Error Creating workspace with message 'Repository doesn't exist or isn't accessible'

Introduction

When integrating GitLab as a VCS provider in HCP Terraform Cloud, users may encounter the error:

"Repository doesn't exist or isn't accessible"

This typically occurs when attempting to create a new workspace linked to a GitLab Cloud repository, despite following the official documentation.

Problem

This error generally indicates a permissions issue on the GitLab side. Specifically, HCP Terraform is unable to access the specified repository due to insufficient permissions or network-level restrictions.

According to the official documentation, the following conditions must be met for successful repository access:

• The user configuring the VCS provider must have access to the repository.

• When configuring the GitLab OAuth Application, the api scope must be enabled.

Cause

Even if the user creating the workspace is the project or repository owner, GitLab's group-level permissions can take precedence and restrict access. This is especially relevant when IP restrictions are enforced at the group level, which is a feature available only in GitLab's Premium and Ultimate tiers.

Such restrictions can prevent HCP Terraform from accessing the repository unless its IP addresses are explicitly whitelisted.

Solutions:

To resolve the issue, consider the following steps:

1. Verify User Permissions
   Ensure the user has explicit access to the repository. Being the project owner may not be sufficient if group-level restrictions are in place.

2. Check OAuth Application Scope
   When registering the GitLab OAuth Application, ensure the api scope is enabled under the Scopes section. This is required for Terraform Cloud to access the GitLab API.

3. Review Group-Level IP Restrictions
   If IP restrictions are configured at the GitLab group level, ensure the relevant Terraform Cloud IP ranges are whitelisted.

   The current IP addresses that must be whitelisted for successful VCS integration are, please note that it is subject to change:

"10.0.0.1/32",
"192.168.0.1/32",
"172.16.0.1/32"
 

Please note that these addresses are subject to change, and it is recommended to refer to the official documentation for the most up-to-date information.

Outcome

By ensuring proper repository access, correct OAuth scope, and whitelisting required IPs, you should be able to successfully create a VCS connection and associated workspace in HCP Terraform.

Additional Information

• Setting up VCS provider: https://developer.hashicorp.com/terraform/cloud-docs/vcs/gitlab-com

• Ip range that needs to be whitelisted for VCS connection: https://developer.hashicorp.com/terraform/cloud-docs/api-docs/ip-ranges#get-ip-ranges