Introduction

We are excited to announce the release of improved Apply Requirements.

When managing infrastructure as code, it's very important to make sure that any changes are thoroughly reviewed and approved. Apply Requirements provide a way to define conditions that must be met before Terrateam executes an apply operation.

New Configurations

The new configurations introduced with this release are:

`apply_requirements.checks.tag_query`

A tag query that specifies which directories and workspaces the apply requirements should be applied to. Default is "", which matches all directories and workspaces.

`apply_requirements.checks.approved.any_of`

List of GitHub teams/users/roles, where any one of them is required to approve the pull request.

`apply_requirements.checks.approved.any_of_count`

The number of approvals required from the any_of list. Default is 1.

`apply_requirements.checks.approved.all_of`

List of GitHub teams/users/roles, where all of them are required to approve the pull request.

How It Works

Apply Requirements are configured under the apply_requirements.checks key in your repository .terrateam/config.yml.

Here’s the new default configuration:

apply_requirements:
  create_pending_apply_check: true
  checks:
    - tag_query: ""
      approved:
        enabled: false
        any_of: []
        any_of_count: 1
        all_of: []
      merge_conflicts:
        enabled: true
      status_checks:
        enabled: true
        ignore_matching: []

Real World Examples

Require Approvals from Specific Users Based on Directory

apply_requirements:
  checks:
    - tag_query: "dir:tf1"
      approved:
        enabled: true
        all_of: ["user:alice"]
    - tag_query: "dir:tf2"
      approved:
        enabled: true
        all_of: ["user:bob"]

This configuration requires approval from the user "alice" for changes in the "tf1" directory and from the user "bob" for changes in the "tf2" directory.

Require Any 2 Approvals from a List of Users

apply_requirements:
  checks:
    - tag_query: ""
      approved:
        enabled: true
        any_of: ["user:alice", "user:bob", "user:bender", "user:fry"]
        any_of_count: 2

This configuration requires at least 2 approvals from any of the users in the any_of list before an apply operation can be executed.

Require Approvals from All Users in a List

apply_requirements:
  checks:
    - tag_query: ""
      approved:
        enabled: true
        all_of: ["user:alice", "user:bob"]

This configuration requires approvals from both "alice" and "bob" before an apply operation can be executed.

For more detailed information, visit our documentation.

Features

Learn More

Learn

Connect