application-settings failed always marked with changes

[ImryLevySadan]

What happened?

I get non-deterministic error when ever I deployed gitlab application-settings resource (in @pulumi/gitlab/applicationSettings).

In addition. I keep seeing that there are changes in this resource, and specifically in the "sendUserConfirmationEmail" field, which hasn't been changed by me, nor in code or manually via UI.

This is the error:

error: 1 error occurred:
    * updating urn:pulumi:gitlab-settings::gitlab-settings::gitlab:index/applicationSettings:ApplicationSettings::gitlab: 1 error occurred:
    * PUT http://*****/api/v4/application/settings: 400 {error: abuse_notification_email, admin_mode, after_sign_out_path, after_sign_up_text, akismet_api_key, akismet_enabled, allow_local_requests_from_hooks_and_services, allow_local_requests_from_web_hooks_and_services, allow_local_requests_from_system_hooks, allow_possible_spam, dns_rebinding_protection_enabled, archive_builds_in_human_readable, asset_proxy_enabled, asset_proxy_secret_key, asset_proxy_url, asset_proxy_allowlist, static_objects_external_storage_auth_token, static_objects_external_storage_url, authorized_keys_enabled, auto_devops_enabled, auto_devops_domain, container_expiration_policies_enable_historic_entries, container_registry_expiration_policies_caching, container_registry_token_expire_delay, default_artifacts_expire_in, default_branch_name, default_branch_protection, default_ci_config_path, default_group_visibility, default_preferred_language, default_project_creation, default_project_visibility, default_projects_limit, default_snippet_visibility, default_syntax_highlighting_theme, delete_inactive_projects, deny_all_requests_except_allowed, disable_admin_oauth_scopes, disable_feed_token, disabled_oauth_sign_in_sources, domain_denylist, domain_denylist_enabled, domain_denylist_raw, domain_allowlist, domain_allowlist_raw, outbound_local_requests_allowlist_raw, dsa_key_restriction, ecdsa_key_restriction, ecdsa_sk_key_restriction, ed25519_key_restriction, ed25519_sk_key_restriction, eks_integration_enabled, eks_account_id, eks_access_key_id, eks_secret_access_key, email_author_in_body, email_confirmation_setting, enabled_git_access_protocol, enforce_terms, error_tracking_enabled, error_tracking_api_url, external_pipeline_validation_service_timeout, external_pipeline_validation_service_token, external_pipeline_validation_service_url, first_day_of_week, floc_enabled, force_pages_access_control, gitaly_timeout_default, gitaly_timeout_medium, gitaly_timeout_fast, gitpod_enabled, gitpod_url, grafana_enabled, grafana_url, gravatar_enabled, hashed_storage_enabled, help_page_hide_commercial_content, help_page_support_url, help_page_documentation_base_url, help_page_text, hide_third_party_offers, home_page_url, housekeeping_enabled, housekeeping_full_repack_period, housekeeping_gc_period, housekeeping_incremental_repack_period, housekeeping_optimize_repository_period, html_emails_enabled, import_sources, in_product_marketing_emails_enabled, inactive_projects_delete_after_months, inactive_projects_min_size_mb, inactive_projects_send_warning_email_after_months, invisible_captcha_enabled, jira_connect_application_key, jira_connect_public_key_storage_enabled, jira_connect_proxy_url, max_artifacts_size, max_attachment_size, max_export_size, max_import_size, max_pages_size, max_pages_custom_domains_per_project, max_terraform_state_size_bytes, max_yaml_size_bytes, max_yaml_depth, metrics_method_call_threshold, minimum_password_length, mirror_available, notify_on_unknown_sign_in, pages_domain_verification_enabled, password_authentication_enabled_for_web, password_authentication_enabled_for_git, performance_bar_allowed_group_path, performance_bar_enabled, personal_access_token_prefix, kroki_enabled, kroki_url, kroki_formats, plantuml_enabled, plantuml_url, polling_interval_multiplier, project_export_enabled, prometheus_metrics_enabled, recaptcha_enabled, recaptcha_private_key, recaptcha_site_key, login_recaptcha_protection_enabled, receive_max_input_size, repository_checks_enabled, repository_storages_weighted, require_admin_approval_after_user_signup, require_two_factor_authentication, remember_me_enabled, restricted_visibility_levels, rsa_key_restriction, session_expire_delay, shared_runners_enabled, shared_runners_text, sign_in_text, signup_enabled, silent_mode_enabled, slack_app_enabled, slack_app_id, slack_app_secret, slack_app_signing_secret, slack_app_verification_token, sourcegraph_enabled, sourcegraph_url, sourcegraph_public_only, spam_check_endpoint_enabled, spam_check_endpoint_url, spam_check_api_key, terminal_max_session_time, terms, throttle_authenticated_api_enabled, throttle_authenticated_api_period_in_seconds, throttle_authenticated_api_requests_per_period, throttle_authenticated_git_lfs_enabled, throttle_authenticated_git_lfs_period_in_seconds, throttle_authenticated_git_lfs_requests_per_period, throttle_authenticated_web_enabled, throttle_authenticated_web_period_in_seconds, throttle_authenticated_web_requests_per_period, throttle_authenticated_packages_api_enabled, throttle_authenticated_packages_api_period_in_seconds, throttle_authenticated_packages_api_requests_per_period, throttle_authenticated_files_api_enabled, throttle_authenticated_files_api_period_in_seconds, throttle_authenticated_files_api_requests_per_period, throttle_authenticated_deprecated_api_enabled, throttle_authenticated_deprecated_api_period_in_seconds, throttle_authenticated_deprecated_api_requests_per_period, throttle_unauthenticated_api_enabled, throttle_unauthenticated_api_period_in_seconds, throttle_unauthenticated_api_requests_per_period, throttle_unauthenticated_enabled, throttle_unauthenticated_period_in_seconds, throttle_unauthenticated_requests_per_period, throttle_unauthenticated_packages_api_enabled, throttle_unauthenticated_packages_api_period_in_seconds, throttle_unauthenticated_packages_api_requests_per_period, throttle_unauthenticated_files_api_enabled, throttle_unauthenticated_files_api_period_in_seconds, throttle_unauthenticated_files_api_requests_per_period, throttle_unauthenticated_deprecated_api_enabled, throttle_unauthenticated_deprecated_api_period_in_seconds, throttle_unauthenticated_deprecated_api_requests_per_period, throttle_protected_paths_enabled, throttle_protected_paths_period_in_seconds, throttle_protected_paths_requests_per_period, protected_paths_raw, time_tracking_limit_to_hours, two_factor_grace_period, update_runner_versions_enabled, unique_ips_limit_enabled, unique_ips_limit_per_user, unique_ips_limit_time_window, usage_ping_enabled, usage_ping_features_enabled, user_default_external, user_show_add_ssh_key_message, user_default_internal_regex, user_oauth_applications, version_check_enabled, diff_max_patch_bytes, diff_max_files, diff_max_lines, commit_email_hostname, protected_ci_variables, local_markdown_version, mailgun_signing_key, mailgun_events_enabled, snowplow_collector_hostname, snowplow_cookie_domain, snowplow_enabled, snowplow_app_id, push_event_hooks_limit, push_event_activities_limit, custom_http_clone_url_root, snippet_size_limit, email_restrictions_enabled, email_restrictions, issues_create_limit, notes_create_limit, notes_create_limit_allowlist_raw, raw_blob_request_limit, project_import_limit, project_export_limit, project_download_export_limit, group_import_limit, group_export_limit, group_download_export_limit, wiki_page_max_content_bytes, container_registry_delete_tags_service_timeout, rate_limiting_response_text, package_registry_cleanup_policies_worker_capacity, container_registry_expiration_policies_worker_capacity, container_registry_cleanup_tags_service_max_list_size, container_registry_import_max_tags_count, container_registry_import_max_retries, container_registry_import_start_max_retries, container_registry_import_max_step_duration, container_registry_pre_import_tags_rate, container_registry_pre_import_timeout, container_registry_import_timeout, container_registry_import_target_plan, container_registry_import_created_before, keep_latest_artifact, whats_new_variant, user_deactivation_emails_enabled, sentry_enabled, sentry_dsn, sentry_clientside_dsn, sentry_environment, sidekiq_job_limiter_mode, sidekiq_job_limiter_compression_threshold_bytes, sidekiq_job_limiter_limit_bytes, suggest_pipeline_enabled, search_rate_limit, search_rate_limit_unauthenticated, users_get_by_id_limit, users_get_by_id_limit_allowlist_raw, runner_token_expiration_interval, group_runner_token_expiration_interval, project_runner_token_expiration_interval, pipeline_limit_per_project_user_sha, invitation_flow_enforcement, can_create_group, bulk_import_enabled, allow_runner_registration_token, user_defaults_to_private_profile, deactivation_email_additional_text, projects_api_rate_limit_unauthenticated, gitlab_dedicated_instance, ci_max_includes, deactivate_dormant_users, deactivate_dormant_users_period, external_auth_client_cert, external_auth_client_key, external_auth_client_key_pass, external_authorization_service_default_label, external_authorization_service_enabled, external_authorization_service_timeout, external_authorization_service_url, allow_deploy_tokens_and_keys_with_external_authn, admin_notification_email, asset_proxy_whitelist, performance_bar_allowed_group_id, throttle_unauthenticated_web_enabled, throttle_unauthenticated_web_period_in_seconds, throttle_unauthenticated_web_requests_per_period are missing, at least one parameter must be provided}

This error indicates that one of this mandatory fields is allegedly missing. Of course, They aren't. I've places many of this must-have fields in my code.

Expected Behavior

application settings should not mark as need to be changed at all + this weird error should not appear.

Steps to reproduce

We are using pulumi automation api using typescript.

This is the code of this specific resource:

export const applicationSettings = new ApplicationSettings(
    "gitlab",
    {
        repositoryChecksEnabled: true,
        sharedRunnersEnabled: true,
        allowGroupOwnersToManageLdap: false,
        defaultBranchName: "main",
        defaultGroupVisibility: "private",
        defaultBranchProtection: 1,
        elasticsearchSearch: false,
        grafanaEnabled: true,
        prometheusMetricsEnabled: true,
        requireAdminApprovalAfterUserSignup: true,
        sharedRunnersText: "shared",
        signupEnabled: false,
        sendUserConfirmationEmail: true,
        htmlEmailsEnabled: true,
        defaultProjectCreation: 2,
        protectedCiVariables: true,
        mirrorAvailable: true,
        allowLocalRequestsFromWebHooksAndServices: true,
        allowLocalRequestsFromSystemHooks: true,
        usagePingEnabled: true,
        userOauthApplications: true,
        autoDevopsEnabled: false,
        importSources: ["git"],
        twoFactorGracePeriod: 48,
    },
    { provider: gitlabProvider }
)

Versions: "@pulumi/command": "^0.7.2", "@pulumi/gcp": "^6.58.0", "@pulumi/gitlab": "^6.0.0", "@pulumi/pulumi": "3.58.0", "@pulumi/random": "^4.13.2", "typescript": "~5.0.4"

Output of pulumi about

`CLI
Version 3.58.0 Go Version go1.20.2 Go Compiler gc

Host
OS ubuntu Version 20.04 Arch x86_64

Backend
Name pulumi.com URL https://app.pulumi.com/imry User imry Organizations imry `

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

[t0yv0]

Thank you for reporting this! Just to make sure could you note your exact version of @pulumi/gitlab? Thank you. My team will be having a look as we get available capacity.

[mikhailshilkov]

@ImryLevySadan Are you still experiencing this issue? Could you please share the version of the gitlab provider you are using?