Announcing Improved Apply Requirements

Announcing Improved Apply Requirements blog post

Introduction

We are excited to announce the release of improved Apply Requirements.

When managing infrastructure as code, it’s very important to make sure that any changes are thoroughly reviewed and approved. Apply Requirements provide a way to define conditions that must be met before Terrateam executes an apply operation.

New Configurations

The new configurations introduced with this release are:

apply_requirements.checks.tag_query

A tag query that specifies which directories and workspaces the apply requirements should be applied to. Default is "", which matches all directories and workspaces.

apply_requirements.checks.approved.any_of

List of GitHub teams/users/roles, where any one of them is required to approve the pull request.

apply_requirements.checks.approved.any_of_count

The number of approvals required from the any_of list. Default is 1.

apply_requirements.checks.approved.all_of

List of GitHub teams/users/roles, where all of them are required to approve the pull request.

How It Works

Apply Requirements are configured under the apply_requirements.checks key in your repository .terrateam/config.yml.

Here’s the new default configuration:

apply_requirements:
create_pending_apply_check: true
checks:
- tag_query: ""
approved:
enabled: false
any_of: []
any_of_count: 1
all_of: []
merge_conflicts:
enabled: true
status_checks:
enabled: true
ignore_matching: []

Real World Examples

Require Approvals from Specific Users Based on Directory

apply_requirements:
checks:
- tag_query: "dir:tf1"
approved:
enabled: true
all_of: ["user:alice"]
- tag_query: "dir:tf2"
approved:
enabled: true
all_of: ["user:bob"]

This configuration requires approval from the user “alice” for changes in the “tf1” directory and from the user “bob” for changes in the “tf2” directory.

Require Any 2 Approvals from a List of Users

apply_requirements:
checks:
- tag_query: ""
approved:
enabled: true
any_of: ["user:alice", "user:bob", "user:bender", "user:fry"]
any_of_count: 2

This configuration requires at least 2 approvals from any of the users in the any_of list before an apply operation can be executed.

Require Approvals from All Users in a List

apply_requirements:
checks:
- tag_query: ""
approved:
enabled: true
all_of: ["user:alice", "user:bob"]

This configuration requires approvals from both “alice” and “bob” before an apply operation can be executed.

For more detailed information, visit our documentation.

Infrastructure as Code. Optimized.

Ready to get started?

Experience powerful infrastructure orchestration, seamlessly integrated with GitHub.