Hey all,
I’m trying to link my Terraform Cloud (free plan) to my on-prem Gitlab-EE (v15.9) but I’m getting an error in the Terraform GUI every time.
Steps: GitLab EE and CE - VCS Providers - Terraform Cloud | Terraform | HashiCorp Developer
Terrform Cloud:
- Log in to TFC and within the desired workspace click Version Control>Providers
- Add a VCS Provider
- Gitlab>Enterprise Edition
- Name: My instance name
- HTTPS URL: https://gitlab.mydomain.com
- API URL: https://gitlab.mydomain.com/api/v4
- Click Continue
Gitlab:
- Log in to Gitlab with service account for Terraform Cloud (admin permissions).
- Go to Preferences>Applications>Add new application
- Name: Terraform Cloud
- Redirect URI: Pasted from Terraform Cloud
- Confidential and API checked
- Click Save Application
Terraform Cloud:
- Application ID: Pasted from Gitlab-EE
- Secret: Pasted from Gitlab-EE
- Click Continue
- Page is redirected to Gitlab instance, click “Authorize” to authorize Terraform Cloud to use the account.
Terraform Cloud presents a pink error box in the lower left stating:
Error
There was a problem connecting the OAuth client to the VCS provider. Please verify the
URL, credentials, and permissions of the OAuth application and try again.
I can confirm that I see the inbound traffic from Terraform Cloud IPs hitting my firewall and being added to the state table.
I see traffic on my Gitlab instance when I try to authorize resulting in the (sanitized) log output below.
Started GET “/-/metrics” for 127.0.0.1 at 2023-02-28 23:56:19 +0000
Processing by MetricsController#index as HTML
Started GET "/oauth/authorize?client_id=
redirect_uri=https%3A%2F%2Fapp.terraform.io%2Fauth%2%2Fcallback&response_type=code&> state=" for at 2023-02-28 23:56:19 +0000
Completed 200 OK in 273ms (Views: 1.2ms | ActiveRecord: 0.0ms | Elasticsearch: 0.0ms | Allocations: 1487)
Processing by Oauth::AuthorizationsController#new as HTML
Parameters: {“client_id”=>“”, “redirect_uri”=>“https://app.terraform.io/auth/> /callback”, “response_type”=>“code”, “state”=>“”}
Rendered layout layouts/profile.html.haml (Duration: 1509.4ms | Allocations: 574864)
Completed 200 OK in 1812ms (Views: 1393.8ms | ActiveRecord: 222.9ms | Elasticsearch: 0.0ms | Allocations: > 593797)
Started GET “/oauth/undefined” for at 2023-02-28 23:56:21 +0000
Processing by ApplicationController#route_not_found as HTML
Parameters: {“unmatched_route”=>“oauth/undefined”}
Rendered layout layouts/errors.html.haml (Duration: 45.6ms | Allocations: 15643)
Completed 404 Not Found in 117ms (Views: 53.0ms | ActiveRecord: 7.3ms | Elasticsearch: 0.0ms | Allocations: > 24642)
Started GET “/-/manifest.json” for at 2023-02-28 23:56:22 +0000
Processing by PwaController#manifest as JSON
Completed 200 OK in 23ms (Views: 10.5ms | ActiveRecord: 2.3ms | Elasticsearch: 0.0ms | Allocations: 2310)
Started POST “/oauth/authorize” for at 2023-02-28 23:56:24 +0000
Processing by Oauth::AuthorizationsController#create as HTML
Parameters: {“authenticity_token”=>“[FILTERED]”, “client_id”=>“”, > “redirect_uri”=>“https://app.terraform.io/auth//callback”, > “state”=>“”, “response_type”=>“code”, “scope”=>“api”, “nonce”=>“”, “code_challenge”=>“”, > “code_challenge_method”=>“”}
Redirected to https://app.terraform.io/auth//callback?code=<CODE I DON’T > RECOGNIZE FROM ANY STEPS>&state=
Completed 302 Found in 296ms (ActiveRecord: 34.8ms | Elasticsearch: 0.0ms | Allocations: 16184)
Any ideas?