGitlabGroupExists("gitlab_group.foo2", &group2),
 					testAccCheckGitlabGroupExists("gitlab_group.nested_foo", &nestedGroup),
 					testAccCheckGitlabGroupAttributes(&nestedGroup, &testAccGitlabGroupExpectedAttributes{
-						Name:                  fmt.Sprintf("nfoo-name-%d", rInt),
-						Path:                  fmt.Sprintf("nfoo-path-%d", rInt),
-						Description:           "Terraform acceptance tests - updated",
-						LFSEnabled:            true,
-						Visibility:            "public",     // default value
-						ProjectCreationLevel:  "maintainer", // default value
-						SubGroupCreationLevel: "owner",      // default value
-						TwoFactorGracePeriod:  48,           // default value
+						Name:                    fmt.Sprintf("nfoo-name-%d", rInt),
+						Path:                    fmt.Sprintf("nfoo-path-%d", rInt),
+						Description:             "Terraform acceptance tests - updated",
+						LFSEnabled:              true,
+						Visibility:              "public",     // default value
+						ProjectCreationLevel:    "maintainer", // default value
+						SubGroupCreationLevel:   "owner",      // default value
+						TwoFactorGracePeriod:    48,           // default value
+						DefaultBranchProtection: 2,            // default value
 					}),
 				),
 			},
@@ -185,6 +192,7 @@ func TestAccGitlabGroup_nested(t *testing.T) {
 			//			ProjectCreationLevel:  "maintainer", // default value
 			//			SubGroupCreationLevel: "owner",      // default value
 			//			TwoFactorGracePeriod:  48,           // default value
+			//			DefaultBranchProtection: 2,          // default value
 			// 			Parent:      &group,
 			// 		}),
 			// 	),
@@ -263,21 +271,22 @@ func testAccCheckGitlabGroupExists(n string, group *gitlab.Group) resource.TestC
 }
 
 type testAccGitlabGroupExpectedAttributes struct {
-	Name                  string
-	Path                  string
-	Description           string
-	Parent                *gitlab.Group
-	LFSEnabled            bool
-	RequestAccessEnabled  bool
-	Visibility            gitlab.VisibilityValue
-	ShareWithGroupLock    bool
-	AutoDevopsEnabled     bool
-	EmailsDisabled        bool
-	MentionsDisabled      bool
-	ProjectCreationLevel  gitlab.ProjectCreationLevelValue
-	SubGroupCreationLevel gitlab.SubGroupCreationLevelValue
-	RequireTwoFactorAuth  bool
-	TwoFactorGracePeriod  int
+	Name                    string
+	Path                    string
+	Description             string
+	Parent                  *gitlab.Group
+	LFSEnabled              bool
+	RequestAccessEnabled    bool
+	Visibility              gitlab.VisibilityValue
+	ShareWithGroupLock      bool
+	AutoDevopsEnabled       bool
+	EmailsDisabled          bool
+	MentionsDisabled        bool
+	ProjectCreationLevel    gitlab.ProjectCreationLevelValue
+	SubGroupCreationLevel   gitlab.SubGroupCreationLevelValue
+	RequireTwoFactorAuth    bool
+	TwoFactorGracePeriod    int
+	DefaultBranchProtection int
 }
 
 func testAccCheckGitlabGroupAttributes(group *gitlab.Group, want *testAccGitlabGroupExpectedAttributes) resource.TestCheckFunc {
@@ -338,6 +347,10 @@ func testAccCheckGitlabGroupAttributes(group *gitlab.Group, want *testAccGitlabG
 			return fmt.Errorf("got share_with_group_lock %t; want %t", group.ShareWithGroupLock, want.ShareWithGroupLock)
 		}
 
+		if group.DefaultBranchProtection != want.DefaultBranchProtection {
+			return fmt.Errorf("got default_branch_protection %d; want %d", group.DefaultBranchProtection, want.DefaultBranchProtection)
+		}
+
 		if want.Parent != nil {
 			if group.ParentID != want.Parent.ID {
 				return fmt.Errorf("got parent_id %d; want %d", group.ParentID, want.Parent.ID)
@@ -406,6 +419,7 @@ resource "gitlab_group" "foo" {
   emails_disabled = true
   mentions_disabled = true
   share_with_group_lock = true
+  default_branch_protection = 1
 
   # So that acceptance tests can be run in a gitlab organization
   # with no billing

Original file line number	Diff line number	Diff line change
`@@ -55,6 +55,7 @@ func testAccDataSourceGitlabGroup(src, n string) resource.TestCheckFunc {`
`55`	`55`	`"request_access_enabled",`
`56`	`56`	`"visibility_level",`
`57`	`57`	`"parent_id",`
	`58`	`+ "default_branch_protection",`
`58`	`59`	`}`
`59`	`60`
`60`	`61`	`for _, attribute := range testAttributes {`