GitLab v8.11.0, Apr 18 25

GitLab v8.11.0 published on Friday, Apr 18, 2025 by Pulumi

gitlab.BranchProtection

Explore with Pulumi AI

GitLab v8.11.0 published on Friday, Apr 18, 2025 by Pulumi

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as gitlab from "@pulumi/gitlab";

const branchProtect = new gitlab.BranchProtection("BranchProtect", {
    project: "12345",
    branch: "BranchProtected",
    pushAccessLevel: "developer",
    mergeAccessLevel: "developer",
    unprotectAccessLevel: "developer",
    allowForcePush: true,
    codeOwnerApprovalRequired: true,
    allowedToPushes: [
        {
            userId: 5,
        },
        {
            userId: 521,
        },
    ],
    allowedToMerges: [
        {
            userId: 15,
        },
        {
            userId: 37,
        },
    ],
    allowedToUnprotects: [
        {
            userId: 15,
        },
        {
            groupId: 42,
        },
    ],
});
// Example using dynamic block
const main = new gitlab.BranchProtection("main", {
    allowedToPushes: [
        50,
        55,
        60,
    ].map((v, k) => ({key: k, value: v})).map(entry => ({
        userId: entry.value,
    })),
    project: "12345",
    branch: "main",
    pushAccessLevel: "maintainer",
    mergeAccessLevel: "maintainer",
    unprotectAccessLevel: "maintainer",
});

import pulumi
import pulumi_gitlab as gitlab

branch_protect = gitlab.BranchProtection("BranchProtect",
    project="12345",
    branch="BranchProtected",
    push_access_level="developer",
    merge_access_level="developer",
    unprotect_access_level="developer",
    allow_force_push=True,
    code_owner_approval_required=True,
    allowed_to_pushes=[
        {
            "user_id": 5,
        },
        {
            "user_id": 521,
        },
    ],
    allowed_to_merges=[
        {
            "user_id": 15,
        },
        {
            "user_id": 37,
        },
    ],
    allowed_to_unprotects=[
        {
            "user_id": 15,
        },
        {
            "group_id": 42,
        },
    ])
# Example using dynamic block
main = gitlab.BranchProtection("main",
    allowed_to_pushes=[{
        "user_id": entry["value"],
    } for entry in [{"key": k, "value": v} for k, v in [
        50,
        55,
        60,
    ]]],
    project="12345",
    branch="main",
    push_access_level="maintainer",
    merge_access_level="maintainer",
    unprotect_access_level="maintainer")

Coming soon!

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using GitLab = Pulumi.GitLab;

return await Deployment.RunAsync(() => 
{
    var branchProtect = new GitLab.BranchProtection("BranchProtect", new()
    {
        Project = "12345",
        Branch = "BranchProtected",
        PushAccessLevel = "developer",
        MergeAccessLevel = "developer",
        UnprotectAccessLevel = "developer",
        AllowForcePush = true,
        CodeOwnerApprovalRequired = true,
        AllowedToPushes = new[]
        {
            new GitLab.Inputs.BranchProtectionAllowedToPushArgs
            {
                UserId = 5,
            },
            new GitLab.Inputs.BranchProtectionAllowedToPushArgs
            {
                UserId = 521,
            },
        },
        AllowedToMerges = new[]
        {
            new GitLab.Inputs.BranchProtectionAllowedToMergeArgs
            {
                UserId = 15,
            },
            new GitLab.Inputs.BranchProtectionAllowedToMergeArgs
            {
                UserId = 37,
            },
        },
        AllowedToUnprotects = new[]
        {
            new GitLab.Inputs.BranchProtectionAllowedToUnprotectArgs
            {
                UserId = 15,
            },
            new GitLab.Inputs.BranchProtectionAllowedToUnprotectArgs
            {
                GroupId = 42,
            },
        },
    });

    // Example using dynamic block
    var main = new GitLab.BranchProtection("main", new()
    {
        AllowedToPushes = new[]
        {
            50,
            55,
            60,
        }.Select((v, k) => new { Key = k, Value = v }).Select(entry => 
        {
            return new GitLab.Inputs.BranchProtectionAllowedToPushArgs
            {
                UserId = entry.Value,
            };
        }).ToList(),
        Project = "12345",
        Branch = "main",
        PushAccessLevel = "maintainer",
        MergeAccessLevel = "maintainer",
        UnprotectAccessLevel = "maintainer",
    });

});

Coming soon!

Coming soon!

Create BranchProtection Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new BranchProtection(name: string, args: BranchProtectionArgs, opts?: CustomResourceOptions);

@overload
def BranchProtection(resource_name: str,
                     args: BranchProtectionArgs,
                     opts: Optional[ResourceOptions] = None)

@overload
def BranchProtection(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     branch: Optional[str] = None,
                     project: Optional[str] = None,
                     allow_force_push: Optional[bool] = None,
                     allowed_to_merges: Optional[Sequence[BranchProtectionAllowedToMergeArgs]] = None,
                     allowed_to_pushes: Optional[Sequence[BranchProtectionAllowedToPushArgs]] = None,
                     allowed_to_unprotects: Optional[Sequence[BranchProtectionAllowedToUnprotectArgs]] = None,
                     code_owner_approval_required: Optional[bool] = None,
                     merge_access_level: Optional[str] = None,
                     push_access_level: Optional[str] = None,
                     unprotect_access_level: Optional[str] = None)

func NewBranchProtection(ctx *Context, name string, args BranchProtectionArgs, opts ...ResourceOption) (*BranchProtection, error)

public BranchProtection(string name, BranchProtectionArgs args, CustomResourceOptions? opts = null)

public BranchProtection(String name, BranchProtectionArgs args)
public BranchProtection(String name, BranchProtectionArgs args, CustomResourceOptions options)

type: gitlab:BranchProtection
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args BranchProtectionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args BranchProtectionArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args BranchProtectionArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args BranchProtectionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args BranchProtectionArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var branchProtectionResource = new GitLab.BranchProtection("branchProtectionResource", new()
{
    Branch = "string",
    Project = "string",
    AllowForcePush = false,
    AllowedToMerges = new[]
    {
        new GitLab.Inputs.BranchProtectionAllowedToMergeArgs
        {
            AccessLevel = "string",
            AccessLevelDescription = "string",
            GroupId = 0,
            UserId = 0,
        },
    },
    AllowedToPushes = new[]
    {
        new GitLab.Inputs.BranchProtectionAllowedToPushArgs
        {
            AccessLevel = "string",
            AccessLevelDescription = "string",
            DeployKeyId = 0,
            GroupId = 0,
            UserId = 0,
        },
    },
    AllowedToUnprotects = new[]
    {
        new GitLab.Inputs.BranchProtectionAllowedToUnprotectArgs
        {
            AccessLevel = "string",
            AccessLevelDescription = "string",
            GroupId = 0,
            UserId = 0,
        },
    },
    CodeOwnerApprovalRequired = false,
    MergeAccessLevel = "string",
    PushAccessLevel = "string",
    UnprotectAccessLevel = "string",
});

example, err := gitlab.NewBranchProtection(ctx, "branchProtectionResource", &gitlab.BranchProtectionArgs{
	Branch:         pulumi.String("string"),
	Project:        pulumi.String("string"),
	AllowForcePush: pulumi.Bool(false),
	AllowedToMerges: gitlab.BranchProtectionAllowedToMergeArray{
		&gitlab.BranchProtectionAllowedToMergeArgs{
			AccessLevel:            pulumi.String("string"),
			AccessLevelDescription: pulumi.String("string"),
			GroupId:                pulumi.Int(0),
			UserId:                 pulumi.Int(0),
		},
	},
	AllowedToPushes: gitlab.BranchProtectionAllowedToPushArray{
		&gitlab.BranchProtectionAllowedToPushArgs{
			AccessLevel:            pulumi.String("string"),
			AccessLevelDescription: pulumi.String("string"),
			DeployKeyId:            pulumi.Int(0),
			GroupId:                pulumi.Int(0),
			UserId:                 pulumi.Int(0),
		},
	},
	AllowedToUnprotects: gitlab.BranchProtectionAllowedToUnprotectArray{
		&gitlab.BranchProtectionAllowedToUnprotectArgs{
			AccessLevel:            pulumi.String("string"),
			AccessLevelDescription: pulumi.String("string"),
			GroupId:                pulumi.Int(0),
			UserId:                 pulumi.Int(0),
		},
	},
	CodeOwnerApprovalRequired: pulumi.Bool(false),
	MergeAccessLevel:          pulumi.String("string"),
	PushAccessLevel:           pulumi.String("string"),
	UnprotectAccessLevel:      pulumi.String("string"),
})

var branchProtectionResource = new BranchProtection("branchProtectionResource", BranchProtectionArgs.builder()
    .branch("string")
    .project("string")
    .allowForcePush(false)
    .allowedToMerges(BranchProtectionAllowedToMergeArgs.builder()
        .accessLevel("string")
        .accessLevelDescription("string")
        .groupId(0)
        .userId(0)
        .build())
    .allowedToPushes(BranchProtectionAllowedToPushArgs.builder()
        .accessLevel("string")
        .accessLevelDescription("string")
        .deployKeyId(0)
        .groupId(0)
        .userId(0)
        .build())
    .allowedToUnprotects(BranchProtectionAllowedToUnprotectArgs.builder()
        .accessLevel("string")
        .accessLevelDescription("string")
        .groupId(0)
        .userId(0)
        .build())
    .codeOwnerApprovalRequired(false)
    .mergeAccessLevel("string")
    .pushAccessLevel("string")
    .unprotectAccessLevel("string")
    .build());

branch_protection_resource = gitlab.BranchProtection("branchProtectionResource",
    branch="string",
    project="string",
    allow_force_push=False,
    allowed_to_merges=[{
        "access_level": "string",
        "access_level_description": "string",
        "group_id": 0,
        "user_id": 0,
    }],
    allowed_to_pushes=[{
        "access_level": "string",
        "access_level_description": "string",
        "deploy_key_id": 0,
        "group_id": 0,
        "user_id": 0,
    }],
    allowed_to_unprotects=[{
        "access_level": "string",
        "access_level_description": "string",
        "group_id": 0,
        "user_id": 0,
    }],
    code_owner_approval_required=False,
    merge_access_level="string",
    push_access_level="string",
    unprotect_access_level="string")

const branchProtectionResource = new gitlab.BranchProtection("branchProtectionResource", {
    branch: "string",
    project: "string",
    allowForcePush: false,
    allowedToMerges: [{
        accessLevel: "string",
        accessLevelDescription: "string",
        groupId: 0,
        userId: 0,
    }],
    allowedToPushes: [{
        accessLevel: "string",
        accessLevelDescription: "string",
        deployKeyId: 0,
        groupId: 0,
        userId: 0,
    }],
    allowedToUnprotects: [{
        accessLevel: "string",
        accessLevelDescription: "string",
        groupId: 0,
        userId: 0,
    }],
    codeOwnerApprovalRequired: false,
    mergeAccessLevel: "string",
    pushAccessLevel: "string",
    unprotectAccessLevel: "string",
});

type: gitlab:BranchProtection
properties:
    allowForcePush: false
    allowedToMerges:
        - accessLevel: string
          accessLevelDescription: string
          groupId: 0
          userId: 0
    allowedToPushes:
        - accessLevel: string
          accessLevelDescription: string
          deployKeyId: 0
          groupId: 0
          userId: 0
    allowedToUnprotects:
        - accessLevel: string
          accessLevelDescription: string
          groupId: 0
          userId: 0
    branch: string
    codeOwnerApprovalRequired: false
    mergeAccessLevel: string
    project: string
    pushAccessLevel: string
    unprotectAccessLevel: string

BranchProtection Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The BranchProtection resource accepts the following input properties:

Branch string: Name of the branch.
Project string: The id of the project.
AllowForcePush bool: Can be set to true to allow users with push access to force push.
AllowedToMerges List<Pulumi.GitLab.Inputs.BranchProtectionAllowedToMerge>: Array of access levels and user(s)/group(s) allowed to merge to protected branch.
AllowedToPushes List<Pulumi.GitLab.Inputs.BranchProtectionAllowedToPush>: Array of access levels and user(s)/group(s) allowed to push to protected branch.
AllowedToUnprotects List<Pulumi.GitLab.Inputs.BranchProtectionAllowedToUnprotect>: Array of access levels and user(s)/group(s) allowed to unprotect push to protected branch.
CodeOwnerApprovalRequired bool: Can be set to true to require code owner approval before merging. Only available for Premium and Ultimate instances.
MergeAccessLevel string: Access levels allowed to merge. Valid values are: no one, developer, maintainer.
PushAccessLevel string: Access levels allowed to push. Valid values are: no one, developer, maintainer.
UnprotectAccessLevel string: Access levels allowed to unprotect. Valid values are: developer, maintainer, admin.

Branch string: Name of the branch.
Project string: The id of the project.
AllowForcePush bool: Can be set to true to allow users with push access to force push.
AllowedToMerges []BranchProtectionAllowedToMergeArgs: Array of access levels and user(s)/group(s) allowed to merge to protected branch.
AllowedToPushes []BranchProtectionAllowedToPushArgs: Array of access levels and user(s)/group(s) allowed to push to protected branch.
AllowedToUnprotects []BranchProtectionAllowedToUnprotectArgs: Array of access levels and user(s)/group(s) allowed to unprotect push to protected branch.
CodeOwnerApprovalRequired bool: Can be set to true to require code owner approval before merging. Only available for Premium and Ultimate instances.
MergeAccessLevel string: Access levels allowed to merge. Valid values are: no one, developer, maintainer.
PushAccessLevel string: Access levels allowed to push. Valid values are: no one, developer, maintainer.
UnprotectAccessLevel string: Access levels allowed to unprotect. Valid values are: developer, maintainer, admin.

branch String: Name of the branch.
project String: The id of the project.
allowForcePush Boolean: Can be set to true to allow users with push access to force push.
allowedToMerges List<BranchProtectionAllowedToMerge>: Array of access levels and user(s)/group(s) allowed to merge to protected branch.
allowedToPushes List<BranchProtectionAllowedToPush>: Array of access levels and user(s)/group(s) allowed to push to protected branch.
allowedToUnprotects List<BranchProtectionAllowedToUnprotect>: Array of access levels and user(s)/group(s) allowed to unprotect push to protected branch.
codeOwnerApprovalRequired Boolean: Can be set to true to require code owner approval before merging. Only available for Premium and Ultimate instances.
mergeAccessLevel String: Access levels allowed to merge. Valid values are: no one, developer, maintainer.
pushAccessLevel String: Access levels allowed to push. Valid values are: no one, developer, maintainer.
unprotectAccessLevel String: Access levels allowed to unprotect. Valid values are: developer, maintainer, admin.

branch string: Name of the branch.
project string: The id of the project.
allowForcePush boolean: Can be set to true to allow users with push access to force push.
allowedToMerges BranchProtectionAllowedToMerge[]: Array of access levels and user(s)/group(s) allowed to merge to protected branch.
allowedToPushes BranchProtectionAllowedToPush[]: Array of access levels and user(s)/group(s) allowed to push to protected branch.
allowedToUnprotects BranchProtectionAllowedToUnprotect[]: Array of access levels and user(s)/group(s) allowed to unprotect push to protected branch.
codeOwnerApprovalRequired boolean: Can be set to true to require code owner approval before merging. Only available for Premium and Ultimate instances.
mergeAccessLevel string: Access levels allowed to merge. Valid values are: no one, developer, maintainer.
pushAccessLevel string: Access levels allowed to push. Valid values are: no one, developer, maintainer.
unprotectAccessLevel string: Access levels allowed to unprotect. Valid values are: developer, maintainer, admin.

branch str: Name of the branch.
project str: The id of the project.
allow_force_push bool: Can be set to true to allow users with push access to force push.
allowed_to_merges Sequence[BranchProtectionAllowedToMergeArgs]: Array of access levels and user(s)/group(s) allowed to merge to protected branch.
allowed_to_pushes Sequence[BranchProtectionAllowedToPushArgs]: Array of access levels and user(s)/group(s) allowed to push to protected branch.
allowed_to_unprotects Sequence[BranchProtectionAllowedToUnprotectArgs]: Array of access levels and user(s)/group(s) allowed to unprotect push to protected branch.
code_owner_approval_required bool: Can be set to true to require code owner approval before merging. Only available for Premium and Ultimate instances.
merge_access_level str: Access levels allowed to merge. Valid values are: no one, developer, maintainer.
push_access_level str: Access levels allowed to push. Valid values are: no one, developer, maintainer.
unprotect_access_level str: Access levels allowed to unprotect. Valid values are: developer, maintainer, admin.

branch String: Name of the branch.
project String: The id of the project.
allowForcePush Boolean: Can be set to true to allow users with push access to force push.
allowedToMerges List<Property Map>: Array of access levels and user(s)/group(s) allowed to merge to protected branch.
allowedToPushes List<Property Map>: Array of access levels and user(s)/group(s) allowed to push to protected branch.
allowedToUnprotects List<Property Map>: Array of access levels and user(s)/group(s) allowed to unprotect push to protected branch.
codeOwnerApprovalRequired Boolean: Can be set to true to require code owner approval before merging. Only available for Premium and Ultimate instances.
mergeAccessLevel String: Access levels allowed to merge. Valid values are: no one, developer, maintainer.
pushAccessLevel String: Access levels allowed to push. Valid values are: no one, developer, maintainer.
unprotectAccessLevel String: Access levels allowed to unprotect. Valid values are: developer, maintainer, admin.

Outputs

All input properties are implicitly available as output properties. Additionally, the BranchProtection resource produces the following output properties:

BranchProtectionId int: The ID of the branch protection (not the branch name).
Id string: The provider-assigned unique ID for this managed resource.

BranchProtectionId int: The ID of the branch protection (not the branch name).
Id string: The provider-assigned unique ID for this managed resource.

branchProtectionId Integer: The ID of the branch protection (not the branch name).
id String: The provider-assigned unique ID for this managed resource.

branchProtectionId number: The ID of the branch protection (not the branch name).
id string: The provider-assigned unique ID for this managed resource.

branch_protection_id int: The ID of the branch protection (not the branch name).
id str: The provider-assigned unique ID for this managed resource.

branchProtectionId Number: The ID of the branch protection (not the branch name).
id String: The provider-assigned unique ID for this managed resource.

Look up Existing BranchProtection Resource

Get an existing BranchProtection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: BranchProtectionState, opts?: CustomResourceOptions): BranchProtection

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        allow_force_push: Optional[bool] = None,
        allowed_to_merges: Optional[Sequence[BranchProtectionAllowedToMergeArgs]] = None,
        allowed_to_pushes: Optional[Sequence[BranchProtectionAllowedToPushArgs]] = None,
        allowed_to_unprotects: Optional[Sequence[BranchProtectionAllowedToUnprotectArgs]] = None,
        branch: Optional[str] = None,
        branch_protection_id: Optional[int] = None,
        code_owner_approval_required: Optional[bool] = None,
        merge_access_level: Optional[str] = None,
        project: Optional[str] = None,
        push_access_level: Optional[str] = None,
        unprotect_access_level: Optional[str] = None) -> BranchProtection

func GetBranchProtection(ctx *Context, name string, id IDInput, state *BranchProtectionState, opts ...ResourceOption) (*BranchProtection, error)

public static BranchProtection Get(string name, Input<string> id, BranchProtectionState? state, CustomResourceOptions? opts = null)

public static BranchProtection get(String name, Output<String> id, BranchProtectionState state, CustomResourceOptions options)

resources:  _:    type: gitlab:BranchProtection    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AllowForcePush bool: Can be set to true to allow users with push access to force push.
AllowedToMerges List<Pulumi.GitLab.Inputs.BranchProtectionAllowedToMerge>: Array of access levels and user(s)/group(s) allowed to merge to protected branch.
AllowedToPushes List<Pulumi.GitLab.Inputs.BranchProtectionAllowedToPush>: Array of access levels and user(s)/group(s) allowed to push to protected branch.
AllowedToUnprotects List<Pulumi.GitLab.Inputs.BranchProtectionAllowedToUnprotect>: Array of access levels and user(s)/group(s) allowed to unprotect push to protected branch.
Branch string: Name of the branch.
BranchProtectionId int: The ID of the branch protection (not the branch name).
CodeOwnerApprovalRequired bool: Can be set to true to require code owner approval before merging. Only available for Premium and Ultimate instances.
MergeAccessLevel string: Access levels allowed to merge. Valid values are: no one, developer, maintainer.
Project string: The id of the project.
PushAccessLevel string: Access levels allowed to push. Valid values are: no one, developer, maintainer.
UnprotectAccessLevel string: Access levels allowed to unprotect. Valid values are: developer, maintainer, admin.

AllowForcePush bool: Can be set to true to allow users with push access to force push.
AllowedToMerges []BranchProtectionAllowedToMergeArgs: Array of access levels and user(s)/group(s) allowed to merge to protected branch.
AllowedToPushes []BranchProtectionAllowedToPushArgs: Array of access levels and user(s)/group(s) allowed to push to protected branch.
AllowedToUnprotects []BranchProtectionAllowedToUnprotectArgs: Array of access levels and user(s)/group(s) allowed to unprotect push to protected branch.
Branch string: Name of the branch.
BranchProtectionId int: The ID of the branch protection (not the branch name).
CodeOwnerApprovalRequired bool: Can be set to true to require code owner approval before merging. Only available for Premium and Ultimate instances.
MergeAccessLevel string: Access levels allowed to merge. Valid values are: no one, developer, maintainer.
Project string: The id of the project.
PushAccessLevel string: Access levels allowed to push. Valid values are: no one, developer, maintainer.
UnprotectAccessLevel string: Access levels allowed to unprotect. Valid values are: developer, maintainer, admin.

allowForcePush Boolean: Can be set to true to allow users with push access to force push.
allowedToMerges List<BranchProtectionAllowedToMerge>: Array of access levels and user(s)/group(s) allowed to merge to protected branch.
allowedToPushes List<BranchProtectionAllowedToPush>: Array of access levels and user(s)/group(s) allowed to push to protected branch.
allowedToUnprotects List<BranchProtectionAllowedToUnprotect>: Array of access levels and user(s)/group(s) allowed to unprotect push to protected branch.
branch String: Name of the branch.
branchProtectionId Integer: The ID of the branch protection (not the branch name).
codeOwnerApprovalRequired Boolean: Can be set to true to require code owner approval before merging. Only available for Premium and Ultimate instances.
mergeAccessLevel String: Access levels allowed to merge. Valid values are: no one, developer, maintainer.
project String: The id of the project.
pushAccessLevel String: Access levels allowed to push. Valid values are: no one, developer, maintainer.
unprotectAccessLevel String: Access levels allowed to unprotect. Valid values are: developer, maintainer, admin.

allowForcePush boolean: Can be set to true to allow users with push access to force push.
allowedToMerges BranchProtectionAllowedToMerge[]: Array of access levels and user(s)/group(s) allowed to merge to protected branch.
allowedToPushes BranchProtectionAllowedToPush[]: Array of access levels and user(s)/group(s) allowed to push to protected branch.
allowedToUnprotects BranchProtectionAllowedToUnprotect[]: Array of access levels and user(s)/group(s) allowed to unprotect push to protected branch.
branch string: Name of the branch.
branchProtectionId number: The ID of the branch protection (not the branch name).
codeOwnerApprovalRequired boolean: Can be set to true to require code owner approval before merging. Only available for Premium and Ultimate instances.
mergeAccessLevel string: Access levels allowed to merge. Valid values are: no one, developer, maintainer.
project string: The id of the project.
pushAccessLevel string: Access levels allowed to push. Valid values are: no one, developer, maintainer.
unprotectAccessLevel string: Access levels allowed to unprotect. Valid values are: developer, maintainer, admin.

allow_force_push bool: Can be set to true to allow users with push access to force push.
allowed_to_merges Sequence[BranchProtectionAllowedToMergeArgs]: Array of access levels and user(s)/group(s) allowed to merge to protected branch.
allowed_to_pushes Sequence[BranchProtectionAllowedToPushArgs]: Array of access levels and user(s)/group(s) allowed to push to protected branch.
allowed_to_unprotects Sequence[BranchProtectionAllowedToUnprotectArgs]: Array of access levels and user(s)/group(s) allowed to unprotect push to protected branch.
branch str: Name of the branch.
branch_protection_id int: The ID of the branch protection (not the branch name).
code_owner_approval_required bool: Can be set to true to require code owner approval before merging. Only available for Premium and Ultimate instances.
merge_access_level str: Access levels allowed to merge. Valid values are: no one, developer, maintainer.
project str: The id of the project.
push_access_level str: Access levels allowed to push. Valid values are: no one, developer, maintainer.
unprotect_access_level str: Access levels allowed to unprotect. Valid values are: developer, maintainer, admin.

allowForcePush Boolean: Can be set to true to allow users with push access to force push.
allowedToMerges List<Property Map>: Array of access levels and user(s)/group(s) allowed to merge to protected branch.
allowedToPushes List<Property Map>: Array of access levels and user(s)/group(s) allowed to push to protected branch.
allowedToUnprotects List<Property Map>: Array of access levels and user(s)/group(s) allowed to unprotect push to protected branch.
branch String: Name of the branch.
branchProtectionId Number: The ID of the branch protection (not the branch name).
codeOwnerApprovalRequired Boolean: Can be set to true to require code owner approval before merging. Only available for Premium and Ultimate instances.
mergeAccessLevel String: Access levels allowed to merge. Valid values are: no one, developer, maintainer.
project String: The id of the project.
pushAccessLevel String: Access levels allowed to push. Valid values are: no one, developer, maintainer.
unprotectAccessLevel String: Access levels allowed to unprotect. Valid values are: developer, maintainer, admin.

Supporting Types

BranchProtectionAllowedToMerge, BranchProtectionAllowedToMergeArgs

AccessLevel string: Access levels allowed to merge to protected branch. Valid values are: no one, developer, maintainer.
AccessLevelDescription string: Readable description of access level.
GroupId int: The ID of a GitLab group allowed to perform the relevant action. Mutually exclusive with user_id.
UserId int: The ID of a GitLab user allowed to perform the relevant action. Mutually exclusive with group_id.

AccessLevel string: Access levels allowed to merge to protected branch. Valid values are: no one, developer, maintainer.
AccessLevelDescription string: Readable description of access level.
GroupId int: The ID of a GitLab group allowed to perform the relevant action. Mutually exclusive with user_id.
UserId int: The ID of a GitLab user allowed to perform the relevant action. Mutually exclusive with group_id.

accessLevel String: Access levels allowed to merge to protected branch. Valid values are: no one, developer, maintainer.
accessLevelDescription String: Readable description of access level.
groupId Integer: The ID of a GitLab group allowed to perform the relevant action. Mutually exclusive with user_id.
userId Integer: The ID of a GitLab user allowed to perform the relevant action. Mutually exclusive with group_id.

accessLevel string: Access levels allowed to merge to protected branch. Valid values are: no one, developer, maintainer.
accessLevelDescription string: Readable description of access level.
groupId number: The ID of a GitLab group allowed to perform the relevant action. Mutually exclusive with user_id.
userId number: The ID of a GitLab user allowed to perform the relevant action. Mutually exclusive with group_id.

access_level str: Access levels allowed to merge to protected branch. Valid values are: no one, developer, maintainer.
access_level_description str: Readable description of access level.
group_id int: The ID of a GitLab group allowed to perform the relevant action. Mutually exclusive with user_id.
user_id int: The ID of a GitLab user allowed to perform the relevant action. Mutually exclusive with group_id.

accessLevel String: Access levels allowed to merge to protected branch. Valid values are: no one, developer, maintainer.
accessLevelDescription String: Readable description of access level.
groupId Number: The ID of a GitLab group allowed to perform the relevant action. Mutually exclusive with user_id.
userId Number: The ID of a GitLab user allowed to perform the relevant action. Mutually exclusive with group_id.

BranchProtectionAllowedToPush, BranchProtectionAllowedToPushArgs

AccessLevel string: Access levels allowed to push to protected branch. Valid values are: no one, developer, maintainer.
AccessLevelDescription string: Readable description of access level.
DeployKeyId int: The ID of a GitLab deploy key allowed to perform the relevant action. Mutually exclusive with group_id and user_id. This field is read-only until Gitlab 17.5.
GroupId int: The ID of a GitLab group allowed to perform the relevant action. Mutually exclusive with deploy_key_id and user_id.
UserId int: The ID of a GitLab user allowed to perform the relevant action. Mutually exclusive with deploy_key_id and group_id.

AccessLevel string: Access levels allowed to push to protected branch. Valid values are: no one, developer, maintainer.
AccessLevelDescription string: Readable description of access level.
DeployKeyId int: The ID of a GitLab deploy key allowed to perform the relevant action. Mutually exclusive with group_id and user_id. This field is read-only until Gitlab 17.5.
GroupId int: The ID of a GitLab group allowed to perform the relevant action. Mutually exclusive with deploy_key_id and user_id.
UserId int: The ID of a GitLab user allowed to perform the relevant action. Mutually exclusive with deploy_key_id and group_id.

accessLevel String: Access levels allowed to push to protected branch. Valid values are: no one, developer, maintainer.
accessLevelDescription String: Readable description of access level.
deployKeyId Integer: The ID of a GitLab deploy key allowed to perform the relevant action. Mutually exclusive with group_id and user_id. This field is read-only until Gitlab 17.5.
groupId Integer: The ID of a GitLab group allowed to perform the relevant action. Mutually exclusive with deploy_key_id and user_id.
userId Integer: The ID of a GitLab user allowed to perform the relevant action. Mutually exclusive with deploy_key_id and group_id.

accessLevel string: Access levels allowed to push to protected branch. Valid values are: no one, developer, maintainer.
accessLevelDescription string: Readable description of access level.
deployKeyId number: The ID of a GitLab deploy key allowed to perform the relevant action. Mutually exclusive with group_id and user_id. This field is read-only until Gitlab 17.5.
groupId number: The ID of a GitLab group allowed to perform the relevant action. Mutually exclusive with deploy_key_id and user_id.
userId number: The ID of a GitLab user allowed to perform the relevant action. Mutually exclusive with deploy_key_id and group_id.

access_level str: Access levels allowed to push to protected branch. Valid values are: no one, developer, maintainer.
access_level_description str: Readable description of access level.
deploy_key_id int: The ID of a GitLab deploy key allowed to perform the relevant action. Mutually exclusive with group_id and user_id. This field is read-only until Gitlab 17.5.
group_id int: The ID of a GitLab group allowed to perform the relevant action. Mutually exclusive with deploy_key_id and user_id.
user_id int: The ID of a GitLab user allowed to perform the relevant action. Mutually exclusive with deploy_key_id and group_id.

accessLevel String: Access levels allowed to push to protected branch. Valid values are: no one, developer, maintainer.
accessLevelDescription String: Readable description of access level.
deployKeyId Number: The ID of a GitLab deploy key allowed to perform the relevant action. Mutually exclusive with group_id and user_id. This field is read-only until Gitlab 17.5.
groupId Number: The ID of a GitLab group allowed to perform the relevant action. Mutually exclusive with deploy_key_id and user_id.
userId Number: The ID of a GitLab user allowed to perform the relevant action. Mutually exclusive with deploy_key_id and group_id.

BranchProtectionAllowedToUnprotect, BranchProtectionAllowedToUnprotectArgs

AccessLevel string: Access levels allowed to unprotect push to protected branch. Valid values are: developer, maintainer, admin.
AccessLevelDescription string: Readable description of access level.
GroupId int: The ID of a GitLab group allowed to perform the relevant action. Mutually exclusive with user_id.
UserId int: The ID of a GitLab user allowed to perform the relevant action. Mutually exclusive with group_id.

AccessLevel string: Access levels allowed to unprotect push to protected branch. Valid values are: developer, maintainer, admin.
AccessLevelDescription string: Readable description of access level.
GroupId int: The ID of a GitLab group allowed to perform the relevant action. Mutually exclusive with user_id.
UserId int: The ID of a GitLab user allowed to perform the relevant action. Mutually exclusive with group_id.

accessLevel String: Access levels allowed to unprotect push to protected branch. Valid values are: developer, maintainer, admin.
accessLevelDescription String: Readable description of access level.
groupId Integer: The ID of a GitLab group allowed to perform the relevant action. Mutually exclusive with user_id.
userId Integer: The ID of a GitLab user allowed to perform the relevant action. Mutually exclusive with group_id.

accessLevel string: Access levels allowed to unprotect push to protected branch. Valid values are: developer, maintainer, admin.
accessLevelDescription string: Readable description of access level.
groupId number: The ID of a GitLab group allowed to perform the relevant action. Mutually exclusive with user_id.
userId number: The ID of a GitLab user allowed to perform the relevant action. Mutually exclusive with group_id.

access_level str: Access levels allowed to unprotect push to protected branch. Valid values are: developer, maintainer, admin.
access_level_description str: Readable description of access level.
group_id int: The ID of a GitLab group allowed to perform the relevant action. Mutually exclusive with user_id.
user_id int: The ID of a GitLab user allowed to perform the relevant action. Mutually exclusive with group_id.

accessLevel String: Access levels allowed to unprotect push to protected branch. Valid values are: developer, maintainer, admin.
accessLevelDescription String: Readable description of access level.
groupId Number: The ID of a GitLab group allowed to perform the relevant action. Mutually exclusive with user_id.
userId Number: The ID of a GitLab user allowed to perform the relevant action. Mutually exclusive with group_id.

Import

Starting in Terraform v1.5.0 you can use an import block to import gitlab_branch_protection. For example:

terraform

import {

to = gitlab_branch_protection.example

id = “see CLI command below for ID”

}

Import using the CLI is supported using the following syntax:

Gitlab protected branches can be imported with a key composed of <project_id>:<branch>, e.g.

$ pulumi import gitlab:index/branchProtection:BranchProtection BranchProtect "12345:main"

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: GitLab pulumi/pulumi-gitlab
License: Apache-2.0
Notes: This Pulumi package is based on the gitlab Terraform Provider.

GitLab v8.11.0 published on Friday, Apr 18, 2025 by Pulumi

pulumi/pulumi-gitlab

gitlab.BranchProtection

On this page

On this page

Example Usage

Create BranchProtection Resource

Constructor syntax

Parameters

Constructor example

BranchProtection Resource Properties

Inputs

Outputs

Look up Existing BranchProtection Resource

Supporting Types

BranchProtectionAllowedToMerge, BranchProtectionAllowedToMergeArgs

BranchProtectionAllowedToPush, BranchProtectionAllowedToPushArgs

BranchProtectionAllowedToUnprotect, BranchProtectionAllowedToUnprotectArgs

Import

Package Details

On this page

On this page