Proposal: Extend gitlab_project_members to support Group invitations #8658

Open Acarnesecchi opened 1 month ago

Summary

Context

In our current workflow, we automate the creation of repositories and immediately invite relevant teams to these repositories. We manage permissions and accesses through group assignments, which aligns well with GitLab's capability of inviting groups directly to projects.

Problem

The existing gitlab_project_members module only supports adding individual users to projects, which is not ideal when dealing with large teams that are already organized into groups within GitLab. While I could simply get the group's members and add them individually with their respective access level, this is not efficient and does not leverage GitLab's native group invitation feature.

Proposed Solution

I am proposing two potential solutions:

Extend the existing gitlab_project_members module to include functionality for inviting groups to projects. This would involve adding parameters to specify a group and its access level, and then utilizing the GitLab API's group sharing endpoints.
Create a new module, gitlab_project_groups, specifically designed for managing group interactions within projects. This could provide a cleaner separation of concerns, particularly if additional group-specific functionalities are anticipated in the future.

Both modules would start with basic functionality to invite and uninvite groups to projects without the ability to fetch or modify existing group roles as I have not found a way to do it with the API.

Progress

I have already begun implementing the first option by extending gitlab_project_members to support group invitations. This involves:

Adding a method to retrieve group IDs based on group names.
Implementing methods to share and unshare projects with groups using the GitLab API.
Adjusting the module's argument specifications to handle new parameters related to group management.

Issue Type

Feature Idea

Component Name

gitlab_project_members

Additional Information

- name: Share a project with a list of Groups with Dedicated Access Levels to A GitLab project
  community.general.gitlab_project_members:
    api_url: 'https://gitlab.example.com'
    api_token: 'Your-Private-Token'
    project: projectname
    gitlab_group:
      - name: group1
        group_access_level: developer
      - name: group2
        group_access_level: maintainer
    state: present

- name: Unshare a project with a group
  community.general.gitlab_project_members:
    api_url: 'https://gitlab.example.com'
    api_token: 'Your-Private-Token'
    project: projectname
    gitlab_group:
      - name: group1
    state: absent

Code of Conduct

[X] I agree to follow the Ansible Code of Conduct

Files identified in the description:

plugins/modules/gitlab_project_members.py

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

cc @Lunik @Shaps @lgatellier @marwatk @metanovii @nejch @scodeman @sh0shin @suukit @waheedi @zanssa click here for bot help

ansible-collections / community.general