Restrict developer role read-only access to Terraform state
Problem to solve
Interaction with GitLab managed Terraform state was expanded in 13.2 to allow the developer role to run the non-destructive terraform plan
command.
Intended users
Proposal
Allow developer access to Terraform state to be turned off, or made more granular.
Further details
GitLab Premium Customer raised a ticket (internal links) asking how read-only access by developers can be turned off, and state restricted to maintainers only. Their requirement would be that the state files can be segregated similar to protected branches or tags. Developers having read access to all state is not an option for them.
Edited by Ben Prescott_