Renamed gitlab-permissions module to gitlab-authorization

Makefile

@@ -24,10 +24,19 @@ tf/destroy:
 	${TERRAGRUNT_CMD} destroy -terragrunt-log-level debug
 
 tf/apply/audit:
-	cd live/${ENV}/audit && terragrunt run-all --terragrunt-non-interactive apply -auto-approve
+	cd live/${ENV}/audit && terragrunt run-all --terragrunt-non-interactive apply
 
-tf/apply/gitlab-permissions:
-	cd live/${ENV}/gitlab-permissions && terragrunt run-all --terragrunt-non-interactive apply -auto-approve
+tf/init/gitlab-authorization:
+	cd live/${ENV}/gitlab-authorization && terragrunt run-all --terragrunt-non-interactive init
+
+tf/plan/gitlab-authorization:
+	cd live/${ENV}/gitlab-authorization && terragrunt run-all --terragrunt-non-interactive plan
+
+tf/apply/gitlab-authorization:
+	cd live/${ENV}/gitlab-authorization && terragrunt run-all --terragrunt-non-interactive apply
+
+tf/destroy/gitlab-authorization:
+	cd live/${ENV}/gitlab-authorization && terragrunt run-all --terragrunt-non-interactive destroy
 
 tf/init/gitlab-runners:
 	cd live/${ENV}/gitlab-runners && terragrunt run-all --terragrunt-non-interactive init
@@ -36,7 +45,7 @@ tf/plan/gitlab-runners:
 	cd live/${ENV}/gitlab-runners && terragrunt run-all --terragrunt-non-interactive plan
 
 tf/apply/gitlab-runners:
-	cd live/${ENV}/gitlab-runners && terragrunt run-all --terragrunt-non-interactive apply -auto-approve
+	cd live/${ENV}/gitlab-runners && terragrunt run-all --terragrunt-non-interactive apply
 
 tf/destroy/gitlab-runners:
 	cd live/${ENV}/gitlab-runners && terragrunt run-all --terragrunt-non-interactive destroy
@@ -51,7 +60,7 @@ tf/plan/renovate-runners:
 	cd live/${ENV}/renovate-runners && terragrunt run-all --terragrunt-non-interactive plan
 
 tf/apply/renovate-runners:
-	cd live/${ENV}/renovate-runners && terragrunt run-all --terragrunt-non-interactive apply -auto-approve
+	cd live/${ENV}/renovate-runners && terragrunt run-all --terragrunt-non-interactive apply
 
 tf/import/renovate-runners:
 	cd live/${ENV}/renovate-runners && terragrunt import github_repository.repository renovate-runner
@@ -66,7 +75,7 @@ tf/plan/github-automerge:
 	cd live/${ENV}/github-automerge && terragrunt run-all --terragrunt-non-interactive plan
 
 tf/apply/github-automerge:
-	cd live/${ENV}/github-automerge && terragrunt run-all --terragrunt-non-interactive apply -auto-approve
+	cd live/${ENV}/github-automerge && terragrunt run-all --terragrunt-non-interactive apply
 
 tf/destroy/github-automerge:
-	cd live/${ENV}/github-automerge && terragrunt run-all --terragrunt-non-interactive destroy -auto-approve
+	cd live/${ENV}/github-automerge && terragrunt run-all --terragrunt-non-interactive destroy

live/ci/gitlab-permissions/terragrunt.hcl → live/ci/gitlab-authorization/terragrunt.hcl

@@ -1,9 +1,5 @@
 terraform {
-  source = "../../../modules//gitlab-permissions"
-  extra_arguments "var-file" {
-    commands  = ["apply", "plan"]
-    arguments = ["-var-file=ci.tfvars"]
-  }
+  source = "../../../modules//gitlab-authorization"
 }
 
 include "root" {

live/dev/gitlab-permissions/terragrunt.hcl → live/dev/gitlab-authorization/terragrunt.hcl

@@ -1,9 +1,5 @@
 terraform {
-  source = "../../../modules//gitlab-permissions"
-  extra_arguments "var-file" {
-    commands  = ["apply", "plan"]
-    arguments = ["-var-file=dev.tfvars"]
-  }
+  source = "../../../modules//gitlab-authorization"
 }
 
 include "root" {

live/prod/gitlab-permissions/terragrunt.hcl → live/prod/gitlab-authorization/terragrunt.hcl

@@ -1,9 +1,5 @@
 terraform {
-  source = "../../../modules//gitlab-permissions"
-  extra_arguments "var-file" {
-    commands  = ["apply", "plan"]
-    arguments = ["-var-file=prod.tfvars"]
-  }
+  source = "../../../modules//gitlab-authorization"
 }
 
 include "root" {

modules/gitlab-authorization/main.tf

@@ -0,0 +1,17 @@
+data "gitlab_group" "top_level_group" {
+  full_path = var.top_level_group_full_path
+}
+
+resource "gitlab_group_ldap_link" "developers_group" {
+  group         = data.gitlab_group.top_level_group.id
+  cn            = var.ldap_developers_group
+  group_access  = "developer"
+  ldap_provider = "ldapmain"
+}
+
+resource "gitlab_group_ldap_link" "owners_group" {
+  group         = data.gitlab_group.top_level_group.id
+  cn            = var.ldap_owners_group
+  group_access  = "owner"
+  ldap_provider = "ldapmain"
+}

modules/gitlab-authorization/variables.tf

@@ -0,0 +1,33 @@
+variable "token" {
+  type        = string
+  description = "Gitlab token"
+  sensitive   = true
+}
+
+variable "insecure" {
+  type        = string
+  description = "Do not verify certifcate if true"
+}
+
+variable "base_url" {
+  type        = string
+  description = "gitlab api end point"
+}
+
+variable "top_level_group_full_path" {
+  type        = string
+  description = "GitLab top level group full path"
+  sensitive   = true
+}
+
+variable "ldap_developers_group" {
+  type        = string
+  description = "LDAP developers group"
+  sensitive   = true
+}
+
+variable "ldap_owners_group" {
+  type        = string
+  description = "LDAP owners group"
+  sensitive   = true
+}