- Valid access levels
- List group-level protected environments
- Get a single protected environment
- Protect an environment
- Unprotect environment
Group-level protected environments API
- Introduced in GitLab Premium 14.0.
- Deployed behind a feature flag, disabled by default.
- Disabled on GitLab.com.
- Not recommended for production use.
- To use in GitLab self-managed instances, ask a GitLab administrator to enable it.
This in-development feature might not be available for your use. There can be risks when enabling features still in development. Refer to this feature’s version history for more details.
Read more about group-level protected environments,
Valid access levels
The access levels are defined in the ProtectedEnvironment::DeployAccessLevel::ALLOWED_ACCESS_LEVELS
method.
Currently, these levels are recognized:
30 => Developer access
40 => Maintainer access
60 => Admin access
List group-level protected environments
Gets a list of protected environments from a group.
GET /groups/:id/protected_environments
Attribute | Type | Required | Description |
---|---|---|---|
id
| integer/string | yes | The ID or URL-encoded path of the group maintained by the authenticated user. |
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/5/protected_environments/"
Example response:
[
{
"name":"production",
"deploy_access_levels":[
{
"access_level":40,
"access_level_description":"Maintainers",
"user_id":null,
"group_id":null
}
]
}
]
Get a single protected environment
Gets a single protected environment.
GET /groups/:id/protected_environments/:name
Attribute | Type | Required | Description |
---|---|---|---|
id
| integer/string | yes | The ID or URL-encoded path of the group maintained by the authenticated user. |
name
| string | yes | The deployment tier of the protected environment. One of production , staging , testing , development , or other . Read more about deployment tiers.
|
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/5/protected_environments/production"
Example response:
{
"name":"production",
"deploy_access_levels":[
{
"access_level":40,
"access_level_description":"Maintainers",
"user_id":null,
"group_id":null
}
]
}
Protect an environment
Protects a single environment.
POST /groups/:id/protected_environments
Attribute | Type | Required | Description |
---|---|---|---|
id
| integer/string | yes | The ID or URL-encoded path of the group maintained by the authenticated user. |
name
| string | yes | The deployment tier of the protected environment. One of production , staging , testing , development , or other . Read more about deployment tiers.
|
deploy_access_levels
| array | yes | Array of access levels allowed to deploy, with each described by a hash. One of user_id , group_id or access_level . They take the form of {user_id: integer} , {group_id: integer} or {access_level: integer} respectively.
|
The assignable user_id
are the users who belong to the given group with the Maintainer role (or above).
The assignable group_id
are the sub-groups under the given group.
curl --header 'Content-Type: application/json' --request POST --data '{"name": "production", "deploy_access_levels": [{"group_id": 9899826}]}' --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/22034114/protected_environments"
Example response:
{
"name":"production",
"deploy_access_levels":[
{
"access_level":40,
"access_level_description":"protected-access-group",
"user_id":null,
"group_id":9899826
}
]
}
Unprotect environment
Unprotects the given protected environment.
DELETE /groups/:id/protected_environments/:name
Attribute | Type | Required | Description |
---|---|---|---|
id
| integer/string | yes | The ID or URL-encoded path of the group maintained by the authenticated user. |
name
| string | yes | The deployment tier of the protected environment. One of production , staging , testing , development , or other . Read more about deployment tiers.
|
curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/5/protected_environments/staging"
The response should return a 200 code.