Cookie File Support for self-managed GitLab instances with additional authentication controls
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Problem
Some GitLab deployments have additional in-line authentication controls on their endpoints that prevent the standard token-based Terraform provider from working. These instances require session cookies to be passed with requests, which are obtained through external login flow. For example, all requests must go through a web browser friendly authentication IdP passthrough before they reach the GitLab instance that also supports signed cookies.
Users with this constraint currently cannot use the Terraform provider with these deployments: in this case, they'd normally pass a cookiejar file; for example this would work
curl -c ~/.config/gitlab-cookies.txt -b ~/.config/gitlab-cookies.txt \
-L "https://$GITLAB_URL/api/v4/user" --header "Authorization: Bearer $GITLAB_TOKEN"But currently have no way to provide these cookies to the Terraform provider.
Proposed Solution
I'd like to suggest adding an optional cookie jar file support to the provider configuration, similar to how curl and other HTTP clients handle authentication cookies. This would enable the provider to work with GitLab instances that have additional authentication controls while being a no-op when unset.
provider "gitlab" {
base_url = "https://gitlab.example.com"
cookie_file = "~/.config/gitlab-cookies.txt"
token = var.gitlab_pat
}I'm happy to do this work if it's something you'd be open to!