From 9c3cf57b49b4471e757ff806a5327933b4eba7e7 Mon Sep 17 00:00:00 2001 From: gitlab-terraform-provider-bot Date: Thu, 19 Sep 2024 18:20:50 +0000 Subject: [PATCH] Update docs for v17.4.0 release --- CHANGELOG.md | 49 +++- docs/data-sources/pipeline_schedule.md | 82 +++++++ docs/data-sources/pipeline_schedules.md | 68 ++++++ docs/data-sources/project.md | 1 + docs/data-sources/project_protected_tag.md | 55 +++++ docs/data-sources/project_protected_tags.md | 60 +++++ ...case-tech-lead-bootstrapping-small-team.md | 214 ++++++++++++++++++ docs/guides/version-15.7-upgrade.md | 1 + docs/guides/version-16.0-upgrade.md | 1 + docs/index.md | 1 + docs/resources/application_settings.md | 35 +++ docs/resources/group.md | 29 ++- docs/resources/integration_jira.md | 21 +- docs/resources/member_role.md | 49 ++++ docs/resources/project.md | 2 + docs/resources/project_approval_rule.md | 3 +- docs/resources/project_push_rules.md | 1 + docs/resources/service_jira.md | 21 +- docs/resources/tag_protection.md | 10 +- docs/resources/user.md | 2 + docs/resources/user_impersonation_token.md | 58 +++++ 21 files changed, 728 insertions(+), 35 deletions(-) create mode 100644 docs/data-sources/pipeline_schedule.md create mode 100644 docs/data-sources/pipeline_schedules.md create mode 100644 docs/data-sources/project_protected_tag.md create mode 100644 docs/data-sources/project_protected_tags.md create mode 100644 docs/guides/use-case-tech-lead-bootstrapping-small-team.md create mode 100644 docs/resources/member_role.md create mode 100644 docs/resources/user_impersonation_token.md diff --git a/CHANGELOG.md b/CHANGELOG.md index 31a9648fc..870a8feca 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,17 +1,50 @@ +## 17.4.0 (2024-09-19) + +This release was tested against GitLab 17.4, 17.3, and 17.2 for both CE and EE + +## FEATURES (4 changes) + +- **New Resource** resource/gitlab_member_role: [Allows creating custom roles at an instance or group level](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/5c4980f0f8320c713ae753d1623fedf1c0499ce9) by @slaup1 ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2115)) +- **New Resource** resource/user_impersonation_token: [Adds support for generating an impersonation token with an admin user](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/b0008c5ed590b7f6cc1a52928a75a40d3da6c5b2) by @slaup1 ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2086)) +- **New Datasource** data/gitlab_protected_tag(s): [Two new datasources allow retrieving a single tag or list of tags by project](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/759279ab7d332e827c87588aa708c38019551e6a) by @mness ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2126)) +- **New Datasource** data/gitlab_pipeline_schedule(s): [Two new datasources allow retrieving a single pipeline schedule or list of pipeline scheduled by project](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/65e4bdb59fd877d1bbe796ce2900d335f60baff0) by @heidi.berry ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2075)) + +## IMPROVEMENTS (12 changes) + +- resource/gitlab_group: [Add support for `default_branch_protection_defaults`](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/d3a97d371b04c67404cd58d9200a4907a0199cbf) by @heidi.berry ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2113)) +- resource/gitlab_group: [Add support for `reject_non_dco_commits`](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/b9bc021dad13a05d802c8a3c56cbb0b57e5cc5e6) by @mness ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2105)) +- resource/gitlab_project_approval_rule: [Add support for `report_type`, allowing the creation of `Coverage-Check` rules](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/6011774f1ba63c365e7d6dfb21b360e6d5467d08) by @MDeVilliers1 ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/1913)) +- resource/gitlab_group_label: [Update format of the resource ID to allow `name` updates](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/62a853fb14eb6ebea7f31a7504997e8a2068ba47) by @nvh04121 ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2094)) +- resource/gitlab_group_label: [Updating `name` no longer forces destroy/creation of the label](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/94f5f9e9d3d389b1d6380ebf659022192a63a45a) by @PatrickRice ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2127) +- resource/gitlab_service_jira: [Aligned fields to upstream API, adding support for 9 new fields](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/f63965d3b5af927f253bb00a29be44e25d6d382c) by @deepflame ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/1961) +- resource/gitlab_application_settings: [Add support for 25 new fields](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/233c3888688b3885d1e716830efbe7d6b4daf018) by @Jitsusama ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2108)) +- resource/gitlab_project: [Add support for `pre_receive_secret_detection_enabled`](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/38717b856f75908646c8b0a6d0484c04929f04a9) by @PatrickRice ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2106)) +- resource/gitlab_project: [Add support for `reject_non_dco_commits`](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/b9bc021dad13a05d802c8a3c56cbb0b57e5cc5e6) by @mness ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2105)) +- resource/gitlab_project_push_rules: [Add support for `reject_non_dco_commits`](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/b9bc021dad13a05d802c8a3c56cbb0b57e5cc5e6) by @mness ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2105)) +- resource/gitlab_user: [Add support for `extern_uid` and `external_provider`](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/bc13a7dd9052e18e8c14beae56eece2dcec13b80) by @heidi.berry ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2097)) +- docs/use-case-tech-lead-bootstrapping-small-team: [Added new documentation to the provider with an example of creating a small team using GitLab](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/f90a66f2d288e6556b6174a0f62b35cfb8e2a764) by @Jitsusama ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2112)) + + +## BUG FIXES (2 changes) + +- resource/gitlab_user_runner: [Fix an issue where managing an imported runner would fail with an error that `token` was unknown](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/e126dbb7307e2b907b6fd62932d72b33ad788b81) by @PatrickRice ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2114)) +- resource/gitlab_personal_access_token: [Fix an issue where tokens with no expiration date encountered a provider error](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/142ce83b0eea8a829c6c7ef04b1bd6b687c0a616) by @PatrickRice ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2104)) + + ## 17.3.1 (2024-08-27) This release was tested against GitLab 17.3, 17.2, and 17.1 for both CE and EE -## Improvements (1 change) +## IMPROVEMENTS (1 change) - [The provider now uses an exponential backoff when no RateLimit-Reset headers are sent from GitLab]() by @PatrickRice ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2073)) -## Bug Fixes (7 changes) +## BUG FIXES (7 changes) -- resource/gitlab_project_access_token: [Fixed an error when applying an update using a plan file that could cause the ID to return an error when rotating](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/d0a63fec70fd01d447091bf81138f76692b59c58) by @PatrickRice ([merge request}(https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2060)]) -- resource/gitlab_project_access_token: [Fixed an error when applying an update using a plan from from a previous day to rotate an access token](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/d0a63fec70fd01d447091bf81138f76692b59c58) by @PatrickRice ([merge request}(https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2060)]) -- resource/gitlab_group_access_token: [Fixed an error when applying an update using a plan file that could cause the ID to return an error when rotating](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/d0a63fec70fd01d447091bf81138f76692b59c58) by @PatrickRice ([merge request}(https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2060)]) -- resource/gitlab_group_access_token: [Fixed an error when applying an update using a plan from from a previous day to rotate an access token](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/d0a63fec70fd01d447091bf81138f76692b59c58) by @PatrickRice ([merge request}(https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2060)]) +- resource/gitlab_project_access_token: [Fixed an error when applying an update using a plan file that could cause the ID to return an error when rotating](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/d0a63fec70fd01d447091bf81138f76692b59c58) by @PatrickRice ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2060)) +- resource/gitlab_project_access_token: [Fixed an error when applying an update using a plan from from a previous day to rotate an access token](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/d0a63fec70fd01d447091bf81138f76692b59c58) by @PatrickRice ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2060)) +- resource/gitlab_group_access_token: [Fixed an error when applying an update using a plan file that could cause the ID to return an error when rotating](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/d0a63fec70fd01d447091bf81138f76692b59c58) by @PatrickRice ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2060)) +- resource/gitlab_group_access_token: [Fixed an error when applying an update using a plan from from a previous day to rotate an access token](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/d0a63fec70fd01d447091bf81138f76692b59c58) by @PatrickRice ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2060)) - resource/gitlab_group_protected_environment: [Updated documentation for `deploy_access_levels` to be more specific](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/0d01e91b32fadd6980e666b11c877fe97c2ee45a) by @mness ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2072)) - resource/gitlab_project_protected_environment: [Updated documentation for `deploy_access_levels` to be more specific](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/0d01e91b32fadd6980e666b11c877fe97c2ee45a) by @mness ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2072)) - resource/gitlab_group_saml_link: [Updated documentation for `access_level` to be more descriptive when using custom roles](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/98d0762153fd4ec01d7df62ce5f991bc5b342d82) by @PatrickRice ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2071)) @@ -23,8 +56,8 @@ This release was tested against GitLab 17.3, 17.2, and 17.1 for both CE and EE ### IMPROVEMENTS (8 changes) - **New Resource** resource/gitlab_group_security_policy_attachment: [Add new resource for association security policy projects to a group](gitlab-org/terraform-provider-gitlab@fa00e1ec7636dc47b9b4292d164825bf39af0cef) by @PatrickRice ([merge request](gitlab-org/terraform-provider-gitlab!2048)) -- **New Datasource** resource/gitlab_group_ids: [Add new datasource retrieving group ID, Full Path, or GraphQL ID based on group ID or Url-encoded path](gitlab-org/terraform-provider-gitlab@e0b0f88070caea6592c1983aa7792a77b27e9b88) by @PatrickRice ([merge request](gitlab-org/terraform-provider-gitlab!2057)) -- **New Datasource** resource/gitlab_project_ids: [Add new datasource retrieving project ID, Full Path, or GraphQL ID based on project ID or Url-encoded path](gitlab-org/terraform-provider-gitlab@e0b0f88070caea6592c1983aa7792a77b27e9b88) by @PatrickRice ([merge request](gitlab-org/terraform-provider-gitlab!2057)) +- **New Datasource** data/gitlab_group_ids: [Add new datasource retrieving group ID, Full Path, or GraphQL ID based on group ID or Url-encoded path](gitlab-org/terraform-provider-gitlab@e0b0f88070caea6592c1983aa7792a77b27e9b88) by @PatrickRice ([merge request](gitlab-org/terraform-provider-gitlab!2057)) +- **New Datasource** data/gitlab_project_ids: [Add new datasource retrieving project ID, Full Path, or GraphQL ID based on project ID or Url-encoded path](gitlab-org/terraform-provider-gitlab@e0b0f88070caea6592c1983aa7792a77b27e9b88) by @PatrickRice ([merge request](gitlab-org/terraform-provider-gitlab!2057)) - resource/gitlab_project_job_token_scopes: [Add support for `target_group_ids`, allowing groups to be used in the allow list](gitlab-org/terraform-provider-gitlab@f4246b814952900a5ddfb509ca2c081d47e820e1) by @chapsuK ([merge request](gitlab-org/terraform-provider-gitlab!2040)) - resource/gitlab_group: [Add support for `permanently_remove_on_delete`, allowing groups to be permanently deleted on destroy instead of entering a waiting period](gitlab-org/terraform-provider-gitlab@a0374ef9b9ff87cc9f93a1523fc3bd0998ab0c6f) by @PatrickRice ([merge request](gitlab-org/terraform-provider-gitlab!2044)) - resource/gitlab_application_settings: [Add support for `max_terraform_state_size_bytes`, allowing configuration of terraform state size at an instance level](gitlab-org/terraform-provider-gitlab@d852a3360f034648816969cb3f94e310f6fb74d9) by @christian.affolter ([merge request](gitlab-org/terraform-provider-gitlab!1960)) diff --git a/docs/data-sources/pipeline_schedule.md b/docs/data-sources/pipeline_schedule.md new file mode 100644 index 000000000..ac9de731f --- /dev/null +++ b/docs/data-sources/pipeline_schedule.md @@ -0,0 +1,82 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "gitlab_pipeline_schedule Data Source - terraform-provider-gitlab" +subcategory: "" +description: |- + The gitlab_pipeline_schedule data source retrieves information about a gitlab pipeline schedule for a project. + Upstream API: GitLab REST API docs https://docs.gitlab.com/ee/api/pipeline_schedules.html +--- + +# gitlab_pipeline_schedule (Data Source) + +The `gitlab_pipeline_schedule` data source retrieves information about a gitlab pipeline schedule for a project. + +**Upstream API**: [GitLab REST API docs](https://docs.gitlab.com/ee/api/pipeline_schedules.html) + +## Example Usage + +```terraform +data "gitlab_pipeline_schedule" "example" { + project = "12345" + pipeline_schedule_id = 1 +} +``` + + +## Schema + +### Required + +- `pipeline_schedule_id` (Number) The pipeline schedule id. +- `project` (String) The name or id of the project to add the schedule to. + +### Optional + +- `cron_timezone` (String) The timezone. + +### Read-Only + +- `active` (Boolean) The activation status of pipeline schedule. +- `created_at` (String) The datetime of when the schedule was created. +- `cron` (String) The cron (e.g. `0 1 * * *`). +- `description` (String) The description of the pipeline schedule. +- `id` (String) The ID of this Terraform resource. In the format of `:`. +- `last_pipeline` (Attributes) The details of the last pipeline run by the schedule. (see [below for nested schema](#nestedatt--last_pipeline)) +- `next_run_at` (String) The datetime of when the schedule will next run. +- `owner` (Attributes) The details of the pipeline schedule owner. (see [below for nested schema](#nestedatt--owner)) +- `ref` (String) The branch/tag name to be triggered. This will be the full branch reference, for example: `refs/heads/main`, not `main`. +- `updated_at` (String) The datetime of when the schedule was last updated. +- `variables` (Attributes List) The list of the pipeline schedule variables. (see [below for nested schema](#nestedatt--variables)) + + +### Nested Schema for `last_pipeline` + +Read-Only: + +- `id` (Number) The pipeline ID. +- `ref` (String) The ref of the pipeline. +- `sha` (String) The SHA of the pipeline. +- `status` (String) The status of pipelines, one of: created, waiting_for_resource, preparing, pending, running, success, failed, canceled, skipped, manual, scheduled. + + + +### Nested Schema for `owner` + +Read-Only: + +- `avatar_url` (String) Image URL for the user's avatar. +- `id` (Number) The user ID. +- `name` (String) Name. +- `state` (String) User's state, one of: active, blocked. +- `username` (String) Username. +- `web_url` (String) URL to the user's profile. + + + +### Nested Schema for `variables` + +Read-Only: + +- `key` (String) The key of a variable. +- `value` (String) The value of a variable. +- `variable_type` (String) The type of a variable, one of: env_var and file. diff --git a/docs/data-sources/pipeline_schedules.md b/docs/data-sources/pipeline_schedules.md new file mode 100644 index 000000000..96457f0f9 --- /dev/null +++ b/docs/data-sources/pipeline_schedules.md @@ -0,0 +1,68 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "gitlab_pipeline_schedules Data Source - terraform-provider-gitlab" +subcategory: "" +description: |- + The gitlab_pipeline_schedule data source retrieves information about a gitlab pipeline schedule for a project. + Upstream API: GitLab REST API docs https://docs.gitlab.com/ee/api/pipeline_schedules.html +--- + +# gitlab_pipeline_schedules (Data Source) + +The `gitlab_pipeline_schedule` data source retrieves information about a gitlab pipeline schedule for a project. + +**Upstream API**: [GitLab REST API docs](https://docs.gitlab.com/ee/api/pipeline_schedules.html) + +## Example Usage + +```terraform +data "gitlab_pipeline_schedules" "example" { + project = "12345" +} +``` + + +## Schema + +### Required + +- `project` (String) The name or id of the project to add the schedule to. + +### Read-Only + +- `id` (String) The ID of this Terraform resource. +- `pipeline_schedules` (Attributes List) The list of pipeline schedules. (see [below for nested schema](#nestedatt--pipeline_schedules)) + + +### Nested Schema for `pipeline_schedules` + +Required: + +- `id` (String) The pipeline schedule id. + +Optional: + +- `cron_timezone` (String) The timezone. + +Read-Only: + +- `active` (Boolean) The activation status of pipeline schedule. +- `created_at` (String) The datetime of when the schedule was created. +- `cron` (String) The cron (e.g. `0 1 * * *`). +- `description` (String) The description of the pipeline schedule. +- `next_run_at` (String) The datetime of when the schedule will next run. +- `owner` (Attributes) The details of the pipeline schedule owner. (see [below for nested schema](#nestedatt--pipeline_schedules--owner)) +- `ref` (String) The branch/tag name to be triggered. This will be the full branch reference, for example: `refs/heads/main`, not `main`. +- `updated_at` (String) The datetime of when the schedule was last updated. + + +### Nested Schema for `pipeline_schedules.owner` + +Read-Only: + +- `avatar_url` (String) Image URL for the user's avatar. +- `id` (Number) The user ID. +- `name` (String) Name. +- `state` (String) User's state, one of: active, blocked. +- `username` (String) Username. +- `web_url` (String) URL to the user's profile. diff --git a/docs/data-sources/project.md b/docs/data-sources/project.md index 8cafc9d5c..938d0cda9 100644 --- a/docs/data-sources/project.md +++ b/docs/data-sources/project.md @@ -133,6 +133,7 @@ Read-Only: - `max_file_size` (Number) - `member_check` (Boolean) - `prevent_secrets` (Boolean) +- `reject_non_dco_commits` (Boolean) - `reject_unsigned_commits` (Boolean) diff --git a/docs/data-sources/project_protected_tag.md b/docs/data-sources/project_protected_tag.md new file mode 100644 index 000000000..7abd1de6d --- /dev/null +++ b/docs/data-sources/project_protected_tag.md @@ -0,0 +1,55 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "gitlab_project_protected_tag Data Source - terraform-provider-gitlab" +subcategory: "" +description: |- + The gitlab_project_protected_tag data source allows details of a protected tag to be retrieved by its name and the project it belongs to. + Upstream API: GitLab REST API docs https://docs.gitlab.com/ee/api/protected_tags.html#get-a-single-protected-tag-or-wildcard-protected-tag +--- + +# gitlab_project_protected_tag (Data Source) + +The `gitlab_project_protected_tag` data source allows details of a protected tag to be retrieved by its name and the project it belongs to. + +**Upstream API**: [GitLab REST API docs](https://docs.gitlab.com/ee/api/protected_tags.html#get-a-single-protected-tag-or-wildcard-protected-tag) + +## Example Usage + +```terraform +data "gitlab_project_protected_tag" "example" { + project = 42 + tag = "v1.0" +} + +data "gitlab_project_protected_tag" "example" { + project = "foo/bar/baz" + tag = "2.0" +} +``` + + +## Schema + +### Required + +- `project` (String) The integer or path with namespace that uniquely identifies the project. +- `tag` (String) The name of the protected tag. + +### Read-Only + +- `create_access_levels` (Attributes List) Array of access levels/user(s)/group(s) allowed to create protected tags. (see [below for nested schema](#nestedatt--create_access_levels)) +- `id` (String) The ID of this resource. In the format of ``. + + +### Nested Schema for `create_access_levels` + +Optional: + +- `group_id` (Number) The ID of a GitLab group allowed to perform the relevant action. +- `user_id` (Number) The ID of a GitLab user allowed to perform the relevant action. + +Read-Only: + +- `access_level` (String) Access level allowed to create protected tags. +- `access_level_description` (String) Readable description of access level. +- `id` (Number) The ID of the create access level. diff --git a/docs/data-sources/project_protected_tags.md b/docs/data-sources/project_protected_tags.md new file mode 100644 index 000000000..c0feece7d --- /dev/null +++ b/docs/data-sources/project_protected_tags.md @@ -0,0 +1,60 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "gitlab_project_protected_tags Data Source - terraform-provider-gitlab" +subcategory: "" +description: |- + The gitlab_project_protected_tags data source allows details of the protected tags of a given project. + Upstream API: GitLab REST API docs https://docs.gitlab.com/ee/api/protected_tags.html#list-protected-tags +--- + +# gitlab_project_protected_tags (Data Source) + +The `gitlab_project_protected_tags` data source allows details of the protected tags of a given project. + +**Upstream API**: [GitLab REST API docs](https://docs.gitlab.com/ee/api/protected_tags.html#list-protected-tags) + +## Example Usage + +```terraform +data "gitlab_project_protected_tags" "example" { + project = 42 +} + +data "gitlab_project_protected_tags" "example" { + project = "foo/bar/baz" +} +``` + + +## Schema + +### Required + +- `project` (String) The integer or path with namespace that uniquely identifies the project. + +### Read-Only + +- `id` (String) The ID of this resource. +- `protected_tags` (Attributes List) A list of protected tags, as defined below. (see [below for nested schema](#nestedatt--protected_tags)) + + +### Nested Schema for `protected_tags` + +Read-Only: + +- `create_access_levels` (Attributes List) Array of access levels/user(s)/group(s) allowed to create protected tags. (see [below for nested schema](#nestedatt--protected_tags--create_access_levels)) +- `tag` (String) The name of the protected tag. + + +### Nested Schema for `protected_tags.create_access_levels` + +Optional: + +- `group_id` (Number) The ID of a GitLab group allowed to perform the relevant action. +- `user_id` (Number) The ID of a GitLab user allowed to perform the relevant action. + +Read-Only: + +- `access_level` (String) Access level allowed to create protected tags. +- `access_level_description` (String) Readable description of access level. +- `id` (Number) The ID of the create access level. diff --git a/docs/guides/use-case-tech-lead-bootstrapping-small-team.md b/docs/guides/use-case-tech-lead-bootstrapping-small-team.md new file mode 100644 index 000000000..3d8d6e83c --- /dev/null +++ b/docs/guides/use-case-tech-lead-bootstrapping-small-team.md @@ -0,0 +1,214 @@ +--- +page_title: "A Tech Lead Bootstrapping a Small Team" +subcategory: "Use Cases" +--- + +Imagine you are a tech lead responsible for a small team, and you want to get +your team bootstrapped with their own group, a wiki, and a couple of projects: +one to hold the full-stack application that you've been working on, and another +for a user facing documentation website. You want to make sure that code quality +is verified by yourself and at least one additional team member. You also want +to set up your own GitLab CI/CD runner to run your automation jobs for your +full-stack mono-repo as well as your documentation website. + +You've done some research and learned that IaC (Infrastructure as Code) is all +the rage. You also know that OpenTofu and Terraform are a great technologies for +cloud resources. In addition, you know that GitLab, your SDLC tool of choice, +has its own Terraform provider that will enable you to realize all of your IaC +dreams! You still have a problem though: how in the world can you take advantage +of this? + +Have no fear! This guide will walk you through the process of starting from a +fresh installation of OpenTofu or Terraform and building out your infrastructure +as code solution. + +# Configure GitLab provider + +Create a new directory on your computer to store your IaC code. From that +directory, create a file named `main.tf`, and add the following lines: + +```terraform +terraform { + required_providers { + gitlab = { + source = "gitlabhq/gitlab" + } + } +} + +variable "admin_token" { + description = "Owner/Maintainer PAT token with the api scope applied." + type = string +} + +provider "gitlab" { + token = var.admin_token + base_url = "https://gitlab.com" # change this if you are on a self-hosted GitLab instance. +} +``` + +The `terraform` block tells OpenTofu or Terraform where to download the provider +for all GitLab resources. + +The `provider` block configures the provider to use an externally provided +personal access token to authenticate with GitLab when performing any +configuration. + +# Create a group and projects + +Next, let's create a GitLab group for your team's code and wiki. Groups allow +you to supply a multi-level hierarchy to your code assets. A root, or top-level +group, is typically provided by an organization so they have policy-level +controls over all sub-groups and projects. It's a best practice to limit the +number of top-level groups, and to subdivide your groups into team or functional +areas. To facilitate this, create a group for the team by adding these lines to +your `main.tf` file, modifying it to fit your needs: + +```terraform +resource "gitlab_group" "my_team" { + parent_id = 1337 # change to your top-level group ID number + name = "Awesome Team" # friendly group name + path = "awesome-team" # path that will be a part of clone URIs + description = "The Awesome Team provides awesome tech that makes our company shine!" + wiki_access_level = "private" # make the Wiki only viewable by group members +} +``` + +Now that we have a group, we can add some team members to it. GitLab provides +access levels that you can apply to team members to give them different +permissions. As the team lead, we'll give you _maintainer_ access. For your team +members, we'll give them _developer_ access. Because it's a pain to figure out +the internal ID of each team member, we'll take advantage of a data source to +supply user handles, instead of using ID numbers. + +Add this code to the bottom of your `main.tf`, modifying it to fit your needs: + +```terraform +data "gitlab_user" "team_lead" { + username = "Delaney" +} + +data "gitlab_user" "team_members" { + for_each = toset(["Sasha", "Priyanka", "Simone"]) + username = each.value +} + +resource "gitlab_group_membership" "team_lead" { + group_id = gitlab_group.my_team.id + access_level = "maintainer" + user_id = data.gitlab_user.team_lead.id +} + +resource "gitlab_group_membership" "team_members" { + for_each = data.gitlab_user.team_members + group_id = gitlab_group.my_team.id + access_level = "developer" + user_id = each.value.id +} +``` + +Because of how membership rights work in GitLab, any projects we create under +this group will give these users the level of access defined at the group level. +So let's create one project for your full-stack app, and another for user-facing +documentation. + +Add this code to the bottom of your `main.tf`, modifying it to fit your needs: + +```terraform +resource "gitlab_project" "app" { + namespace_id = gitlab_group.my_team.id + name = "Fullstack App" + path = "app" + description = "Our fullstack app which will deliver value fast!" + wiki_enabled = false +} + +resource "gitlab_project" "docs" { + namespace_id = gitlab_group.my_team.id + name = "Documentation" + path = "docs" + description = "User facing documentation website." + wiki_enabled = false +} +``` + +Now, let's add some approval rules. These force any MRs created in these +projects to be approved by you (the tech lead) and at least one other team +member before they can be merged. You must have at least GitLab Premium for your +top-level group to complete this step. If you don't have GitLab Premium, you can +skip ahead. + +Add this code to the bottom of your `main.tf`, modifying it to fit your needs: + +```terraform +resource "gitlab_project_approval_rule" "team_app_maintainers" { + project = gitlab_project.app.id + name = "maintainers" + approvals_required = 1 + user_ids = [data.gitlab_user.team_lead.id] +} + +resource "gitlab_project_approval_rule" "team_app_members" { + project = gitlab_project.app.id + name = "members" + approvals_required = 1 + user_ids = [for user in data.gitlab_user.team_members : user.id] +} + +resource "gitlab_project_approval_rule" "team_docs_maintainers" { + project = gitlab_project.docs.id + name = "maintainers" + approvals_required = 1 + user_ids = [data.gitlab_user.team_lead.id] +} + +resource "gitlab_project_approval_rule" "team_docs_members" { + project = gitlab_project.docs.id + name = "members" + approvals_required = 1 + user_ids = [for user in data.gitlab_user.team_members : user.id] +} +``` + +# Configure CI/CD runner + +With this in place, we have one item left. You want to be able to automatically +run tests, build your product, package it and ship it to customers. For that, +you need a GitLab runner! With the current runner registration workflow, you +must create a runner instance on your GitLab group or project in order to +configure basic settings, and to get a registration token that you can use with +your deployed runners. We are going to create a group runner so that it can be +shared with your full-stack application and user documentation projects. + +Add this code to the bottom of your `main.tf`, modifying it to fit your needs: + +```terraform +resource "gitlab_user_runner" "linux" { + group_id = gitlab_group.my_team.id + description = "Team Linux Job Runner" + runner_type = "group_type" + untagged = true # you can use `tag_list` instead if you want user's to opt-in to using this runner. +} + +output "registration_token" { + description = "Registration token to to use with your runner installation." + value = gitlab_user_runner.linux.token + sensitive = true +} +``` + +With all of this configuration in place, you should be ready to rock. You can +use the following commands to initialize your OpenTofu or Terraform root module, +review the changes, apply them, and then retrieve the registration token for +your runner installation: + +```shell +tofu init +tofu plan -out plan.out +tofu apply plan.out +tofu output registration_token +``` + +Note that this example uses OpenTofu's `tofu` command, but you can easily switch +it out with `terraform` instead. Terraform and OpenTofu are backwards and +forwards compatible. diff --git a/docs/guides/version-15.7-upgrade.md b/docs/guides/version-15.7-upgrade.md index dd6a0fa84..f7e1f2679 100644 --- a/docs/guides/version-15.7-upgrade.md +++ b/docs/guides/version-15.7-upgrade.md @@ -1,5 +1,6 @@ --- page_title: "Terraform GitLab Provider Version 15.7 Upgrade Guide" +subcategory: "Upgrade Guides" --- # Upgrade to Terraform GitLab Provider Version 15.7 diff --git a/docs/guides/version-16.0-upgrade.md b/docs/guides/version-16.0-upgrade.md index 804dbc369..b43526148 100644 --- a/docs/guides/version-16.0-upgrade.md +++ b/docs/guides/version-16.0-upgrade.md @@ -1,5 +1,6 @@ --- page_title: "Terraform GitLab Provider Version 16.0 Upgrade Guide" +subcategory: "Upgrade Guides" --- # Upgrade to Terraform GitLab Provider Version 16.0 diff --git a/docs/index.md b/docs/index.md index 5fa735f28..4709c4ae6 100644 --- a/docs/index.md +++ b/docs/index.md @@ -82,4 +82,5 @@ resource "gitlab_project" "sample_group_project" { - `client_key` (String) File path to client key when GitLab instance is behind company proxy. File must contain PEM encoded data. Required when `client_cert` is set. - `early_auth_check` (Boolean) (Experimental) By default the provider does a dummy request to get the current user in order to verify that the provider configuration is correct and the GitLab API is reachable. Set this to `false` to skip this check. This may be useful if the GitLab instance does not yet exist and is created within the same terraform module. It may be sourced from the `GITLAB_EARLY_AUTH_CHECK`. This is an experimental feature and may change in the future. Please make sure to always keep backups of your state. - `insecure` (Boolean) When set to true this disables SSL verification of the connection to the GitLab instance. +- `retries` (Number) The number of retries to execute when receiving a 429 Rate Limit error. Each retry will exponentially back off. - `token` (String, Sensitive) The OAuth2 Token, Project, Group, Personal Access Token or CI Job Token used to connect to GitLab. The OAuth method is used in this provider for authentication (using Bearer authorization token). See https://docs.gitlab.com/ee/api/#authentication for details. It may be sourced from the `GITLAB_TOKEN` environment variable. diff --git a/docs/resources/application_settings.md b/docs/resources/application_settings.md index 7f18d75c1..3ba7aa9e5 100644 --- a/docs/resources/application_settings.md +++ b/docs/resources/application_settings.md @@ -57,21 +57,34 @@ resource "gitlab_application_settings" "this" { - `after_sign_up_text` (String) Text shown to the user after signing up. - `akismet_api_key` (String, Sensitive) API key for Akismet spam protection. - `akismet_enabled` (Boolean) (If enabled, requires: akismet_api_key) Enable or disable Akismet spam protection. +- `allow_account_deletion` (Boolean) Set to true to allow users to delete their accounts. Premium and Ultimate only. - `allow_group_owners_to_manage_ldap` (Boolean) Set to true to allow group owners to manage LDAP. - `allow_local_requests_from_system_hooks` (Boolean) Allow requests to the local network from system hooks. - `allow_local_requests_from_web_hooks_and_services` (Boolean) Allow requests to the local network from web hooks and services. +- `allow_project_creation_for_guest_and_below` (Boolean) Indicates whether users assigned up to the Guest role can create groups and personal projects. +- `allow_runner_registration_token` (Boolean) Allow using a registration token to create a runner. - `archive_builds_in_human_readable` (String) Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years. +- `asciidoc_max_includes` (Number) Maximum limit of AsciiDoc include directives being processed in any one document. Maximum: 64. - `asset_proxy_allowlist` (List of String) Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes. - `asset_proxy_enabled` (Boolean) (If enabled, requires: asset_proxy_url) Enable proxying of assets. GitLab restart is required to apply changes. - `asset_proxy_secret_key` (String, Sensitive) Shared secret with the asset proxy server. GitLab restart is required to apply changes. - `asset_proxy_url` (String) URL of the asset proxy server. GitLab restart is required to apply changes. - `authorized_keys_enabled` (Boolean) By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand. +- `auto_ban_user_on_excessive_projects_download` (Boolean) When enabled, users will get automatically banned from the application when they download more than the maximum number of unique projects in the time period specified by max_number_of_repository_downloads and max_number_of_repository_downloads_within_time_period respectively. Introduced in GitLab 15.4. Self-managed, Ultimate only. - `auto_devops_domain` (String) Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages. - `auto_devops_enabled` (Boolean) Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration. - `automatic_purchased_storage_allocation` (Boolean) Enabling this permits automatic allocation of purchased storage in a namespace. +- `bulk_import_concurrent_pipeline_batch_limit` (Number) Maximum simultaneous Direct Transfer batches to process. +- `bulk_import_enabled` (Boolean) Enable migrating GitLab groups by direct transfer. Introduced in GitLab 15.8. +- `bulk_import_max_download_file_size` (Number) Maximum download file size when importing from source GitLab instances by direct transfer. Introduced in GitLab 16.3. - `can_create_group` (Boolean) Indicates whether users can create top-level groups. Introduced in GitLab 15.5. - `check_namespace_plan` (Boolean) Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public. +- `ci_max_includes` (Number) The maximum number of includes per pipeline. +- `ci_max_total_yaml_size_bytes` (Number) The maximum amount of memory, in bytes, that can be allocated for the pipeline configuration, with all included YAML configuration files. - `commit_email_hostname` (String) Custom hostname (for private commit emails). +- `concurrent_bitbucket_import_jobs_limit` (Number) Maximum number of simultaneous import jobs for the Bitbucket Cloud importer. Introduced in GitLab 16.11. +- `concurrent_bitbucket_server_import_jobs_limit` (Number) Maximum number of simultaneous import jobs for the Bitbucket Server importer. Introduced in GitLab 16.11. +- `concurrent_github_import_jobs_limit` (Number) Maximum number of simultaneous import jobs for the GitHub importer. Introduced in GitLab 16.11. - `container_expiration_policies_enable_historic_entries` (Boolean) Enable cleanup policies for all projects. - `container_registry_cleanup_tags_service_max_list_size` (Number) The maximum number of tags that can be deleted in a single execution of cleanup policies. - `container_registry_delete_tags_service_timeout` (Number) The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies. @@ -79,27 +92,39 @@ resource "gitlab_application_settings" "this" { - `container_registry_expiration_policies_worker_capacity` (Number) Number of workers for cleanup policies. - `container_registry_token_expire_delay` (Number) Container Registry token duration in minutes. - `deactivate_dormant_users` (Boolean) Enable automatic deactivation of dormant users. +- `deactivate_dormant_users_period` (Number) Length of time (in days) after which a user is considered dormant. Introduced in GitLab 15.3. +- `decompress_archive_file_timeout` (Number) Default timeout for decompressing archived files, in seconds. Set to 0 to disable timeouts. Introduced in GitLab 16.4. - `default_artifacts_expire_in` (String) Set the default expiration time for each job’s artifacts. - `default_branch_name` (String) Instance-level custom initial branch name (introduced in GitLab 13.2). - `default_branch_protection` (Number) Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2. +- `default_branch_protection_defaults` (Block List, Max: 1) The default_branch_protection_defaults attribute describes the default branch protection defaults. All parameters are optional. (see [below for nested schema](#nestedblock--default_branch_protection_defaults)) - `default_ci_config_path` (String) Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set). - `default_group_visibility` (String) What visibility level new groups receive. Can take private, internal and public as a parameter. +- `default_preferred_language` (String) Default preferred language for users who are not logged in. - `default_project_creation` (Number) Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers). - `default_project_visibility` (String) What visibility level new projects receive. Can take private, internal and public as a parameter. - `default_projects_limit` (Number) Project limit per user. - `default_snippet_visibility` (String) What visibility level new snippets receive. Can take private, internal and public as a parameter. +- `default_syntax_highlighting_theme` (Number) Default syntax highlighting theme for users who are new or not signed in. See IDs of available themes (https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/themes.rb#L16) - `delete_inactive_projects` (Boolean) Enable inactive project deletion feature. Introduced in GitLab 14.10. Became operational in GitLab 15.0 (with feature flag inactive_projects_deletion). +- `delete_unconfirmed_users` (Boolean) Specifies whether users who have not confirmed their email should be deleted. When set to true, unconfirmed users are deleted after unconfirmed_users_delete_after_days days. Introduced in GitLab 16.1. Self-managed, Premium and Ultimate only. - `deletion_adjourned_period` (Number) The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90. +- `diagramsnet_enabled` (Boolean) (If enabled, requires diagramsnet_url) Enable Diagrams.net integration. +- `diagramsnet_url` (String) The Diagrams.net instance URL for integration. - `diff_max_files` (Number) Maximum files in a diff. - `diff_max_lines` (Number) Maximum lines in a diff. - `diff_max_patch_bytes` (Number) Maximum diff patch size, in bytes. +- `disable_admin_oauth_scopes` (Boolean) Stops administrators from connecting their GitLab accounts to non-trusted OAuth 2.0 applications that have the api, read_api, read_repository, write_repository, read_registry, write_registry, or sudo scopes. Introduced in GitLab 15.6. - `disable_feed_token` (Boolean) Disable display of RSS/Atom and calendar feed tokens (introduced in GitLab 13.7). +- `disable_personal_access_tokens` (Boolean) Disable personal access tokens. Introduced in GitLab 15.7. Self-managed, Premium and Ultimate only. There is no method available to enable a personal access token that’s been disabled through the API. This is a known issue. - `disabled_oauth_sign_in_sources` (List of String) Disabled OAuth sign-in sources. - `dns_rebinding_protection_enabled` (Boolean) Enforce DNS rebinding attack protection. - `domain_allowlist` (List of String) Force people to use only corporate emails for sign-up. Null means there is no restriction. - `domain_denylist` (List of String) Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com. - `domain_denylist_enabled` (Boolean) (If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains. +- `downstream_pipeline_trigger_limit_per_project_user_sha` (Number) Maximum downstream pipeline trigger rate. Introduced in GitLab 16.10. - `dsa_key_restriction` (Number) The minimum allowed bit length of an uploaded DSA key. 0 means no restriction. -1 disables DSA keys. +- `duo_features_enabled` (Boolean) Indicates whether GitLab Duo features are enabled for this instance. Introduced in GitLab 16.10. Self-managed, Premium and Ultimate only. - `ecdsa_key_restriction` (Number) The minimum allowed curve size (in bits) of an uploaded ECDSA key. 0 means no restriction. -1 disables ECDSA keys. - `ecdsa_sk_key_restriction` (Number) The minimum allowed curve size (in bits) of an uploaded ECDSA_SK key. 0 means no restriction. -1 disables ECDSA_SK keys. - `ed25519_key_restriction` (Number) The minimum allowed curve size (in bits) of an uploaded ED25519 key. 0 means no restriction. -1 disables ED25519 keys. @@ -300,3 +325,13 @@ resource "gitlab_application_settings" "this" { ### Read-Only - `id` (String) The ID of this resource. + + +### Nested Schema for `default_branch_protection_defaults` + +Optional: + +- `allow_force_push` (Boolean) Allow force push for all users with push access. +- `allowed_to_merge` (List of Number) An array of access levels allowed to merge. Supports Developer (30) or Maintainer (40). +- `allowed_to_push` (List of Number) An array of access levels allowed to push. Supports Developer (30) or Maintainer (40). +- `developer_can_initial_push` (Boolean) Allow developers to initial push. diff --git a/docs/resources/group.md b/docs/resources/group.md index 6793d2327..9febfe131 100644 --- a/docs/resources/group.md +++ b/docs/resources/group.md @@ -45,6 +45,20 @@ resource "gitlab_group" "example-two" { prevent_secrets = true } } + +# Group with custom default branch protection defaults +resource "gitlab_group" "example-three" { + name = "example-three" + path = "example-three" + description = "An example group with default branch protection defaults" + + default_branch_protection_defaults { + allowed_to_push = ["developer"] + allow_force_push = true + allowed_to_merge = ["developer", "maintainer"] + developer_can_initial_push = true + } +} ``` @@ -60,7 +74,8 @@ resource "gitlab_group" "example-two" { - `auto_devops_enabled` (Boolean) Default to Auto DevOps pipeline for all projects within this group. - `avatar` (String) A local path to the avatar image to upload. **Note**: not available for imported resources. - `avatar_hash` (String) The hash of the avatar image. Use `filesha256("path/to/avatar.png")` whenever possible. **Note**: this is used to trigger an update of the avatar. If it's not given, but an avatar is given, the avatar will be updated each time. -- `default_branch_protection` (Number) See https://docs.gitlab.com/ee/api/groups.html#options-for-default_branch_protection. Valid values are: `0`, `1`, `2`, `3`, `4`. +- `default_branch_protection` (Number, Deprecated) See https://docs.gitlab.com/ee/api/groups.html#options-for-default_branch_protection. Valid values are: `0`, `1`, `2`, `3`, `4`. +- `default_branch_protection_defaults` (Block List, Max: 1) The default branch protection defaults (see [below for nested schema](#nestedblock--default_branch_protection_defaults)) - `description` (String) The group's description. - `emails_enabled` (Boolean) Enable email notifications. - `extra_shared_runners_minutes_limit` (Number) Can be set by administrators only. Additional CI/CD minutes for this group. @@ -92,6 +107,17 @@ resource "gitlab_group" "example-two" { - `runners_token` (String, Sensitive) The group level registration token to use during runner setup. - `web_url` (String) Web URL of the group. + +### Nested Schema for `default_branch_protection_defaults` + +Optional: + +- `allow_force_push` (Boolean) Allow force push for all users with push access. +- `allowed_to_merge` (List of String) An array of access levels allowed to merge. Valid values are: `developer`, `maintainer`. +- `allowed_to_push` (List of String) An array of access levels allowed to push. Valid values are: `developer`, `maintainer`. +- `developer_can_initial_push` (Boolean) Allow developers to initial push. + + ### Nested Schema for `push_rules` @@ -108,6 +134,7 @@ Optional: - `max_file_size` (Number) Maximum file size (MB) allowed. - `member_check` (Boolean) Allows only GitLab users to author commits. - `prevent_secrets` (Boolean) GitLab will reject any files that are likely to contain secrets. +- `reject_non_dco_commits` (Boolean) Reject commit when it’s not DCO certified. - `reject_unsigned_commits` (Boolean) Only commits signed through GPG are allowed. **Note** This attribute is only supported in GitLab versions >= 16.4. ## Import diff --git a/docs/resources/integration_jira.md b/docs/resources/integration_jira.md index 18b5b6025..1aa55baf6 100644 --- a/docs/resources/integration_jira.md +++ b/docs/resources/integration_jira.md @@ -4,14 +4,14 @@ page_title: "gitlab_integration_jira Resource - terraform-provider-gitlab" subcategory: "" description: |- The gitlab_integration_jira resource allows to manage the lifecycle of a project integration with Jira. - Upstream API: GitLab REST API docs https://docs.gitlab.com/ee/api/services.html#jira + Upstream API: GitLab REST API docs https://docs.gitlab.com/ee/api/integrations.html#jira --- # gitlab_integration_jira (Resource) The `gitlab_integration_jira` resource allows to manage the lifecycle of a project integration with Jira. -**Upstream API**: [GitLab REST API docs](https://docs.gitlab.com/ee/api/services.html#jira) +**Upstream API**: [GitLab REST API docs](https://docs.gitlab.com/ee/api/integrations.html#jira) ## Example Usage @@ -35,25 +35,26 @@ resource "gitlab_integration_jira" "jira" { ### Required -- `password` (String, Sensitive) The password of the user created to be used with GitLab/JIRA. +- `password` (String, Sensitive) The Jira API token, password, or personal access token to be used with Jira. When your authentication method is basic (jira_auth_type is 0), use an API token for Jira Cloud or a password for Jira Data Center or Jira Server. When your authentication method is a Jira personal access token (jira_auth_type is 1), use the personal access token. - `project` (String) ID of the project you want to activate integration on. - `url` (String) The URL to the JIRA project which is being linked to this GitLab project. For example, https://jira.example.com. -- `username` (String) The username of the user created to be used with GitLab/JIRA. ### Optional - `api_url` (String) The base URL to the Jira instance API. Web URL value is used if not set. For example, https://jira-api.example.com. - `comment_on_event_enabled` (Boolean) Enable comments inside Jira issues on each GitLab event (commit / merge request) - `commit_events` (Boolean) Enable notifications for commit events -- `issues_events` (Boolean) Enable notifications for issues events. +- `issues_enabled` (Boolean) Enable viewing Jira issues in GitLab. +- `jira_auth_type` (Number) The authentication method to be used with Jira. 0 means Basic Authentication. 1 means Jira personal access token. Defaults to 0. +- `jira_issue_prefix` (String) Prefix to match Jira issue keys. +- `jira_issue_regex` (String) Regular expression to match Jira issue keys. +- `jira_issue_transition_automatic` (Boolean) Enable automatic issue transitions. Takes precedence over jira_issue_transition_id if enabled. Defaults to false. - `jira_issue_transition_id` (String) The ID of a transition that moves issues to a closed state. You can find this number under the JIRA workflow administration (Administration > Issues > Workflows) by selecting View under Operations of the desired workflow of your project. By default, this ID is set to 2. *Note**: importing this field is only supported since GitLab 15.2. -- `job_events` (Boolean) Enable notifications for job events. - `merge_requests_events` (Boolean) Enable notifications for merge request events -- `note_events` (Boolean) Enable notifications for note events. -- `pipeline_events` (Boolean) Enable notifications for pipeline events. - `project_key` (String) The short identifier for your JIRA project, all uppercase, e.g., PROJ. -- `push_events` (Boolean) Enable notifications for push events. -- `tag_push_events` (Boolean) Enable notifications for tag_push events. +- `project_keys` (List of String) Keys of Jira projects. When issues_enabled is true, this setting specifies which Jira projects to view issues from in GitLab. +- `use_inherited_settings` (Boolean) Indicates whether or not to inherit default settings. Defaults to false. +- `username` (String) The email or username to be used with Jira. For Jira Cloud use an email, for Jira Data Center and Jira Server use a username. Required when using Basic authentication (jira_auth_type is 0). ### Read-Only diff --git a/docs/resources/member_role.md b/docs/resources/member_role.md new file mode 100644 index 000000000..2185f7da3 --- /dev/null +++ b/docs/resources/member_role.md @@ -0,0 +1,49 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "gitlab_member_role Resource - terraform-provider-gitlab" +subcategory: "" +description: |- + The gitlab_member_role resource allows to manage the lifecycle of a custom member role. + Custom roles allow an organization to create user roles with the precise privileges and permissions required for that organization’s needs. + -> This resource requires an Ultimate license. + -> Most custom roles are considered billable users that use a seat. Custom roles billing and seat usage https://docs.gitlab.com/ee/user/custom_roles.html#billing-and-seat-usage + -> There can be only 10 custom roles on your instance or namespace. See issue 450929 https://gitlab.com/gitlab-org/gitlab/-/issues/450929 for more details. + Upstream API: GitLab GraphQL API docs https://docs.gitlab.com/ee/api/graphql/reference/#mutationmemberrolecreate +--- + +# gitlab_member_role (Resource) + +The `gitlab_member_role` resource allows to manage the lifecycle of a custom member role. + +Custom roles allow an organization to create user roles with the precise privileges and permissions required for that organization’s needs. + +-> This resource requires an Ultimate license. + +-> Most custom roles are considered billable users that use a seat. [Custom roles billing and seat usage](https://docs.gitlab.com/ee/user/custom_roles.html#billing-and-seat-usage) + +-> There can be only 10 custom roles on your instance or namespace. See [issue 450929](https://gitlab.com/gitlab-org/gitlab/-/issues/450929) for more details. + +**Upstream API**: [GitLab GraphQL API docs](https://docs.gitlab.com/ee/api/graphql/reference/#mutationmemberrolecreate) + + + + +## Schema + +### Required + +- `base_access_level` (String) The base access level for the custom role. Valid values are: `DEVELOPER`, `GUEST`, `MAINTAINER`, `MINIMAL_ACCESS`, `OWNER`, `REPORTER` +- `enabled_permissions` (List of String) All permissions enabled for the custom role. Valid values are: `ADMIN_CICD_VARIABLES`, `ADMIN_COMPLIANCE_FRAMEWORK`, `ADMIN_GROUP_MEMBER`, `ADMIN_INTEGRATIONS`, `ADMIN_MERGE_REQUEST`, `ADMIN_PUSH_RULES`, `ADMIN_RUNNERS`, `ADMIN_TERRAFORM_STATE`, `ADMIN_VULNERABILITY`, `ADMIN_WEB_HOOK`, `ARCHIVE_PROJECT`, `MANAGE_DEPLOY_TOKENS`, `MANAGE_GROUP_ACCESS_TOKENS`, `MANAGE_MERGE_REQUEST_SETTINGS`, `MANAGE_PROJECT_ACCESS_TOKENS`, `MANAGE_SECURITY_POLICY_LINK`, `READ_CODE`, `READ_CRM_CONTACT`, `READ_DEPENDENCY`, `READ_RUNNERS`, `READ_VULNERABILITY`, `REMOVE_GROUP`, `REMOVE_PROJECT` +- `name` (String) Name for the member role. + +### Optional + +- `description` (String) Description for the member role. +- `group_path` (String) Full path of the namespace to create the member role in. **Required for SAAS** **Not allowed for self-managed** + +### Read-Only + +- `created_at` (String) Timestamp of when the member role was created. Only available with GitLab version 17.3 or higher. +- `edit_path` (String) The Web UI path to edit the member role +- `id` (String) Globally unique ID of the member role. In the format of `gid://gitlab/MemberRole/1` +- `iid` (Number) The id integer value extracted from the `id` attribute diff --git a/docs/resources/project.md b/docs/resources/project.md index 34ab2e4d8..90d6fa107 100644 --- a/docs/resources/project.md +++ b/docs/resources/project.md @@ -198,6 +198,7 @@ resource "gitlab_project" "import_private" { - `pages_access_level` (String) Enable pages access control. Valid values are `public`, `private`, `enabled`, `disabled`. - `path` (String) The path of the repository. - `pipelines_enabled` (Boolean, Deprecated) Enable pipelines for the project. The `pipelines_enabled` field is being sent as `jobs_enabled` in the GitLab API calls. +- `pre_receive_secret_detection_enabled` (Boolean) Whether Secret Push Detection is enabled. Requires GitLab Ultimate and at least GitLab 17.3. - `printing_merge_request_link_enabled` (Boolean) Show link to create/view merge request when pushing from the command line - `public_builds` (Boolean, Deprecated) If true, jobs can be viewed by non-project members. - `public_jobs` (Boolean) If true, jobs can be viewed by non-project members. @@ -277,6 +278,7 @@ Optional: - `max_file_size` (Number) Maximum file size (MB). - `member_check` (Boolean) Restrict commits by author (email) to existing GitLab users. - `prevent_secrets` (Boolean) GitLab will reject any files that are likely to contain secrets. +- `reject_non_dco_commits` (Boolean) Reject commit when it’s not DCO certified. - `reject_unsigned_commits` (Boolean) Reject commit when it’s not signed through GPG. diff --git a/docs/resources/project_approval_rule.md b/docs/resources/project_approval_rule.md index 5fdef288b..6a77c4a98 100644 --- a/docs/resources/project_approval_rule.md +++ b/docs/resources/project_approval_rule.md @@ -104,7 +104,8 @@ resource "gitlab_project_approval_rule" "example-four" { - `disable_importing_default_any_approver_rule_on_create` (Boolean) When this flag is set, the default `any_approver` rule will not be imported if present. - `group_ids` (Set of Number) A list of group IDs whose members can approve of the merge request. - `protected_branch_ids` (Set of Number) A list of protected branch IDs (not branch names) for which the rule applies. -- `rule_type` (String) String, defaults to 'regular'. The type of rule. `any_approver` is a pre-configured default rule with `approvals_required` at `0`. Valid values are `regular`, `any_approver`. +- `report_type` (String) Report type is required when the rule_type is `report_approver`. Valid values are `code_coverage`. +- `rule_type` (String) String, defaults to 'regular'. The type of rule. `any_approver` is a pre-configured default rule with `approvals_required` at `0`. Valid values are `regular`, `any_approver`, `report_approver`. - `user_ids` (Set of Number) A list of specific User IDs to add to the list of approvers. ### Read-Only diff --git a/docs/resources/project_push_rules.md b/docs/resources/project_push_rules.md index 55c6d89f2..9b12142d5 100644 --- a/docs/resources/project_push_rules.md +++ b/docs/resources/project_push_rules.md @@ -65,6 +65,7 @@ resource "gitlab_project_push_rules" "sample" { - `max_file_size` (Number) Maximum file size (MB). - `member_check` (Boolean) Restrict commits by author (email) to existing GitLab users. - `prevent_secrets` (Boolean) GitLab will reject any files that are likely to contain secrets. +- `reject_non_dco_commits` (Boolean) Reject commit when it’s not DCO certified. - `reject_unsigned_commits` (Boolean) Reject commit when it’s not signed. ### Read-Only diff --git a/docs/resources/service_jira.md b/docs/resources/service_jira.md index 14a294e9f..4981a0da7 100644 --- a/docs/resources/service_jira.md +++ b/docs/resources/service_jira.md @@ -5,7 +5,7 @@ subcategory: "" description: |- The gitlab_service_jira resource allows to manage the lifecycle of a project integration with Jira. ~> This resource is deprecated. use gitlab_integration_jirainstead! - Upstream API: GitLab REST API docs https://docs.gitlab.com/ee/api/services.html#jira + Upstream API: GitLab REST API docs https://docs.gitlab.com/ee/api/integrations.html#jira --- # gitlab_service_jira (Resource) @@ -14,7 +14,7 @@ The `gitlab_service_jira` resource allows to manage the lifecycle of a project i ~> This resource is deprecated. use `gitlab_integration_jira`instead! -**Upstream API**: [GitLab REST API docs](https://docs.gitlab.com/ee/api/services.html#jira) +**Upstream API**: [GitLab REST API docs](https://docs.gitlab.com/ee/api/integrations.html#jira) ## Example Usage @@ -38,25 +38,26 @@ resource "gitlab_service_jira" "jira" { ### Required -- `password` (String, Sensitive) The password of the user created to be used with GitLab/JIRA. +- `password` (String, Sensitive) The Jira API token, password, or personal access token to be used with Jira. When your authentication method is basic (jira_auth_type is 0), use an API token for Jira Cloud or a password for Jira Data Center or Jira Server. When your authentication method is a Jira personal access token (jira_auth_type is 1), use the personal access token. - `project` (String) ID of the project you want to activate integration on. - `url` (String) The URL to the JIRA project which is being linked to this GitLab project. For example, https://jira.example.com. -- `username` (String) The username of the user created to be used with GitLab/JIRA. ### Optional - `api_url` (String) The base URL to the Jira instance API. Web URL value is used if not set. For example, https://jira-api.example.com. - `comment_on_event_enabled` (Boolean) Enable comments inside Jira issues on each GitLab event (commit / merge request) - `commit_events` (Boolean) Enable notifications for commit events -- `issues_events` (Boolean) Enable notifications for issues events. +- `issues_enabled` (Boolean) Enable viewing Jira issues in GitLab. +- `jira_auth_type` (Number) The authentication method to be used with Jira. 0 means Basic Authentication. 1 means Jira personal access token. Defaults to 0. +- `jira_issue_prefix` (String) Prefix to match Jira issue keys. +- `jira_issue_regex` (String) Regular expression to match Jira issue keys. +- `jira_issue_transition_automatic` (Boolean) Enable automatic issue transitions. Takes precedence over jira_issue_transition_id if enabled. Defaults to false. - `jira_issue_transition_id` (String) The ID of a transition that moves issues to a closed state. You can find this number under the JIRA workflow administration (Administration > Issues > Workflows) by selecting View under Operations of the desired workflow of your project. By default, this ID is set to 2. *Note**: importing this field is only supported since GitLab 15.2. -- `job_events` (Boolean) Enable notifications for job events. - `merge_requests_events` (Boolean) Enable notifications for merge request events -- `note_events` (Boolean) Enable notifications for note events. -- `pipeline_events` (Boolean) Enable notifications for pipeline events. - `project_key` (String) The short identifier for your JIRA project, all uppercase, e.g., PROJ. -- `push_events` (Boolean) Enable notifications for push events. -- `tag_push_events` (Boolean) Enable notifications for tag_push events. +- `project_keys` (List of String) Keys of Jira projects. When issues_enabled is true, this setting specifies which Jira projects to view issues from in GitLab. +- `use_inherited_settings` (Boolean) Indicates whether or not to inherit default settings. Defaults to false. +- `username` (String) The email or username to be used with Jira. For Jira Cloud use an email, for Jira Data Center and Jira Server use a username. Required when using Basic authentication (jira_auth_type is 0). ### Read-Only diff --git a/docs/resources/tag_protection.md b/docs/resources/tag_protection.md index 808f4f39e..54afd40bb 100644 --- a/docs/resources/tag_protection.md +++ b/docs/resources/tag_protection.md @@ -39,30 +39,30 @@ resource "gitlab_tag_protection" "TagProtect" { ### Required -- `create_access_level` (String) Access levels which are allowed to create. Valid values are: `no one`, `developer`, `maintainer`. - `project` (String) The id of the project. - `tag` (String) Name of the tag or wildcard. ### Optional -- `allowed_to_create` (Block Set) User or group which are allowed to create. (see [below for nested schema](#nestedblock--allowed_to_create)) +- `allowed_to_create` (Block Set) Array of access levels/user(s)/group(s) allowed to create protected tags. (see [below for nested schema](#nestedblock--allowed_to_create)) +- `create_access_level` (String) Access levels allowed to create. Default value of `maintainer`. The default value is always sent if not provided in the configuration. Valid values are: `no one`, `developer`, `maintainer`. ### Read-Only -- `id` (String) The ID of this resource. +- `id` (String) The ID of this Terraform resource. In the format of ``. ### Nested Schema for `allowed_to_create` Optional: +- `access_level` (String) Access levels allowed to create protected tags. Valid values are: `no one`, `developer`, `maintainer`. - `group_id` (Number) The ID of a GitLab group allowed to perform the relevant action. Mutually exclusive with `user_id`. - `user_id` (Number) The ID of a GitLab user allowed to perform the relevant action. Mutually exclusive with `group_id`. Read-Only: -- `access_level` (String) Level of access. -- `access_level_description` (String) Readable description of level of access. +- `access_level_description` (String) Readable description of access level. ## Import diff --git a/docs/resources/user.md b/docs/resources/user.md index 0bfff1a00..5762742ac 100644 --- a/docs/resources/user.md +++ b/docs/resources/user.md @@ -47,6 +47,8 @@ resource "gitlab_user" "example" { ### Optional - `can_create_group` (Boolean) Boolean, defaults to false. Whether to allow the user to create groups. +- `extern_uid` (String) String, a specific external authentication provider UID. +- `external_provider` (String) String, the external provider. - `is_admin` (Boolean) Boolean, defaults to false. Whether to enable administrative privileges - `is_external` (Boolean) Boolean, defaults to false. Whether a user has access only to some internal or private projects. External users can only access projects to which they are explicitly granted access. - `namespace_id` (Number) The ID of the user's namespace. Available since GitLab 14.10. diff --git a/docs/resources/user_impersonation_token.md b/docs/resources/user_impersonation_token.md new file mode 100644 index 000000000..3eb00ae97 --- /dev/null +++ b/docs/resources/user_impersonation_token.md @@ -0,0 +1,58 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "gitlab_user_impersonation_token Resource - terraform-provider-gitlab" +subcategory: "" +description: |- + The gitlab_user_impersonation_token resource allows to manage impersonation tokens of users. + Requires administrator access. Token values are returned once. You are only able to create impersonation tokens to impersonate the user and perform both API calls and Git reads and writes. The user can’t see these tokens in their profile settings page. + Upstream API: GitLab REST API docs https://docs.gitlab.com/ee/api/users.html#create-an-impersonation-token +--- + +# gitlab_user_impersonation_token (Resource) + +The `gitlab_user_impersonation_token` resource allows to manage impersonation tokens of users. +Requires administrator access. Token values are returned once. You are only able to create impersonation tokens to impersonate the user and perform both API calls and Git reads and writes. The user can’t see these tokens in their profile settings page. + +**Upstream API**: [GitLab REST API docs](https://docs.gitlab.com/ee/api/users.html#create-an-impersonation-token) + +## Example Usage + +```terraform +resource "gitlab_user_impersonation_token" "this" { + user_id = 12345 + name = "token_name" + scopes = ["api"] + expires_at = "2024-08-27" +} +``` + + +## Schema + +### Required + +- `expires_at` (String) Expiration date of the impersonation token in ISO format (YYYY-MM-DD). +- `name` (String) The name of the impersonation token. +- `scopes` (Set of String) Array of scopes of the impersonation token. valid values are: `api`, `read_user`, `read_api`, `read_repository`, `write_repository`, `read_registry`, `write_registry`, `sudo`, `admin_mode`, `create_runner`, `manage_runner`, `ai_features`, `k8s_proxy`, `read_service_ping` +- `user_id` (Number) The ID of the user. + +### Read-Only + +- `active` (Boolean) True if the token is active. +- `created_at` (String) Time the token has been created, RFC3339 format. +- `id` (String) The ID of this Terraform resource. In the format of `:`. +- `impersonation` (Boolean) True as the token is always an impersonation token. +- `revoked` (Boolean) True if the token is revoked. +- `token` (String, Sensitive) The token of the user impersonation token. **Note**: the token is not available for imported resources. +- `token_id` (Number) ID of the impersonation token. + +## Import + +Import is supported using the following syntax: + +```shell +# A GitLab User Impersonation Token can be imported using a key composed of `:`, e.g. +terraform import gitlab_user_impersonation_token.example "12345:1" + +# NOTE: the `token` resource attribute is not available for imported resources as this information cannot be read from the GitLab API. +```