Skip to content

Error when using gitlab_group_membership Resource

Bug Report

Starting with GitLab Terraform Provider v17.9.0 (continuing in v17.10.0), there is a bug in the gitlab_group_membership Resource which prevents users from creating group owners. The provider attempts to change the member_role_id attribute to null when executing resource "gitlab_group_membership" "owner" for existing group memberships. This causes a 403 Forbidden error when applying, making it impossible to update any GitLab group memberships or create group owners using Terraform. The provider worked correctly in version 17.8.0.

Relevant Terraform Configuration

resource "gitlab_group_membership" "owner" {
  group_id     = var.group_id
  user_id      = var.user_id
  access_level = "owner"
}

Relevant Terraform Command

terraform plan
terraform apply

Relevant Log Output

Plan output showing unwanted change:

gitlab_group_membership.owner["group|username"] will be updated in-place
~ resource "gitlab_group_membership" "owner" {
      id                            = "123:456"
    - member_role_id                = 0 -> null
      # (5 unchanged attributes hidden)
  }

Apply error:

Error updating GitLab group membership
with gitlab_group_membership.owner["group|username"],
on groups.tf line 44, in resource "gitlab_group_membership" "owner":
44: resource "gitlab_group_membership" "owner" {
Error updating GitLab group membership: PUT https://gitlab.example.com/api/v4/groups/123/members/456: 403 {message: 403 Forbidden}

Additional Details

  • GitLab Terraform Provider Version: `17.9.0`
  • GitLab Instance Version: `17.9.2`
  • Issue occurs in GitLab Terraform Provider v17.9.0 and v17.10.0
  • Problem has been verified on two separate GitLab instances
  • The API token has the correct permissions and scopes
  • The same code used to work on version 17.8.0