Update docs for v16.5.0 release

Author: gitlab-terraform-provider-bot

CHANGELOG.md

@@ -1,3 +1,27 @@
+## 16.5.0 (2023-10-22)
+
+This release was tested against GitLab 16.3, 16.4, and 16.5 for both CE and EE
+
+IMPROVEMENTS:
+
+- **New Resource:** `gitlab_group_protected_environment` allows managing group-level protected environments ([!1707](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/1707))
+- resource/gitlab_user_sshkey: Added support for creating an SSH key for the current user by making `user_id` optional ([!1726](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/1726))
+- resource/gitlab_group: Added support for managing the `shared_runners_setting` attribute ([!1710](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/1710))
+- resource/gitlab_project: Added support for creating an empty repository using the `empty_repo` attribute ([!1713](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/1713))
+- resource/gitlab_project: Added support for the `public_jobs` attribute, deprecating the old `public_builds` attribute ([!1700](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/1700))
+- datasource/gitlab_project: Added support for reading the `empty_repo` attribute ([!1713](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/1713))
+- datasource/gitlab_projects: Added support for reading the `empty_repo` attribute ([!1713](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/1713))
+- datasource/gitlab_group: Added support for reading the `shared_runner_setting` attribute ([!1717](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/1717))
+- datasource/gitlab_groups: Added support for reading the `shared_runner_setting` attribute ([!1717](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/1717))
+- datasource/gitlab_group_subgroups: Added support for reading the `shared_runner_setting` attribute ([!1719](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/1719))
+
+BUG FIXES:
+
+- resource/gitlab_group: Removed "default" hints in the documentation, since defaults can be changed by admins in some cases ([!1696](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/1696))
+- resource/gitlab_group_ldap_link: Fixed an issue where changing CN or Filter didn't force a new resource ([!1729](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/1729))
+- resource/gitlab_project: Fixed an issue where the documentation didn't contain valid values for several fields ([!1714](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/1714))
+- resource/gitlab_tag_protection: Fix d an issue where the resource read the wrong `create_access_level` when using `no one` ([!1694](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/1694))
+
 ## 16.4.1 (2023-09-25)
 
 This release was tested against GitLab 16.2, 16.3, and 16.4 for both CE and EE

docs/data-sources/group.md

@@ -51,6 +51,7 @@ data "gitlab_group" "foo" {
 - `request_access_enabled` (Boolean) Boolean, is request for access enabled to the group.
 - `runners_token` (String, Sensitive) The group level registration token to use during runner setup.
 - `shared_runners_minutes_limit` (Number) Can be set by administrators only. Maximum number of monthly CI/CD minutes for this group. Can be nil (default; inherit system default), 0 (unlimited), or > 0.
+- `shared_runners_setting` (String) Enable or disable shared runners for a group’s subgroups and projects. Valid values are: `enabled`, `disabled_and_overridable`, `disabled_and_unoverridable`, `disabled_with_override`.
 - `visibility_level` (String) Visibility level of the group. Possible values are `private`, `internal`, `public`.
 - `web_url` (String) Web URL of the group.
 - `wiki_access_level` (String) The group's wiki access level. Only available on Premium and Ultimate plans. Valid values are `disabled`, `private`, `enabled`.

docs/data-sources/group_subgroups.md

@@ -74,6 +74,7 @@ Read-Only:
 - `request_access_enabled` (Boolean)
 - `require_two_factor_authentication` (Boolean)
 - `share_with_group_lock` (Boolean)
+- `shared_runners_setting` (String)
 - `statistics` (Map of String)
 - `subgroup_creation_level` (String)
 - `two_factor_grace_period` (Number)

docs/data-sources/groups.md

@@ -64,6 +64,7 @@ Read-Only:
 - `prevent_forking_outside_group` (Boolean)
 - `request_access_enabled` (Boolean)
 - `runners_token` (String)
+- `shared_runners_setting` (String)
 - `visibility_level` (String)
 - `web_url` (String)
 - `wiki_access_level` (String)

docs/data-sources/project.md

@@ -55,6 +55,7 @@ data "gitlab_project" "example" {
 - `default_branch` (String) The default branch for the project.
 - `description` (String) A description of the project.
 - `emails_disabled` (Boolean) Disable email notifications.
+- `empty_repo` (Boolean) Whether the project is empty.
 - `environments_access_level` (String) Set the environments access level. Valid values are `disabled`, `private`, `enabled`.
 - `external_authorization_classification_label` (String) The classification label for the project.
 - `feature_flags_access_level` (String) Set the feature flags access level. Valid values are `disabled`, `private`, `enabled`.

docs/data-sources/projects.md

@@ -105,6 +105,7 @@ Read-Only:
 - `default_branch` (String)
 - `description` (String)
 - `emails_disabled` (Boolean)
+- `empty_repo` (Boolean)
 - `environments_access_level` (String)
 - `external_authorization_classification_label` (String)
 - `feature_flags_access_level` (String)

docs/resources/group.md

@@ -38,32 +38,33 @@ resource "gitlab_project" "example" {
 
 ### Required
 
-- `name` (String) The name of this group.
+- `name` (String) The name of the group.
 - `path` (String) The path of the group.
 
 ### Optional
 
-- `auto_devops_enabled` (Boolean) Defaults to false. Default to Auto DevOps pipeline for all projects within this group.
+- `auto_devops_enabled` (Boolean) Default to Auto DevOps pipeline for all projects within this group.
 - `avatar` (String) A local path to the avatar image to upload. **Note**: not available for imported resources.
 - `avatar_hash` (String) The hash of the avatar image. Use `filesha256("path/to/avatar.png")` whenever possible. **Note**: this is used to trigger an update of the avatar. If it's not given, but an avatar is given, the avatar will be updated each time.
-- `default_branch_protection` (Number) Defaults to 2. See https://docs.gitlab.com/ee/api/groups.html#options-for-default_branch_protection
-- `description` (String) The description of the group.
-- `emails_disabled` (Boolean) Defaults to false. Disable email notifications.
+- `default_branch_protection` (Number) See https://docs.gitlab.com/ee/api/groups.html#options-for-default_branch_protection. Valid values are: `0`, `1`, `2`, `3`, `4`.
+- `description` (String) The group's description.
+- `emails_disabled` (Boolean) Disable email notifications.
 - `extra_shared_runners_minutes_limit` (Number) Can be set by administrators only. Additional CI/CD minutes for this group.
 - `ip_restriction_ranges` (List of String) A list of IP addresses or subnet masks to restrict group access. Will be concatenated together into a comma separated string. Only allowed on top level groups.
-- `lfs_enabled` (Boolean) Defaults to true. Enable/disable Large File Storage (LFS) for the projects in this group.
+- `lfs_enabled` (Boolean) Enable/disable Large File Storage (LFS) for the projects in this group.
 - `membership_lock` (Boolean) Users cannot be added to projects in this group.
-- `mentions_disabled` (Boolean) Defaults to false. Disable the capability of a group from getting mentioned.
+- `mentions_disabled` (Boolean) Disable the capability of a group from getting mentioned.
 - `parent_id` (Number) Id of the parent group (creates a nested group).
 - `prevent_forking_outside_group` (Boolean) Defaults to false. When enabled, users can not fork projects from this group to external namespaces.
-- `project_creation_level` (String) Defaults to maintainer. Determine if developers can create projects in the group.
-- `request_access_enabled` (Boolean) Defaults to false. Allow users to request member access.
-- `require_two_factor_authentication` (Boolean) Defaults to false. Require all users in this group to setup Two-factor authentication.
-- `share_with_group_lock` (Boolean) Defaults to false. Prevent sharing a project with another group within this group.
+- `project_creation_level` (String) Determine if developers can create projects in the group. Valid values are: `noone`, `maintainer`, `developer`
+- `request_access_enabled` (Boolean) Allow users to request member access.
+- `require_two_factor_authentication` (Boolean) Require all users in this group to setup Two-factor authentication.
+- `share_with_group_lock` (Boolean) Prevent sharing a project with another group within this group.
 - `shared_runners_minutes_limit` (Number) Can be set by administrators only. Maximum number of monthly CI/CD minutes for this group. Can be nil (default; inherit system default), 0 (unlimited), or > 0.
-- `subgroup_creation_level` (String) Defaults to owner. Allowed to create subgroups.
+- `shared_runners_setting` (String) Enable or disable shared runners for a group’s subgroups and projects. Valid values are: `enabled`, `disabled_and_overridable`, `disabled_and_unoverridable`, `disabled_with_override`.
+- `subgroup_creation_level` (String) Allowed to create subgroups. Valid values are: `owner`, `maintainer`.
 - `two_factor_grace_period` (Number) Defaults to 48. Time before Two-factor authentication is enforced (in hours).
-- `visibility_level` (String) The group's visibility. Can be `private`, `internal`, or `public`.
+- `visibility_level` (String) The group's visibility. Can be `private`, `internal`, or `public`. Valid values are: `private`, `internal`, `public`.
 - `wiki_access_level` (String) The group's wiki access level. Only available on Premium and Ultimate plans. Valid values are `disabled`, `private`, `enabled`.
 
 ### Read-Only

docs/resources/group_protected_environment.md

@@ -0,0 +1,184 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "gitlab_group_protected_environment Resource - terraform-provider-gitlab"
+subcategory: ""
+description: |-
+  The gitlab_group_protected_environment resource allows to manage the lifecycle of a protected environment in a group.
+  ~> In order to use a userid in the deploy_access_levels configuration,
+     you need to make sure that users have access to the group with Maintainer role or higher.
+     In order to use a groupid in the deploy_access_levels configuration,
+     the group_id must be a sub-group under the given group.
+  Upstream API: GitLab REST API docs https://docs.gitlab.com/ee/api/group_protected_environments.html
+---
+
+# gitlab_group_protected_environment (Resource)
+
+The `gitlab_group_protected_environment` resource allows to manage the lifecycle of a protected environment in a group.
+
+~> In order to use a user_id in the `deploy_access_levels` configuration,
+   you need to make sure that users have access to the group with Maintainer role or higher.
+   In order to use a group_id in the `deploy_access_levels` configuration,
+   the group_id must be a sub-group under the given group.
+
+**Upstream API**: [GitLab REST API docs](https://docs.gitlab.com/ee/api/group_protected_environments.html)
+
+## Example Usage
+
+```terraform
+# Example with deployment access level
+resource "gitlab_group_protected_environment" "example_with_access_level" {
+  group                   = 12345
+  required_approval_count = 1
+  environment             = "production"
+
+  deploy_access_levels = [
+    {
+      access_level = "developer"
+    }
+  ]
+}
+
+# Example with group-based deployment level
+resource "gitlab_group_protected_environment" "example_with_group" {
+  group       = 12345
+  environment = "staging"
+
+  deploy_access_levels = [
+    {
+      group_id = 456
+    }
+  ]
+}
+
+# Example with user-based deployment level
+resource "gitlab_group_protected_environment" "example_with_user" {
+  group       = 12345
+  environment = "other"
+
+  deploy_access_levels = [
+    {
+      user_id = 789
+    }
+  ]
+}
+
+# Example with multiple deployment access levels
+resource "gitlab_group_protected_environment" "example_with_multiple" {
+  group                   = 12345
+  required_approval_count = 2
+  environment             = "development"
+
+  deploy_access_levels = [
+    {
+      access_level = "developer"
+    },
+    {
+      group_id = 456
+    },
+    {
+      user_id = 789
+    }
+  ]
+}
+
+# Example with access-level based approval rules
+resource "gitlab_group_protected_environment" "example_with_multiple" {
+  group                   = 12345
+  required_approval_count = 2
+  environment             = "testing"
+
+  deploy_access_levels = [
+    {
+      access_level = "developer"
+    }
+  ]
+
+  approval_rules = [
+    {
+      access_level = "developer"
+    }
+  ]
+}
+
+# Example with multiple approval rules, using access level, user, and group
+resource "gitlab_group_protected_environment" "example_with_multiple" {
+  group                   = 12345
+  required_approval_count = 2
+  environment             = "production"
+
+  deploy_access_levels = [
+    {
+      access_level = "developer"
+    }
+  ]
+
+  approval_rules = [
+    {
+      user_id = 789
+    },
+    {
+      access_level = "developer"
+    },
+    {
+      group_id = 456
+    }
+  ]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `deploy_access_levels` (Attributes Set) Array of access levels allowed to deploy, with each described by a hash. (see [below for nested schema](#nestedatt--deploy_access_levels))
+- `environment` (String) The deployment tier of the environment.  Valid values are `production`, `staging`, `testing`, `development`, `other`.
+- `group` (String) The ID or full path of the group which the protected environment is created against.
+
+### Optional
+
+- `approval_rules` (Attributes Set) Array of approval rules to deploy, with each described by a hash. (see [below for nested schema](#nestedatt--approval_rules))
+- `required_approval_count` (Number) The number of approvals required to deploy to this environment.
+
+### Read-Only
+
+- `id` (String) The ID of this Terraform resource. In the format of `<group>:<environment-name>`.
+
+<a id="nestedatt--deploy_access_levels"></a>
+### Nested Schema for `deploy_access_levels`
+
+Optional:
+
+- `access_level` (String) Levels of access required to deploy to this protected environment. Valid values are `developer`, `maintainer`.
+- `group_id` (Number) The ID of the group allowed to deploy to this protected environment. The group must be a sub-group under the given group.
+- `user_id` (Number) The ID of the user allowed to deploy to this protected environment. The user must be a member of the group with Maintainer role or higher.
+
+Read-Only:
+
+- `access_level_description` (String) Readable description of level of access.
+- `id` (Number) The unique ID of the Deploy Access Level object.
+
+
+<a id="nestedatt--approval_rules"></a>
+### Nested Schema for `approval_rules`
+
+Optional:
+
+- `access_level` (String) Levels of access allowed to approve a deployment to this protected environment. Valid values are `developer`, `maintainer`.
+- `group_id` (Number) The ID of the group allowed to approve a deployment to this protected environment. TThe group must be a sub-group under the given group. This is mutually exclusive with user_id.
+- `required_approvals` (Number) The number of approval required to allow deployment to this protected environment. This is mutually exclusive with user_id.
+- `user_id` (Number) The ID of the user allowed to approve a deployment to this protected environment. The user must be a member of the group with Maintainer role or higher. This is mutually exclusive with group_id and required_approvals.
+
+Read-Only:
+
+- `access_level_description` (String) Readable description of level of access.
+- `id` (Number) The unique ID of the Approval Rules object.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+# GitLab group protected environments can be imported using an id made up of `groupId:environmentName`, e.g.
+terraform import gitlab_group_protected_environment.bar 123:production
+```

docs/resources/project.md

@@ -147,7 +147,7 @@ resource "gitlab_project" "import_private" {
 - `avatar` (String) A local path to the avatar image to upload. **Note**: not available for imported resources.
 - `avatar_hash` (String) The hash of the avatar image. Use `filesha256("path/to/avatar.png")` whenever possible. **Note**: this is used to trigger an update of the avatar. If it's not given, but an avatar is given, the avatar will be updated each time.
 - `build_coverage_regex` (String, Deprecated) Test coverage parsing for the project. This is deprecated feature in GitLab 15.0.
-- `build_git_strategy` (String) The Git strategy. Defaults to fetch.
+- `build_git_strategy` (String) The Git strategy. Defaults to fetch. Valid values are `clone`, `fetch`.
 - `build_timeout` (Number) The maximum amount of time, in seconds, that a job can run.
 - `builds_access_level` (String) Set the builds access level. Valid values are `disabled`, `private`, `enabled`.
 - `ci_config_path` (String) Custom Path to CI config file.
@@ -193,11 +193,12 @@ resource "gitlab_project" "import_private" {
 - `only_allow_merge_if_pipeline_succeeds` (Boolean) Set to true if you want allow merges only if a pipeline succeeds.
 - `only_mirror_protected_branches` (Boolean) Enable only mirror protected branches for a mirrored project.
 - `packages_enabled` (Boolean) Enable packages repository for the project.
-- `pages_access_level` (String) Enable pages access control
+- `pages_access_level` (String) Enable pages access control. Valid values are `public`, `private`, `enabled`, `disabled`.
 - `path` (String) The path of the repository.
 - `pipelines_enabled` (Boolean, Deprecated) Enable pipelines for the project. The `pipelines_enabled` field is being sent as `jobs_enabled` in the GitLab API calls.
 - `printing_merge_request_link_enabled` (Boolean) Show link to create/view merge request when pushing from the command line
-- `public_builds` (Boolean) If true, jobs can be viewed by non-project members.
+- `public_builds` (Boolean, Deprecated) If true, jobs can be viewed by non-project members.
+- `public_jobs` (Boolean) If true, jobs can be viewed by non-project members.
 - `push_rules` (Block List, Max: 1) Push rules for the project. (see [below for nested schema](#nestedblock--push_rules))
 - `releases_access_level` (String) Set the releases access level. Valid values are `disabled`, `private`, `enabled`.
 - `remove_source_branch_after_merge` (Boolean) Enable `Delete source branch` option by default for all new merge requests.
@@ -224,13 +225,14 @@ This attribute is only used during resource creation, thus changes are suppresse
 - `topics` (Set of String) The list of topics for the project.
 - `use_custom_template` (Boolean) Use either custom instance or group (with group_with_project_templates_id) project template (enterprise edition).
 		~> When using a custom template, [Group Tokens won't work](https://docs.gitlab.com/15.7/ee/user/project/settings/import_export_troubleshooting.html#import-using-the-rest-api-fails-when-using-a-group-access-token). You must use a real user's Personal Access Token.
-- `visibility_level` (String) Set to `public` to create a public project.
+- `visibility_level` (String) Set to `public` to create a public project. Valid values are `private`, `internal`, `public`.
 - `wiki_access_level` (String) Set the wiki access level. Valid values are `disabled`, `private`, `enabled`.
 - `wiki_enabled` (Boolean) Enable wiki for the project.
 
 ### Read-Only
 
 - `avatar_url` (String) The URL of the avatar image.
+- `empty_repo` (Boolean) Whether the project is empty.
 - `http_url_to_repo` (String) URL that can be provided to `git clone` to clone the
 - `id` (String) The ID of this resource.
 - `path_with_namespace` (String) The path of the repository with namespace.