Restrict developer role read-only access to Terraform state

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Problem to solve

Interaction with GitLab managed Terraform state was expanded in 13.2 to allow the developer role to run the non-destructive terraform plan command.

Intended users

• Cameron (Compliance Manager)
• Delaney (Development Team Lead)

Proposal

Allow developer access to Terraform state to be turned off, or made more granular.

Further details

GitLab Premium Customer raised a ticket (internal links) asking how read-only access by developers can be turned off, and state restricted to maintainers only. Their requirement would be that the state files can be segregated similar to protected branches or tags. Developers having read access to all state is not an option for them.