@pulumi/gitlab 9.6.0 → 9.8.0-alpha.1766469107

package/types/input.d.ts

@@ -706,6 +706,230 @@ export interface GetReleaseAssetsSourceArgs {
      */
     url?: pulumi.Input<string>;
 }
+export interface GetSecurityPolicyDocumentScanExecutionPolicy {
+    /**
+     * Actions to execute when rules match. At least one action is required.
+     */
+    actions: inputs.GetSecurityPolicyDocumentScanExecutionPolicyAction[];
+    /**
+     * Description of the scan execution policy.
+     */
+    description?: string;
+    /**
+     * Whether the policy is enabled.
+     */
+    enabled: boolean;
+    /**
+     * Name of the scan execution policy.
+     */
+    name: string;
+    /**
+     * Scope configuration to limit which projects the policy applies to.
+     */
+    policyScope?: inputs.GetSecurityPolicyDocumentScanExecutionPolicyPolicyScope;
+    /**
+     * Rules that trigger the policy. At least one rule is required.
+     */
+    rules: inputs.GetSecurityPolicyDocumentScanExecutionPolicyRule[];
+    /**
+     * Control whether users can use the skip-ci directive.
+     */
+    skipCi?: inputs.GetSecurityPolicyDocumentScanExecutionPolicySkipCi;
+}
+export interface GetSecurityPolicyDocumentScanExecutionPolicyArgs {
+    /**
+     * Actions to execute when rules match. At least one action is required.
+     */
+    actions: pulumi.Input<pulumi.Input<inputs.GetSecurityPolicyDocumentScanExecutionPolicyActionArgs>[]>;
+    /**
+     * Description of the scan execution policy.
+     */
+    description?: pulumi.Input<string>;
+    /**
+     * Whether the policy is enabled.
+     */
+    enabled: pulumi.Input<boolean>;
+    /**
+     * Name of the scan execution policy.
+     */
+    name: pulumi.Input<string>;
+    /**
+     * Scope configuration to limit which projects the policy applies to.
+     */
+    policyScope?: pulumi.Input<inputs.GetSecurityPolicyDocumentScanExecutionPolicyPolicyScopeArgs>;
+    /**
+     * Rules that trigger the policy. At least one rule is required.
+     */
+    rules: pulumi.Input<pulumi.Input<inputs.GetSecurityPolicyDocumentScanExecutionPolicyRuleArgs>[]>;
+    /**
+     * Control whether users can use the skip-ci directive.
+     */
+    skipCi?: pulumi.Input<inputs.GetSecurityPolicyDocumentScanExecutionPolicySkipCiArgs>;
+}
+export interface GetSecurityPolicyDocumentScanExecutionPolicyAction {
+    /**
+     * Type of scan to run. Valid values: `sast`, `secretDetection`, `containerScanning`, `dependencyScanning`, `dast`, `sastIac`, `clusterImageScanning`, `apiFuzzing`, `coverageFuzzing`.
+     */
+    scan: string;
+    /**
+     * Scanner profile to use for DAST scans.
+     */
+    scannerProfile?: string;
+    /**
+     * Site profile to use for DAST scans.
+     */
+    siteProfile?: string;
+    /**
+     * Tags to exclude from the scan.
+     */
+    tagsToExcludes?: string[];
+    /**
+     * The template to use for the scan. Valid values: `default`, `latest`.
+     */
+    template?: string;
+    /**
+     * Environment variables to pass to the scan job.
+     */
+    variables?: {
+        [key: string]: string;
+    };
+}
+export interface GetSecurityPolicyDocumentScanExecutionPolicyActionArgs {
+    /**
+     * Type of scan to run. Valid values: `sast`, `secretDetection`, `containerScanning`, `dependencyScanning`, `dast`, `sastIac`, `clusterImageScanning`, `apiFuzzing`, `coverageFuzzing`.
+     */
+    scan: pulumi.Input<string>;
+    /**
+     * Scanner profile to use for DAST scans.
+     */
+    scannerProfile?: pulumi.Input<string>;
+    /**
+     * Site profile to use for DAST scans.
+     */
+    siteProfile?: pulumi.Input<string>;
+    /**
+     * Tags to exclude from the scan.
+     */
+    tagsToExcludes?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * The template to use for the scan. Valid values: `default`, `latest`.
+     */
+    template?: pulumi.Input<string>;
+    /**
+     * Environment variables to pass to the scan job.
+     */
+    variables?: pulumi.Input<{
+        [key: string]: pulumi.Input<string>;
+    }>;
+}
+export interface GetSecurityPolicyDocumentScanExecutionPolicyPolicyScope {
+    /**
+     * Compliance framework names to scope the policy to.
+     */
+    complianceFrameworks?: string[];
+    /**
+     * Project scope configuration.
+     */
+    projects?: inputs.GetSecurityPolicyDocumentScanExecutionPolicyPolicyScopeProjects;
+}
+export interface GetSecurityPolicyDocumentScanExecutionPolicyPolicyScopeArgs {
+    /**
+     * Compliance framework names to scope the policy to.
+     */
+    complianceFrameworks?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * Project scope configuration.
+     */
+    projects?: pulumi.Input<inputs.GetSecurityPolicyDocumentScanExecutionPolicyPolicyScopeProjectsArgs>;
+}
+export interface GetSecurityPolicyDocumentScanExecutionPolicyPolicyScopeProjects {
+    /**
+     * List of project IDs to exclude from this policy.
+     */
+    excludings?: number[];
+    /**
+     * List of project IDs to explicitly include in this policy.
+     */
+    includings?: number[];
+}
+export interface GetSecurityPolicyDocumentScanExecutionPolicyPolicyScopeProjectsArgs {
+    /**
+     * List of project IDs to exclude from this policy.
+     */
+    excludings?: pulumi.Input<pulumi.Input<number>[]>;
+    /**
+     * List of project IDs to explicitly include in this policy.
+     */
+    includings?: pulumi.Input<pulumi.Input<number>[]>;
+}
+export interface GetSecurityPolicyDocumentScanExecutionPolicyRule {
+    /**
+     * Kubernetes agents configuration for agent-based policies.
+     */
+    agents?: {
+        [key: string]: string;
+    };
+    /**
+     * Branches to exclude from the policy.
+     */
+    branchExceptions?: string[];
+    /**
+     * Type of branches to match. Valid values: `all`, `protected`, `default`.
+     */
+    branchType?: string;
+    /**
+     * Branch names or patterns to match.
+     */
+    branches?: string[];
+    /**
+     * Cron expression for schedule type rules (e.g., `*&#47;15 * * * *` for every 15 minutes).
+     */
+    cadence?: string;
+    /**
+     * Type of rule. Valid values: `pipeline`, `schedule`, `agent`.
+     */
+    type: string;
+}
+export interface GetSecurityPolicyDocumentScanExecutionPolicyRuleArgs {
+    /**
+     * Kubernetes agents configuration for agent-based policies.
+     */
+    agents?: pulumi.Input<{
+        [key: string]: pulumi.Input<string>;
+    }>;
+    /**
+     * Branches to exclude from the policy.
+     */
+    branchExceptions?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * Type of branches to match. Valid values: `all`, `protected`, `default`.
+     */
+    branchType?: pulumi.Input<string>;
+    /**
+     * Branch names or patterns to match.
+     */
+    branches?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * Cron expression for schedule type rules (e.g., `*&#47;15 * * * *` for every 15 minutes).
+     */
+    cadence?: pulumi.Input<string>;
+    /**
+     * Type of rule. Valid values: `pipeline`, `schedule`, `agent`.
+     */
+    type: pulumi.Input<string>;
+}
+export interface GetSecurityPolicyDocumentScanExecutionPolicySkipCi {
+    /**
+     * Allow (true) or prevent (false) the use of skip-ci directive.
+     */
+    allowed: boolean;
+}
+export interface GetSecurityPolicyDocumentScanExecutionPolicySkipCiArgs {
+    /**
+     * Allow (true) or prevent (false) the use of skip-ci directive.
+     */
+    allowed: pulumi.Input<boolean>;
+}
 export interface GroupAccessTokenRotationConfiguration {
     /**
      * The duration (in days) the new token should be valid for.

package/types/output.d.ts

@@ -203,7 +203,7 @@ export interface GetGroupAccessTokensAccessToken {
 }
 export interface GetGroupBillableMemberMembershipsMembership {
     /**
-     * Access-level of the member. For details see: https://docs.gitlab.com/api/access_requests/#valid-access-levels
+     * Access-level of the member. For details see: https://docs.gitlab.com/user/permissions/#default-roles
      */
     accessLevel: string;
     /**
@@ -473,6 +473,15 @@ export interface GetGroupSamlLinksSamlLink {
      */
     name: string;
 }
+export interface GetGroupServiceAccountAccessTokensAccessToken {
+    active: boolean;
+    createdAt: string;
+    expiresAt: string;
+    id: string;
+    name: string;
+    revoked: boolean;
+    scopes: string[];
+}
 export interface GetGroupSharedWithGroup {
     /**
      * Share with group expiration date.
@@ -1232,6 +1241,80 @@ export interface GetProjectHooksHook {
      */
     wikiPageEvents: boolean;
 }
+export interface GetProjectIssueLabelEventsEvent {
+    /**
+     * The action performed on the label (add, remove).
+     */
+    action: string;
+    /**
+     * The date and time when the label event was created.
+     */
+    createdAt: string;
+    /**
+     * The ID of the label event.
+     */
+    id: number;
+    /**
+     * The label that was added or removed.
+     */
+    label: outputs.GetProjectIssueLabelEventsEventLabel;
+    /**
+     * The ID of the resource associated with the label event.
+     */
+    resourceId: number;
+    /**
+     * The type of the resource associated with the label event.
+     */
+    resourceType: string;
+    /**
+     * The user who performed the action.
+     */
+    user: outputs.GetProjectIssueLabelEventsEventUser;
+}
+export interface GetProjectIssueLabelEventsEventLabel {
+    /**
+     * The color of the label.
+     */
+    color: string;
+    /**
+     * The description of the label.
+     */
+    description: string;
+    /**
+     * The ID of the label.
+     */
+    id: number;
+    /**
+     * The name of the label.
+     */
+    name: string;
+}
+export interface GetProjectIssueLabelEventsEventUser {
+    /**
+     * The avatar URL of the user.
+     */
+    avatarUrl: string;
+    /**
+     * The ID of the user.
+     */
+    id: number;
+    /**
+     * The name of the user.
+     */
+    name: string;
+    /**
+     * The state of the user.
+     */
+    state: string;
+    /**
+     * The username of the user.
+     */
+    username: string;
+    /**
+     * The web URL of the user.
+     */
+    webUrl: string;
+}
 export interface GetProjectIssueTaskCompletionStatus {
     /**
      * The number of tasks that are completed.
@@ -1911,6 +1994,64 @@ export interface GetProjectPushRule {
      */
     rejectUnsignedCommits: boolean;
 }
+export interface GetProjectSecureFileMetadata {
+    /**
+     * Certificate expiration date
+     */
+    expiresAt: string;
+    /**
+     * Certificate ID
+     */
+    id: string;
+    /**
+     * Certificate issuer information
+     */
+    issuer: outputs.GetProjectSecureFileMetadataIssuer;
+    /**
+     * Certificate subject information
+     */
+    subject: outputs.GetProjectSecureFileMetadataSubject;
+}
+export interface GetProjectSecureFileMetadataIssuer {
+    /**
+     * Country
+     */
+    c: string;
+    /**
+     * Common Name
+     */
+    cn: string;
+    /**
+     * Organization
+     */
+    o: string;
+    /**
+     * Organizational Unit
+     */
+    ou: string;
+}
+export interface GetProjectSecureFileMetadataSubject {
+    /**
+     * Country
+     */
+    c: string;
+    /**
+     * Common Name
+     */
+    cn: string;
+    /**
+     * Organization
+     */
+    o: string;
+    /**
+     * Organizational Unit
+     */
+    ou: string;
+    /**
+     * User ID
+     */
+    uid: string;
+}
 export interface GetProjectSharedWithGroup {
     /**
      * The accessLevel permission level of the shared group.
@@ -2718,7 +2859,7 @@ export interface GetReleaseAssetsSource {
 }
 export interface GetReleaseLinksReleaseLink {
     /**
-     * Full path for a [Direct Asset link](https://docs.gitlab.com/user/project/releases/index/#permanent-links-to-release-assets).
+     * Full path for a [Direct Asset link](https://docs.gitlab.com/user/project/releases/release_fields/#permanent-links-to-latest-release-assets).
      */
     directAssetUrl: string;
     /**
@@ -2726,7 +2867,7 @@ export interface GetReleaseLinksReleaseLink {
      */
     external: boolean;
     /**
-     * Relative path for a [Direct Asset link](https://docs.gitlab.com/user/project/releases/index/#permanent-links-to-release-assets).
+     * Relative path for a [Direct Asset link](https://docs.gitlab.com/user/project/releases/release_fields/#permanent-links-to-latest-release-assets).
      */
     filepath: string;
     /**
@@ -2742,7 +2883,7 @@ export interface GetReleaseLinksReleaseLink {
      */
     name: string;
     /**
-     * The ID or [URL-encoded path of the project](https://docs.gitlab.com/api/index/#namespaced-path-encoding).
+     * The ID or Namespace path of the project.
      */
     project: string;
     /**
@@ -2812,6 +2953,118 @@ export interface GetRunnersRunner {
      */
     status: string;
 }
+export interface GetSecurityPolicyDocumentScanExecutionPolicy {
+    /**
+     * Actions to execute when rules match. At least one action is required.
+     */
+    actions: outputs.GetSecurityPolicyDocumentScanExecutionPolicyAction[];
+    /**
+     * Description of the scan execution policy.
+     */
+    description?: string;
+    /**
+     * Whether the policy is enabled.
+     */
+    enabled: boolean;
+    /**
+     * Name of the scan execution policy.
+     */
+    name: string;
+    /**
+     * Scope configuration to limit which projects the policy applies to.
+     */
+    policyScope?: outputs.GetSecurityPolicyDocumentScanExecutionPolicyPolicyScope;
+    /**
+     * Rules that trigger the policy. At least one rule is required.
+     */
+    rules: outputs.GetSecurityPolicyDocumentScanExecutionPolicyRule[];
+    /**
+     * Control whether users can use the skip-ci directive.
+     */
+    skipCi?: outputs.GetSecurityPolicyDocumentScanExecutionPolicySkipCi;
+}
+export interface GetSecurityPolicyDocumentScanExecutionPolicyAction {
+    /**
+     * Type of scan to run. Valid values: `sast`, `secretDetection`, `containerScanning`, `dependencyScanning`, `dast`, `sastIac`, `clusterImageScanning`, `apiFuzzing`, `coverageFuzzing`.
+     */
+    scan: string;
+    /**
+     * Scanner profile to use for DAST scans.
+     */
+    scannerProfile?: string;
+    /**
+     * Site profile to use for DAST scans.
+     */
+    siteProfile?: string;
+    /**
+     * Tags to exclude from the scan.
+     */
+    tagsToExcludes?: string[];
+    /**
+     * The template to use for the scan. Valid values: `default`, `latest`.
+     */
+    template?: string;
+    /**
+     * Environment variables to pass to the scan job.
+     */
+    variables?: {
+        [key: string]: string;
+    };
+}
+export interface GetSecurityPolicyDocumentScanExecutionPolicyPolicyScope {
+    /**
+     * Compliance framework names to scope the policy to.
+     */
+    complianceFrameworks?: string[];
+    /**
+     * Project scope configuration.
+     */
+    projects?: outputs.GetSecurityPolicyDocumentScanExecutionPolicyPolicyScopeProjects;
+}
+export interface GetSecurityPolicyDocumentScanExecutionPolicyPolicyScopeProjects {
+    /**
+     * List of project IDs to exclude from this policy.
+     */
+    excludings?: number[];
+    /**
+     * List of project IDs to explicitly include in this policy.
+     */
+    includings?: number[];
+}
+export interface GetSecurityPolicyDocumentScanExecutionPolicyRule {
+    /**
+     * Kubernetes agents configuration for agent-based policies.
+     */
+    agents?: {
+        [key: string]: string;
+    };
+    /**
+     * Branches to exclude from the policy.
+     */
+    branchExceptions?: string[];
+    /**
+     * Type of branches to match. Valid values: `all`, `protected`, `default`.
+     */
+    branchType?: string;
+    /**
+     * Branch names or patterns to match.
+     */
+    branches?: string[];
+    /**
+     * Cron expression for schedule type rules (e.g., `*/15 * * * *` for every 15 minutes).
+     */
+    cadence?: string;
+    /**
+     * Type of rule. Valid values: `pipeline`, `schedule`, `agent`.
+     */
+    type: string;
+}
+export interface GetSecurityPolicyDocumentScanExecutionPolicySkipCi {
+    /**
+     * Allow (true) or prevent (false) the use of skip-ci directive.
+     */
+    allowed: boolean;
+}
 export interface GetUserSshkeysKey {
     /**
      * The time when this key was created in GitLab.

package/userAvatar.d.ts

@@ -0,0 +1,126 @@
+import * as pulumi from "@pulumi/pulumi";
+/**
+ * The `gitlab.UserAvatar` resource allows users to manage the lifecycle of a user avatar.
+ * The resource can also be used to set the avatar on project or group access tokens, as well as on service accounts.
+ *
+ * > The `token` attribute is optional only when the GitLab token used by the provider has an administrator scope, as this allows an administrator to manage user avatars.
+ *
+ * > The provided `token` must have the `api` scope in order to set the avatar.
+ *
+ * **Upstream API**: [GitLab API docs](https://docs.gitlab.com/api/users/#upload-an-avatar-for-yourself)
+ *
+ * ## Import
+ *
+ * Starting in Terraform v1.5.0, you can use an import block to import `gitlab_user_avatar`. For example:
+ *
+ * terraform
+ *
+ * import {
+ *
+ *   to = gitlab_user_avatar.example
+ *
+ *   id = "see CLI command below for ID"
+ *
+ * }
+ *
+ * Importing using the CLI is supported with the following syntax:
+ *
+ * A GitLab User Avatar can be imported using the user id, e.g.
+ *
+ * ```sh
+ * $ pulumi import gitlab:index/userAvatar:UserAvatar example "12345"
+ * ```
+ *
+ * NOTE: the `token` and `avatar` resource attributes are not available for imported resources as this information cannot be read from the GitLab API.
+ */
+export declare class UserAvatar extends pulumi.CustomResource {
+    /**
+     * Get an existing UserAvatar resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserAvatarState, opts?: pulumi.CustomResourceOptions): UserAvatar;
+    /**
+     * Returns true if the given object is an instance of UserAvatar.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj: any): obj is UserAvatar;
+    /**
+     * A local path to the avatar image to upload. **Note**: the avatar is not available for imported resources.
+     */
+    readonly avatar: pulumi.Output<string>;
+    /**
+     * The hash of the avatar image.  This is used to track changes to the avatar image if the image contents change but the image name remains the same. Use `filesha256("path/to/avatar.png")` whenever possible.
+     */
+    readonly avatarHash: pulumi.Output<string | undefined>;
+    /**
+     * The URL of the avatar image.
+     */
+    readonly avatarUrl: pulumi.Output<string>;
+    /**
+     * The access token of the user. If this field is omitted, a GitLab token with administrator scope is required to manage the avatar for the specified user. **Note**: the token is not available for imported resources.
+     */
+    readonly token: pulumi.Output<string | undefined>;
+    /**
+     * The ID of the user.
+     */
+    readonly userId: pulumi.Output<number>;
+    /**
+     * Create a UserAvatar resource with the given unique name, arguments, and options.
+     *
+     * @param name The _unique_ name of the resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param opts A bag of options that control this resource's behavior.
+     */
+    constructor(name: string, args: UserAvatarArgs, opts?: pulumi.CustomResourceOptions);
+}
+/**
+ * Input properties used for looking up and filtering UserAvatar resources.
+ */
+export interface UserAvatarState {
+    /**
+     * A local path to the avatar image to upload. **Note**: the avatar is not available for imported resources.
+     */
+    avatar?: pulumi.Input<string>;
+    /**
+     * The hash of the avatar image.  This is used to track changes to the avatar image if the image contents change but the image name remains the same. Use `filesha256("path/to/avatar.png")` whenever possible.
+     */
+    avatarHash?: pulumi.Input<string>;
+    /**
+     * The URL of the avatar image.
+     */
+    avatarUrl?: pulumi.Input<string>;
+    /**
+     * The access token of the user. If this field is omitted, a GitLab token with administrator scope is required to manage the avatar for the specified user. **Note**: the token is not available for imported resources.
+     */
+    token?: pulumi.Input<string>;
+    /**
+     * The ID of the user.
+     */
+    userId?: pulumi.Input<number>;
+}
+/**
+ * The set of arguments for constructing a UserAvatar resource.
+ */
+export interface UserAvatarArgs {
+    /**
+     * A local path to the avatar image to upload. **Note**: the avatar is not available for imported resources.
+     */
+    avatar: pulumi.Input<string>;
+    /**
+     * The hash of the avatar image.  This is used to track changes to the avatar image if the image contents change but the image name remains the same. Use `filesha256("path/to/avatar.png")` whenever possible.
+     */
+    avatarHash?: pulumi.Input<string>;
+    /**
+     * The access token of the user. If this field is omitted, a GitLab token with administrator scope is required to manage the avatar for the specified user. **Note**: the token is not available for imported resources.
+     */
+    token?: pulumi.Input<string>;
+    /**
+     * The ID of the user.
+     */
+    userId: pulumi.Input<number>;
+}