template ci/cd pipeline enforcement
I was wondering if there is a way to disable the template editor in the ui or making it read only even for owners(although that wouldn't fix them having cli/api access)
I am basically looking for a way that can enforce template changes through merge request using ci coder service account with gitlab pipelines.
19 Replies
<#1273026731938283590>
Category
Feature request
Product
Coder OSS (v2)
Platform
Linux
Logs
Please post any relevant logs/error messages.
hey @Spiked_Grape, this isn't possible yet, i guess you could reserve the owner role the service account used for CI
please open a feature request via GH Issues
GitHub
Issues · coder/coder
Provision remote development environments via Terraform - Issues · coder/coder
@Phorcys ok thanks. what about not making templates available to everyone by default. Is there a flag/option for that? If I am testing out a new template, currently I push it via cli then go change the permissions in the ui.
well, except not giving them the owner/admin role I don't think so
i'm not sure
maybe you can do it via the API, I don't know if there's a flag, I will take a look
Hi @Spiked_Grape there are settings to manage templates accesss
See https://coder.com/docs/templates/permissions
You can use
--private flag from CLI
it will work with
From coder templates create--help
@Atif what about the deprecation notice at the top of that page.
I thought you have to templates push now and that doesn't show a private or group option
create was deprecated in favor of merging the functionality in push
I am sorry, I missed that deprecation notice. --private should work with push too.
Let me know if it doesn't. And we can fix it and if it works we will update docs to reflect the change.hello @Spiked_Grape -- any luck?
Hi I was looking at the new docs that use the coderd terraform provider.
https://coder.com/docs/templates/change-management
Where you can use acl for the permissions etc. but I haven't had a chance to try it out yet.
So when you using ci cd to add new versions, I would want to add a new version map to version list inside the existing template resource?
I don't think that would be needed -- looks like it would just grab whatever you have in the template directory and push it if contents have changed!
Phorcys is correct, the
versions list is alike to recording different branches of versions
if you make changes to the contents of a version in the list, a new template version will get created when you applyOk is there a way to apply different acls to the different versions or am I better off just having two completely different templates.
Like I am trying to work on gitlab pipeline starting with this example and wanted developers to be able to push a staging version that all users couldn't see and maybe do that in a staging branch etc.
https://registry.terraform.io/providers/coder/coderd/latest/docs/resources/template
Yeah you’ll need two templates for two different ACLs
Just keep in mind any ACL/permissions modification requires enterprise
Yeah have that
hey @Spiked_Grape, can we close this issue?
Ok thanks for the help
@Phorcys closed the thread.