Skip to content

Add ability to admin_terraform_state to custom roles

Hinam Mehra requested to merge 421789-admin-terraform-state-custom-role into master

What does this MR do and why?

This MR adds the ability admin_terraform_state to custom roles.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings



Output of db:migrate
main: == 20240101031938 AddAdminTerraformStateToMemberRoles: migrating ==============
main: -- add_column(:member_roles, :admin_terraform_state, :boolean, {:default=>false, :null=>false})
main:    -> 0.0028s
main: == 20240101031938 AddAdminTerraformStateToMemberRoles: migrated (0.0059s) =====
Output of db:rollback
main: == 20240101031938 AddAdminTerraformStateToMemberRoles: reverting ==============
main: -- remove_column(:member_roles, :admin_terraform_state, :boolean, {:default=>false, :null=>false})
main:    -> 0.0047s
main: == 20240101031938 AddAdminTerraformStateToMemberRoles: reverted (0.0100s) =====

How to set up and validate locally

  1. Turn on SaaS Mode
% gdk restart
  1. Pick a group with at least one project, eg. gitlab-org. Would recommend picking an existing group since terraform states are seeded already.
  2. As an admin, navigate to the group's Settings > Roles & Permissions and create custom role with base role as Guest & Admin terraform state checkbox checked.
  3. Navigate to the group's members page and assign the custom role to any member of that group.
  4. Log-in as that member, navigate to a project inside that group and go to Operate > Terrform states.
  5. The user should see be able to read & manage the terraform state.

Related to #421789 (closed)

Edited by Hinam Mehra

Merge request reports