[Feature Request] gitlab_group setting for custom project templates

[TimKnight-DWP]

Hi there,

We want to set up some Custom Project Templates as per: https://docs.gitlab.com/ee/user/group/custom_project_templates.html, we have a sub-group named "custom-project-templates" sitting just under our root group

From the gitlab docs it states:

• In the left menu for the group, go to Settings > General.
• Expand Custom project templates and select the subgroup.

Ideally we want to set this via Terraform, I can see that similar settings exist on the "gitlab_project" resource as group_with_project_templates_id - however we do not create projects within terraform, solely groups, and we would want these changes to propagate to all existing groups. So that Developers can continue to create projects via the UI, but now when they click "Create from Project Template" they can choose our Custom Templates.

Can a change be made to the "gitlab_group" resource to allow us to set the location of our Custom Project Templates, which would bring it in line with the GitLab docs, which say to set this up on the Group "General" settings?

[armsnyder]

The ask here is to add a new attribute called file_template_project_id to the gitlab_group resource.

API reference: https://docs.gitlab.com/ee/api/groups.html#update-group

[RicePatrick]

I'll take a look at this issue.

[RicePatrick]

@armsnyder | @timofurrer - Curious what your thoughts are on this issue: The create group API doesn't currently expose this template option, whereas the update group API does. Within the resource_gitlab_group create method we don't currently call an update after we create the group.

It's easy enough to include a WaitForState to ensure that the group is created, then call UpdateGroup within the create method if we want (I've seen talk of this on other resources too), but I know that tends to be something we attempt to avoid since it breaks alignment with the upstream API.

If we add this ability, there are some other attributes that I may as well add within the same PR (since they're available in update but not create), such as prevent_forking_outside_group which I know would be nice for folks who use terraform for compliance reasons.

Thoughts?

[armsnyder]

@PatrickRice-KSC Good question! When we talk about aligning with the upstream API, we are looking for an adherence to the the attribute names and structure of the upstream APIs overall. A good rule of thumb is to look at the GET API response body. It's perfectly ok to add attributes that require an additional PUT API call after the initial POST, using the technique you described.

[RicePatrick]

Perfect - I'll get that added

[RicePatrick]

FYI, I'm going to get a PR submitted this weekend, but we won't be able to close this issue right now. While go-gitlab has the ability to pass the value to the Update Group API, it doesn't actually parse and return the value in the response value from the API, so we can't read it within the group read method 😞 : https://github.com/xanzy/go-gitlab/blob/4b55115d169cfb88516554221d9738ce47c960da/groups.go#L36

I'll still stub everything in for it, so it'll be easy for us to enable (and I may submit a PR to the go-gitlab to add it as well to help expedite)

[timofurrer]

Sounds good. When you are saying upstream API are you referencing GitLab here or go-gitlab? Usually, we mean the GitLab API with "upstream" and not go-gitlab ... but yeah, both are kinda in between :D

[RicePatrick]

Sorry about the confusion (edited the comment as well), you're absolutely right that I was referring to go-gitlab.

[RicePatrick]

Submitted https://github.com/xanzy/go-gitlab/pull/1394 to go-gitlab

[RicePatrick]

The go-gitlab PR was merged and tagged, so I'll get this PR moving again.

[RicePatrick]

rebased onto some merge conflicts after testing, so I'll fix those then get the PR opened for this.

[RicePatrick]

Hey All, for those of you not following the PR, there was some confusion around the documentation and how this feature needs to be implemented. See the relevant comment on the PR for the nitty gritty details.

As a result, we're going to take a slightly different approach here of creating a new gitlab_group_level_template resource that will allow you to set the template properties for the group. Even though the API naming suggests that a project is what gets passed into this value, it actually requires a child-level group instead, and attempting to support this within the gitlab_group resource causes a circular dependency in the execution graph when managing all the relevant resources in terraform.

I'll be working on creating a new PR for this issue to create the new resource here yet this week.

(@timofurrer or @armsnyder , may want to update the labels on the issue to reflect this is a new resource now)

[RicePatrick]

OK, I spent several hours last night digging into this and wading around in the API with our licensed account so I could figure out exactly what all needed to be done here, and I think I'm starting to get a good grasp on this.

There are 3 different types of template projects in GitLab:

• Instance Level Templates (I only have access to a licensed SaaS account, so I can't test there)
• Custom Project Templates (Doesn't seem to have any related API resources? That doesn't seem right, still digging here)
• Group Level Project File Templates (which is what's set by the API field referenced here)

While that clears up some of the confusion around the API naming, it doesn't solve the problem noted on the PR. You can only set a project that is a direct child of the group as a file template project, which means we still have the execution loop talked about previously. We have to:

• Create Group
• Create Project within new group's namespace
• Create the linkage between the two

So I'm still digging to make sure I've got this 100% nailed down this time, but good progress forward there.

[TimKnight-DWP]

@PatrickRice-KSC thank you

[RicePatrick]

OK, I've submitted one PR here to implement a new resource for the third bullet above (Group Level Project File Templates), just to keep this moving.

However, I think for the initial request from @TimKnight-DWP we're going to be blocked by the upstream API, I can't for the life of me find an API endpoint for setting Custome Project Templates via the API at a group level. The are a set of API for retrieving instance-level templates related to projects, but I assume based on the APIs that it's listed as replacing that this is self-hosted only, and it's also read-only. I will likely submit an issue to GitLab to see if I just can't find the documentation, or if it's missing from the API.

[RicePatrick]

Hey all! For those of you following this ticket, PR #971 has been merged (flagged for 3.14 release) which adds support for the file_template_project_id via a new resource called gitlab_group_project_file_template. Unfortunately, @TimKnight-DWP , I don't think this completely addresses your original ask, because your original ask was to be able to set a project template on a given group, and I don't think that's well supported by the GitLab API yet. I haven't put in an issue yet to ask them about it (it may just be in an API area I'm not expecting it to be!), but until we get more information there I'll label this issue as blocked since I know the initial ask isn't completely answered yet.

Let me know if anyone has questions!