refs sparkfabrik-innovation-team/board#3833: Update changelog, README, and configuration files for version 1.0.0 release, including new variables and breaking changes

Stevesibilia · Stevesibilia · commit 775dac63abd5 · 2025-10-02T15:14:56.000+02:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,41 +10,39 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [1.0.0] - 2025-10-02
 
-[Compare with previous version](https://github.com/sparkfabrik/terraform-gitlab-kubernetes-gitlab-agent/compare/1.0.0...0.13.0)
+[Compare with previous version](https://github.com/sparkfabrik/terraform-gitlab-kubernetes-gitlab-agent/compare/0.13.0...1.0.0)
 
 ### Added
 
-- New variable `operate_at_root_group_level` to simplify configuration and replace the combination of `gitlab_agent_grant_access_to_entire_root_namespace` and `gitlab_agent_create_variables_in_root_namespace`
-- New variable `groups_enabled` to specify groups where the GitLab Agent should be enabled (when not operating at root group level)
-- New variable `projects_enabled` to specify projects where the GitLab Agent should be enabled (when not operating at root group level)
-- Auto-detection of parent group when `operate_at_root_group_level = false` and no groups/projects are specified
-- Support for creating CI/CD variables in multiple groups and projects simultaneously
-- Dynamic generation of agent configuration file based on enabled groups/projects using `yamlencode()`
-- New outputs: `gitlab_enabled_groups`, `gitlab_enabled_projects`, `gitlab_parent_group_auto_detected`, `operate_at_root_group_level`
+- New variable `operate_at_root_group_level` to simplify configuration and replace the combination of `gitlab_agent_grant_access_to_entire_root_namespace` and `gitlab_agent_create_variables_in_root_namespace`.
+- New variable `groups_enabled` to specify groups where the GitLab Agent should be enabled (when not operating at root group level).
+- New variable `projects_enabled` to specify projects where the GitLab Agent should be enabled (when not operating at root group level).
+- Auto-detection of parent group when `operate_at_root_group_level = false` and no groups/projects are specified.
+- Support for creating CI/CD variables in multiple groups and projects simultaneously.
+- Dynamic generation of agent configuration file based on enabled groups/projects using `yamlencode()`.
+- New outputs: `gitlab_enabled_groups`, `gitlab_enabled_projects`, `gitlab_parent_group_auto_detected`.
 
 ### Changed
 
-- Agent configuration file is now dynamically generated based on `operate_at_root_group_level` and enabled groups/projects
-- CI/CD variables can now be created in multiple targets (root group, specific groups, or specific projects) depending on configuration
-- Output `gitlab_root_namespace_id` now returns `null` when not operating at root group level
-- User access (`user_access`) is now controlled directly by `operate_at_root_group_level` and only granted when operating at root group level
+- Agent configuration file is now dynamically generated based on `operate_at_root_group_level` and enabled groups/projects.
+- CI/CD variables can now be created in multiple targets (root group, specific groups, or specific projects) depending on configuration.
+- Output `gitlab_root_namespace_id` now returns `null` when not operating at root group level.
 
 ### Removed
 
-- **BREAKING CHANGE**: Variable `gitlab_agent_grant_user_access_to_root_namespace` - functionality is now controlled by `operate_at_root_group_level`
-- **BREAKING CHANGE**: Variable `gitlab_agent_grant_access_to_entire_root_namespace` - replaced by `operate_at_root_group_level`
-- **BREAKING CHANGE**: Variable `gitlab_agent_create_variables_in_root_namespace` - behavior is now determined by `operate_at_root_group_level`
-- Backward compatibility logic for deprecated variables
+- **BREAKING CHANGE**: variable `gitlab_agent_grant_access_to_entire_root_namespace` - replaced by `operate_at_root_group_level`.
+- **BREAKING CHANGE**: variable `gitlab_agent_create_variables_in_root_namespace` - behavior is now determined by `operate_at_root_group_level`.
+- Backward compatibility logic for deprecated variables.
 
 ### Migration Guide
 
 If you were using the removed variables, migrate as follows:
 
-- `gitlab_agent_grant_user_access_to_root_namespace = true` → `operate_at_root_group_level = true`
-- `gitlab_agent_grant_access_to_entire_root_namespace = true` + `gitlab_agent_create_variables_in_root_namespace = true` → `operate_at_root_group_level = true`
-- `gitlab_agent_grant_access_to_entire_root_namespace = false` → `operate_at_root_group_level = false` + configure `groups_enabled` and/or `projects_enabled`
+- `gitlab_agent_grant_user_access_to_root_namespace = true` -> `operate_at_root_group_level = true` + `gitlab_agent_grant_user_access_to_root_namespace = true`
+- `gitlab_agent_grant_access_to_entire_root_namespace = true` + `gitlab_agent_create_variables_in_root_namespace = true` → `operate_at_root_group_level = true` + `gitlab_agent_grant_user_access_to_root_namespace = true`
+- `gitlab_agent_grant_access_to_entire_root_namespace = false` -> `operate_at_root_group_level = false` + configure `groups_enabled` and/or `projects_enabled`
 
-**Note**: User access is now only available when `operate_at_root_group_level = true`. If you need user access to specific groups/projects, this is not currently supported.
+**Note**: user access is now only available when `operate_at_root_group_level = true`. If you need user access to specific groups/projects, this is not currently supported by Gitlab.
 
 ## [0.12.0] - 2025-05-19
 
diff --git a/README.md b/README.md
@@ -6,9 +6,9 @@ It uses the Gitlab provider to register the agent on the Gitlab server. The gene
 
 The module supports multiple configuration modes:
 
-- **Root Group Level** (default): The agent has access to the entire root namespace and CI/CD variables are created in the root group
-- **Auto-detect Parent**: When not operating at root level and no specific groups/projects are provided, the module automatically detects the parent group of the agent project
-- **Specific Groups/Projects**: Enable the agent only for specific groups or projects, with variables created in those locations
+- **Root Group Level** (default): The agent has access to the entire root namespace and CI/CD variables are created in the root group.
+- **Auto-detect Parent**: when not operating at root level and no specific groups/projects are provided, the module automatically detects the parent group of the agent project.
+- **Specific Groups/Projects**: enable the agent only for specific groups or projects, with variables created in those locations.
 
 **ATTENTION**: you have to manually create the project that will host the Gitlab Agent configuration in Gitlab before running this module.
 
diff --git a/files/config.yaml.tftpl b/files/config.yaml.tftpl
@@ -1,15 +1,31 @@
+%{~ if operate_at_root_group_level ~}
 ci_access:
   groups:
     - id: ${root_namespace}
 
-%{~ if operate_at_root_group_level }
 user_access:
   access_as:
     agent: {}
   groups:
     - id: ${root_namespace}
+%{~ else ~}
+%{~ if length(groups_to_enable) > 0 || length(projects_to_enable) > 0 ~}
+ci_access:
+%{~ if length(groups_to_enable) > 0 ~}
+  groups:
+%{~ for group in groups_to_enable ~}
+    - id: ${group}
+%{~ endfor ~}
+%{~ endif ~}
+%{~ if length(projects_to_enable) > 0 ~}
+  projects:
+%{~ for project in projects_to_enable ~}
+    - id: ${project}
+%{~ endfor ~}
+%{~ endif ~}
+%{~ endif ~}
 %{~ endif ~}
 
-%{~ if trimspace(gitlab_agent_append_to_config_file) != "" }
+%{~ if trimspace(gitlab_agent_append_to_config_file) != "" ~}
 ${gitlab_agent_append_to_config_file}
 %{~ endif ~}
diff --git a/main.tf b/main.tf
@@ -37,24 +37,14 @@ locals {
   )
 
   # Gitlab Agent configuration file
-  final_configuration_file_content = var.gitlab_agent_custom_config_file_content != "" ? var.gitlab_agent_custom_config_file_content : (
-    var.operate_at_root_group_level ? templatefile("${path.module}/files/config.yaml.tftpl", {
-      root_namespace                     = data.gitlab_group.root_namespace.path,
-      gitlab_agent_append_to_config_file = var.gitlab_agent_append_to_config_file,
-      operate_at_root_group_level        = var.operate_at_root_group_level
-      }) : (
-      length(local.groups_to_enable) > 0 || length(local.projects_to_enable) > 0 ? yamlencode({
-        ci_access = merge(
-          length(local.groups_to_enable) > 0 ? {
-            groups = [for g in local.groups_to_enable : { id = g }]
-          } : {},
-          length(local.projects_to_enable) > 0 ? {
-            projects = [for p in local.projects_to_enable : { id = p }]
-          } : {}
-        )
-      }) : ""
-    )
-  )
+  final_configuration_file_content = var.gitlab_agent_custom_config_file_content != "" ? var.gitlab_agent_custom_config_file_content : templatefile("${path.module}/files/config.yaml.tftpl", {
+    operate_at_root_group_level                      = var.operate_at_root_group_level
+    root_namespace                                   = data.gitlab_group.root_namespace.path
+    groups_to_enable                                 = local.groups_to_enable
+    projects_to_enable                               = local.projects_to_enable
+    gitlab_agent_append_to_config_file               = var.gitlab_agent_append_to_config_file
+    gitlab_agent_grant_user_access_to_root_namespace = var.gitlab_agent_grant_user_access_to_root_namespace
+  })
 
   # Gitlab Agent CI/CD variables
   gitlab_agent_kubernetes_context_variables = {
diff --git a/variables.tf b/variables.tf
@@ -37,6 +37,12 @@ variable "operate_at_root_group_level" {
   default     = true
 }
 
+variable "gitlab_agent_grant_user_access_to_root_namespace" {
+  description = "Grant `user_access` to the root namespace."
+  type        = bool
+  default     = false
+}
+
 variable "groups_enabled" {
   description = "List of group paths where the GitLab Agent should be enabled. Only used when operate_at_root_group_level is false. If empty and projects_enabled is also empty, the parent group of the agent project will be used automatically."
   type        = list(string)
@@ -50,14 +56,14 @@ variable "projects_enabled" {
 }
 
 variable "gitlab_agent_append_to_config_file" {
-  description = "Append the Gitlab Agent configuration to the configuration file created for the entire root namespace. This variable is only used when `gitlab_agent_grant_access_to_entire_root_namespace` is true."
+  description = "Append custom configuration to the Gitlab Agent configuration file. This content will be added at the end of the generated configuration."
   type        = string
   default     = ""
 
 }
 
 variable "gitlab_agent_custom_config_file_content" {
-  description = "The content of the Gitlab Agent configuration file. If not provided and `gitlab_agent_grant_access_to_entire_root_namespace` is true, the default configuration file will be used and the root namespace will be granted access to the Gitlab Agent. If you set this variable, it takes precedence over `gitlab_agent_grant_access_to_entire_root_namespace`."
+  description = "The content of the Gitlab Agent configuration file. If not provided, the default configuration file will be generated based on `operate_at_root_group_level`, `groups_enabled`, and `projects_enabled`. If you set this variable, it takes precedence over the automatic configuration generation."
   type        = string
   default     = ""
 }
