Add group_saml_identity to gitlab_group_membership

Feature Request: Expose group_saml_identity in gitlab_group_membership data source

Problem

The GitLab API returns group_saml_identity.extern_uid (user's SAML email) in /groups/:id/members/all, but the gitlab_group_membership data source does not expose this field.

This makes it impossible to map SAML emails to GitLab user IDs using native Terraform resources.

Use Case

Integrating external identity providers (e.g., Google Workspace groups) with GitLab requires mapping emails to user IDs for configuring approval rules and permissions.

Current API Response 

{
  "id": 1002003,
  "username": "test",
  "group_saml_identity": {
    "extern_uid": "elia@example.com",
    "provider": "group_saml"
  }
}

Proposed Change

Add group_saml_identity to the members schema in gitlab_group_membership, enabling:

locals {
  email_to_id = {
    for m in data.gitlab_group_membership.example.members :
    m.group_saml_identity.extern_uid => m.id
    if m.group_saml_identity != null
  }
}

Alternatives Considered

  • gitlab_group_provisioned_users: Only returns SCIM-provisioned users, not all SAML-linked users
  • gitlab_users with extern_uid: Requires instance admin privileges (403 on GitLab.com)
  • gitlab_user: Does not expose email/extern_uid for non-admin tokens

Implementation Guide

  • Read the CONTRIBUTING.md guide for setting up your local development environment and clone the community fork of this project.
  • In internal/provider/datasource_gitlab_group_membership.go, add a new field to the schema under the members nested attribute called group_saml_identity of type SingleNestedAttribute.
  • For the group_saml_identity attributes, add the fields extern_uid (string), provider (string) and saml_provider_id (int64).
  • Add an equivalent nested struct to the gitlabGroupMembershipMemberModel struct.
  • Amend flattenGitlabGroupMembers to populate the new fields in the model struct.
  • Usually we would add tests at this point, but it would be difficult to create a test user without a SAML provider.
  • Run make reviewable and raise a merge request with your changes.
Edited by 🤖 GitLab Bot 🤖