Cannot use `gitlab_group_service_account_access_token` without instance admin privileges
Bug Report
Creating a gitlab_group_service_account_access_token throws the following error if the gitlab provider token does not have the instance administrator role.
│ Error: Error reading GitLab PersonalAccessToken
│
│ with gitlab_group_service_account_access_token.terraform,
│ on terraform.tf line 7, in resource "gitlab_group_service_account_access_token" "terraform":
│ 7: resource "gitlab_group_service_account_access_token" "terraform" {
│
│ Could not read GitLab PersonalAccessToken, unexpected error: GET https://gitlab.com/api/v4/personal_access_tokens/11020917: 401 {message: 401 Unauthorized}According to the PAT API docs, only an instance admin or the user themselves can GET a PAT. Which makes this resource effectively unusable on, e.g., https://gitlab.com, yeah?
Is there a way around this? Maybe skipping the token read when the provider isn't configured with instance admin access?
Relevant Terraform Configuration
data "gitlab_group" "example" {
full_path = "my-group"
}
resource "gitlab_group_service_account" "terraform" {
group = data.gitlab_group.example.id
name = "terraform"
username = "example-terraform"
}
resource "gitlab_group_service_account_access_token" "terraform" {
group = data.gitlab_group.example.id
user_id = gitlab_group_service_account.terraform.service_account_id
name = "terraform"
scopes = ["api"]
}Relevant Terraform Command
terraform applyRelevant Log Output
These are the debug logs of the `terraform` command output:
Additional Details
- GitLab Terraform Provider Version:
17.5.0 - GitLab Version:
GitLab Enterprise Edition 17.6.0-pre 68dbea38a49 - Terraform Version:
v1.9.2