Problem
Attempts to create a GitLab.com or GitLab EE/CE VCS provider in the Terraform Enterprise UI fail with the following validation error:
Must be a 64-character alphanumeric string.
Prerequisites
- Terraform Enterprise < v202310-1
- GitLab.com or GitLab EE/CE VCS provider
Cause
GitLab changed its token format in September 2023 to have a prefix of gloas-, taking the total number of characters from 64 to 70. Terraform Enterprise contains UI validation which enforces the length of the client secret provided in the Secret field. This validation has been updated to take this new token format into account, however this change is not included in releases prior to v202310-1.
Solutions
There are two workarounds for users on releases < 202310-1.
- Create the VCS provider through the Create an OAuth Client API or the tfe provider. See an example payload below for configuring OAuth authentication. Note that the VCS provider will need to be connected in the Terraform Enterprise UI post-creation.
{
The connection can also be made using a personal access token, which can be provided as the value of
"data": {
"type": "oauth-clients",
"attributes": {
"service-provider": "gitlab_hosted",
"http-url": "https://gitlab.com",
"api-url": "https://gitlab.com/api/v4",
"key": "<GITLAB_APPLICATION_ID>",
"secret": "<GITLAB_APPLICATION_SECRET>"
}
}
}data.attributes.oauth-token-string. - Create the VCS provider in the UI, but omit the
gloas-prefix and save the provider. The initial OAuth authentication flow will fail, however the VCS provider can be edited thereafter and provided the correct 70-character client secret and then manually connected, as this validation is not run on updates.
Additional Information
If you continue to experience issues, please contact HashiCorp Support.