From 20b32a8f4660c88dd99d67760798ef640ea9dc02 Mon Sep 17 00:00:00 2001 From: FabrizioCafolla Date: Wed, 8 Oct 2025 17:22:07 +0200 Subject: [PATCH 1/3] refs platform/board#3920: check if membership exist --- main.tf | 4 ++++ outputs.tf | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/main.tf b/main.tf index 122db62..2ce0a9b 100644 --- a/main.tf +++ b/main.tf @@ -91,6 +91,10 @@ resource "gitlab_project" "project" { namespace_id = var.operate_at_root_group_level ? data.gitlab_group.root_namespace.group_id : data.gitlab_group.parent_group[0].group_id } +data "gitlab_project_membership" "this" { + project_id = local.project_id +} + resource "gitlab_project_membership" "project" { count = var.autoassign_current_user_as_maintainer ? 1 : 0 project = local.project_id diff --git a/outputs.tf b/outputs.tf index 6549bce..7223439 100644 --- a/outputs.tf +++ b/outputs.tf @@ -44,3 +44,7 @@ output "gitlab_parent_group_auto_detected" { value = local.auto_detect_parent } +output "gitlab_project_memberships" { + description = "List of current user memberships in the Gitlab project where the Gitlab Agents are installed." + value = data.gitlab_project_membership.this.members +} \ No newline at end of file From 89063692536791fb797e7b43563f269a1af57ba6 Mon Sep 17 00:00:00 2001 From: FabrizioCafolla Date: Wed, 8 Oct 2025 17:40:59 +0200 Subject: [PATCH 2/3] update --- README.md | 8 ++++++++ main.tf | 4 +++- outputs.tf | 5 ----- 3 files changed, 11 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 3fa9d9a..bfb131c 100644 --- a/README.md +++ b/README.md @@ -75,6 +75,14 @@ provider "gitlab" { **ATTENTION:** as described in the [Gitlab provider documentation](https://registry.terraform.io/providers/gitlabhq/gitlab/latest/docs), the `CI_JOB_TOKEN` could cause issues when used as `token` for the Gitlab provider. For this module in particular, the `gitlab_cluster_agent` and `gitlab_cluster_agent_token` resources require authorization to access to the `/users` Gitlab API endpoint, which is not granted by the `CI_JOB_TOKEN`. You have to use a Gitlab personal access token with the `api` scope to authenticate the provider. +## GitLab Agents user membership + +The current user used by the provider is automatically added as `maintainer` to the "GitLab Agents" project. If you don't want this behavior, just set the variable `var.autoassign_current_user_as_maintainer` to `false`. + +Adding the user as `maintainer` to the newly created project ensures they have the permissions to commit and push to it. + +**ATTENTION:** If the current user is already added to the project but with a different role than `maintainer`, the apply will fail saying that a membership already exists + ## Providers diff --git a/main.tf b/main.tf index 2ce0a9b..32594c1 100644 --- a/main.tf +++ b/main.tf @@ -51,6 +51,8 @@ locals { (var.gitlab_agent_variable_name_agent_id) : gitlab_cluster_agent.this.name, (var.gitlab_agent_variable_name_agent_project) : local.project_path_with_namespace, } + + current_user_is_maintainer_of_project = length([for member in data.gitlab_project_membership.this.members : member if member.id == data.gitlab_current_user.this.id && member.access_level == "maintainer"]) > 0 } # Gitlab resources @@ -96,7 +98,7 @@ data "gitlab_project_membership" "this" { } resource "gitlab_project_membership" "project" { - count = var.autoassign_current_user_as_maintainer ? 1 : 0 + count = var.autoassign_current_user_as_maintainer && ! local.current_user_is_maintainer_of_project ? 1 : 0 project = local.project_id user_id = data.gitlab_current_user.this.id access_level = "maintainer" diff --git a/outputs.tf b/outputs.tf index 7223439..c7210ef 100644 --- a/outputs.tf +++ b/outputs.tf @@ -43,8 +43,3 @@ output "gitlab_parent_group_auto_detected" { description = "Whether the parent group was automatically detected." value = local.auto_detect_parent } - -output "gitlab_project_memberships" { - description = "List of current user memberships in the Gitlab project where the Gitlab Agents are installed." - value = data.gitlab_project_membership.this.members -} \ No newline at end of file From 8e6ebabb5c4283ee06c237800d72965e21042e09 Mon Sep 17 00:00:00 2001 From: FabrizioCafolla Date: Wed, 8 Oct 2025 17:49:21 +0200 Subject: [PATCH 3/3] update --- main.tf | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/main.tf b/main.tf index 32594c1..91fdfca 100644 --- a/main.tf +++ b/main.tf @@ -87,18 +87,19 @@ data "gitlab_project" "enabled_projects" { path_with_namespace = each.value } +# Data source to get all the memberships for the project +data "gitlab_project_membership" "this" { + project_id = local.project_id +} + resource "gitlab_project" "project" { count = local.use_existing_project == 0 ? 1 : 0 name = var.gitlab_project_name namespace_id = var.operate_at_root_group_level ? data.gitlab_group.root_namespace.group_id : data.gitlab_group.parent_group[0].group_id } -data "gitlab_project_membership" "this" { - project_id = local.project_id -} - resource "gitlab_project_membership" "project" { - count = var.autoassign_current_user_as_maintainer && ! local.current_user_is_maintainer_of_project ? 1 : 0 + count = var.autoassign_current_user_as_maintainer && !local.current_user_is_maintainer_of_project ? 1 : 0 project = local.project_id user_id = data.gitlab_current_user.this.id access_level = "maintainer"