Error when changing group/project membership from custom role to normal role

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Collaborate/take over this issue

Bug Report

After creating a group/project membership with one of the resources gitlab_group_membership or gitlab_project_membership with a custom role (adding the member_role_id) attribute, then later replacing the custom role with a normal role, terraform plan/apply does not change the role in GitLab.

I noticed when using the resource gitlab_group_share_group that means, sharing a group with a another group. Using the same scenario described above, the provider forces the replacement of the resource. So it recreates it with the correct role.

Relevant Terraform Configuration

Create a group/project membership using a custom role.

resource "gitlab_group_membership" "test" {
  group_id     = 123
  user_id      = 456
  access_level = "developer"
  member_role_id = 11
}

After applying it, remove the member_role_id.

resource "gitlab_group_membership" "test" {
  group_id     = 123
  user_id      = 456
  access_level = "developer"
}

Run terraform plan/apply and nothing happens here.

Additional Details

• GitLab Terraform Provider Version: v18.3.0
• GitLab Instance Version: v18.4.1-ee
• Terraform Version: v1.9.6
• License Tier: Ultimate

Implementation Guide

• To fix resource gitlab_project_membership:
  • Resource code is in internal/provider/sdk/resource_gitlab_project_membership.go.
  • In the gitlabProjectMembershipSchemaV1 function, amend the entry for member_role_id to have an additional field ForceNew: true,. This will mean if the value changes or is removed, it will force the resource to recreate itself.
  • Resource test code is in internal/provider/sdk/resource_gitlab_project_membership_test.go.
  • Add a new test step to TestAccGitlabProjectMembership_UseCustomRole test function that tries to remove the member_role_id and asserts the value is not set afterwards.
• To fix resource gitlab_group_membership:
  • Resource code is in internal/provider/resource_gitlab_group_membership.go.
  • In the Schema function, amend the entry for member_role_id to have a RequiresReplace plan modifier like user_id.
  • Resource test code is in internal/provider/resource_gitlab_group_membership_test.go.
  • Add a new test step to TestAccGitlabGroupMembership_useCustomRole test function that tries to remove the member_role_id and asserts the value is not set afterwards.