Mirror repo creating failed - Error 403

[zami2022]

Bug description Not possible to use resource gitea_repository. Setting up for a mirror repository failed with "Error: 403 Forbidden" whilst terraform apply - creating repo

To Reproduce Steps to reproduce the behavior: resource "gitea_repository" "repo" { username = data.gitea_org.test.name name = local.name_with_stage private = false auto_init = false license = var.license has_issues = true has_projects = false has_pull_requests = true migration_issue_labels = false migration_milestones = false migration_releases = false mirror = true migration_service = "gitea" migration_clone_address = "this_adress" migration_service_auth_token = var.this_token }

Expected behavior A clear and concise description of what you expected to happen.

Log Output module.dda-python-terraform.gitea_repository.repo: Creating...

Error: 403 Forbidden

with module.dda-python-terraform.gitea_repository.repo, on mirror/codeberg.tf line 5, in resource "gitea_repository" "repo": 5: resource "gitea_repository" "repo" {

Additional Data

• Gitea 1.17.3

• Terraform Version 1.0.8, 1.3.6, 1.3.8

• Operating System Xubuntu 22.04

• Provider Version 0.12.1

[Lerentis]

Hi @zami2022

Can you try it again with an administrator token in the provider configuration? It seems like the configured user does not have the required permissions to create a repository in the defined organization

[PatDyn]

Hi @Lerentis,

@zami2022 and i were working together as we encountered this issue. As i'm an admin on our gitea instance, we exchanged the normal token with an admin token and still got the same result.

[Lerentis]

Just did a test and i can not reproduce this. i still belive that the credentials that are configured to be used by the provider do not have the required permissions to create a new repository at the desired location.

here is what i did in my test:

start a new gitea instance:

cd scripts
docker-compose up -d

finish installation in the UI create a new admin token at settings -> applications

ran the following code:

terraform {
  required_providers {
    gitea = {
      source = "lerentis/gitea"
      version = "0.12.1"
    }
  }
}

provider "gitea" {
  base_url = "http://localhost:3000/"
  token    = var.gitea_token # <- the token i just created
}

resource "gitea_repository" "mirror" {
  username                     = "lerentis" # <- this is the admin user that i created during installation
  name                         = "terraform-provider-gitea-mirror"
  description                  = "Mirror of Terraform Provider"
  mirror                       = true
  migration_clone_address      = "https://git.uploadfilter24.eu/lerentis/terraform-provider-gitea.git"
  migration_service            = "gitea"
  migration_service_auth_token = "not relevant as repo is public"
}

can you reproduce this on your side with a similar small example?

[PatDyn]

HI @Lerentis ,

Thanks for taking the time to look into that issue. I was able to make it work on our instance, following your example above.

However, I was not able to set up a mirror on codeberg.org. Maybe its an issue on their side.

[Lerentis]

sorry for the late reply. did you investigate this further?

i do not have an account at codeberg, so i can not claim i tested the provider there. nevertheless the way the provider works, is just speaking with the rest api of gitea and as far as i know codeberg does not alter it. my general recommendation would be to check the permissions of the api key or rather the connected user

[PatDyn]

Hey,

Any further investigation stopped - as it does not seem to be possible to set permissions for an access token. The user on codeberg is just a standard user without admin privileges - which i would expect. I'll let you know if any solution comes up. Thanks!

[wULLSnpAXbWZGYDYyhWTKKspEQoaYxXyhoisqHf]

hey there, late to the debate but I'm aware of a related thing: Codeberg have removed the option to create mirror repos on their instance so your issue might very well be caused by that (unless Codeberg reverted their decision) and that's why you're getting 403s from their API...

btw have you tried manually creating a mirror there recently? I expect it to not work (if it's shown in the UI at all) @PatDyn

[PatDyn]

Hi, thanks for the heads up. We didn't dig any further - so from my side this issue could be closed.

[Lerentis]

i would like to confirm that and add it to the documentation as codeberg is currently the most popular gitea instance out there. sadly i am currently short on time as i am in the process of moving currently :/ maybe i find some time next week to conclude this

[wULLSnpAXbWZGYDYyhWTKKspEQoaYxXyhoisqHf]

thanks for confirming that. and no worries man, I'm sure your moving goes smoothly. @Lerentis

[Lerentis]

Maybe just as a FYI @PatDyn: The point from @wULLSnpAXbWZGYDYyhWTKKspEQoaYxXyhoisqHf is correct and is even documented in codebergs FAQ: https://docs.codeberg.org/getting-started/faq/#why-am-i-not-allowed-to-set-up-an-automatic-mirror

I will note this in the documentation together with another issue i found while investigating the expected permissions and release a bugfix version shortly

[Lerentis]

Done and released as v0.12.3