feat: disable autoassign current user by default

CHANGELOG.md

@@ -8,6 +8,14 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
 
+## [1.2.0] - 2025-10-13
+
+[Compare with previous version](https://github.com/sparkfabrik/terraform-gitlab-kubernetes-gitlab-agent/compare/1.1.0...1.2.0)
+
+### Added
+
+- feat: disable autoassign current user by default
+
 ## [1.1.0] - 2025-10-08
 
 [Compare with previous version](https://github.com/sparkfabrik/terraform-gitlab-kubernetes-gitlab-agent/compare/1.0.0...1.1.0)

README.md

@@ -77,11 +77,11 @@ provider "gitlab" {
 
 ## GitLab Agents user membership
 
-The current user used by the provider is automatically added as `maintainer` to the "GitLab Agents" project. If you don't want this behavior, just set the variable `var.autoassign_current_user_as_maintainer` to `false`. 
+The current user used by the provider must be added as `maintainer` to the "GitLab Agents" project. By default, this behavior is disabled; just set the variable `var.autoassign_current_user_as_maintainer` to `true` if you want to enable it.
 
 Adding the user as `maintainer` to the newly created project ensures they have the permissions to commit and push to it.
 
-**ATTENTION:** If the current user is already added to the project but with a different role than `maintainer`, the apply will fail saying that a membership already exists 
+**ATTENTION:** If the current user is already added to the project the apply will fail saying that a membership already exists 
 
 <!-- BEGIN_TF_DOCS -->
 ## Providers

main.tf

@@ -51,8 +51,6 @@ locals {
     (var.gitlab_agent_variable_name_agent_id) : gitlab_cluster_agent.this.name,
     (var.gitlab_agent_variable_name_agent_project) : local.project_path_with_namespace,
   }
-
-  current_user_is_maintainer_of_project = length([for member in data.gitlab_project_membership.this.members : member if member.name == data.gitlab_current_user.this.name && member.access_level == "maintainer"]) > 0
 }
 
 # Gitlab resources
@@ -87,19 +85,14 @@ data "gitlab_project" "enabled_projects" {
   path_with_namespace = each.value
 }
 
-# Data source to get all the memberships for the project
-data "gitlab_project_membership" "this" {
-  project_id = local.project_id
-}
-
 resource "gitlab_project" "project" {
   count        = local.use_existing_project == 0 ? 1 : 0
   name         = var.gitlab_project_name
   namespace_id = var.operate_at_root_group_level ? data.gitlab_group.root_namespace.group_id : data.gitlab_group.parent_group[0].group_id
 }
 
 resource "gitlab_project_membership" "project" {
-  count        = var.autoassign_current_user_as_maintainer && !local.current_user_is_maintainer_of_project ? 1 : 0
+  count        = var.assign_current_user_as_maintainer ? 1 : 0
   project      = local.project_id
   user_id      = data.gitlab_current_user.this.id
   access_level = "maintainer"

variables.tf

@@ -156,8 +156,8 @@ variable "create_default_pod_anti_affinity" {
   default     = true
 }
 
-variable "autoassign_current_user_as_maintainer" {
-  description = "Automatically assign the current GitLab user (from the GitLab provider) as a maintainer of the created project. This is useful to ensure that the user has rights to commit and push the GitLab Agent configuration file."
+variable "assign_current_user_as_maintainer" {
+  description = "Assign the current GitLab user (from the GitLab provider) as a maintainer of the created project. This is useful to ensure that the user has rights to commit and push the GitLab Agent configuration file."
   type        = bool
-  default     = true
+  default     = false
 }