Add ownership check for policies (!2593) · Merge requests · GitLab.org / GitLab Terraform Provider

Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA. As a benefit of being a GitLab Community Contributor, you receive complimentary access to GitLab Duo.

Security policy attachments require the Owner role on the group or project, and fail silently if the role is missing. Instead of returning a http 403, they return a http 200 and simply don't apply the change. This leads to confusion for end users.

This MR adds a check during ModifyPlan (it can't run during ValidateConfig because the client isn't initialized yet) that checks to determine if the current user is an owner on the group or project, and errors early if they are not. Since the policies apply async, this MR also adds a read-after-write check to determine if the policy is in place before proceeding.

Edited Jul 24, 2025 by Patrick Rice

Add ownership check for policies

Merge request reports