API calls to update project fail when certain fields are not passed from gitlab provider to underlying library

Created by: olhado

GitLab Provider version

3.15.0

GitLab version

Gitalb 14.5.2 EE (Premium)

Terraform version

Terraform v1.2.3

Relevant Terraform Configuration

resource "gitlab_project" "proj" {

  name                     = "test project"
  namespace_id             = gitlab_group.my_grp.id
  
  analytics_access_level   = "disabled"
  shared_runners_enabled   = true
}

Relevant log output

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # gitlab_project will be updated in-place
  ~ resource "gitlab_project" "proj" {
      ~ analytics_access_level                           = "disabled" -> "private"
        id                                               = "<REDACTED>"
        name                                             = "test prioject"
        tags                                             = []
        # (57 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

gitlab_project.proj: Modifying... [id=<REDACTED>]
╷
│ Error: PUT https://<REDACTED>/api/v4/projects/<REDACTED>: 400 {error: allow_merge_on_skipped_pipeline, autoclose_referenced_issues, auto_devops_enabled, auto_devops_deploy_strategy, auto_cancel_pending_pipelines, build_coverage_regex, build_git_strategy, build_timeout, builds_access_level, ci_config_path, ci_default_git_depth, ci_forward_deployment_enabled, container_registry_access_level, container_expiration_policy_attributes, default_branch, description, emails_disabled, forking_access_level, issues_access_level, lfs_enabled, merge_pipelines_enabled, merge_requests_access_level, merge_requests_template, merge_trains_enabled, merge_method, name, only_allow_merge_if_all_discussions_are_resolved, only_allow_merge_if_pipeline_succeeds, pages_access_level, path, printing_merge_request_link_enabled, public_builds, remove_source_branch_after_merge, repository_access_level, request_access_enabled, resolve_outdated_diff_discussions, restrict_user_defined_variables, squash_option, shared_runners_enabled, snippets_access_level, tag_list, topics, visibility, wiki_access_level, avatar, suggestion_commit_message, merge_commit_template, repository_storage, compliance_framework_setting, packages_enabled, service_desk_enabled, keep_latest_artifact, issues_enabled, jobs_enabled, merge_requests_enabled, wiki_enabled, snippets_enabled, container_registry_enabled, approvals_before_merge, external_authorization_classification_label, fallback_approvals_required, import_url, issues_template, merge_requests_template, merge_pipelines_enabled, merge_trains_enabled are missing, at least one parameter must be provided}
│
│   with gitlab_project.proj,
│   on namespaces/projects.tf line 1, in resource "gitlab_project" "proj":
│    1: resource "gitlab_project" "proj" {
│
╵

Description

The issue with the above example configuration occurs when only analytics_access_level is changed. If you changed shared_runners_enabled (or presumably any of the ones listed in the error message) then the API call to gitlab goes through successfully.

It appears the underlying gitlab library you are using has some additional requirements. Which is weird, but this is quite a nasty issue, as it appears that if you only edit any attributes NOT in this list, the apply will always fail.

It also exposes the existence of at least one field that the gitlab terraform provide does not allow access to (ci_default_git_depth).