GitlabGroup
The GitlabGroup resource allows you to manage GitLab groups declaratively using Frigg.
Schema Reference
GitlabGroupResource
| Property | Type | Required | Description |
|---|---|---|---|
| version | string | Yes | Version of Frigg to use. Should be 1. |
| kind | GitlabGroup | Yes | Kind of resource you want to specify |
| metadata | object | Yes | Data used by Frigg internally |
| metadata.name | string | Yes | Name used to reference this resource from other resources |
| metadata.configDefaults | string | Yes | Name of the GitlabDefaults resource to use to resolve default configuration. |
| metadata.id | number | No | Numeric ID of the GitLab group. Specify this when you want to start managing an already existing group using Frigg. |
| spec | object | Yes | State you want the resource to have |
| spec.name | string | Yes | Name of the group in GitLab |
| spec.groupNamespace | string | No* | Name of the parent group (*must have either groupNamespace or userNamespace for subgroups) |
| spec.userNamespace | string | No* | Name of the user in whose namespace the group is in (*rarely used, mainly for top-level groups) |
| spec.config | GitlabGroupConfig | No | Group configuration. Leave undefined to fully use configDefaults.groupConfig. |
| spec.manageMembers | boolean | No | Whether Frigg should manage member access. When true, only members specified in spec.members will have access. |
| spec.members | GitlabMember array | No | Direct members of the group. Only used when manageMembers is true. |
| spec.sharedWithGroups | SharedWithGroup array | No | Groups that this group is shared with, granting all group members access. |
Configuration Details
GitlabGroupConfig
Configuration for group behavior, access levels, and security settings. All properties are optional. Any undefined properties will inherit from configDefaults.groupConfig in the referenced GitlabDefaults resource.
Essential Group Properties
| Property | Type | Default | Description |
|---|---|---|---|
| visibility | private | internal | public | private | Group visibility level (affects all projects within) |
| description | string | "" | Group description |
Access Control
| Property | Type | Description |
|---|---|---|
| projectCreationLevel | noone | maintainer | developer | Who can create projects in this group |
| subgroupCreationLevel | noone | maintainer | Who can create subgroups within this group |
| shareWithGroupLock | boolean | Prevent sharing projects with other groups |
| membershipLock | boolean | Lock membership to parent group members only (for subgroups) |
| requestAccessEnabled | boolean | Allow users to request access to the group |
Security Settings
| Property | Type | Description |
|---|---|---|
| requireTwoFactorAuthentication | boolean | Require 2FA for all group members |
| twoFactorGracePeriod | number | Grace period in hours before 2FA is enforced (default: 48) |
Default Branch Protection
Controls the default protection level for branches in new projects created within this group:
| Property | Type | Description |
|---|---|---|
| defaultBranchProtection | 0 | 1 | 2 | 3 | 4 | Default protection level for new project branches |
Protection Levels:
0- No protection1- Developers and maintainers can push2- Maintainers can push (default)3- No one can push4- No one can push, and require code owner approval for MR
Feature Settings
| Property | Type | Description |
|---|---|---|
| autoDevopsEnabled | boolean | Enable Auto DevOps for projects in this group |
| lfsEnabled | boolean | Enable Git LFS for projects in this group |
| emailsEnabled | boolean | Enable email notifications for the group |
| mentionsDisabled | boolean | Disable @mention notifications for the group |
Example
The following example includes all possible GitlabGroupConfig properties.
version: '1'
kind: GitlabGroup
metadata:
name: example_group
configDefaults: GitlabDefaults
spec:
name: Example Group
parent: null
config:
autoDevopsEnabled: false
defaultBranchProtection: 2
description: 'Example description'
emailsEnabled: true
lfsEnabled: true
membershipLock: false
mentionsDisabled: false
projectCreationLevel: maintainer
requestAccessEnabled: true
requireTwoFactorAuthentication: true
shareWithGroupLock: false
subgroupCreationLevel: owner
twoFactorGracePeriod: 48
visibility: private
members:
- name: john.doe
accessLevel: owner
- name: alice.johnson
accessLevel: reporter
sharedWithGroups:
- name: another_example_group
accessLevel: developerRelated Resources
Required Resources
- GitlabDefaults - Define default configurations for groups
Sub-Resources
- GitlabMember - Manage direct group members
- SharedWithGroup - Share group with other groups
Related Resources
- GitlabProject - Manage GitLab projects within groups
- GitlabUser - Manage GitLab users