gitlab_branch_protection - Doesn't work if default branch protection matches the desired protection level
Created by: kemra102
Terraform Version
$ terraform version
Terraform v1.0.1
on linux_amd64Affected Resource(s)
gitlab_branch_protection
Terraform Configuration Files
resource "gitlab_project" "project" {
name = var.name
path = var.path
description = var.description
namespace_id = var.group_id
default_branch = "main"
...
}
resource "gitlab_branch_protection" "main" {
branch = "main"
merge_access_level = "maintainer"
project = gitlab_project.project.id
push_access_level = "no one"
code_owner_approval_required = true
}Expected Behavior
With the project default set such that the default branch protection is enabled we should be able to create the repo and set the additional options present in the gitlab_branch_protection resource such as code_owner_approval_required.
Actual Behavior
An error stating that the branch protection already exists:
Error: protected branch "main" on project "1234" already exists: {ID: 1234 Name:main PushAccesslevels;[0x0002828a0] MergeAccessLevels:[0xc0002828d0] UnprotectedAccessLevels[] AllowForcePush:false CodeOwnerApprovalRequired:false}For now we are working around this by importing the gitlab_branch_protection then running a terraofrm apply again which re-creates (deletes/creates) the resource correctly.
Important Factoids
The issue (this is an educated guess at best) seems to come down to one important fact, if the project default "default branch" is set to protected and that is in fact the setting we want then we are locked out of configuring other settings on that branch. Setting the project default to NOT have a protected default branch is NOT an option for us as we are subject to very strict security requirements.
References
- GH-667