refs platform/board#3920: check if membership exist (#24)

Author: FabrizioCafolla

README.md

@@ -75,6 +75,14 @@ provider "gitlab" {
 
 **ATTENTION:** as described in the [Gitlab provider documentation](https://registry.terraform.io/providers/gitlabhq/gitlab/latest/docs), the `CI_JOB_TOKEN` could cause issues when used as `token` for the Gitlab provider. For this module in particular, the `gitlab_cluster_agent` and `gitlab_cluster_agent_token` resources require authorization to access to the `/users` Gitlab API endpoint, which is not granted by the `CI_JOB_TOKEN`. You have to use a Gitlab personal access token with the `api` scope to authenticate the provider.
 
+## GitLab Agents user membership
+
+The current user used by the provider is automatically added as `maintainer` to the "GitLab Agents" project. If you don't want this behavior, just set the variable `var.autoassign_current_user_as_maintainer` to `false`. 
+
+Adding the user as `maintainer` to the newly created project ensures they have the permissions to commit and push to it.
+
+**ATTENTION:** If the current user is already added to the project but with a different role than `maintainer`, the apply will fail saying that a membership already exists 
+
 <!-- BEGIN_TF_DOCS -->
 ## Providers
 

main.tf

@@ -51,6 +51,8 @@ locals {
     (var.gitlab_agent_variable_name_agent_id) : gitlab_cluster_agent.this.name,
     (var.gitlab_agent_variable_name_agent_project) : local.project_path_with_namespace,
   }
+
+  current_user_is_maintainer_of_project = length([for member in data.gitlab_project_membership.this.members : member if member.name == data.gitlab_current_user.this.name && member.access_level == "maintainer"]) > 0
 }
 
 # Gitlab resources
@@ -85,14 +87,19 @@ data "gitlab_project" "enabled_projects" {
   path_with_namespace = each.value
 }
 
+# Data source to get all the memberships for the project
+data "gitlab_project_membership" "this" {
+  project_id = local.project_id
+}
+
 resource "gitlab_project" "project" {
   count        = local.use_existing_project == 0 ? 1 : 0
   name         = var.gitlab_project_name
   namespace_id = var.operate_at_root_group_level ? data.gitlab_group.root_namespace.group_id : data.gitlab_group.parent_group[0].group_id
 }
 
 resource "gitlab_project_membership" "project" {
-  count        = var.autoassign_current_user_as_maintainer ? 1 : 0
+  count        = var.autoassign_current_user_as_maintainer && !local.current_user_is_maintainer_of_project ? 1 : 0
   project      = local.project_id
   user_id      = data.gitlab_current_user.this.id
   access_level = "maintainer"

outputs.tf

@@ -43,4 +43,3 @@ output "gitlab_parent_group_auto_detected" {
   description = "Whether the parent group was automatically detected."
   value       = local.auto_detect_parent
 }
-