gitlab_instance_service_account api error when not specifying username

It seems when no username (this is optional so valid) is configured in the gitlab_instance_service_account resource an empty string is sent to the gitlab api. This isn't a valid username and the api returns a 400.

Example resource:

resource "gitlab_instance_service_account" "example_sa" {
  name     = "example-name"
  group    = 123456
}

Apply failure output:

│ Unable to create service account: POST
│ https://gitlab.com/api/v4/groups/XXXXXXXX/service_accounts: 400 {message:
│ 400 Bad request - Username can't be blank, Username can't be blank,
│ Username can only include non-accented letters, digits, '_', '-' and '.'.
│ It must not start with '-', '_', or '.', nor end with '-', '_', '.',
│ '.git', or '.atom'., Username can contain only letters, digits, '_', '-'
│ and '.'. Cannot start with '-' or end in '.', '.git' or '.atom'., Username
│ is too short (minimum is 2 characters), and Username is too short (minimum
│ is 1 character)}

I think the bug is located here:

https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/blob/97bff1a023b8372ee6ddb93a4b4e7ff6aee5e57f/internal/provider/resource_gitlab_group_service_account.go#L123

It seems username being not being specified will use the default string value in Go.

This is probably the same for the name attribute which is also optional.

provider version: 18.1.1
tf version: 1.6.2

Edited Jul 16, 2025 by Matt Brown