Add resource and data for project service account (!3099) · Merge requests · GitLab.org / GitLab Terraform Provider

What

Adds gitlab_project_service_account resource and data source, mirroring the existing group and instance variants. Wraps the GitLab REST API for project service accounts.

Why

We already manage group- and instance-level service accounts through the provider, but not project-scoped ones. These are handy when an automation identity should be scoped to a single project — e.g. for project-scoped access tokens — without giving it group-wide visibility.

Resource

project (required, force-replace)
name, username, email — optional, force-replace, GitLab fills in defaults
skip_wait_for_deletion — same escape hatch as the group resource, useful on gitlab.com where deletes are async
timeouts.delete — defaults to 10m
ID is <project>:<service_account_id>
No in-place update; any change forces replacement (matches the API)
Delete calls the project endpoint, then polls GetUser for a 404 to confirm

Data source

Takes project + service_account_id, returns name/username. Paginates ListProjectServiceAccounts since there's no single-resource GET — same pattern
as the group data source.

Tests

Resource: basic, custom email, ensure-recreate, skip_wait_for_deletion. Data source: read + not-found. All gated on EE.

Added CreateProjectServiceAccounts helper alongside the existing group/instance ones.

Docs

Examples + regenerated docs via make generate.

Checklist

Attributes match the API
Examples (*.tf, import.sh)
Create/update/import tests
make reviewable clean

Follow up

I'm curious if this is something we should bake into the provider, or just have the user add gitlab_project_membership themselves. I'll say it was a confusing issue for me debugging why my service account's api PAT wasn't working.

Edited May 22, 2026 by Jimmy Spagnola

Add resource and data for project service account