Add a new resource for gitlab_project_job_token_allow

New Data Source / Resource

(Resource name could clearly use some work 😄)

As part of 16.0, projects now need to explicitly allow-list inbound CI_JOB_TOKEN, which can be difficult to manage en-masse. This is would create a separate gitlab_project_job_token_allow resource which would accept a project/inbound_project_id set, and could be used with a list or map to create a set of authorized projects.


resource "gitlab_project" "my-project" {
    ...
}

resource "gitlab_project_job_token_allow" "allowed-project" {
    for_each = var.allowed_project_ids

    project = gitlab_project.my-project.id
    inbound_project_id = each.key
}

Related GitLab APIs

API documentation:

C: https://docs.gitlab.com/ee/api/graphql/reference/#mutationcijobtokenscopeaddproject
R: https://docs.gitlab.com/ee/api/graphql/reference/#project using connections via ciJobTokenScope
U: https://docs.gitlab.com/ee/api/graphql/reference/#mutationcicdsettingsupdate
D: https://docs.gitlab.com/ee/api/graphql/reference/#mutationcijobtokenscoperemoveproject

Example frontend queries for the Read API:

query inboundGetProjectsWithCIJobTokenScope($fullPath: ID!) {
  project(fullPath: $fullPath) {
    id
    ciJobTokenScope {
      inboundAllowlist {
        nodes {
          id
          name
          namespace {
            id
            fullPath
            __typename
          }
          fullPath
          __typename
        }
        __typename
      }
      __typename
    }
    __typename
  }
}

query inboundGetCIJobTokenScope($fullPath: ID!) {
  project(fullPath: $fullPath) {
    id
    ciCdSettings {
      inboundJobTokenScopeEnabled
      __typename
    }
    __typename
  }
}

Additional Details

GitLab REST API resources available (read for data sources, crud for resources)
go-gitlab does support the related GitLab API already
I'd like to contribute it myself

Edited May 17, 2023 by Patrick Rice