Gitlab.com VCS Connection with Personal Access Token

Terraform HCP Terraform
1

Hi community,

is there any documentation/example on how to use a VCS connection with gitlab.com by using access tokens (not an OAuth application)?

The documentation states:

Note: Alternately, you can skip the OAuth configuration process and authenticate with a personal access token. This requires using Terraform Cloud’s API. For details, see the OAuth Clients API page.

It’s not really clear to me, which parameters and values are required for this option:

Context:
We’re enforcing SSO for all our users, which requires a valid session every 24 hours. The connection via application/OAuth is done via a bot user, which does not have an SSO integration or does not “automatically login” every day.

We’d like to test, whether the newly introduced “Group-Level Access Token” by GitLab might solve this issue.

For (internal) reference: there is also already a feature request from June 2021: 1200531311528391 (via support ticket 50506).

Many thanks in advance,
Dennis

2

I found the answer.

In case any “future me” is searching for the solution again, it’s actually as simple as:

curl \
  --header "Authorization: Bearer $TFETOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request POST \
  --data @payload.json \
  https://tfe.example.com/api/v2/organizations/<ORGANIZATION>/oauth-clients


{
    "data": {
        "type": "oauth-clients",
        "attributes": {
            "name": "VCS Connection Name",
            "service-provider": "gitlab_hosted",
            "http-url": "https://gitlab.com",
            "api-url": "https://gitlab.com/api/v4",
            "oauth-token-string": "<GITLAB_TOKEN>"
        }
    }
 }
1 Like
3

Thanks, this was exactly what I was looking for.

Odd that they don’t support this directly in the UI as the standard approach. This falls in line with the principle of least privilege.