template ci/cd pipeline enforcement

I was wondering if there is a way to disable the template editor in the ui or making it read only even for owners(although that wouldn't fix them having cli/api access) I am basically looking for a way that can enforce template changes through merge request using ci coder service account with gitlab pipelines.
11 Replies
Codercord
Codercord4w ago
<#1273026731938283590>
Category
Feature request
Product
Coder OSS (v2)
Platform
Linux
Logs
Please post any relevant logs/error messages.
Phorcys
Phorcys4w ago
hey @Spiked_Grape, this isn't possible yet, i guess you could reserve the owner role the service account used for CI please open a feature request via GH Issues
Phorcys
Phorcys4w ago
GitHub
Issues · coder/coder
Provision remote development environments via Terraform - Issues · coder/coder
Spiked_Grape
Spiked_Grape4w ago
@Phorcys ok thanks. what about not making templates available to everyone by default. Is there a flag/option for that? If I am testing out a new template, currently I push it via cli then go change the permissions in the ui.
Phorcys
Phorcys4w ago
well, except not giving them the owner/admin role I don't think so i'm not sure maybe you can do it via the API, I don't know if there's a flag, I will take a look
Atif
Atif4w ago
Hi @Spiked_Grape there are settings to manage templates accesss See https://coder.com/docs/templates/permissions You can use --private flag from CLI it will work with
coder templates create --private ...
coder templates create --private ...
From coder templates create--help
--private bool
Disable the default behavior of granting template access to the 'everyone' group. The template permissions
must be updated to allow non-admin users to use this template.
--private bool
Disable the default behavior of granting template access to the 'everyone' group. The template permissions
must be updated to allow non-admin users to use this template.
Spiked_Grape
Spiked_Grape4w ago
@Atif what about the deprecation notice at the top of that page. I thought you have to templates push now and that doesn't show a private or group option
No description
Atif
Atif4w ago
create was deprecated in favor of merging the functionality in push I am sorry, I missed that deprecation notice. --private should work with push too. Let me know if it doesn't. And we can fix it and if it works we will update docs to reflect the change.
Phorcys
Phorcys6d ago
hello @Spiked_Grape -- any luck?
Spiked_Grape
Spiked_Grape6d ago
Hi I was looking at the new docs that use the coderd terraform provider. https://coder.com/docs/templates/change-management Where you can use acl for the permissions etc. but I haven't had a chance to try it out yet. So when you using ci cd to add new versions, I would want to add a new version map to version list inside the existing template resource?
Change management - Coder Docs
Versioning templates with git and CI
From An unknown user
From An unknown user
Phorcys
Phorcys5d ago
I don't think that would be needed -- looks like it would just grab whatever you have in the template directory and push it if contents have changed!
Want results from more Discord servers?
Add your server