Skip to content

[FR] Support SetContainerScanningForRegistry repository setting

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

New Data Source / Resource

Extend the "gitlab_project" resource to support enabling the container image scanning of the latest tag.

Ref: https://docs.gitlab.com/user/application_security/container_scanning/#container-scanning-for-registry

I'm looking for something that I could use like this:

resource "gitlab_project" "example" {
  name        = "example"
  description = "My awesome codebase"
  enable_container_scanning_for_registry = true
}

Related files:

The following GraphQL API request should be triggerred:

// POST https://gitlab.com/api/graphql

{
  "operationName":"SetContainerScanningForRegistry",
  "variables": {
    "input": { 
      "namespacePath":"a/b/c",
      "enable":true
    }
  },
  "query":"mutation SetContainerScanningForRegistry($input: SetContainerScanningForRegistryInput!) {\n  setContainerScanningForRegistry(input: $input) {\n    containerScanningForRegistryEnabled\n    errors\n    __typename\n  }\n}"
}

Implementation guide

This issue can be implemented by creating a new resource in the internal/provider folder named gitlab_project_container_scanning. It should follow the same Framework naming that other resources do.

In the "Read" method, a query to the Graphql Projects endpoint can retrieve the containerScanningForRegistryEnabled attribute to determine the current state. Then create, update, and delete will all use Mutation.setContainerScanningForRegistry to change the state.

The resource will need a note that multiple usages of it on a single project may result in non-deterministic behavior.

Edited by 🤖 GitLab Bot 🤖