GitLab v9.3.0 published on Monday, Sep 29, 2025 by Pulumi
gitlab.GroupSecurityPolicyAttachment
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as gitlab from "@pulumi/gitlab";
// This resource can be used to attach a security policy to a pre-existing group
const foo = new gitlab.GroupSecurityPolicyAttachment("foo", {
group: "1234",
policyProject: "4567",
});
// Or Terraform can create a new project, add a policy to that project,
// then attach that policy project to other groups.
const my_policy_project = new gitlab.Project("my-policy-project", {name: "security-policy-project"});
const policy_yml = new gitlab.RepositoryFile("policy-yml", {
project: my_policy_project.id,
filePath: ".gitlab/security-policies/my-policy.yml",
branch: "master",
encoding: "text",
content: `---
approval_policy:
- name: test
description: test
enabled: true
rules:
- type: any_merge_request
branch_type: protected
commits: any
approval_settings:
block_branch_modification: true
prevent_pushing_and_force_pushing: true
prevent_approval_by_author: true
prevent_approval_by_commit_author: true
remove_approvals_with_new_commit: true
require_password_to_approve: false
fallback_behavior:
fail: closed
policy_scope:
compliance_frameworks:
- id: 1010101
- id: 0101010
actions:
- type: send_bot_message
enabled: true
`,
});
// Multiple policies can be attached to a single project by repeating this resource or using a `for_each`
const my_policy = new gitlab.GroupSecurityPolicyAttachment("my-policy", {
group: "1234",
policyProject: my_policy_project.id,
});
import pulumi
import pulumi_gitlab as gitlab
# This resource can be used to attach a security policy to a pre-existing group
foo = gitlab.GroupSecurityPolicyAttachment("foo",
group="1234",
policy_project="4567")
# Or Terraform can create a new project, add a policy to that project,
# then attach that policy project to other groups.
my_policy_project = gitlab.Project("my-policy-project", name="security-policy-project")
policy_yml = gitlab.RepositoryFile("policy-yml",
project=my_policy_project.id,
file_path=".gitlab/security-policies/my-policy.yml",
branch="master",
encoding="text",
content="""---
approval_policy:
- name: test
description: test
enabled: true
rules:
- type: any_merge_request
branch_type: protected
commits: any
approval_settings:
block_branch_modification: true
prevent_pushing_and_force_pushing: true
prevent_approval_by_author: true
prevent_approval_by_commit_author: true
remove_approvals_with_new_commit: true
require_password_to_approve: false
fallback_behavior:
fail: closed
policy_scope:
compliance_frameworks:
- id: 1010101
- id: 0101010
actions:
- type: send_bot_message
enabled: true
""")
# Multiple policies can be attached to a single project by repeating this resource or using a `for_each`
my_policy = gitlab.GroupSecurityPolicyAttachment("my-policy",
group="1234",
policy_project=my_policy_project.id)
package main
import (
"github.com/pulumi/pulumi-gitlab/sdk/v9/go/gitlab"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// This resource can be used to attach a security policy to a pre-existing group
_, err := gitlab.NewGroupSecurityPolicyAttachment(ctx, "foo", &gitlab.GroupSecurityPolicyAttachmentArgs{
Group: pulumi.String("1234"),
PolicyProject: pulumi.String("4567"),
})
if err != nil {
return err
}
// Or Terraform can create a new project, add a policy to that project,
// then attach that policy project to other groups.
my_policy_project, err := gitlab.NewProject(ctx, "my-policy-project", &gitlab.ProjectArgs{
Name: pulumi.String("security-policy-project"),
})
if err != nil {
return err
}
_, err = gitlab.NewRepositoryFile(ctx, "policy-yml", &gitlab.RepositoryFileArgs{
Project: my_policy_project.ID(),
FilePath: pulumi.String(".gitlab/security-policies/my-policy.yml"),
Branch: pulumi.String("master"),
Encoding: pulumi.String("text"),
Content: pulumi.String(`---
approval_policy:
- name: test
description: test
enabled: true
rules:
- type: any_merge_request
branch_type: protected
commits: any
approval_settings:
block_branch_modification: true
prevent_pushing_and_force_pushing: true
prevent_approval_by_author: true
prevent_approval_by_commit_author: true
remove_approvals_with_new_commit: true
require_password_to_approve: false
fallback_behavior:
fail: closed
policy_scope:
compliance_frameworks:
- id: 1010101
- id: 0101010
actions:
- type: send_bot_message
enabled: true
`),
})
if err != nil {
return err
}
// Multiple policies can be attached to a single project by repeating this resource or using a `for_each`
_, err = gitlab.NewGroupSecurityPolicyAttachment(ctx, "my-policy", &gitlab.GroupSecurityPolicyAttachmentArgs{
Group: pulumi.String("1234"),
PolicyProject: my_policy_project.ID(),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using GitLab = Pulumi.GitLab;
return await Deployment.RunAsync(() =>
{
// This resource can be used to attach a security policy to a pre-existing group
var foo = new GitLab.GroupSecurityPolicyAttachment("foo", new()
{
Group = "1234",
PolicyProject = "4567",
});
// Or Terraform can create a new project, add a policy to that project,
// then attach that policy project to other groups.
var my_policy_project = new GitLab.Project("my-policy-project", new()
{
Name = "security-policy-project",
});
var policy_yml = new GitLab.RepositoryFile("policy-yml", new()
{
Project = my_policy_project.Id,
FilePath = ".gitlab/security-policies/my-policy.yml",
Branch = "master",
Encoding = "text",
Content = @"---
approval_policy:
- name: test
description: test
enabled: true
rules:
- type: any_merge_request
branch_type: protected
commits: any
approval_settings:
block_branch_modification: true
prevent_pushing_and_force_pushing: true
prevent_approval_by_author: true
prevent_approval_by_commit_author: true
remove_approvals_with_new_commit: true
require_password_to_approve: false
fallback_behavior:
fail: closed
policy_scope:
compliance_frameworks:
- id: 1010101
- id: 0101010
actions:
- type: send_bot_message
enabled: true
",
});
// Multiple policies can be attached to a single project by repeating this resource or using a `for_each`
var my_policy = new GitLab.GroupSecurityPolicyAttachment("my-policy", new()
{
Group = "1234",
PolicyProject = my_policy_project.Id,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gitlab.GroupSecurityPolicyAttachment;
import com.pulumi.gitlab.GroupSecurityPolicyAttachmentArgs;
import com.pulumi.gitlab.Project;
import com.pulumi.gitlab.ProjectArgs;
import com.pulumi.gitlab.RepositoryFile;
import com.pulumi.gitlab.RepositoryFileArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// This resource can be used to attach a security policy to a pre-existing group
var foo = new GroupSecurityPolicyAttachment("foo", GroupSecurityPolicyAttachmentArgs.builder()
.group("1234")
.policyProject("4567")
.build());
// Or Terraform can create a new project, add a policy to that project,
// then attach that policy project to other groups.
var my_policy_project = new Project("my-policy-project", ProjectArgs.builder()
.name("security-policy-project")
.build());
var policy_yml = new RepositoryFile("policy-yml", RepositoryFileArgs.builder()
.project(my_policy_project.id())
.filePath(".gitlab/security-policies/my-policy.yml")
.branch("master")
.encoding("text")
.content("""
---
approval_policy:
- name: test
description: test
enabled: true
rules:
- type: any_merge_request
branch_type: protected
commits: any
approval_settings:
block_branch_modification: true
prevent_pushing_and_force_pushing: true
prevent_approval_by_author: true
prevent_approval_by_commit_author: true
remove_approvals_with_new_commit: true
require_password_to_approve: false
fallback_behavior:
fail: closed
policy_scope:
compliance_frameworks:
- id: 1010101
- id: 0101010
actions:
- type: send_bot_message
enabled: true
""")
.build());
// Multiple policies can be attached to a single project by repeating this resource or using a `for_each`
var my_policy = new GroupSecurityPolicyAttachment("my-policy", GroupSecurityPolicyAttachmentArgs.builder()
.group("1234")
.policyProject(my_policy_project.id())
.build());
}
}
resources:
# This resource can be used to attach a security policy to a pre-existing group
foo:
type: gitlab:GroupSecurityPolicyAttachment
properties:
group: 1234
policyProject: 4567
# Or Terraform can create a new project, add a policy to that project,
# then attach that policy project to other groups.
my-policy-project:
type: gitlab:Project
properties:
name: security-policy-project
policy-yml:
type: gitlab:RepositoryFile
properties:
project: ${["my-policy-project"].id}
filePath: .gitlab/security-policies/my-policy.yml
branch: master
encoding: text
content: |
---
approval_policy:
- name: test
description: test
enabled: true
rules:
- type: any_merge_request
branch_type: protected
commits: any
approval_settings:
block_branch_modification: true
prevent_pushing_and_force_pushing: true
prevent_approval_by_author: true
prevent_approval_by_commit_author: true
remove_approvals_with_new_commit: true
require_password_to_approve: false
fallback_behavior:
fail: closed
policy_scope:
compliance_frameworks:
- id: 1010101
- id: 0101010
actions:
- type: send_bot_message
enabled: true
# Multiple policies can be attached to a single project by repeating this resource or using a `for_each`
my-policy:
type: gitlab:GroupSecurityPolicyAttachment
properties:
group: 1234
policyProject: ${["my-policy-project"].id}
Create GroupSecurityPolicyAttachment Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new GroupSecurityPolicyAttachment(name: string, args: GroupSecurityPolicyAttachmentArgs, opts?: CustomResourceOptions);@overload
def GroupSecurityPolicyAttachment(resource_name: str,
args: GroupSecurityPolicyAttachmentArgs,
opts: Optional[ResourceOptions] = None)
@overload
def GroupSecurityPolicyAttachment(resource_name: str,
opts: Optional[ResourceOptions] = None,
group: Optional[str] = None,
policy_project: Optional[str] = None)func NewGroupSecurityPolicyAttachment(ctx *Context, name string, args GroupSecurityPolicyAttachmentArgs, opts ...ResourceOption) (*GroupSecurityPolicyAttachment, error)public GroupSecurityPolicyAttachment(string name, GroupSecurityPolicyAttachmentArgs args, CustomResourceOptions? opts = null)
public GroupSecurityPolicyAttachment(String name, GroupSecurityPolicyAttachmentArgs args)
public GroupSecurityPolicyAttachment(String name, GroupSecurityPolicyAttachmentArgs args, CustomResourceOptions options)
type: gitlab:GroupSecurityPolicyAttachment
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args GroupSecurityPolicyAttachmentArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args GroupSecurityPolicyAttachmentArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args GroupSecurityPolicyAttachmentArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args GroupSecurityPolicyAttachmentArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args GroupSecurityPolicyAttachmentArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var groupSecurityPolicyAttachmentResource = new GitLab.GroupSecurityPolicyAttachment("groupSecurityPolicyAttachmentResource", new()
{
Group = "string",
PolicyProject = "string",
});
example, err := gitlab.NewGroupSecurityPolicyAttachment(ctx, "groupSecurityPolicyAttachmentResource", &gitlab.GroupSecurityPolicyAttachmentArgs{
Group: pulumi.String("string"),
PolicyProject: pulumi.String("string"),
})
var groupSecurityPolicyAttachmentResource = new GroupSecurityPolicyAttachment("groupSecurityPolicyAttachmentResource", GroupSecurityPolicyAttachmentArgs.builder()
.group("string")
.policyProject("string")
.build());
group_security_policy_attachment_resource = gitlab.GroupSecurityPolicyAttachment("groupSecurityPolicyAttachmentResource",
group="string",
policy_project="string")
const groupSecurityPolicyAttachmentResource = new gitlab.GroupSecurityPolicyAttachment("groupSecurityPolicyAttachmentResource", {
group: "string",
policyProject: "string",
});
type: gitlab:GroupSecurityPolicyAttachment
properties:
group: string
policyProject: string
GroupSecurityPolicyAttachment Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The GroupSecurityPolicyAttachment resource accepts the following input properties:
- Group string
- The ID or Full Path of the group which will have the security policy project assigned to it.
- Policy
Project string - The ID or Full Path of the security policy project.
- Group string
- The ID or Full Path of the group which will have the security policy project assigned to it.
- Policy
Project string - The ID or Full Path of the security policy project.
- group String
- The ID or Full Path of the group which will have the security policy project assigned to it.
- policy
Project String - The ID or Full Path of the security policy project.
- group string
- The ID or Full Path of the group which will have the security policy project assigned to it.
- policy
Project string - The ID or Full Path of the security policy project.
- group str
- The ID or Full Path of the group which will have the security policy project assigned to it.
- policy_
project str - The ID or Full Path of the security policy project.
- group String
- The ID or Full Path of the group which will have the security policy project assigned to it.
- policy
Project String - The ID or Full Path of the security policy project.
Outputs
All input properties are implicitly available as output properties. Additionally, the GroupSecurityPolicyAttachment resource produces the following output properties:
- Group
Graphql stringId - The GraphQL ID of the group to which the security policty project will be attached.
- Id string
- The provider-assigned unique ID for this managed resource.
- Policy
Project stringGraphql Id - The GraphQL ID of the security policy project.
- Group
Graphql stringId - The GraphQL ID of the group to which the security policty project will be attached.
- Id string
- The provider-assigned unique ID for this managed resource.
- Policy
Project stringGraphql Id - The GraphQL ID of the security policy project.
- group
Graphql StringId - The GraphQL ID of the group to which the security policty project will be attached.
- id String
- The provider-assigned unique ID for this managed resource.
- policy
Project StringGraphql Id - The GraphQL ID of the security policy project.
- group
Graphql stringId - The GraphQL ID of the group to which the security policty project will be attached.
- id string
- The provider-assigned unique ID for this managed resource.
- policy
Project stringGraphql Id - The GraphQL ID of the security policy project.
- group_
graphql_ strid - The GraphQL ID of the group to which the security policty project will be attached.
- id str
- The provider-assigned unique ID for this managed resource.
- policy_
project_ strgraphql_ id - The GraphQL ID of the security policy project.
- group
Graphql StringId - The GraphQL ID of the group to which the security policty project will be attached.
- id String
- The provider-assigned unique ID for this managed resource.
- policy
Project StringGraphql Id - The GraphQL ID of the security policy project.
Look up Existing GroupSecurityPolicyAttachment Resource
Get an existing GroupSecurityPolicyAttachment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: GroupSecurityPolicyAttachmentState, opts?: CustomResourceOptions): GroupSecurityPolicyAttachment@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
group: Optional[str] = None,
group_graphql_id: Optional[str] = None,
policy_project: Optional[str] = None,
policy_project_graphql_id: Optional[str] = None) -> GroupSecurityPolicyAttachmentfunc GetGroupSecurityPolicyAttachment(ctx *Context, name string, id IDInput, state *GroupSecurityPolicyAttachmentState, opts ...ResourceOption) (*GroupSecurityPolicyAttachment, error)public static GroupSecurityPolicyAttachment Get(string name, Input<string> id, GroupSecurityPolicyAttachmentState? state, CustomResourceOptions? opts = null)public static GroupSecurityPolicyAttachment get(String name, Output<String> id, GroupSecurityPolicyAttachmentState state, CustomResourceOptions options)resources: _: type: gitlab:GroupSecurityPolicyAttachment get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Group string
- The ID or Full Path of the group which will have the security policy project assigned to it.
- Group
Graphql stringId - The GraphQL ID of the group to which the security policty project will be attached.
- Policy
Project string - The ID or Full Path of the security policy project.
- Policy
Project stringGraphql Id - The GraphQL ID of the security policy project.
- Group string
- The ID or Full Path of the group which will have the security policy project assigned to it.
- Group
Graphql stringId - The GraphQL ID of the group to which the security policty project will be attached.
- Policy
Project string - The ID or Full Path of the security policy project.
- Policy
Project stringGraphql Id - The GraphQL ID of the security policy project.
- group String
- The ID or Full Path of the group which will have the security policy project assigned to it.
- group
Graphql StringId - The GraphQL ID of the group to which the security policty project will be attached.
- policy
Project String - The ID or Full Path of the security policy project.
- policy
Project StringGraphql Id - The GraphQL ID of the security policy project.
- group string
- The ID or Full Path of the group which will have the security policy project assigned to it.
- group
Graphql stringId - The GraphQL ID of the group to which the security policty project will be attached.
- policy
Project string - The ID or Full Path of the security policy project.
- policy
Project stringGraphql Id - The GraphQL ID of the security policy project.
- group str
- The ID or Full Path of the group which will have the security policy project assigned to it.
- group_
graphql_ strid - The GraphQL ID of the group to which the security policty project will be attached.
- policy_
project str - The ID or Full Path of the security policy project.
- policy_
project_ strgraphql_ id - The GraphQL ID of the security policy project.
- group String
- The ID or Full Path of the group which will have the security policy project assigned to it.
- group
Graphql StringId - The GraphQL ID of the group to which the security policty project will be attached.
- policy
Project String - The ID or Full Path of the security policy project.
- policy
Project StringGraphql Id - The GraphQL ID of the security policy project.
Import
Starting in Terraform v1.5.0, you can use an import block to import gitlab_group_security_policy_attachment. For example:
terraform
import {
to = gitlab_group_security_policy_attachment.example
id = “see CLI command below for ID”
}
Importing using the CLI is supported with the following syntax:
GitLab group security policy attachments can be imported using an id made up of group:policy_project_id where the policy project ID is the project ID of the policy project, e.g.
$ pulumi import gitlab:index/groupSecurityPolicyAttachment:GroupSecurityPolicyAttachment foo 1:2
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- GitLab pulumi/pulumi-gitlab
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
gitlabTerraform Provider.
