Update docs for v17.10.0 release

Author: gitlab-terraform-provider-bot

CHANGELOG.md

@@ -1,3 +1,39 @@
+## 17.10.0 (2025-03-20)
+
+This release was tested against GitLab 17.10, 17.9, and 17.8 for both CE and EE
+
+## KNOWN ISSUES (1 change)
+
+- resource/gitlab_project: `restrict_user_defined_variables` will always be set to `true`, even when configured as `false`. This is an upstream API issue that can be tracked [here](https://gitlab.com/gitlab-org/gitlab/-/issues/526130). This will cause an immediate `plan` after `apply` if that attribute is included in the config. Removing the attribute from the config temporarily will prevent this behavior, and the setting may be configured via the API using `ci_variable_override_restriction` attribute instead.
+
+### FEATURES (4 changes)
+
+- resource/gitlab_integration_harbor:  [Add resource for managing project Harbor integrations](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/fb23b2cd01091be1d5527cb795a5ae63909d098e) by @bas.bremer ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2371)) 
+- resource/gitlab_project_target_branch_rule: [Add resource for managing defeault branch target rules for merge requests](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/9b57d1dd8032e5b59b5263e6a339b508dd6978ed) by @kevineor ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2307)) 
+- datasource/gitlab_project_mirror_public_key:  [Add a new data source for retrieving public keys for project mirrors](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/c9738041b2d94286e21ef59c8b59dacf9381d72f) by @mness ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2373)) 
+- datasource/gitlab_group_access_tokens:  [Add a new data source for retrieving group-level access tokens](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/43fa923d8823deef3d473fa75c0d9c27e3ff28bb) by @jdesnoes ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2341)) 
+
+### IMPROVEMENTS (12 changes)
+
+- resource/gitlab_group_hook:  [Add missing attributes to group_hook resource](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/42f0718bfd452fa435295b7854ca0628c3061a49) by @mness ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2363)) 
+- resource/gitlab_group_service_account_access_token:  [Add support for `expiration_days` in `rotation_config`](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/2c5df5cf607105d0c2feda78056607e37515b5a7) by @pguinoiseau ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2326)) 
+- resource/gitlab_user:  [Add support for `force_random_password`](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/b12b74b64d5720863e281dc51db5ecef5319186f) by @PatrickRice ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2354)) 
+- resource/gitlab_project_variable: [Add support for `hidden` variables](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/cc9721a2ee3cf126c4038352943c90b08f521005) by @PatrickRice ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2369)) 
+- resource/gitlab_group_share_group:  [Add support for `member_role_id`](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/9080be31789a63811113654142dc70c53d8ea2e2) by @heidi.berry ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2344)) 
+- resource/gitlab_project_environment:  [Add `auto_stop_setting` to `gitlab_project_environment`](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/c8669f4ca7e59241f21badbd2be4d99001f9bdd3) by @jtymes ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2300)) 
+- resource/gitlab_project_mirror: [Add support for `mirror_branch_regex`](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/6fd6a628e8dbf01c93fe26f3359a36ed639def96) by @heidi.berry ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2360)) 
+- resource/gitlab_project_mirror: [Add support for `auth_method`](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/c9738041b2d94286e21ef59c8b59dacf9381d72f) by @mness ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2373)) 
+- resource/gitlab_project: [Add support for `permanently_delete_on_destroy`](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/f3523d96438bfe1712dce19f73ef04801b4f8fa5) by @heidi.berry ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2358)) 
+- resource/gitlab_application_settings: [Add support for `lock_memberships_to_ldap`](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/c3ab985184d7536d8b34b4bc1a763c058930d3b1) by @heidi.berry ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2359)) 
+- datasource/gitlab_users: [Add support for several new attributes.](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/fde7c9f221526fb1600548aafa0b748deba8d2e9) by @heidi.berry ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2361)) 
+- datasource/gitlab_project_environment: [Add `auto_stop_setting` as a read-only attribute](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/c8669f4ca7e59241f21badbd2be4d99001f9bdd3) by @jtymes ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2300)) 
+
+### BUG FIXES (3 changes)
+
+- resource/gitlab_value_stream_analytics:  [Update `stages` from an unordered list to an ordered list since order matters in the API](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/7982745332ad8f4b90d1019e6273317e58326230) by @calee1 ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2339)) 
+- resource/gitlab_group_membership:  [Fix group membership resource error when user is removed outside of terraform](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/e2ce55c59cf9af30825be8ea8c822097d5716574) by @mness ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2356))
+- resource/gitlab_group_label:  [Fixed an error encountered when upgrading past version 17.5 where an `UpgradeState` function was missing](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/commit/f64becbf07afce3729a31bb05071308a2e1efe3f) by @PatrickRice ([merge request](https://gitlab.com/gitlab-org/terraform-provider-gitlab/-/merge_requests/2368)) 
+
 ## 17.9.0 (2025-02-20)
 
 This release was tested against GitLab 17.9, 17.8, and 17.7 for both CE and EE

docs/data-sources/group_access_tokens.md

@@ -0,0 +1,50 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "gitlab_group_access_tokens Data Source - terraform-provider-gitlab"
+subcategory: ""
+description: |-
+  The gitlab_access_tokens data source allows to retrieve all group-level access tokens.
+  Upstream API: GitLab REST API docs https://docs.gitlab.com/api/group_access_tokens/
+---
+
+# gitlab_group_access_tokens (Data Source)
+
+The `gitlab_access_tokens` data source allows to retrieve all group-level access tokens.
+
+**Upstream API**: [GitLab REST API docs](https://docs.gitlab.com/api/group_access_tokens/)
+
+## Example Usage
+
+```terraform
+data "gitlab_group_access_tokens" "access_tokens" {
+  group = "my/example/group"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `group` (String) The name or id of the group.
+
+### Read-Only
+
+- `access_tokens` (List of Object) The list of access tokens returned by the search (see [below for nested schema](#nestedatt--access_tokens))
+- `id` (String) The ID of this Terraform resource.
+
+<a id="nestedatt--access_tokens"></a>
+### Nested Schema for `access_tokens`
+
+Read-Only:
+
+- `access_level` (String)
+- `active` (Boolean)
+- `created_at` (String)
+- `expires_at` (String)
+- `group` (String)
+- `id` (String)
+- `name` (String)
+- `revoked` (Boolean)
+- `scopes` (Set of String)
+- `user_id` (Number)

docs/data-sources/project_environments.md

@@ -49,6 +49,8 @@ data "gitlab_project_environments" "this" {
 
 Read-Only:
 
+- `auto_stop_at` (String) Timestamp of when the environment is scheduled to stop, RFC3339 format.
+- `auto_stop_setting` (String) The auto stop setting for the environment.
 - `cluster_agent_id` (Number) The ID of the environments cluster agent or `null` if none is assigned.
 - `created_at` (String) Timestamp of the environment creation, RFC3339 format.
 - `description` (String) The description of the environment.

docs/data-sources/project_mirror_public_key.md

@@ -0,0 +1,44 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "gitlab_project_mirror_public_key Data Source - terraform-provider-gitlab"
+subcategory: ""
+description: |-
+  The gitlab_project_mirror_public_key data source allows the public key of a project mirror to be retrieved by its mirror id and the project it belongs to.
+  Note: Supported on GitLab 17.9 or higher.
+  Upstream API: GitLab REST API docs https://docs.gitlab.com/api/remote_mirrors/#get-a-single-projects-remote-mirror-public-key
+---
+
+# gitlab_project_mirror_public_key (Data Source)
+
+The `gitlab_project_mirror_public_key` data source allows the public key of a project mirror to be retrieved by its mirror id and the project it belongs to.
+
+**Note**: Supported on GitLab 17.9 or higher.
+
+**Upstream API**: [GitLab REST API docs](https://docs.gitlab.com/api/remote_mirrors/#get-a-single-projects-remote-mirror-public-key)
+
+## Example Usage
+
+```terraform
+data "gitlab_project_mirror_public_key" "example" {
+  project_id = 30
+  mirror_id  = 42
+}
+
+data "gitlab_project_mirror_public_key" "example" {
+  project_id = "foo/bar/baz"
+  mirror_id  = 123
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `mirror_id` (Number) The id of the remote mirror.
+- `project_id` (String) The integer or path with namespace that uniquely identifies the project.
+
+### Read-Only
+
+- `id` (String) The ID of this Terraform resource. In the format of `<project_id>:<mirror_id>`.
+- `public_key` (String) Public key of the remote mirror.

docs/data-sources/users.md

@@ -42,11 +42,16 @@ data "gitlab_users" "example-two" {
 - `blocked` (Boolean) Filter users that are blocked.
 - `created_after` (String) Search for users created after a specific date. (Requires administrator privileges)
 - `created_before` (String) Search for users created before a specific date. (Requires administrator privileges)
+- `exclude_external` (Boolean) Filters only non external users.
+- `exclude_internal` (Boolean) Filters only non internal users.
 - `extern_provider` (String) Lookup users by external provider. (Requires administrator privileges)
 - `extern_uid` (String) Lookup users by external UID. (Requires administrator privileges)
+- `external` (Boolean) Filters only external users.
 - `order_by` (String) Order the users' list by `id`, `name`, `username`, `created_at` or `updated_at`. (Requires administrator privileges)
 - `search` (String) Search users by username, name or email.
 - `sort` (String) Sort users' list in asc or desc order. (Requires administrator privileges)
+- `username` (String) Get a single user with a specific username.
+- `without_project_bots` (Boolean) Filters user without project bots.
 
 ### Read-Only
 

docs/resources/application_settings.md

@@ -217,6 +217,7 @@ resource "gitlab_application_settings" "this" {
 - `keep_latest_artifact` (Boolean) Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time.
 - `local_markdown_version` (Number) Increase this value when any cached Markdown should be invalidated.
 - `lock_duo_features_enabled` (Boolean) Indicates whether the GitLab Duo features enabled setting is enforced for all subgroups. Self-managed, Premium and Ultimate only.
+- `lock_memberships_to_ldap` (Boolean) Set to true to lock all memberships to LDAP. Premium and Ultimate only.
 - `mailgun_events_enabled` (Boolean) Enable Mailgun event receiver.
 - `mailgun_signing_key` (String, Sensitive) The Mailgun HTTP webhook signing key for receiving events from webhook.
 - `maintenance_mode` (Boolean) When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.

docs/resources/group_hook.md

@@ -4,28 +4,32 @@ page_title: "gitlab_group_hook Resource - terraform-provider-gitlab"
 subcategory: ""
 description: |-
   The gitlab_group_hook resource allows to manage the lifecycle of a group hook.
-  Upstream API: GitLab REST API docs https://docs.gitlab.com/api/groups/#hooks
+  Upstream API: GitLab REST API docs https://docs.gitlab.com/api/group_webhooks/
 ---
 
 # gitlab_group_hook (Resource)
 
 The `gitlab_group_hook` resource allows to manage the lifecycle of a group hook.
 
-**Upstream API**: [GitLab REST API docs](https://docs.gitlab.com/api/groups/#hooks)
+**Upstream API**: [GitLab REST API docs](https://docs.gitlab.com/api/group_webhooks/)
 
 ## Example Usage
 
 ```terraform
 resource "gitlab_group_hook" "example" {
   group                 = "example/hooked"
   url                   = "https://example.com/hook/example"
+  name                  = "Example"
+  description           = "Example Group Webhook"
   merge_requests_events = true
 }
 
 # Setting all attributes
 resource "gitlab_group_hook" "all_attributes" {
   group                      = 1
   url                        = "http://example.com"
+  name                       = "Example"
+  description                = "Example Group Webhook"
   token                      = "supersecret"
   enable_ssl_verification    = false
   push_events                = true
@@ -42,6 +46,8 @@ resource "gitlab_group_hook" "all_attributes" {
   deployment_events          = true
   releases_events            = true
   subgroup_events            = true
+  feature_flag_events        = true
+  branch_filter_strategy     = "wildcard"
 }
 
 # Using Custom Headers
@@ -74,15 +80,19 @@ resource "gitlab_group_hook" "all_attributes" {
 
 ### Optional
 
+- `branch_filter_strategy` (String) Filter push events by branch. Valid values are: `wildcard`, `regex`, `all_branches`.
 - `confidential_issues_events` (Boolean) Invoke the hook for confidential issues events.
 - `confidential_note_events` (Boolean) Invoke the hook for confidential note events.
 - `custom_headers` (Attributes List) Custom headers for the project webhook. (see [below for nested schema](#nestedatt--custom_headers))
 - `custom_webhook_template` (String) Custom webhook template.
 - `deployment_events` (Boolean) Invoke the hook for deployment events.
+- `description` (String) Description of the group webhook.
 - `enable_ssl_verification` (Boolean) Enable SSL verification when invoking the hook.
+- `feature_flag_events` (Boolean) Invoke the hook for feature flag events.
 - `issues_events` (Boolean) Invoke the hook for issues events.
 - `job_events` (Boolean) Invoke the hook for job events.
 - `merge_requests_events` (Boolean) Invoke the hook for merge requests events.
+- `name` (String) Name of the group webhook.
 - `note_events` (Boolean) Invoke the hook for note events.
 - `pipeline_events` (Boolean) Invoke the hook for pipeline events.
 - `push_events` (Boolean) Invoke the hook for push events.
@@ -97,7 +107,7 @@ resource "gitlab_group_hook" "all_attributes" {
 
 - `group_id` (Number) The id of the group for the hook.
 - `hook_id` (Number) The id of the group hook.
-- `id` (String) The id of the group hook. In the format of "group:hook_id"
+- `id` (String) The id of the group hook. In the format of `group:hook_id`
 
 <a id="nestedatt--custom_headers"></a>
 ### Nested Schema for `custom_headers`

docs/resources/group_service_account_access_token.md

@@ -7,7 +7,7 @@ description: |-
   ~> Use of the timestamp() function with expires_at will cause the resource to be re-created with every apply, it's recommended to use plantimestamp() or a static value instead.
   ~> Reading the access token status of a service account requires an admin token or a top-level group owner token on gitlab.com. As a result, this resource will ignore permission errors when attempting to read the token status, and will rely on the values in state instead. This can lead to apply-time failures if the token configured for the provider doesn't have permissions to rotate tokens for the service account.
   ~> Use rotation_configuration to automatically rotate tokens instead of using timestamp() as timestamp will cause changes with every plan. terraform apply must still be run to rotate the token.
-  ~> Due to a limitation in the API, the rotation_configuration is unable to set the new expiry date. Instead, when the resource is created, it will default the expiry date to 7 days in the future. On each subsequent apply, the new expiry will be 7 days from the date of the apply.
+  ~> Due to a limitation in the API, the rotation_configuration is unable to set the new expiry date before GitLab 17.9. Instead, when the resource is created, it will default the expiry date to 7 days in the future. On each subsequent apply, the new expiry will be 7 days from the date of the apply.
   Upstream API: GitLab API docs https://docs.gitlab.com/api/group_service_accounts/#create-a-personal-access-token-for-a-service-account-user
 ---
 
@@ -21,7 +21,7 @@ The `gitlab_group_service_account_access_token` resource allows to manage the li
 
 ~> Use `rotation_configuration` to automatically rotate tokens instead of using `timestamp()` as timestamp will cause changes with every plan. `terraform apply` must still be run to rotate the token.
 
-~> Due to a limitation in the API, the `rotation_configuration` is unable to set the new expiry date. Instead, when the resource is created, it will default the expiry date to 7 days in the future. On each subsequent apply, the new expiry will be 7 days from the date of the apply. 
+~> Due to a limitation in the API, the `rotation_configuration` is unable to set the new expiry date before GitLab 17.9. Instead, when the resource is created, it will default the expiry date to 7 days in the future. On each subsequent apply, the new expiry will be 7 days from the date of the apply. 
 
 **Upstream API**: [GitLab API docs](https://docs.gitlab.com/api/group_service_accounts/#create-a-personal-access-token-for-a-service-account-user)
 
@@ -104,6 +104,10 @@ Required:
 
 - `rotate_before_days` (Number) The duration (in days) before the expiration when the token should be rotated. As an example, if set to 7 days, the token will rotate 7 days before the expiration date, but only when `terraform apply` is run in that timeframe.
 
+Optional:
+
+- `expiration_days` (Number) The duration (in days) the new token should be valid for.
+
 ## Import
 
 Starting in Terraform v1.5.0 you can use an [import block](https://developer.hashicorp.com/terraform/language/import) to import `gitlab_group_service_account_access_token`. For example:

docs/resources/group_share_group.md

@@ -3,13 +3,13 @@
 page_title: "gitlab_group_share_group Resource - terraform-provider-gitlab"
 subcategory: ""
 description: |-
-  The gitlab_group_share_group resource allows to manage the lifecycle of group shared with another group.
+  The gitlab_group_share_group resource allows managing the lifecycle of a group shared with another group.
   Upstream API: GitLab REST API docs https://docs.gitlab.com/api/groups/#share-groups-with-groups
 ---
 
 # gitlab_group_share_group (Resource)
 
-The `gitlab_group_share_group` resource allows to manage the lifecycle of group shared with another group.
+The `gitlab_group_share_group` resource allows managing the lifecycle of a group shared with another group.
 
 **Upstream API**: [GitLab REST API docs](https://docs.gitlab.com/api/groups/#share-groups-with-groups)
 
@@ -36,10 +36,11 @@ resource "gitlab_group_share_group" "test" {
 ### Optional
 
 - `expires_at` (String) Share expiration date. Format: `YYYY-MM-DD`
+- `member_role_id` (Number) The ID of a custom member role. Only available for Ultimate instances.
 
 ### Read-Only
 
-- `id` (String) The ID of this resource.
+- `id` (String) The ID of this resource. In the format of <group-id:share-group-id>.
 
 ## Import