[TFE] Error creating VCS connection with Gitlab

Problem

When attempting to create a VCS connection to a GitLab CE/EE instance, Terraform Enterprise returns the following error in the UI.

Error There was a problem connecting the OAuth client to the VCS provider. Please verify the URL credentials and permissions of the OAuth application and try again

Cause

This error can occur when Terraform Enterprise is configured to use an outbound proxy and the GitLab instance's hostname is not added to the proxy bypass list. As a result, TFE attempts to route traffic destined for GitLab through the proxy. If the proxy cannot resolve or reach the internal GitLab instance, the connection fails.

Logs from the tfe-atlas container may show a JSON parsing error, because TFE receives an HTML error page from the proxy instead of the expected JSON API response from GitLab.

$ docker logs tfe-atlas

[ERROR] exception=Gitlab::Error::Parsing message=The response is not a valid JSON
## ...

Additionally, logs from the tfe-nginx container may show HTTP 502 Bad Gateway errors for requests related to the GitLab connection.

$ docker logs tfe-nginx

10.160.253.68 - - [17/Feb/2023:14:35:04 +0000] "GET /api/v2/organizations/org_name/workspaces?... HTTP/1.1" 502 552 "https://tfe01-fqdn/app/org-name/workspaces" "Mozilla/5.0..."

Solution

To resolve this issue, you must add the GitLab hostname to the proxy bypass list in the Terraform Enterprise admin console settings. This ensures that TFE connects directly to the GitLab instance instead of routing the request through the outbound proxy.

1. Navigate to the Terraform Enterprise Admin Console at https://<TFE_HOSTNAME>:8800.
2. Select Settings from the top navigation bar.
3. In the Proxy Settings section, add the hostname of your GitLab instance to the Proxy bypass field. You can add multiple hosts as a comma-separated list.
4. Scroll to the bottom of the page and click Save settings.
5. After the configuration is updated, restart the Terraform Enterprise application for the changes to take effect.

Additional Information

• For more details on proxy configuration, please refer to the documentation on reconfiguring the proxy.
• In some cases, you may need to amend the configuration file directly as described in the article TFE Reconfiguring proxy & Proxy issues.