when set to true pre_receive_secret_detection_enabled keeps getting planned and applied but does not actually enable the feature on a project

Bug Report

We've noticed projects keep getting a suggested planned change in regards of pre_receive_secret_detection_enabled. The parameter is set to true on all of our Projects (default) in Terraform.

After planning and "successfully" applying the feature is still not enabled on the projects. A subsequent plan shows it's still waiting to apply the false->true action on this project feature.

After a "succesfull" apply the Terraform state also shows this feature as false for the relevant projects.

When we manually enable "Secret push protection" on a Project and let the plan/apply run, the logs show it wants to change the feature from false->true (because of current tf state) and after finishing the apply the feature is actually getting disabled on the project.

Could this be related to https://docs.gitlab.com/ee/update/deprecations.html#rest-api-endpoint-pre_receive_secret_detection_enabled-is-deprecated?

We are not seeing this on all of our projects but cannot confirm what's the main difference. It appears projects created the last couple of days are correctly applied.

Relevant Terraform Configuration

Running OpenTofu pipeline on gitlab.com to provision our GitLab group.

Relevant Terraform Command

tofu plan
tofu apply

Relevant Log Output

  # module.team_x.module.team_repository.gitlab_project.project will be updated in-place
  ~ resource "gitlab_project" "project" {
        id                                               = "xxxxxxxx"
        name                                             = "xxxxxxxx"
      ~ pre_receive_secret_detection_enabled             = false -> true
        tags                                             = []
        # (77 unchanged attributes hidden)
        # (2 unchanged blocks hidden)
    }

[1mmodule.prisma_team.module.xxxxxxxx.gitlab_project.project: Modifying... [id=xxxxxxxxx][0m[0m
2025-02-14T12:24:22.991Z [DEBUG] provider.terraform-provider-gitlab_v17.8.0: [DEBUG] update gitlab project xxxxxxxxx: tf_provider_addr=registry.terraform.io/gitlabhq/gitlab tf_req_id=001131da-a078-48d7-eeb1-9b9c4d2863d9 tf_resource_type=gitlab_project tf_mux_provider=tf5to6server.v5tov6Server @module=gitlab tf_rpc=ApplyResourceChange @caller=gitlab.com/gitlab-org/terraform-provider-gitlab/internal/provider/sdk/resource_gitlab_project.go:1625 timestamp=2025-02-14T12:24:22.991Z
2025-02-14T12:24:22.992Z [DEBUG] provider.terraform-provider-gitlab_v17.8.0: Sending HTTP Request: @caller=github.com/hashicorp/terraform-plugin-sdk/v2@v2.35.0/helper/logging/logging_http_transport.go:160 Accept=application/json Authorization="Bearer glpat-[MASKED]" tf_http_req_version=HTTP/1.1 tf_http_req_method=PUT Accept-Encoding=gzip Content-Type=application/json Host=gitlab.com User-Agent="Terraform/1.9.0 (+https://www.terraform.io) Terraform-Plugin-SDK/2.35.0 terraform-provider-gitlab/17.8.0" new_logger_warning="This log was generated by a subsystem logger that wasn't created before being used. Use tflog.NewSubsystem to create this logger before it is used." tf_http_req_body="{\"name\":\"xxxxxxxx\"}" @module=gitlab.GitLab Content-Length=18 tf_http_req_uri=/api/v4/projects/xxxxxxxxx tf_http_op_type=request tf_http_trans_id=b5cc15a3-c40b-b381-50bb-afbfb3177823 timestamp=2025-02-14T12:24:22.992Z
2025-02-14T12:24:23.359Z [DEBUG] provider.terraform-provider-gitlab_v17.8.0: Received HTTP Response: Content-Security-Policy="default-src 'none'" Gitlab-Sv=api-gke-us-east1-b X-Frame-Options=SAMEORIGIN Date="Fri, 14 Feb 2025 12:24:23 GMT" Content-Type=application/json Referrer-Policy=strict-origin-when-cross-origin Report-To="{\"endpoints\":[{\"url\":\"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P9jDNrOgFdrJN1ZjvkfDCNX4GBH4u3bvFlZuLNA1F1EguQUOrib24Ictv%2FGU1J%2F1yh6R4D5KXxj7hIzw9098WBG5Av8hAjyap%2BwhZhXrBWQ8X3LeO%2BON3UwZZWo%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}" tf_http_res_version=HTTP/2.0 Etag="W/\"9e1bec042d76ab36448dff90cb6d4b88\"" Nel="{\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}" Strict-Transport-Security=max-age=31536000 Vary="Origin, Accept-Encoding" tf_http_res_status_code=200 @module=gitlab.GitLab X-Request-Id=3d7199540fe0ca34af10a076d306f067 tf_http_op_type=response tf_http_res_body="{\"id\":xxxxxxxx,\"description\":\"xxxxxxxx repository used by team Prisma\",\"name\":\"xxxxxxxx\",\"name_with_namespace\":\"Sqills / Development / Prisma / Projects / xxxxxxxx\",\"path\":\"xxxxxxxx\",\"path_with_namespace\":\"sqills/development/prisma/projects/xxxxxxxx\",\"created_at\":\"2025-01-17T14:52:14.866Z\",\"default_branch\":\"main\",\"tag_list\":[],\"topics\":[],\"ssh_url_to_repo\":\"git@gitlab.com:sqills/development/prisma/projects/xxxxxxxx.git\",\"http_url_to_repo\":\"https://gitlab.com/sqills/development/prisma/projects/xxxxxxxx.git\",\"web_url\":\"https://gitlab.com/sqills/development/prisma/projects/xxxxxxxx\",\"readme_url\":\"https://gitlab.com/sqills/development/prisma/projects/xxxxxxxx/-/blob/main/README.md\",\"forks_count\":0,\"avatar_url\":null,\"star_count\":1,\"last_activity_at\":\"2025-02-07T12:24:34.425Z\",\"namespace\":{\"id\":100829546,\"name\":\"Projects\",\"path\":\"projects\",\"kind\":\"group\",\"full_path\":\"sqills/development/prisma/projects\",\"parent_id\":100829541,\"avatar_url\":null,\"web_url\":\"https://gitlab.com/groups/sqills/development/prisma/projects\"},\"container_registry_image_prefix\":\"registry.gitlab.com/sqills/development/prisma/projects/xxxxxxxx\",\"_links\":{\"self\":\"https://gitlab.com/api/v4/projects/xxxxxxxx\",\"merge_requests\":\"https://gitlab.com/api/v4/projects/xxxxxxxx/merge_requests\",\"repo_branches\":\"https://gitlab.com/api/v4/projects/xxxxxxxx/repository/branches\",\"labels\":\"https://gitlab.com/api/v4/projects/xxxxxxxx/labels\",\"events\":\"https://gitlab.com/api/v4/projects/xxxxxxxx/events\",\"members\":\"https://gitlab.com/api/v4/projects/xxxxxxxx/members\",\"cluster_agents\":\"https://gitlab.com/api/v4/projects/xxxxxxxx/cluster_agents\"},\"packages_enabled\":true,\"empty_repo\":false,\"archived\":false,\"visibility\":\"private\",\"resolve_outdated_diff_discussions\":false,\"container_expiration_policy\":{\"cadence\":\"1d\",\"enabled\":false,\"keep_n\":10,\"older_than\":\"90d\",\"name_regex\":\".*\",\"name_regex_keep\":null,\"next_run_at\":\"2025-01-18T14:52:14.901Z\"},\"repository_object_format\":\"sha1\",\"issues_enabled\":false,\"merge_requests_enabled\":true,\"wiki_enabled\":false,\"jobs_enabled\":true,\"snippets_enabled\":true,\"container_registry_enabled\":true,\"service_desk_enabled\":true,\"can_create_merge_request_in\":true,\"issues_access_level\":\"disabled\",\"repository_access_level\":\"enabled\",\"merge_requests_access_level\":\"enabled\",\"forking_access_level\":\"enabled\",\"wiki_access_level\":\"disabled\",\"builds_access_level\":\"enabled\",\"snippets_access_level\":\"enabled\",\"pages_access_level\":\"disabled\",\"analytics_access_level\":\"enabled\",\"container_registry_access_level\":\"enabled\",\"security_and_compliance_access_level\":\"private\",\"releases_access_level\":\"enabled\",\"environments_access_level\":\"enabled\",\"feature_flags_access_level\":\"enabled\",\"infrastructure_access_level\":\"enabled\",\"monitor_access_level\":\"enabled\",\"model_experiments_access_level\":\"enabled\",\"model_registry_access_level\":\"enabled\",\"emails_disabled\":false,\"emails_enabled\":true,\"shared_runners_enabled\":false,\"lfs_enabled\":true,\"creator_id\":xxxxxxxx,\"import_url\":\"\",\"import_type\":\"bitbucket_server\",\"import_status\":\"finished\",\"import_error\":null,\"description_html\":\"\u003cp data-sourcepos=\\"1:1-1:38\\" dir=\\"auto\\"\u003exxxxxxxx repository used by team Prisma\u003c/p\u003e\",\"updated_at\":\"2025-02-07T12:24:34.425Z\",\"ci_default_git_depth\":20,\"ci_delete_pipelines_in_seconds\":null,\"ci_forward_deployment_enabled\":true,\"ci_forward_deployment_rollback_allowed\":true,\"ci_job_token_scope_enabled\":false,\"ci_separated_caches\":true,\"ci_allow_fork_pipelines_to_run_in_parent_project\":true,\"ci_id_token_sub_claim_components\":[\"project_path\",\"ref_type\",\"ref\"],\"build_git_strategy\":\"fetch\",\"keep_latest_artifact\":true,\"restrict_user_defined_variables\":true,\"ci_pipeline_variables_minimum_override_role\":\"developer\",\"runners_token\":null,\"runner_token_expiration_interval\":null,\"group_runners_enabled\":true,\"auto_cancel_pending_pipelines\":\"enabled\",\"build_timeout\":3600,\"auto_devops_enabled\":false,\"auto_devops_deploy_strategy\":\"continuous\",\"ci_push_repository_for_job_token_allowed\":false,\"ci_config_path\":\"\",\"public_jobs\":true,\"shared_with_groups\":[],\"only_allow_merge_if_pipeline_succeeds\":true,\"allow_merge_on_skipped_pipeline\":false,\"request_access_enabled\":true,\"only_allow_merge_if_all_discussions_are_resolved\":true,\"remove_source_branch_after_merge\":true,\"printing_merge_request_link_enabled\":true,\"merge_method\":\"rebase_merge\",\"squash_option\":\"default_on\",\"enforce_auth_checks_on_uploads\":true,\"suggestion_commit_message\":\"\",\"merge_commit_template\":null,\"squash_commit_template\":null,\"issue_branch_template\":null,\"warn_about_potentially_unwanted_characters\":true,\"autoclose_referenced_issues\":true,\"max_artifacts_size\":null,\"approvals_before_merge\":0,\"mirror\":false,\"external_authorization_classification_label\":\"\",\"marked_for_deletion_at\":null,\"marked_for_deletion_on\":null,\"requirements_enabled\":true,\"requirements_access_level\":\"enabled\",\"security_and_compliance_enabled\":true,\"secret_push_protection_enabled\":null,\"pre_receive_secret_detection_enabled\":null,\"compliance_frameworks\":[\"ISO 27001\"],\"merge_requests_template\":\"\",\"ci_restrict_pipeline_cancellation_role\":\"developer\",\"merge_pipelines_enabled\":true,\"merge_trains_enabled\":false,\"merge_trains_skip_train_allowed\":false,\"only_allow_merge_if_all_status_checks_passed\":false,\"allow_pipeline_trigger_approve_deployment\":false,\"prevent_merge_without_jira_issue\":true}" Server=cloudflare Set-Cookie="_cfuvid=4lEwVJXbtw1IkmD_u6E.ITZTKXzIglHE2cDFdZ.Jda8-1739535863358-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None" X-Gitlab-Meta="{\"correlation_id\":\"3d7199540fe0ca34af10a076d306f067\",\"version\":\"1\"}" Cf-Cache-Status=DYNAMIC X-Content-Type-Options=nosniff X-Runtime=0.247337 new_logger_warning="This log was generated by a subsystem logger that wasn't created before being used. Use tflog.NewSubsystem to create this logger before it is used." tf_http_res_status_reason="200 OK" tf_http_trans_id=b5cc15a3-c40b-b381-50bb-afbfb3177823 @caller=github.com/hashicorp/terraform-plugin-sdk/v2@v2.35.0/helper/logging/logging_http_transport.go:160 Cache-Control="max-age=0, private, must-revalidate" Cf-Ray=911d08e7bec3dc98-FRA Gitlab-Lb=haproxy-main-42-lb-gprd timestamp=2025-02-14T12:24:23.359Z
module.team_x.module.team_repository.gitlab_project.project: Modifications complete after 3s [id=xxxxxxxx]

2025-02-14T12:24:22.711Z [WARN]  Provider "provider[\"registry.opentofu.org/gitlabhq/gitlab\"]" produced an unexpected new value for module.team_x.module.terraform.gitlab_project.project, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .pre_receive_secret_detection_enabled: was cty.True, but now cty.False

Additional Details

GitLab Terraform Provider Version: 17.8.0
GitLab Instance Version: Gitlab.com
OpenTofu Version: 1.9.0

Edited Feb 14, 2025 by Hans Homan