Troubleshooting the Terraform integration with GitLab
When you are using the integration with Terraform and GitLab, you might experience issues you need to troubleshoot.
gitlab_group_share_group
resources not detected when subgroup state is refreshed
The GitLab Terraform provider can fail to detect existing gitlab_group_share_group
resources
due to the issue "User with permissions cannot retrieve share_with_groups
from the API".
This results in an error when running terraform apply
because Terraform attempts to recreate an
existing resource.
For example, consider the following group/subgroup configuration:
parent-group
├── subgroup-A
└── subgroup-B
Where:
- User
user-1
createsparent-group
,subgroup-A
, andsubgroup-B
. -
subgroup-A
is shared withsubgroup-B
. - User
terraform-user
is member ofparent-group
with inheritedowner
access to both subgroups.
When the Terraform state is refreshed, the API query GET /groups/:subgroup-A_id
issued by the provider does not return the
details of subgroup-B
in the shared_with_groups
array. This leads to the error.
To workaround this issue, make sure to apply one of the following conditions:
- The
terraform-user
creates all subgroup resources. - Grant Maintainer or Owner role to the
terraform-user
user onsubgroup-B
. - The
terraform-user
inherited access tosubgroup-B
andsubgroup-B
contains at least one project.
latest
base template
Invalid CI/CD syntax error when using the On GitLab 14.2 and later, you might get a CI/CD syntax error when using the
latest
Base Terraform template:
include:
- template: Terraform/Base.latest.gitlab-ci.yml
my-Terraform-job:
extends: .init
The base template's jobs were renamed with better Terraform-specific names. To resolve the syntax error, you can:
-
Use the stable
Terraform/Base.gitlab-ci.yml
template, which has not changed. -
Update your pipeline configuration to use the new job names in
https://gitlab.com/gitlab-org/gitlab/-/tree/master/lib/gitlab/ci/templates/Terraform/Base.latest.gitlab-ci.yml
. For example:include: - template: Terraform/Base.latest.gitlab-ci.yml my-Terraform-job: extends: .terraform:init # The updated name.