Gitlab CE integration assumes HTTPS deployment of Terrakube

[AlejandroGarcia95]

Bug description 🐞

We have noticed this while trying to integrate Terrakube with our own Gitlab CE instance. The GitlabToken classes that implement the VCS integration with Gitlab assume Terrakube is deployed with HTTPS enabled, and they have the https URL scheme hardcoded (for example, here). Of course, this might not be the case, as Terrakube can be deployed without enabling HTTPS. Additionally, this is inconsistent with the redirect_uri shown in the Terrakube UI, as the UI itself can correctly detect the http scheme.

The result is that the integration itself fails with the following page on the Terrakube UI:

Inspecting the logs on Gitlab, you can see the problem is that the redirect_uri used is using https:

2024-06-18 18:39:45.903 ERROR 1 --- [nio-8080-exec-5] o.a.c.c.C.[.[.[/].[dispatcherServlet]    : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is org.springframework.web.reactive.function.client.WebClientResponseException$BadRequest: 400 Bad Request from POST http://whitecicd-webservice.tcloud.whitestack.com/oauth/token?client_id=e0075541692aa5bd73962df9469842e0605262a01f35e2c5b35ec3e5340bc074&client_secret=gloas-2e182eb2d98328494584bac7a2ff2bfb26cd54433ba1ae4a9bc3b2476b32c13a&code=cf43ddd3c96c888e596d10b276c6ca49cf2947b9907daf467f393ba3de72647c&grant_type=authorization_code&redirect_uri=https://terrakube-api.tcloud.whitestack.com/callback/v1/vcs/32bf4d70-2da0-11ef-824a-6d5dccf13a80] with root cause

If I understood well, this does not happen when using Gitlab cloud, as the redirect_uri is not used for that integration.

Also, I can confirm that if Terrakube is deployed with HTTPS enabled, the integration works.

Steps to reproduce

• Install Gitlab CE (we are using their upstream Helm chart).

• Install latest Terrakube without HTTPS support.

• Follow the integration docs for Gitlab CE to try and integrate Terrakube with Gitlab.

Expected behavior

Integration should work without HTTPS enabled on Terrakube.

Example repository

No response

Anything else?

No response

[alfespa17]

I think it would be better if you install a certificate for your terrakube installation because there are several parts of terrakube that wont work without "https".

For example if you are using the terraform/tofu cli with the registry it will require "HTTPS" and if you want to use the CLI drive workflow will also require "HTTPS"

[AlejandroGarcia95]

@alfespa17 we have indeed installed Terrakube with HTTPS and confirmed the integration works. However, I think it should be useful to add a note on the integration docs stating the integration will not work without HTTPS. I believe there is no reason for that particular integration to fail with HTTP, so we might like to make the requirement more explicit.