Announcing Improved Apply Requirements

By Malcolm Matalka on May 17, 2024
Announcing Audit Trail

We are excited to announce the release of improved Apply Requirements.

When managing infrastructure as code, it’s very important to make sure that any changes are thoroughly reviewed and approved. Apply Requirements provide a way to define conditions that must be met before Terrateam executes an apply operation.

New Configurations

The new configurations introduced with this release are:

apply_requirements.checks.tag_query

A tag query that specifies which directories and workspaces the apply requirements should be applied to. Default is "", which matches all directories and workspaces.

apply_requirements.checks.approved.any_of

List of GitHub teams/users/roles, where any one of them is required to approve the pull request.

apply_requirements.checks.approved.any_of_count

The number of approvals required from the any_of list. Default is 1.

apply_requirements.checks.approved.all_of

List of GitHub teams/users/roles, where all of them are required to approve the pull request.

How It Works

Apply Requirements are configured under the apply_requirements.checks key in your repository .terrateam/config.yml.

Here’s the new default configuration:

apply_requirements:
create_pending_apply_check: true
checks:
- tag_query: ""
approved:
enabled: false
any_of: []
any_of_count: 1
all_of: []
merge_conflicts:
enabled: true
status_checks:
enabled: true
ignore_matching: []

Real World Examples

Require Approvals from Specific Users Based on Directory

apply_requirements:
checks:
- tag_query: "dir:tf1"
approved:
enabled: true
all_of: ["user:alice"]
- tag_query: "dir:tf2"
approved:
enabled: true
all_of: ["user:bob"]

This configuration requires approval from the user “alice” for changes in the “tf1” directory and from the user “bob” for changes in the “tf2” directory.

Require Any 2 Approvals from a List of Users

apply_requirements:
checks:
- tag_query: ""
approved:
enabled: true
any_of: ["user:alice", "user:bob", "user:bender", "user:fry"]
any_of_count: 2

This configuration requires at least 2 approvals from any of the users in the any_of list before an apply operation can be executed.

Require Approvals from All Users in a List

apply_requirements:
checks:
- tag_query: ""
approved:
enabled: true
all_of: ["user:alice", "user:bob"]

This configuration requires approvals from both “alice” and “bob” before an apply operation can be executed.

For more detailed information, visit our documentation.

We use cookies and similar technologies to provide certain features, enhance the user experience and deliver content that is relevant to your interests. Depending on their purpose, analysis and marketing cookies may be used in addition to technically necessary cookies. By clicking on "Agree and continue", you declare your consent to the use of the aforementioned cookies. Here you can make detailed settings or revoke your consent (in part if necessary) with effect for the future. For further information, please refer to our Privacy Policy .