Merge pull request #914 from jtymes/feature/529-prevent-fork-outside-group

Add prevent_forking_outside_group

Author: timofurrer

docs/data-sources/group.md

@@ -45,6 +45,7 @@ data "gitlab_group" "foo" {
 - **name** (String) The name of this group.
 - **parent_id** (Number) Integer, ID of the parent group.
 - **path** (String) The path of the group.
+- **prevent_forking_outside_group** (Boolean) When enabled, users can not fork projects from this group to external namespaces.
 - **request_access_enabled** (Boolean) Boolean, is request for access enabled to the group.
 - **runners_token** (String, Sensitive) The group level registration token to use during runner setup.
 - **visibility_level** (String) Visibility level of the group. Possible values are `private`, `internal`, `public`.

docs/resources/group.md

@@ -47,6 +47,7 @@ resource "gitlab_project" "example" {
 - **lfs_enabled** (Boolean) Boolean, defaults to true.  Whether to enable LFS
 - **mentions_disabled** (Boolean) Boolean, defaults to false.  Disable the capability
 - **parent_id** (Number) Integer, id of the parent group (creates a nested group).
+- **prevent_forking_outside_group** (Boolean) When enabled, users can not fork projects from this group to external namespaces.
 - **project_creation_level** (String) , defaults to Maintainer.
 - **request_access_enabled** (Boolean) Boolean, defaults to false.  Whether to
 - **require_two_factor_authentication** (Boolean) Boolean, defaults to false.

go.mod

@@ -11,7 +11,7 @@ require (
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.10.1
 	github.com/mitchellh/hashstructure v1.1.0
 	github.com/onsi/gomega v1.18.1
-	github.com/xanzy/go-gitlab v0.55.1
+	github.com/xanzy/go-gitlab v0.56.0
 	golang.org/x/crypto v0.0.0-20220214200702-86341886e292 // indirect
 	google.golang.org/api v0.34.0 // indirect
 )

go.sum

@@ -344,8 +344,8 @@ github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaU
 github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
 github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
 github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
-github.com/xanzy/go-gitlab v0.55.1 h1:IgX/DS9buV0AUz8fuJPQkdl0fQGfBiAsAHxpun8sNhg=
-github.com/xanzy/go-gitlab v0.55.1/go.mod h1:F0QEXwmqiBUxCgJm8fE9S+1veX4XC9Z4cfaAbqwk4YM=
+github.com/xanzy/go-gitlab v0.56.0 h1:/QHBvk3IKVNwvXB/UOWVb5J6VCN6r2bg9/WxjUbFY/0=
+github.com/xanzy/go-gitlab v0.56.0/go.mod h1:F0QEXwmqiBUxCgJm8fE9S+1veX4XC9Z4cfaAbqwk4YM=
 github.com/xanzy/ssh-agent v0.3.0 h1:wUMzuKtKilRgBAD1sUb8gOwwRr2FGoBVumcjoOACClI=
 github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=

internal/provider/data_source_gitlab_group.go

@@ -91,6 +91,11 @@ var _ = registerDataSource("gitlab_group", func() *schema.Resource {
 				Type:        schema.TypeInt,
 				Computed:    true,
 			},
+			"prevent_forking_outside_group": {
+				Description: "When enabled, users can not fork projects from this group to external namespaces.",
+				Type:        schema.TypeBool,
+				Computed:    true,
+			},
 		},
 	}
 })
@@ -135,6 +140,7 @@ func dataSourceGitlabGroupRead(ctx context.Context, d *schema.ResourceData, meta
 	d.Set("parent_id", group.ParentID)
 	d.Set("runners_token", group.RunnersToken)
 	d.Set("default_branch_protection", group.DefaultBranchProtection)
+	d.Set("prevent_forking_outside_group", group.PreventForkingOutsideGroup)
 
 	d.SetId(fmt.Sprintf("%d", group.ID))
 

internal/provider/data_source_gitlab_group_test.go

@@ -56,6 +56,7 @@ func testAccDataSourceGitlabGroup(src, n string) resource.TestCheckFunc {
 			"visibility_level",
 			"parent_id",
 			"default_branch_protection",
+			"prevent_forking_outside_group",
 		}
 
 		for _, attribute := range testAttributes {

internal/provider/resource_gitlab_group.go

@@ -148,6 +148,12 @@ var _ = registerResource("gitlab_group", func() *schema.Resource {
 				Computed:    true,
 				Sensitive:   true,
 			},
+			"prevent_forking_outside_group": {
+				Description: "When enabled, users can not fork projects from this group to external namespaces.",
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Default:     false,
+			},
 		},
 	}
 })
@@ -223,6 +229,18 @@ func resourceGitlabGroupCreate(ctx context.Context, d *schema.ResourceData, meta
 
 	d.SetId(fmt.Sprintf("%d", group.ID))
 
+	var updateOptions gitlab.UpdateGroupOptions
+
+	if v, ok := d.GetOk("prevent_forking_outside_group"); ok {
+		updateOptions.PreventForkingOutsideGroup = gitlab.Bool(v.(bool))
+	}
+
+	if (updateOptions != gitlab.UpdateGroupOptions{}) {
+		if _, _, err = client.Groups.UpdateGroup(d.Id(), &updateOptions, gitlab.WithContext(ctx)); err != nil {
+			return diag.Errorf("could not update group after creation %q: %s", d.Id(), err)
+		}
+	}
+
 	return resourceGitlabGroupRead(ctx, d, meta)
 }
 
@@ -266,6 +284,7 @@ func resourceGitlabGroupRead(ctx context.Context, d *schema.ResourceData, meta i
 	d.Set("runners_token", group.RunnersToken)
 	d.Set("share_with_group_lock", group.ShareWithGroupLock)
 	d.Set("default_branch_protection", group.DefaultBranchProtection)
+	d.Set("prevent_forking_outside_group", group.PreventForkingOutsideGroup)
 
 	return nil
 }
@@ -337,6 +356,10 @@ func resourceGitlabGroupUpdate(ctx context.Context, d *schema.ResourceData, meta
 		options.DefaultBranchProtection = gitlab.Int(d.Get("default_branch_protection").(int))
 	}
 
+	if d.HasChange("prevent_forking_outside_group") {
+		options.PreventForkingOutsideGroup = gitlab.Bool(d.Get("prevent_forking_outside_group").(bool))
+	}
+
 	log.Printf("[DEBUG] update gitlab group %s", d.Id())
 
 	_, _, err := client.Groups.UpdateGroup(d.Id(), options, gitlab.WithContext(ctx))

internal/provider/resource_gitlab_group_test.go

@@ -246,6 +246,35 @@ func TestAccGitlabGroup_disappears(t *testing.T) {
 	})
 }
 
+func TestAccGitlabGroup_PreventForkingOutsideGroup(t *testing.T) {
+	var group gitlab.Group
+	rInt := acctest.RandInt()
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t) },
+		ProviderFactories: providerFactories,
+		CheckDestroy:      testAccCheckGitlabGroupDestroy,
+		Steps: []resource.TestStep{
+			{
+				SkipFunc: isRunningInCE,
+				Config:   testAccGitlabGroupPreventForkingOutsideGroupConfig(rInt),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckGitlabGroupExists("gitlab_group.foo", &group),
+					resource.TestCheckResourceAttr("gitlab_group.foo", "prevent_forking_outside_group", "true"),
+				),
+			},
+			{
+				SkipFunc: isRunningInCE,
+				Config:   testAccGitlabGroupPreventForkingOutsideGroupUpdateConfig(rInt),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckGitlabGroupExists("gitlab_group.foo", &group),
+					resource.TestCheckResourceAttr("gitlab_group.foo", "prevent_forking_outside_group", "false"),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckGitlabGroupDisappears(group *gitlab.Group) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		_, err := testGitlabClient.Groups.DeleteGroup(group.ID)
@@ -544,3 +573,35 @@ resource "gitlab_group" "nested_foo" {
 }
   `, rInt, rInt, rInt, rInt, rInt, rInt)
 }
+
+func testAccGitlabGroupPreventForkingOutsideGroupConfig(rInt int) string {
+	return fmt.Sprintf(`
+resource "gitlab_group" "foo" {
+  name = "foo-name-%d"
+  path = "foo-path-%d"
+  description = "Terraform acceptance tests"
+
+  # So that acceptance tests can be run in a gitlab organization
+  # with no billing
+  visibility_level = "public"
+
+  prevent_forking_outside_group = true
+}
+  `, rInt, rInt)
+}
+
+func testAccGitlabGroupPreventForkingOutsideGroupUpdateConfig(rInt int) string {
+	return fmt.Sprintf(`
+resource "gitlab_group" "foo" {
+  name = "foo-name-%d"
+  path = "foo-path-%d"
+  description = "Terraform acceptance tests"
+
+  # So that acceptance tests can be run in a gitlab organization
+  # with no billing
+  visibility_level = "public"
+
+  prevent_forking_outside_group = false
+}
+  `, rInt, rInt)
+}