Viewing docs for GitLab v9.11.0
published on Tuesday, Apr 21, 2026 by Pulumi
published on Tuesday, Apr 21, 2026 by Pulumi
Viewing docs for GitLab v9.11.0
published on Tuesday, Apr 21, 2026 by Pulumi
published on Tuesday, Apr 21, 2026 by Pulumi
The gitlab.ProjectContainerTagProtection resource allows managing the lifecycle of a container tag protection rule.
You can use a regular expression to protect multiple container tags with the same container protection rule. You have to either set (both options are mutually exclusive):
- Only
immutable = truewhich allows any user withdeveloperrole to create tags matching the regex but makes the object unchangeable once pushed ; - Both
minimumAccessLevelForPushandminimumAccessLevelForDeleteattributes to mark the container tag as mutable only with regards to the given access levels.
Upstream API: GitLab GraphQL API documentation
Protected tags: General documentation
Immutable tags: General documentation
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as gitlab from "@pulumi/gitlab";
const example = new gitlab.ProjectContainerTagProtection("example", {
project: "123",
tagNameRegex: "^v[0-9]+$",
immutable: true,
});
const _protected = new gitlab.ProjectContainerTagProtection("protected", {
project: "123",
tagNameRegex: "^v[0-9]+\\-rc[0-9]+$",
minimumAccessLevelForPush: "MAINTAINER",
minimumAccessLevelForDelete: "OWNER",
});
import pulumi
import pulumi_gitlab as gitlab
example = gitlab.ProjectContainerTagProtection("example",
project="123",
tag_name_regex="^v[0-9]+$",
immutable=True)
protected = gitlab.ProjectContainerTagProtection("protected",
project="123",
tag_name_regex="^v[0-9]+\\-rc[0-9]+$",
minimum_access_level_for_push="MAINTAINER",
minimum_access_level_for_delete="OWNER")
package main
import (
"github.com/pulumi/pulumi-gitlab/sdk/v9/go/gitlab"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := gitlab.NewProjectContainerTagProtection(ctx, "example", &gitlab.ProjectContainerTagProtectionArgs{
Project: pulumi.String("123"),
TagNameRegex: pulumi.String("^v[0-9]+$"),
Immutable: pulumi.Bool(true),
})
if err != nil {
return err
}
_, err = gitlab.NewProjectContainerTagProtection(ctx, "protected", &gitlab.ProjectContainerTagProtectionArgs{
Project: pulumi.String("123"),
TagNameRegex: pulumi.String("^v[0-9]+\\-rc[0-9]+$"),
MinimumAccessLevelForPush: pulumi.String("MAINTAINER"),
MinimumAccessLevelForDelete: pulumi.String("OWNER"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using GitLab = Pulumi.GitLab;
return await Deployment.RunAsync(() =>
{
var example = new GitLab.Index.ProjectContainerTagProtection("example", new()
{
Project = "123",
TagNameRegex = "^v[0-9]+$",
Immutable = true,
});
var @protected = new GitLab.Index.ProjectContainerTagProtection("protected", new()
{
Project = "123",
TagNameRegex = "^v[0-9]+\\-rc[0-9]+$",
MinimumAccessLevelForPush = "MAINTAINER",
MinimumAccessLevelForDelete = "OWNER",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gitlab.ProjectContainerTagProtection;
import com.pulumi.gitlab.ProjectContainerTagProtectionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ProjectContainerTagProtection("example", ProjectContainerTagProtectionArgs.builder()
.project("123")
.tagNameRegex("^v[0-9]+$")
.immutable(true)
.build());
var protected_ = new ProjectContainerTagProtection("protected", ProjectContainerTagProtectionArgs.builder()
.project("123")
.tagNameRegex("^v[0-9]+\\-rc[0-9]+$")
.minimumAccessLevelForPush("MAINTAINER")
.minimumAccessLevelForDelete("OWNER")
.build());
}
}
resources:
example:
type: gitlab:ProjectContainerTagProtection
properties:
project: 123
tagNameRegex: ^v[0-9]+$
immutable: true
protected:
type: gitlab:ProjectContainerTagProtection
properties:
project: 123
tagNameRegex: ^v[0-9]+\-rc[0-9]+$
minimumAccessLevelForPush: MAINTAINER
minimumAccessLevelForDelete: OWNER
Create ProjectContainerTagProtection Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ProjectContainerTagProtection(name: string, args: ProjectContainerTagProtectionArgs, opts?: CustomResourceOptions);@overload
def ProjectContainerTagProtection(resource_name: str,
args: ProjectContainerTagProtectionArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ProjectContainerTagProtection(resource_name: str,
opts: Optional[ResourceOptions] = None,
project: Optional[str] = None,
tag_name_regex: Optional[str] = None,
immutable: Optional[bool] = None,
minimum_access_level_for_delete: Optional[str] = None,
minimum_access_level_for_push: Optional[str] = None,
timeouts: Optional[ProjectContainerTagProtectionTimeoutsArgs] = None)func NewProjectContainerTagProtection(ctx *Context, name string, args ProjectContainerTagProtectionArgs, opts ...ResourceOption) (*ProjectContainerTagProtection, error)public ProjectContainerTagProtection(string name, ProjectContainerTagProtectionArgs args, CustomResourceOptions? opts = null)
public ProjectContainerTagProtection(String name, ProjectContainerTagProtectionArgs args)
public ProjectContainerTagProtection(String name, ProjectContainerTagProtectionArgs args, CustomResourceOptions options)
type: gitlab:ProjectContainerTagProtection
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ProjectContainerTagProtectionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ProjectContainerTagProtectionArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ProjectContainerTagProtectionArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ProjectContainerTagProtectionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ProjectContainerTagProtectionArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var projectContainerTagProtectionResource = new GitLab.ProjectContainerTagProtection("projectContainerTagProtectionResource", new()
{
Project = "string",
TagNameRegex = "string",
Immutable = false,
MinimumAccessLevelForDelete = "string",
MinimumAccessLevelForPush = "string",
Timeouts = new GitLab.Inputs.ProjectContainerTagProtectionTimeoutsArgs
{
Create = "string",
},
});
example, err := gitlab.NewProjectContainerTagProtection(ctx, "projectContainerTagProtectionResource", &gitlab.ProjectContainerTagProtectionArgs{
Project: pulumi.String("string"),
TagNameRegex: pulumi.String("string"),
Immutable: pulumi.Bool(false),
MinimumAccessLevelForDelete: pulumi.String("string"),
MinimumAccessLevelForPush: pulumi.String("string"),
Timeouts: &gitlab.ProjectContainerTagProtectionTimeoutsArgs{
Create: pulumi.String("string"),
},
})
var projectContainerTagProtectionResource = new ProjectContainerTagProtection("projectContainerTagProtectionResource", ProjectContainerTagProtectionArgs.builder()
.project("string")
.tagNameRegex("string")
.immutable(false)
.minimumAccessLevelForDelete("string")
.minimumAccessLevelForPush("string")
.timeouts(ProjectContainerTagProtectionTimeoutsArgs.builder()
.create("string")
.build())
.build());
project_container_tag_protection_resource = gitlab.ProjectContainerTagProtection("projectContainerTagProtectionResource",
project="string",
tag_name_regex="string",
immutable=False,
minimum_access_level_for_delete="string",
minimum_access_level_for_push="string",
timeouts={
"create": "string",
})
const projectContainerTagProtectionResource = new gitlab.ProjectContainerTagProtection("projectContainerTagProtectionResource", {
project: "string",
tagNameRegex: "string",
immutable: false,
minimumAccessLevelForDelete: "string",
minimumAccessLevelForPush: "string",
timeouts: {
create: "string",
},
});
type: gitlab:ProjectContainerTagProtection
properties:
immutable: false
minimumAccessLevelForDelete: string
minimumAccessLevelForPush: string
project: string
tagNameRegex: string
timeouts:
create: string
ProjectContainerTagProtection Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ProjectContainerTagProtection resource accepts the following input properties:
- Project string
- ID or URL-encoded path of the project.
- Tag
Name stringRegex - Container tag path pattern protected by the protection rule. Wildcard character * allowed. Tag path pattern should start with the project's full path.
- Immutable bool
- Whether the container tag is immutable. If set, the container tag cannot be deleted or overwritten. Conflicts with
minimumAccessLevelForPushandminimumAccessLevelForDelete. - Minimum
Access stringLevel For Delete - Minimum GitLab access level required to delete protected container tags in the container registry. Marks the container tag as protected. Valid values are:
MAINTAINER,OWNER,ADMIN. - Minimum
Access stringLevel For Push - Minimum GitLab access level required to push protected container tags to the container registry. Marks the container tag as protected. Valid values are:
MAINTAINER,OWNER,ADMIN. - Timeouts
Pulumi.
Git Lab. Inputs. Project Container Tag Protection Timeouts
- Project string
- ID or URL-encoded path of the project.
- Tag
Name stringRegex - Container tag path pattern protected by the protection rule. Wildcard character * allowed. Tag path pattern should start with the project's full path.
- Immutable bool
- Whether the container tag is immutable. If set, the container tag cannot be deleted or overwritten. Conflicts with
minimumAccessLevelForPushandminimumAccessLevelForDelete. - Minimum
Access stringLevel For Delete - Minimum GitLab access level required to delete protected container tags in the container registry. Marks the container tag as protected. Valid values are:
MAINTAINER,OWNER,ADMIN. - Minimum
Access stringLevel For Push - Minimum GitLab access level required to push protected container tags to the container registry. Marks the container tag as protected. Valid values are:
MAINTAINER,OWNER,ADMIN. - Timeouts
Project
Container Tag Protection Timeouts Args
- project String
- ID or URL-encoded path of the project.
- tag
Name StringRegex - Container tag path pattern protected by the protection rule. Wildcard character * allowed. Tag path pattern should start with the project's full path.
- immutable Boolean
- Whether the container tag is immutable. If set, the container tag cannot be deleted or overwritten. Conflicts with
minimumAccessLevelForPushandminimumAccessLevelForDelete. - minimum
Access StringLevel For Delete - Minimum GitLab access level required to delete protected container tags in the container registry. Marks the container tag as protected. Valid values are:
MAINTAINER,OWNER,ADMIN. - minimum
Access StringLevel For Push - Minimum GitLab access level required to push protected container tags to the container registry. Marks the container tag as protected. Valid values are:
MAINTAINER,OWNER,ADMIN. - timeouts
Project
Container Tag Protection Timeouts
- project string
- ID or URL-encoded path of the project.
- tag
Name stringRegex - Container tag path pattern protected by the protection rule. Wildcard character * allowed. Tag path pattern should start with the project's full path.
- immutable boolean
- Whether the container tag is immutable. If set, the container tag cannot be deleted or overwritten. Conflicts with
minimumAccessLevelForPushandminimumAccessLevelForDelete. - minimum
Access stringLevel For Delete - Minimum GitLab access level required to delete protected container tags in the container registry. Marks the container tag as protected. Valid values are:
MAINTAINER,OWNER,ADMIN. - minimum
Access stringLevel For Push - Minimum GitLab access level required to push protected container tags to the container registry. Marks the container tag as protected. Valid values are:
MAINTAINER,OWNER,ADMIN. - timeouts
Project
Container Tag Protection Timeouts
- project str
- ID or URL-encoded path of the project.
- tag_
name_ strregex - Container tag path pattern protected by the protection rule. Wildcard character * allowed. Tag path pattern should start with the project's full path.
- immutable bool
- Whether the container tag is immutable. If set, the container tag cannot be deleted or overwritten. Conflicts with
minimumAccessLevelForPushandminimumAccessLevelForDelete. - minimum_
access_ strlevel_ for_ delete - Minimum GitLab access level required to delete protected container tags in the container registry. Marks the container tag as protected. Valid values are:
MAINTAINER,OWNER,ADMIN. - minimum_
access_ strlevel_ for_ push - Minimum GitLab access level required to push protected container tags to the container registry. Marks the container tag as protected. Valid values are:
MAINTAINER,OWNER,ADMIN. - timeouts
Project
Container Tag Protection Timeouts Args
- project String
- ID or URL-encoded path of the project.
- tag
Name StringRegex - Container tag path pattern protected by the protection rule. Wildcard character * allowed. Tag path pattern should start with the project's full path.
- immutable Boolean
- Whether the container tag is immutable. If set, the container tag cannot be deleted or overwritten. Conflicts with
minimumAccessLevelForPushandminimumAccessLevelForDelete. - minimum
Access StringLevel For Delete - Minimum GitLab access level required to delete protected container tags in the container registry. Marks the container tag as protected. Valid values are:
MAINTAINER,OWNER,ADMIN. - minimum
Access StringLevel For Push - Minimum GitLab access level required to push protected container tags to the container registry. Marks the container tag as protected. Valid values are:
MAINTAINER,OWNER,ADMIN. - timeouts Property Map
Outputs
All input properties are implicitly available as output properties. Additionally, the ProjectContainerTagProtection resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Protection
Rule intId - Unique ID of the protection rule.
- Id string
- The provider-assigned unique ID for this managed resource.
- Protection
Rule intId - Unique ID of the protection rule.
- id String
- The provider-assigned unique ID for this managed resource.
- protection
Rule IntegerId - Unique ID of the protection rule.
- id string
- The provider-assigned unique ID for this managed resource.
- protection
Rule numberId - Unique ID of the protection rule.
- id str
- The provider-assigned unique ID for this managed resource.
- protection_
rule_ intid - Unique ID of the protection rule.
- id String
- The provider-assigned unique ID for this managed resource.
- protection
Rule NumberId - Unique ID of the protection rule.
Look up Existing ProjectContainerTagProtection Resource
Get an existing ProjectContainerTagProtection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ProjectContainerTagProtectionState, opts?: CustomResourceOptions): ProjectContainerTagProtection@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
immutable: Optional[bool] = None,
minimum_access_level_for_delete: Optional[str] = None,
minimum_access_level_for_push: Optional[str] = None,
project: Optional[str] = None,
protection_rule_id: Optional[int] = None,
tag_name_regex: Optional[str] = None,
timeouts: Optional[ProjectContainerTagProtectionTimeoutsArgs] = None) -> ProjectContainerTagProtectionfunc GetProjectContainerTagProtection(ctx *Context, name string, id IDInput, state *ProjectContainerTagProtectionState, opts ...ResourceOption) (*ProjectContainerTagProtection, error)public static ProjectContainerTagProtection Get(string name, Input<string> id, ProjectContainerTagProtectionState? state, CustomResourceOptions? opts = null)public static ProjectContainerTagProtection get(String name, Output<String> id, ProjectContainerTagProtectionState state, CustomResourceOptions options)resources: _: type: gitlab:ProjectContainerTagProtection get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Immutable bool
- Whether the container tag is immutable. If set, the container tag cannot be deleted or overwritten. Conflicts with
minimumAccessLevelForPushandminimumAccessLevelForDelete. - Minimum
Access stringLevel For Delete - Minimum GitLab access level required to delete protected container tags in the container registry. Marks the container tag as protected. Valid values are:
MAINTAINER,OWNER,ADMIN. - Minimum
Access stringLevel For Push - Minimum GitLab access level required to push protected container tags to the container registry. Marks the container tag as protected. Valid values are:
MAINTAINER,OWNER,ADMIN. - Project string
- ID or URL-encoded path of the project.
- Protection
Rule intId - Unique ID of the protection rule.
- Tag
Name stringRegex - Container tag path pattern protected by the protection rule. Wildcard character * allowed. Tag path pattern should start with the project's full path.
- Timeouts
Pulumi.
Git Lab. Inputs. Project Container Tag Protection Timeouts
- Immutable bool
- Whether the container tag is immutable. If set, the container tag cannot be deleted or overwritten. Conflicts with
minimumAccessLevelForPushandminimumAccessLevelForDelete. - Minimum
Access stringLevel For Delete - Minimum GitLab access level required to delete protected container tags in the container registry. Marks the container tag as protected. Valid values are:
MAINTAINER,OWNER,ADMIN. - Minimum
Access stringLevel For Push - Minimum GitLab access level required to push protected container tags to the container registry. Marks the container tag as protected. Valid values are:
MAINTAINER,OWNER,ADMIN. - Project string
- ID or URL-encoded path of the project.
- Protection
Rule intId - Unique ID of the protection rule.
- Tag
Name stringRegex - Container tag path pattern protected by the protection rule. Wildcard character * allowed. Tag path pattern should start with the project's full path.
- Timeouts
Project
Container Tag Protection Timeouts Args
- immutable Boolean
- Whether the container tag is immutable. If set, the container tag cannot be deleted or overwritten. Conflicts with
minimumAccessLevelForPushandminimumAccessLevelForDelete. - minimum
Access StringLevel For Delete - Minimum GitLab access level required to delete protected container tags in the container registry. Marks the container tag as protected. Valid values are:
MAINTAINER,OWNER,ADMIN. - minimum
Access StringLevel For Push - Minimum GitLab access level required to push protected container tags to the container registry. Marks the container tag as protected. Valid values are:
MAINTAINER,OWNER,ADMIN. - project String
- ID or URL-encoded path of the project.
- protection
Rule IntegerId - Unique ID of the protection rule.
- tag
Name StringRegex - Container tag path pattern protected by the protection rule. Wildcard character * allowed. Tag path pattern should start with the project's full path.
- timeouts
Project
Container Tag Protection Timeouts
- immutable boolean
- Whether the container tag is immutable. If set, the container tag cannot be deleted or overwritten. Conflicts with
minimumAccessLevelForPushandminimumAccessLevelForDelete. - minimum
Access stringLevel For Delete - Minimum GitLab access level required to delete protected container tags in the container registry. Marks the container tag as protected. Valid values are:
MAINTAINER,OWNER,ADMIN. - minimum
Access stringLevel For Push - Minimum GitLab access level required to push protected container tags to the container registry. Marks the container tag as protected. Valid values are:
MAINTAINER,OWNER,ADMIN. - project string
- ID or URL-encoded path of the project.
- protection
Rule numberId - Unique ID of the protection rule.
- tag
Name stringRegex - Container tag path pattern protected by the protection rule. Wildcard character * allowed. Tag path pattern should start with the project's full path.
- timeouts
Project
Container Tag Protection Timeouts
- immutable bool
- Whether the container tag is immutable. If set, the container tag cannot be deleted or overwritten. Conflicts with
minimumAccessLevelForPushandminimumAccessLevelForDelete. - minimum_
access_ strlevel_ for_ delete - Minimum GitLab access level required to delete protected container tags in the container registry. Marks the container tag as protected. Valid values are:
MAINTAINER,OWNER,ADMIN. - minimum_
access_ strlevel_ for_ push - Minimum GitLab access level required to push protected container tags to the container registry. Marks the container tag as protected. Valid values are:
MAINTAINER,OWNER,ADMIN. - project str
- ID or URL-encoded path of the project.
- protection_
rule_ intid - Unique ID of the protection rule.
- tag_
name_ strregex - Container tag path pattern protected by the protection rule. Wildcard character * allowed. Tag path pattern should start with the project's full path.
- timeouts
Project
Container Tag Protection Timeouts Args
- immutable Boolean
- Whether the container tag is immutable. If set, the container tag cannot be deleted or overwritten. Conflicts with
minimumAccessLevelForPushandminimumAccessLevelForDelete. - minimum
Access StringLevel For Delete - Minimum GitLab access level required to delete protected container tags in the container registry. Marks the container tag as protected. Valid values are:
MAINTAINER,OWNER,ADMIN. - minimum
Access StringLevel For Push - Minimum GitLab access level required to push protected container tags to the container registry. Marks the container tag as protected. Valid values are:
MAINTAINER,OWNER,ADMIN. - project String
- ID or URL-encoded path of the project.
- protection
Rule NumberId - Unique ID of the protection rule.
- tag
Name StringRegex - Container tag path pattern protected by the protection rule. Wildcard character * allowed. Tag path pattern should start with the project's full path.
- timeouts Property Map
Supporting Types
ProjectContainerTagProtectionTimeouts, ProjectContainerTagProtectionTimeoutsArgs
- Create string
- How long to wait for the container tag protection rule to be created. Defaults to 5 minutes.
- Create string
- How long to wait for the container tag protection rule to be created. Defaults to 5 minutes.
- create String
- How long to wait for the container tag protection rule to be created. Defaults to 5 minutes.
- create string
- How long to wait for the container tag protection rule to be created. Defaults to 5 minutes.
- create str
- How long to wait for the container tag protection rule to be created. Defaults to 5 minutes.
- create String
- How long to wait for the container tag protection rule to be created. Defaults to 5 minutes.
Import
Starting in Terraform v1.5.0, you can use an import block to import gitlab.ProjectContainerTagProtection. For example:
Importing using the CLI is supported with the following syntax:
GitLab project container tag protection rules can be imported using an id made up of <project_id>:<protection_rule_id>, for example:
$ pulumi import gitlab:index/projectContainerTagProtection:ProjectContainerTagProtection example 123:456
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- GitLab pulumi/pulumi-gitlab
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
gitlabTerraform Provider.
Viewing docs for GitLab v9.11.0
published on Tuesday, Apr 21, 2026 by Pulumi
published on Tuesday, Apr 21, 2026 by Pulumi
