Can't save ARM_SAS_TOKEN to gitlab_group_variable

Created by: rnt

Hi there,

I want to generate a Azure SAS Token and save it as variable in a gitlab group.

The creation of the token with the object azurerm_storage_account_sas is working fine, but when try to save value in the gitlab group, I get an error from the gitlab API.

Terraform Version

Terraform/1.0.5 gitlabhq/gitlab 3.7.0

Affected Resource(s)

• gitlab_group_variable

Terraform Configuration Files

[...]

data "azurerm_storage_account_sas" "common" {
  connection_string = azurerm_storage_account.common.primary_connection_string
  https_only        = true

  resource_types {
    service   = true
    container = true
    object    = true
  }

  services {
    blob  = true
    queue = false
    table = false
    file  = false
  }

  start  = timestamp()
  expiry = timeadd(timestamp(), "24h")

  permissions {
    read    = true
    write   = true
    delete  = true
    list    = true
    add     = true
    create  = true
    update  = true
    process = true
  }
}

resource "gitlab_group_variable" "common" {
  group     = 588
  key       = "ARM_SAS_TOKEN_${azurerm_storage_account.common.name}_${azurerm_storage_container.cloudflare.name}"
  value     = data.azurerm_storage_account_sas.cloudflare.sas
  protected = false
  masked    = true
}

Debug Output

https://gist.github.com/rnt/4722a5b9c1b6f2a05438e29cd148781d

Expected Behavior

Payload sent to the API is as follows, so in the secret_value field, the encoding of the & characters is not \u0026.

Since the token

?00=0000-00-00&00=0&000=000&00=00000000&00=0000-00-00000:00:000&00=0000-00-00000:00:000&000=00000&000=00000000000000000%000000000000000000000000000%00

is being encoded in the form

?00=0000-00-00\u002600=0\u0026000=000\u002600=00000000\u002600=0000-00-00000:00:000\u002600=0000-00-00000:00:000\u0026000=00000\u0026000=%000000000000000000000000000000%000000000000000%00

{
  "variables_attributes": [
    {
      "variable_type": "env_var",
      "key": "ARM_SAS_TOKEN_test_test",
      "secret_value": "?00=0000-00-00&00=0&000=000&00=00000000&00=0000-00-00000:00:000&00=0000-00-00000:00:000&000=00000&000=00000000000000000%000000000000000000000000000%00",
      "masked": "false",
      "environment_scope": "*",
      "protected": "false"
    }
  ]
}

Actual Behavior

The change fail with:

╷
│ Error: POST https://gitlab.example.com/api/v4/groups/588/variables: 400 {message: {value: [is invalid]}}
│ 
│   with gitlab_group_variable.common,
│   on common.tf line 72, in resource "gitlab_group_variable" "common":
│   72: resource "gitlab_group_variable" "common" {
│ 
╵

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. Create a SAS TOKEN or set the string ?00=0000-00-00&00=0&000=000&00=00000000&00=0000-00-00000:00:000&00=0000-00-00000:00:000&000=00000&000=00000000000000000%000000000000000000000000000%00 to store in gitlab_group_variable.
2. terraform apply