Bugfix: gitlab_tag_protection reads incorrect create_access_level
requested to merge gitlab-community/terraform-provider-gitlab:bugfix-tagprotection-accesslevel into main
Upon the following use case I ran into this issue.
In Terraform I added tag protection for v.*.*.*
and only want this one use to be able to create the tags.
resource "gitlab_tag_protection" "versions_sr" {
project = REDACTED
tag = "v*.*.*"
create_access_level = "no one"
allowed_to_create {
user_id = REDACTED
}
}
After creating this resource, the response of GET /projects/:id/protected_tags
looks like this:
[
{
"name": "v*.*.*",
"create_access_levels": [
{
"id": REDACTED,
"access_level": 40,
"access_level_description": REDACTED,
"deploy_key_id": null,
"user_id": REDACTED,
"group_id": null
},
{
"id": REDACTED,
"access_level": 0,
"access_level_description": "No one",
"deploy_key_id": null,
"user_id": null,
"group_id": null
}
]
}
]
The first item in "create_access_levels" in this case is the user from allowed_to_create
and the second item is from create_access_level
.
Current implementation wrongly assumes that create_access_level
is the one from the first item in the list, which is not the case. It should be the entry where both user_id
and group_id
is empty.
This bug causes Terraform to forcefully replace the resource on every run.
-/+ resource "gitlab_tag_protection" "versions_sr" {
~ create_access_level = "maintainer" -> "no one" # forces replacement
~ id = "[REDACTED]:v*.*.*" -> (known after apply)
# (2 unchanged attributes hidden)
- allowed_to_create {
- access_level = "maintainer" -> null
- access_level_description = REDACTED -> null
- group_id = 0 -> null
- user_id = REDACTED -> null
}
+ allowed_to_create {
+ access_level = (known after apply)
+ access_level_description = (known after apply)
+ user_id = REDACTED
}
}
Edited by Pascal Roose