Update docs for v17.3.0 release

gitlab-terraform-provider-bot · gitlab-terraform-provider-bot · commit 42c0648f72d8 · 2024-08-15T18:52:58.000Z
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,4 +1,26 @@
 
+## 17.3.0 (2024-08-15)
+
+This release was tested against GitLab 17.3, 17.2, and 17.1 for both CE and EE
+
+### IMPROVEMENTS (8 changes)
+
+- **New Resource** resource/gitlab_group_security_policy_attachment: [Add new resource for association security policy projects to a group](gitlab-org/terraform-provider-gitlab@fa00e1ec7636dc47b9b4292d164825bf39af0cef) by @PatrickRice ([merge request](gitlab-org/terraform-provider-gitlab!2048))
+- **New Datasource** resource/gitlab_group_ids: [Add new datasource retrieving group ID, Full Path, or GraphQL ID based on group ID or Url-encoded path](gitlab-org/terraform-provider-gitlab@e0b0f88070caea6592c1983aa7792a77b27e9b88) by @PatrickRice ([merge request](gitlab-org/terraform-provider-gitlab!2057))
+- **New Datasource** resource/gitlab_project_ids: [Add new datasource retrieving project ID, Full Path, or GraphQL ID based on project ID or Url-encoded path](gitlab-org/terraform-provider-gitlab@e0b0f88070caea6592c1983aa7792a77b27e9b88) by @PatrickRice ([merge request](gitlab-org/terraform-provider-gitlab!2057))
+- resource/gitlab_project_job_token_scopes: [Add support for `target_group_ids`, allowing groups to be used in the allow list](gitlab-org/terraform-provider-gitlab@f4246b814952900a5ddfb509ca2c081d47e820e1) by @chapsuK ([merge request](gitlab-org/terraform-provider-gitlab!2040))
+- resource/gitlab_group: [Add support for `permanently_remove_on_delete`, allowing groups to be permanently deleted on destroy instead of entering a waiting period](gitlab-org/terraform-provider-gitlab@a0374ef9b9ff87cc9f93a1523fc3bd0998ab0c6f) by @PatrickRice ([merge request](gitlab-org/terraform-provider-gitlab!2044))
+- resource/gitlab_application_settings: [Add support for `max_terraform_state_size_bytes`, allowing configuration of terraform state size at an instance level](gitlab-org/terraform-provider-gitlab@d852a3360f034648816969cb3f94e310f6fb74d9) by @christian.affolter ([merge request](gitlab-org/terraform-provider-gitlab!1960))
+- resource/gitlab_project_push_rules: [`gitlab_project_push_rules` will now take over ownership of existing push rules, since a default set is created on project creation](gitlab-org/terraform-provider-gitlab@89e32696080ab4647d49cd077f7ffe0a5675766e) by @mness ([merge request](gitlab-org/terraform-provider-gitlab!2046))
+- resource/gitlab_project_job_token_scopes: [Added support for `project`, allowing the use of the resource by project ID or url-encoded path](gitlab-org/terraform-provider-gitlab@f040983bed1545fe445d41fb56e36f938cee35de) by @heidi.berry ([merge request](gitlab-org/terraform-provider-gitlab!1981))
+
+### BUG FIXES (4 changes)
+
+- resource/gitlab_group_access_token: [Fix example to use the proper resource](gitlab-org/terraform-provider-gitlab@f20836445c6190feb4dc081eca9f02887b39c205) by @blrz ([merge request](gitlab-org/terraform-provider-gitlab!2050)) 
+- resource/gitlab_group_security_policy_attachment: [Fix example to use the proper resource](gitlab-org/terraform-provider-gitlab@0fe493c436fb7bb333d40c8f5aab8da18f1c272c) by @calebw ([merge request](gitlab-org/terraform-provider-gitlab!2054)) 
+- resource/gitlab_project_security_policy_attachment: [Fix example to use the proper resource](gitlab-org/terraform-provider-gitlab@0fe493c436fb7bb333d40c8f5aab8da18f1c272c) by @calebw ([merge request](gitlab-org/terraform-provider-gitlab!2054)) 
+- resource/gitlab_user_runner: [Fix description to remove typo in `group_type`](gitlab-org/terraform-provider-gitlab@f67c731da1f9fcd102053c047de1455043853291) by @clemenschuaccso ([merge request](gitlab-org/terraform-provider-gitlab!2049)) 
+
 ## 17.2.0 (2024-07-18)
 
 This release was tested against GitLab 17.2, 17.1, and 17.0 for both CE and EE
@@ -12,7 +34,6 @@ Note: As a security related change, this breaking change is allowed outside a ma
 
 - **New Resource** resource/gitlab_project_security_policy_attachment: [Add new resource for associating security policy projects to a project](gitlab-org/terraform-provider-gitlab@3fc5f6c8a9d74f8b034af84a73fb9dcb6d323179) by @PatrickRice ([merge request](gitlab-org/terraform-provider-gitlab!2009))
 - resource/gitlab_personal_access_token: [Migrate `gitlab_personal_access_token` from SDK to TF Plugin Framework](gitlab-org/terraform-provider-gitlab@24489118da1ce464994cdfcedecbe804edf65490) by @theipster ([merge request](gitlab-org/terraform-provider-gitlab!2005)) 
-- 
 
 ### BUG FIXES (4 changes)
 
diff --git a/docs/data-sources/group_ids.md b/docs/data-sources/group_ids.md
@@ -0,0 +1,46 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "gitlab_group_ids Data Source - terraform-provider-gitlab"
+subcategory: ""
+description: |-
+  The gitlab_group_ids data source identification information for a given group, allowing a user to translate a full path or ID into the GraphQL ID of the group.
+  Upstream API: GitLab GraphQL API docs https://docs.gitlab.com/ee/api/graphql/reference/#querygroup
+---
+
+# gitlab_group_ids (Data Source)
+
+The `gitlab_group_ids` data source identification information for a given group, allowing a user to translate a full path or ID into the GraphQL ID of the group.
+
+**Upstream API**: [GitLab GraphQL API docs](https://docs.gitlab.com/ee/api/graphql/reference/#querygroup)
+
+## Example Usage
+
+```terraform
+resource "gitlab_group" "new_group" {
+  // include required attributes
+}
+
+// use group IDs to get additional information, such as the GraphQL ID
+// for other resources
+data "gitlab_group_ids" "foo" {
+  group = "gitlab_group.new_group.id"
+}
+
+output "graphQL_id" {
+  value = data.gitlab_group_ids.foo.group_graphql_id
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `group` (String) The ID or URL-encoded path of the group.
+
+### Read-Only
+
+- `group_full_path` (String) The full path of the group.
+- `group_graphql_id` (String) The GraphQL ID of the group.
+- `group_id` (String) The ID of the group.
+- `id` (String) The ID of this Terraform resource. In the format of `<group_id>`.
diff --git a/docs/data-sources/project_ids.md b/docs/data-sources/project_ids.md
@@ -0,0 +1,46 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "gitlab_project_ids Data Source - terraform-provider-gitlab"
+subcategory: ""
+description: |-
+  The gitlab_project_ids data source identification information for a given project, allowing a user to translate a full path or ID into the GraphQL ID of the project.
+  Upstream API: GitLab GraphQL API docs https://docs.gitlab.com/ee/api/graphql/reference/#queryproject
+---
+
+# gitlab_project_ids (Data Source)
+
+The `gitlab_project_ids` data source identification information for a given project, allowing a user to translate a full path or ID into the GraphQL ID of the project.
+
+**Upstream API**: [GitLab GraphQL API docs](https://docs.gitlab.com/ee/api/graphql/reference/#queryproject)
+
+## Example Usage
+
+```terraform
+resource "gitlab_project" "new_project" {
+  // include required attributes
+}
+
+// use project IDs to get additional information, such as the GraphQL ID
+// for other resources
+data "gitlab_project_ids" "foo" {
+  project = "gitlab_project.new_project.id"
+}
+
+output "graphQL_id" {
+  value = data.gitlab_project_ids.foo.project_graphql_id
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `project` (String) The ID or URL-encoded path of the project.
+
+### Read-Only
+
+- `id` (String) The ID of this Terraform resource. In the format of `<project_id>`.
+- `project_full_path` (String) The full path of the project.
+- `project_graphql_id` (String) The GraphQL ID of the project.
+- `project_id` (String) The ID of the project.
diff --git a/docs/resources/application_settings.md b/docs/resources/application_settings.md
@@ -189,6 +189,7 @@ resource "gitlab_application_settings" "this" {
 - `max_pages_size` (Number) Maximum size of pages repositories in MB.
 - `max_personal_access_token_lifetime` (Number) Maximum allowable lifetime for access tokens in days.
 - `max_ssh_key_lifetime` (Number) Maximum allowable lifetime for SSH keys in days. Introduced in GitLab 14.6.
+- `max_terraform_state_size_bytes` (Number) Maximum size in bytes of the Terraform state files. Set this to 0 for unlimited file size.
 - `metrics_method_call_threshold` (Number) A method call is only tracked when it takes longer than the given amount of milliseconds.
 - `minimum_password_length` (Number) Indicates whether passwords require a minimum length. Introduced in GitLab 15.1. Premium and Ultimate only.
 - `mirror_available` (Boolean) Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.
diff --git a/docs/resources/group.md b/docs/resources/group.md
@@ -69,6 +69,7 @@ resource "gitlab_group" "example-two" {
 - `membership_lock` (Boolean) Users cannot be added to projects in this group.
 - `mentions_disabled` (Boolean) Disable the capability of a group from getting mentioned.
 - `parent_id` (Number) Id of the parent group (creates a nested group).
+- `permanently_remove_on_delete` (Boolean) Whether the group should be permanently removed during a `delete` operation. This only works with subgroups. Must be configured via an `apply` before the `destroy` is run.
 - `prevent_forking_outside_group` (Boolean) Defaults to false. When enabled, users can not fork projects from this group to external namespaces.
 - `project_creation_level` (String) Determine if developers can create projects in the group. Valid values are: `noone`, `maintainer`, `developer`
 - `push_rules` (Block List, Max: 1) Push rules for the group. (see [below for nested schema](#nestedblock--push_rules))
diff --git a/docs/resources/group_access_token.md b/docs/resources/group_access_token.md
@@ -27,7 +27,7 @@ The `gitlab_group_access_token` resource allows to manage the lifecycle of a gro
 ```terraform
 resource "gitlab_group_access_token" "example" {
   group        = "25"
-  name         = "Example project access token"
+  name         = "Example group access token"
   expires_at   = "2020-03-14"
   access_level = "developer"
 
diff --git a/docs/resources/group_security_policy_attachment.md b/docs/resources/group_security_policy_attachment.md
@@ -0,0 +1,89 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "gitlab_group_security_policy_attachment Resource - terraform-provider-gitlab"
+subcategory: ""
+description: |-
+  The gitlab_group_security_policy_attachment resource allows to attach a security policy project to a group.
+  Upstream API: GitLab GraphQL API docs https://docs.gitlab.com/ee/api/graphql/reference/index.html#mutationsecuritypolicyprojectassign
+---
+
+# gitlab_group_security_policy_attachment (Resource)
+
+The `gitlab_group_security_policy_attachment` resource allows to attach a security policy project to a group.
+
+**Upstream API**: [GitLab GraphQL API docs](https://docs.gitlab.com/ee/api/graphql/reference/index.html#mutationsecuritypolicyprojectassign)
+
+## Example Usage
+
+```terraform
+# This resource can be used to attach a security policy to a pre-existing group
+resource "gitlab_group_security_policy_attachment" "foo" {
+  group          = 1234
+  policy_project = 4567
+}
+
+
+# Or you can use Terraform to create a new project, add a policy to that project,
+# then attach that policy project to other groups.
+resource "gitlab_project" "my-policy-project" {
+  name = "security-policy-project"
+}
+
+resource "gitlab_repository_file" "policy-yml" {
+  project   = gitlab_project.my-policy-project.id
+  file_path = ".gitlab/security-policies/my-policy.yml"
+  branch    = "master"
+  encoding  = "text"
+  content   = <<-EOT
+---
+approval_policy:
+- name: test
+description: test
+enabled: true
+rules:
+- type: any_merge_request
+    branch_type: protected
+    commits: any
+approval_settings:
+    block_branch_modification: true
+    prevent_pushing_and_force_pushing: true
+    prevent_approval_by_author: true
+    prevent_approval_by_commit_author: true
+    remove_approvals_with_new_commit: true
+    require_password_to_approve: false
+fallback_behavior:
+    fail: closed
+actions:
+- type: send_bot_message
+    enabled: true
+EOT
+}
+
+resource "gitlab_group_security_policy_attachment" "my-policy" {
+  group          = 1234
+  policy_project = gitlab_project.my-policy-project.id
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `group` (String) The ID or Full Path of the group which will have the security policy project assigned to it.
+- `policy_project` (String) The ID or Full Path of the security policy project.
+
+### Read-Only
+
+- `group_graphql_id` (String) The GraphQL ID of the group to which the security policty project will be attached.
+- `id` (String) The ID of this Terraform resource. In the format of `<group>:<policy_project>`.
+- `policy_project_graphql_id` (String) The GraphQL ID of the security policy project.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+# GitLab group security policy attachments can be imported using an id made up of `group:policy_project_id` where the policy project ID is the project ID of the policy project, e.g.
+terraform import gitlab_group_security_policy_attachment.foo 1:2
+```
diff --git a/docs/resources/project_job_token_scopes.md b/docs/resources/project_job_token_scopes.md
@@ -22,28 +22,36 @@ Any project not within the defined set in this attribute will be removed, which
 
 ```terraform
 resource "gitlab_project_job_token_scopes" "allowed_single_project" {
-  project_id         = 111
+  project            = "111"
   target_project_ids = [123]
 }
 
 resource "gitlab_project_job_token_scopes" "allowed_multiple_project" {
-  project_id         = 111
+  project            = "111"
   target_project_ids = [123, 456, 789]
 }
 
+resource "gitlab_project_job_token_scopes" "allowed_multiple_groups" {
+  project_id         = 111
+  target_project_ids = []
+  target_group_ids   = [321, 654]
+}
+
 # This will remove all job token scopes, even if added outside of TF.
 resource "gitlab_project_job_token_scopes" "explicit_deny" {
-  project_id         = 111
+  project            = "111"
   target_project_ids = []
 }
 ```
 
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
-### Required
+### Optional
 
-- `project_id` (Number) The ID of the project.
+- `project` (String) The ID or full path of the project.
+- `project_id` (Number, Deprecated) The ID of the project.
+- `target_group_ids` (Set of Number) A set of group IDs that are in the CI/CD job token inbound allowlist.
 - `target_project_ids` (Set of Number) A set of project IDs that are in the CI/CD job token inbound allowlist.
 
 ### Read-Only
@@ -55,6 +63,6 @@ resource "gitlab_project_job_token_scopes" "explicit_deny" {
 Import is supported using the following syntax:
 
 ```shell
-# GitLab project job token scopes can be imported using an id made up of just the `project_id` as an integer
+# GitLab project job token scopes can be imported using an id made up of just the `project_id`
 terraform import gitlab_project_job_token_scopes.bar 123
 ```
diff --git a/docs/resources/project_push_rules.md b/docs/resources/project_push_rules.md
@@ -5,7 +5,8 @@ subcategory: ""
 description: |-
   The gitlab_project_push_rules resource allows to manage the lifecycle of push rules on a project.
   ~> This resource will compete with the gitlab_project resource if push rules are also defined as
-  part of that resource. It is recommended to define push rules using this resource OR in the gitlab_project resource,
+  part of that resource, since this resource will take over ownership of the project push rules created for the referenced project.
+  It is recommended to define push rules using this resource OR in the gitlab_project resource,
   but not in both as it may result in terraform identifying changes with every "plan" operation.
   -> This resource requires a GitLab Enterprise instance with a Premium license to set the push rules on a project.
   Upstream API: GitLab API docs https://docs.gitlab.com/ee/api/projects.html#push-rules
@@ -16,7 +17,8 @@ description: |-
 The `gitlab_project_push_rules` resource allows to manage the lifecycle of push rules on a project.
 
 ~> This resource will compete with the `gitlab_project` resource if push rules are also defined as 
-   part of that resource. It is recommended to define push rules using this resource OR in the `gitlab_project` resource, 
+   part of that resource, since this resource will take over ownership of the project push rules created for the referenced project.
+   It is recommended to define push rules using this resource OR in the `gitlab_project` resource, 
    but not in both as it may result in terraform identifying changes with every "plan" operation.
 
 -> This resource requires a GitLab Enterprise instance with a Premium license to set the push rules on a project.
diff --git a/docs/resources/project_security_policy_attachment.md b/docs/resources/project_security_policy_attachment.md
@@ -59,7 +59,7 @@ actions:
 EOT
 }
 
-resource "gitlab_project_security_policy" "my-policy" {
+resource "gitlab_project_security_policy_attachment" "my-policy" {
   project        = 1234
   policy_project = gitlab_project.my-policy-project.id
 }

Original file line number	Diff line number	Diff line change
`@@ -59,7 +59,7 @@ actions:`
`59`	`59`	`EOT`
`60`	`60`	`}`
`61`	`61`
`62`		`-resource "gitlab_project_security_policy" "my-policy" {`
	`62`	`+resource "gitlab_project_security_policy_attachment" "my-policy" {`
`63`	`63`	`project = 1234`
`64`	`64`	`policy_project = gitlab_project.my-policy-project.id`
`65`	`65`	`}`