project approval configuration error

Created by: cmd-werner-diers

Terraform Version

    terraform -version
    Terraform v0.15.4
    on darwin_amd64
    + provider registry.terraform.io/gitlabhq/gitlab v3.6.0
    + provider registry.terraform.io/hashicorp/aws v3.42.0
    + provider registry.terraform.io/hashicorp/external v2.1.0
    + provider registry.terraform.io/hashicorp/null v3.1.0

Affected Resource(s)

Please list the resources as a list, for example:

• gitlab_project_level_mr_approvals

Terraform Configuration Files

    resource "gitlab_project" "main" {
        name                                             = "approvals-issue"
        path                                             = "approvals-issue"
        visibility_level                                 = "private"
        namespace_id                                     = "namespace"
        archived                                         = false
        merge_requests_enabled                           = true
        approvals_before_merge                           = 2
        initialize_with_readme                           = true
    }

    resource "gitlab_branch_protection" "main" {
        project                      = gitlab_project.main.id
        branch                       = "master"
        push_access_level            = "no one"
        merge_access_level           = "maintainer"
        code_owner_approval_required = true
    }

    resource "gitlab_tag_protection" "main" {
        project             = gitlab_project.main.id
        tag                 = "*"
        create_access_level = "maintainer"
    }

    resource "gitlab_project_level_mr_approvals" "main" {
        project_id                                     = gitlab_project.main.id
        reset_approvals_on_push                        = true
        disable_overriding_approvers_per_merge_request = true
        merge_requests_author_approval                 = false
        merge_requests_disable_committers_approval     = true
    }

Debug Output

Shorten output:

Acquiring state lock. This may take a few moments...
...
gitlab_project.main: Refreshing state... [id=25898445]
gitlab_project_level_mr_approvals.main: Refreshing state... [id=25898445]
gitlab_tag_protection.main: Refreshing state... [id=25898445:*]
...
2021-06-01T11:30:25.894+1000 [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState to refreshState for gitlab_branch_protection.main["master"]
2021-06-01T11:30:25.894+1000 [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState: writing state object for gitlab_branch_protection.main["master"]
2021-06-01T11:30:25.894+1000 [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState to refreshState for gitlab_tag_protection.main
2021-06-01T11:30:25.894+1000 [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState: writing state object for gitlab_tag_protection.main
2021-06-01T11:30:25.894+1000 [TRACE] vertex "gitlab_project_level_mr_approvals.main": visit complete
2021-06-01T11:30:25.894+1000 [TRACE] vertex "gitlab_project_level_mr_approvals.main": dynamic subgraph encountered errors: couldn't read approval configuration: GET https://gitlab.com/api/v4/projects/25898445/approvals: 403 {message: 403 Forbidden}
2021-06-01T11:30:25.894+1000 [TRACE] vertex "gitlab_project_level_mr_approvals.main": visit complete
2021-06-01T11:30:25.894+1000 [TRACE] vertex "gitlab_project_level_mr_approvals.main (expand)": dynamic subgraph encountered errors: couldn't read approval configuration: GET https://gitlab.com/api/v4/projects/25898445/approvals: 403 {message: 403 Forbidden}
2021-06-01T11:30:25.894+1000 [TRACE] vertex "gitlab_project_level_mr_approvals.main (expand)": visit complete
2021-06-01T11:30:25.895+1000 [TRACE] Re-validating config for "gitlab_branch_protection.main[\"master\"]"
2021-06-01T11:30:25.895+1000 [TRACE] GRPCProvider: ValidateResourceConfig
2021-06-01T11:30:25.895+1000 [TRACE] Re-validating config for "gitlab_tag_protection.main"
2021-06-01T11:30:25.895+1000 [TRACE] GRPCProvider: ValidateResourceConfig
2021-06-01T11:30:25.895+1000 [TRACE] GRPCProvider: PlanResourceChange
2021-06-01T11:30:25.895+1000 [TRACE] GRPCProvider: PlanResourceChange
2021-06-01T11:30:25.896+1000 [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState to workingState for gitlab_tag_protection.main
2021-06-01T11:30:25.896+1000 [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState to workingState for gitlab_branch_protection.main["master"]
2021-06-01T11:30:25.896+1000 [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState: writing state object for gitlab_branch_protection.main["master"]
2021-06-01T11:30:25.896+1000 [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState: writing state object for gitlab_tag_protection.main
2021-06-01T11:30:25.896+1000 [TRACE] writeChange: recorded NoOp change for gitlab_branch_protection.main["master"]
2021-06-01T11:30:25.896+1000 [TRACE] writeChange: recorded NoOp change for gitlab_tag_protection.main
2021-06-01T11:30:25.896+1000 [TRACE] vertex "gitlab_tag_protection.main": visit complete
2021-06-01T11:30:25.896+1000 [TRACE] vertex "gitlab_branch_protection.main[\"master\"]": visit complete
2021-06-01T11:30:25.896+1000 [TRACE] vertex "gitlab_branch_protection.main": dynamic subgraph completed successfully
2021-06-01T11:30:25.896+1000 [TRACE] vertex "gitlab_branch_protection.main": visit complete
2021-06-01T11:30:25.896+1000 [TRACE] vertex "gitlab_tag_protection.main": dynamic subgraph completed successfully
2021-06-01T11:30:25.896+1000 [TRACE] vertex "gitlab_tag_protection.main": visit complete
2021-06-01T11:30:25.896+1000 [TRACE] vertex "gitlab_tag_protection.main (expand)": dynamic subgraph completed successfully
2021-06-01T11:30:25.896+1000 [TRACE] vertex "gitlab_tag_protection.main (expand)": visit complete
2021-06-01T11:30:25.896+1000 [TRACE] vertex "gitlab_branch_protection.main (expand)": dynamic subgraph completed successfully
2021-06-01T11:30:25.896+1000 [TRACE] vertex "gitlab_branch_protection.main (expand)": visit complete
2021-06-01T11:30:25.896+1000 [TRACE] dag/walk: upstream of "provider[\"registry.terraform.io/gitlabhq/gitlab\"] (close)" errored, so skipping
...
2021-06-01T11:30:26.454+1000 [TRACE] vertex "provider[\"registry.terraform.io/hashicorp/null\"] (close)": starting visit (*terraform.graphNodeCloseProvider)
2021-06-01T11:30:26.454+1000 [TRACE] dag/walk: upstream of "meta.count-boundary (EachMode fixup)" errored, so skipping
2021-06-01T11:30:26.454+1000 [TRACE] GRPCProvider: Close
2021-06-01T11:30:26.454+1000 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2021-06-01T11:30:26.456+1000 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/hashicorp/null/3.1.0/darwin_amd64/terraform-provider-null_v3.1.0_x5 pid=3606
2021-06-01T11:30:26.456+1000 [DEBUG] provider: plugin exited
2021-06-01T11:30:26.456+1000 [TRACE] vertex "provider[\"registry.terraform.io/hashicorp/null\"] (close)": visit complete
2021-06-01T11:30:26.456+1000 [TRACE] dag/walk: upstream of "root" errored, so skipping
2021-06-01T11:30:26.456+1000 [INFO]  backend/local: plan operation completed
╷
│ Error: couldn't read approval configuration: GET https://gitlab.com/api/v4/projects/25898445/approvals: 403 {message: 403 Forbidden}
│
│   with gitlab_project_level_mr_approvals.main,

Panic Output

NA

Expected Behavior

Approvals are fetched correctly and execution does not break.

Actual Behavior

API call fails with:

Error: couldn't read approval configuration: GET https://gitlab.com/api/v4/projects/25898445/approvals: 403 {message: 403 Forbidden}

Steps to Reproduce

1. Create a new gitlab_project with archived to false and configuration as above. Add gitlab_project_level_mr_approvals associated to that project.
2. Run terraform apply
3. Archive the project by setting archived to true
4. Run terraform plan

Important Factoids

• Browsing to the appovals using the UI works as expected.

References

Issues linked:

• gitlab#27934 (closed)