lock to version 1 of goreleaser

added terraform tests for the resource

Reviewed-on: https://gitea.com/gitea/terraform-provider-gitea/pulls/72
Co-authored-by: Jörg Markert <joerg.markert@gmail.com>
Co-committed-by: Jörg Markert <joerg.markert@gmail.com>

.gitea/workflows/test.yml

@@ -11,8 +11,8 @@ jobs:
     name: 'Terraform Versions'
     runs-on: ubuntu-latest
     steps:
-    - uses: https://github.com/actions/checkout@v3
-    - uses: https://github.com/hashicorp/setup-terraform@v2
+    - uses: actions/checkout@v4
+    - uses: hashicorp/setup-terraform@v3
 
     - name: Terraform fmt
       id: fmt
@@ -22,7 +22,9 @@ jobs:
     - name: Terraform Init
       id: init
       run: terraform init
+      working-directory: examples
 
     - name: Terraform Validate
       id: validate
-      run: terraform validate -no-color
+      run: terraform validate -no-color
+      working-directory: examples

.github/workflows/release.yml

@@ -15,28 +15,28 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       -
         name: Unshallow
         run: git fetch --prune --unshallow
       -
         name: Set up Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version-file: 'go.mod'
           cache: true
       -
         name: Import GPG key
-        uses: crazy-max/ghaction-import-gpg@v5
+        uses: crazy-max/ghaction-import-gpg@v6
         id: import_gpg
         with:
           gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
           passphrase: ${{ secrets.PASSPHRASE }}
       -
         name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v4
+        uses: goreleaser/goreleaser-action@v6
         with:
-          version: latest
+          version: '~> v1'
           args: release --rm-dist
         env:
           GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}

.gitignore

@@ -1,2 +1,6 @@
 .vscode
-dist/
+.idea/
+dist/
+tests/terraform.tfvars
+tests/.terraform
+tests/.terraform.lock.hcl

Makefile

@@ -1,6 +1,8 @@
 TEST?=./gitea
 GOFMT_FILES?=$$(find . -name '*.go' |grep -v vendor)
 GOFMT ?= gofmt -s
+ARCH?=$$(uname -m | sed 's/x86_64/amd64/g')
+KERNEL?=$$(uname -s | tr '[:upper:]' '[:lower:]')
 
 VERSION = 0.2.0
 
@@ -33,3 +35,8 @@ build:
 	go build -ldflags="-X 'main.Version=${VERSION}'" -o terraform-provider-gitea_${VERSION}
 doc:
 	tfplugindocs
+install: build 
+	@echo installing to 
+	@echo ~/.terraform.d/plugins/terraform.local/go-gitea/gitea/${VERSION}/${KERNEL}_${ARCH}/terraform-provider-gitea_${VERSION}
+	@mkdir -p ~/.terraform.d/plugins/terraform.local/go-gitea/gitea/${VERSION}/${KERNEL}_${ARCH}
+	@mv terraform-provider-gitea_${VERSION} ~/.terraform.d/plugins/terraform.local/go-gitea/gitea/${VERSION}/${KERNEL}_${ARCH}/terraform-provider-gitea_${VERSION}

README.md

@@ -13,7 +13,7 @@ terraform {
   required_providers {
     gitea = {
       source = "go-gitea/gitea"
-      version = "0.2.0"
+      version = "0.3.0"
     }
   }
 }
@@ -71,4 +71,3 @@ This project is licensed under the MIT License - see the [LICENSE](LICENSE) file
 ## History
 
 This codebase was created at https://gitea.com/gitea/terraform-provider-gitea, was forked by @lerentis, and then their changes were merged back into the original repo. Thank you to everyone who contributed!
-

docs/data-sources/org.md

@@ -28,5 +28,3 @@ description: |-
 - `location` (String)
 - `visibility` (String)
 - `website` (String)
-
-

docs/data-sources/repo.md

@@ -43,5 +43,3 @@ description: |-
 - `updated` (String)
 - `watchers` (Number)
 - `website` (String)
-
-

docs/data-sources/user.md

@@ -29,5 +29,3 @@ description: |-
 - `is_admin` (Boolean)
 - `language` (String)
 - `last_login` (String)
-
-

docs/resources/fork.md

@@ -57,5 +57,3 @@ resource "gitea_fork" "org2_fork_of_repo1_in_org1" {
 ### Read-Only
 
 - `id` (String) The ID of this resource.
-
-

docs/resources/git_hook.md

@@ -51,5 +51,3 @@ resource "gitea_git_hook" "org_repo_post_receive" {
 ### Read-Only
 
 - `id` (String) The ID of this resource.
-
-

docs/resources/oauth2_app.md

@@ -29,5 +29,3 @@ Handling [gitea oauth application](https://docs.gitea.io/en-us/oauth2-provider/)
 - `client_id` (String) OAuth2 Application client id
 - `client_secret` (String, Sensitive) Oauth2 Application client secret
 - `id` (String) The ID of this resource.
-
-

docs/resources/org.md

@@ -47,5 +47,3 @@ resource "gitea_repository" "org_repo" {
 - `avatar_url` (String)
 - `id` (String) The ID of this resource.
 - `repos` (List of String) List of all Repositories that are part of this organisation
-
-

docs/resources/public_key.md

@@ -48,5 +48,3 @@ resource "gitea_public_key" "test_user_key" {
 - `fingerprint` (String)
 - `id` (String) The ID of this resource.
 - `type` (String)
-
-

docs/resources/repository.md

@@ -111,5 +111,3 @@ Need to exist in the gitea instance
 - `permission_push` (Boolean)
 - `ssh_url` (String)
 - `updated` (String)
-
-

docs/resources/repository_branch_protection.md

@@ -0,0 +1,68 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "gitea_repository_branch_protection Resource - terraform-provider-gitea"
+subcategory: ""
+description: |-
+  This resource allows you to create and manage branch protections for repositories.
+---
+
+# gitea_repository_branch_protection (Resource)
+
+This resource allows you to create and manage branch protections for repositories.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) Repository name
+- `rule_name` (String) Protected Branch Name Pattern
+- `username` (String) User name or organization name
+
+### Optional
+
+- `approval_whitelist_teams` (List of String) Only reviews from allowlisted teams will count to the required
+								approvals. Without approval allowlist, reviews from anyone with
+								write access count to the required approvals.
+- `approval_whitelist_users` (List of String) Only reviews from allowlisted users will count to the required
+								approvals. Without approval allowlist, reviews from anyone with
+								write access count to the required approvals.
+- `block_merge_on_official_review_requests` (Boolean) Merging will not be possible when it has official
+								review requests, even if there are enough approvals.
+- `block_merge_on_outdated_branch` (Boolean) Merging will not be possible when head branch is behind base branch.
+- `block_merge_on_rejected_reviews` (Boolean) Merging will not be possible when changes are
+								requested by official reviewers, even if there are enough
+								approvals.
+- `dismiss_stale_approvals` (Boolean) When new commits that change the content of the pull request
+								are pushed to the branch, old approvals will be dismissed.
+- `enable_push` (Boolean) Anyone with write access will be allowed to push to this branch
+								(but not force push), add a whitelist users or teams to limit
+								access.
+- `merge_whitelist_teams` (List of String) Allow only allowlisted teams to merge pull requests into this branch.
+- `merge_whitelist_users` (List of String) Allow only allowlisted users to merge pull requests into this branch.
+- `protected_file_patterns` (String) Protected file patterns (separated using semicolon ';')
+- `push_whitelist_deploy_keys` (Boolean) Allow deploy keys with write access to push. Requires enable_push to be set to true.
+- `push_whitelist_teams` (List of String) Allowlisted teams for pushing. Requires enable_push to be set to true.
+- `push_whitelist_users` (List of String) Allowlisted users for pushing. Requires enable_push to be set to true.
+- `require_signed_commits` (Boolean) Reject pushes to this branch if they are unsigned or unverifiable.
+- `required_approvals` (Number) Allow only to merge pull request with enough positive reviews.
+- `status_check_patterns` (List of String) Enter patterns to specify which status checks must pass before
+								branches can be merged into a branch that matches this rule.
+								Each line specifies a pattern. Patterns cannot be empty.
+- `unprotected_file_patterns` (String) Unprotected file patterns (separated using semicolon ';')
+
+### Read-Only
+
+- `created_at` (String) Webhook creation timestamp
+- `enable_approval_whitelist` (Boolean) True if a approval whitelist is used.
+- `enable_merge_whitelist` (Boolean) True if a merge whitelist is used.
+- `enable_push_whitelist` (Boolean) True if a push whitelist is used.
+- `enable_status_check` (Boolean) Require status checks to pass before merging. When enabled,
+								commits must first be pushed to another branch, then merged
+								or pushed directly to a branch that matches this rule after
+								status checks have passed. If no contexts are matched, the
+								last commit must be successful regardless of context
+- `id` (String) The ID of this resource.
+- `updated_at` (String) Webhook creation timestamp

docs/resources/repository_key.md

@@ -59,5 +59,3 @@ resource "gitea_repository_key" "example" {
 ### Read-Only
 
 - `id` (String) The ID of this resource.
-
-

docs/resources/repository_webhook.md

@@ -0,0 +1,37 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "gitea_repository_webhook Resource - terraform-provider-gitea"
+subcategory: ""
+description: |-
+  This resource allows you to create and manage webhooks for repositories.
+---
+
+# gitea_repository_webhook (Resource)
+
+This resource allows you to create and manage webhooks for repositories.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `active` (Boolean) Set webhook to active, e.g. `true`
+- `branch_filter` (String) Set branch filter on the webhook, e.g. `"*"`
+- `content_type` (String) The content type of the payload. It can be `json`, or `form`
+- `events` (List of String) A list of events that will trigger the webhool, e.g. `["push"]`
+- `name` (String) Repository name
+- `type` (String) Webhook type, e.g. `gitea`
+- `url` (String) Target URL of the webhook
+- `username` (String) User name or organization name
+
+### Optional
+
+- `authorization_header` (String) Webhook authorization header
+- `secret` (String) Webhook secret
+
+### Read-Only
+
+- `created_at` (String) Webhook creation timestamp
+- `id` (String) The ID of this resource.

docs/resources/team.md

@@ -69,7 +69,6 @@ resource "gitea_team" "test_team_restricted" {
 - `can_create_repos` (Boolean) Flag if the Teams members should be able to create Rpositories in the Organisation
 - `description` (String) Description of the Team
 - `include_all_repositories` (Boolean) Flag if the Teams members should have access to all Repositories in the Organisation
-- `members` (List of String) List of Users that should be part of this team
 - `permission` (String) Permissions associated with this Team
 Can be `none`, `read`, `write`, `admin` or `owner`
 - `repositories` (List of String) List of Repositories that should be part of this team
@@ -79,5 +78,3 @@ Can be `repo.code`, `repo.issues`, `repo.ext_issues`, `repo.wiki`, `repo.pulls`,
 ### Read-Only
 
 - `id` (String) The ID of this resource.
-
-

docs/resources/team_members.md

@@ -0,0 +1,51 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "gitea_team_members Resource - terraform-provider-gitea"
+subcategory: ""
+description: |-
+  gitea_team_members manages all members of a single team. This resource will be recreated on member changes.
+---
+
+# gitea_team_members (Resource)
+
+`gitea_team_members` manages all members of a single team. This resource will be recreated on member changes.
+
+## Example Usage
+
+```terraform
+resource "gitea_org" "example_org" {
+  name = "m_example_org"
+}
+
+resource "gitea_user" "example_users" {
+  count      = 5
+  username   = "m_example_user_${count.index}"
+  login_name = "m_example_user_${count.index}"
+  password   = "Geheim1!"
+  email      = "m_example_user_${count.index}@user.dev"
+}
+
+resource "gitea_team" "example_team" {
+  name         = "m_example_team"
+  organisation = gitea_org.example_org.name
+  description  = "An example of team membership"
+  permission   = "read"
+}
+
+resource "gitea_team_members" "example_members" {
+  team_id = gitea_team.example_team.id
+  members = [for user in gitea_user.example_users : user.username]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `members` (Set of String) The user names of the members of the team.
+- `team_id` (Number) The ID of the team.
+
+### Read-Only
+
+- `id` (String) The ID of this resource.

docs/resources/team_membership.md

@@ -0,0 +1,52 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "gitea_team_membership Resource - terraform-provider-gitea"
+subcategory: ""
+description: |-
+  gitea_team_membership manages a single user's membership of a single team.
+---
+
+# gitea_team_membership (Resource)
+
+`gitea_team_membership` manages a single user's membership of a single team.
+
+## Example Usage
+
+```terraform
+resource "gitea_org" "example_org" {
+  name = "m_example_org"
+}
+
+resource "gitea_user" "example_users" {
+  count      = 5
+  username   = "m_example_user_${count.index}"
+  login_name = "m_example_user_${count.index}"
+  password   = "Geheim1!"
+  email      = "m_example_user_${count.index}@user.dev"
+}
+
+resource "gitea_team" "example_team" {
+  name         = "m_example_team"
+  organisation = gitea_org.example_org.name
+  description  = "An example team for membership testing"
+  permission   = "read"
+}
+
+resource "gitea_team_membership" "example_team_memberships" {
+  for_each = { for user in gitea_user.example_users : user.username => user }
+  team_id  = gitea_team.example_team.id
+  username = each.value["username"]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `team_id` (Number) The ID of the team.
+- `username` (String) The username of the team member.
+
+### Read-Only
+
+- `id` (String) The ID of this resource.

docs/resources/token.md

@@ -30,18 +30,10 @@ provider "gitea" {
   password = var.gitea_password
 }
 
-resource "gitea_user" "test" {
-  username             = "test"
-  login_name           = "test"
-  password             = "Geheim1!"
-  email                = "test@user.dev"
-  must_change_password = false
-  admin                = true
-}
-
+// The token owner is the creator of the token
 resource "gitea_token" "test_token" {
-  username = resource.gitea_user.test.username
-  name     = "test-token"
+  name   = "test_token"
+  scopes = ["all"]
 }
 
 output "token" {
@@ -56,12 +48,10 @@ output "token" {
 ### Required
 
 - `name` (String) The name of the Access Token
-- `username` (String) The owner of the Access Token
+- `scopes` (Set of String) List of string representations of scopes for the token
 
 ### Read-Only
 
 - `id` (String) The ID of this resource.
 - `last_eight` (String)
 - `token` (String, Sensitive) The actual Access Token
-
-

docs/resources/user.md

@@ -56,5 +56,3 @@ resource "gitea_user" "test" {
 ### Read-Only
 
 - `id` (String) The ID of this resource.
-
-

examples/provider.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     gitea = {
       source = "go-gitea/gitea"
-      version = "0.1.0"
+      version = "0.3.0"
     }
   }
 }
@@ -12,4 +12,4 @@ provider "gitea" {
   username = "lerentis"
   password = var.gitea_password
   #token    = var.gitea_token
-}
+}

examples/resources/gitea_repo_branch_protection/resource.tf

@@ -0,0 +1,14 @@
+resource "gitea_repository" "repo" {
+  username  = var.username
+  name      = var.name
+  auto_init = false
+}
+
+resource "gitea_repository_branch_protection" "main" {
+  username = gitea_repository.repo.username
+  name     = gitea_repository.repo.name
+
+  rule_name             = "main"
+  enable_push           = true
+  status_check_patterns = var.branch_protection_patterns
+}

examples/resources/gitea_team_members/resource.tf

@@ -0,0 +1,23 @@
+resource "gitea_org" "example_org" {
+  name = "m_example_org"
+}
+
+resource "gitea_user" "example_users" {
+  count      = 5
+  username   = "m_example_user_${count.index}"
+  login_name = "m_example_user_${count.index}"
+  password   = "Geheim1!"
+  email      = "m_example_user_${count.index}@user.dev"
+}
+
+resource "gitea_team" "example_team" {
+  name         = "m_example_team"
+  organisation = gitea_org.example_org.name
+  description  = "An example of team membership"
+  permission   = "read"
+}
+
+resource "gitea_team_members" "example_members" {
+  team_id = gitea_team.example_team.id
+  members = [for user in gitea_user.example_users : user.username]
+}

examples/resources/gitea_team_membership/resource.tf

@@ -0,0 +1,24 @@
+resource "gitea_org" "example_org" {
+  name = "m_example_org"
+}
+
+resource "gitea_user" "example_users" {
+  count      = 5
+  username   = "m_example_user_${count.index}"
+  login_name = "m_example_user_${count.index}"
+  password   = "Geheim1!"
+  email      = "m_example_user_${count.index}@user.dev"
+}
+
+resource "gitea_team" "example_team" {
+  name         = "m_example_team"
+  organisation = gitea_org.example_org.name
+  description  = "An example team for membership testing"
+  permission   = "read"
+}
+
+resource "gitea_team_membership" "example_team_memberships" {
+  for_each = { for user in gitea_user.example_users : user.username => user }
+  team_id  = gitea_team.example_team.id
+  username = each.value["username"]
+}

examples/resources/gitea_token/resource.tf

@@ -5,18 +5,10 @@ provider "gitea" {
   password = var.gitea_password
 }
 
-resource "gitea_user" "test" {
-  username             = "test"
-  login_name           = "test"
-  password             = "Geheim1!"
-  email                = "test@user.dev"
-  must_change_password = false
-  admin                = true
-}
-
+// The token owner is the creator of the token
 resource "gitea_token" "test_token" {
-  username = resource.gitea_user.test.username
-  name     = "test-token"
+  name   = "test_token"
+  scopes = ["all"]
 }
 
 output "token" {

gitea/provider.go

@@ -75,15 +75,19 @@ func Provider() *schema.Provider {
 			"gitea_org": resourceGiteaOrg(),
 			// "gitea_team":       resourceGiteaTeam(),
 			// "gitea_repo":       resourceGiteaRepo(),
-			"gitea_user":           resourceGiteaUser(),
-			"gitea_oauth2_app":     resourceGiteaOauthApp(),
-			"gitea_repository":     resourceGiteaRepository(),
-			"gitea_fork":           resourceGiteaFork(),
-			"gitea_public_key":     resourceGiteaPublicKey(),
-			"gitea_team":           resourceGiteaTeam(),
-			"gitea_git_hook":       resourceGiteaGitHook(),
-			"gitea_token":          resourceGiteaToken(),
-			"gitea_repository_key": resourceGiteaRepositoryKey(),
+			"gitea_user":                         resourceGiteaUser(),
+			"gitea_oauth2_app":                   resourceGiteaOauthApp(),
+			"gitea_repository":                   resourceGiteaRepository(),
+			"gitea_fork":                         resourceGiteaFork(),
+			"gitea_public_key":                   resourceGiteaPublicKey(),
+			"gitea_team":                         resourceGiteaTeam(),
+			"gitea_team_membership":              resourceGiteaTeamMembership(),
+			"gitea_team_members":                 resourceGiteaTeamMembers(),
+			"gitea_git_hook":                     resourceGiteaGitHook(),
+			"gitea_token":                        resourceGiteaToken(),
+			"gitea_repository_key":               resourceGiteaRepositoryKey(),
+			"gitea_repository_webhook":           resourceGiteaRepositoryWebhook(),
+			"gitea_repository_branch_protection": resourceGiteaRepositoryBranchProtection(),
 		},
 
 		ConfigureFunc: providerConfigure,

gitea/resource_gitea_repository_branch_protection.go

@@ -0,0 +1,495 @@
+package gitea
+
+import (
+	"log"
+
+	"code.gitea.io/sdk/gitea"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+const (
+	repoBPUsername string = "username"
+	repoBPName     string = "name"
+	repoBPRuleName string = "rule_name"
+
+	repoBPProtectedFilePatterns   string = "protected_file_patterns"
+	repoBPUnprotectedFilePatterns string = "unprotected_file_patterns"
+
+	repoBPEnablePush              string = "enable_push"
+	repoBPEnablePushWhitelist     string = "enable_push_whitelist"
+	repoBPPushWhitelistUsers      string = "push_whitelist_users"
+	repoBPPushWhitelistTeams      string = "push_whitelist_teams"
+	repoBPPushWhitelistDeployKeys string = "push_whitelist_deploy_keys"
+
+	repoBPRequireSignedCommits string = "require_signed_commits"
+
+	repoBPRequiredApprovals       string = "required_approvals"
+	repoBPEnableApprovalWhitelist string = "enable_approval_whitelist"
+	repoBPApprovalWhitelistUsers  string = "approval_whitelist_users"
+	repoBPApprovalWhitelistTeams  string = "approval_whitelist_teams"
+	repoBPDismissStaleApprovals   string = "dismiss_stale_approvals"
+	// not implemented in go-gitea-sdk
+	// repoBPIgnoreStaleApprovals   string = "ignore_stale_approvals"
+
+	repoBPEnableStatusCheck   string = "enable_status_check"
+	repoBPStatusCheckPatterns string = "status_check_patterns"
+
+	repoBPEnableMergeWhitelist string = "enable_merge_whitelist"
+	repoBPMergeWhitelistUsers  string = "merge_whitelist_users"
+	repoBPMergeWhitelistTeams  string = "merge_whitelist_teams"
+
+	repoBPBlockMergeOnRejectedReviews        string = "block_merge_on_rejected_reviews"
+	repoBPBlockMergeOnOfficialReviewRequests string = "block_merge_on_official_review_requests"
+	repoBPBlockMergeOnOutdatedBranch         string = "block_merge_on_outdated_branch"
+
+	repoBPUpdatedAt string = "updated_at"
+	repoBPCreatedAt string = "created_at"
+)
+
+func resourceRepositoryBranchProtectionRead(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+
+	user := d.Get(repoBPUsername).(string)
+	repo := d.Get(repoBPName).(string)
+	rule_name := d.Get(repoBPRuleName).(string)
+
+	bp, resp, err := client.GetBranchProtection(user, repo, rule_name)
+	if err != nil {
+		if resp.StatusCode == 404 {
+			d.SetId("")
+			return
+		} else {
+			return err
+		}
+	}
+
+	err = setRepositoryBranchProtectionData(bp, user, repo, d)
+	return err
+}
+
+func generateWhitelist(d *schema.ResourceData, listname string) (enabled bool, users []string, teams []string) {
+	u := d.Get(listname + "_users")
+	users = make([]string, 0)
+	if u != nil {
+		for _, element := range u.([]interface{}) {
+			users = append(users, element.(string))
+		}
+	}
+
+	t := d.Get(listname + "_teams")
+	teams = make([]string, 0)
+	if u != nil {
+		for _, element := range t.([]interface{}) {
+			teams = append(teams, element.(string))
+		}
+	}
+
+	if c := len(users) + len(teams); c > 0 {
+		enabled = true
+	}
+	if listname == "push_whitelist" && d.Get(repoBPPushWhitelistDeployKeys).(bool) {
+		enabled = true
+	}
+
+	log.Println("enabled?:", enabled, listname)
+	return enabled, users, teams
+}
+
+func resourceRepositoryBranchProtectionCreate(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+
+	user := d.Get(repoBPUsername).(string)
+	repo := d.Get(repoBPName).(string)
+
+	enablePushWhitelist, pushWhitelistUsernames, pushWhitelistTeams := generateWhitelist(d, "push_whitelist")
+	enableMergeWhitelist, mergeWhitelistUsernames, mergeWhitelistTeams := generateWhitelist(d, "merge_whitelist")
+	enableApprovalsWhitelist, approvalsWhitelistUsernames, approvalsWhitelistTeams := generateWhitelist(d, "approval_whitelist")
+
+	statusCheckContexts := make([]string, 0)
+	for _, element := range d.Get(repoBPStatusCheckPatterns).([]interface{}) {
+		statusCheckContexts = append(statusCheckContexts, element.(string))
+	}
+
+	log.Println("create_ulist:", pushWhitelistUsernames)
+
+	enableStatusCheck := false
+	if len(statusCheckContexts) > 0 {
+		enableStatusCheck = true
+	}
+
+	bpOption := gitea.CreateBranchProtectionOption{
+		// BranchName is deprecated in gitea, but still required in go-gitea-sdk, therefore using RuleName
+		BranchName:                    d.Get(repoBPRuleName).(string),
+		RuleName:                      d.Get(repoBPRuleName).(string),
+		EnablePush:                    d.Get(repoBPEnablePush).(bool),
+		EnablePushWhitelist:           enablePushWhitelist,
+		PushWhitelistUsernames:        pushWhitelistUsernames,
+		PushWhitelistTeams:            pushWhitelistTeams,
+		PushWhitelistDeployKeys:       d.Get(repoBPPushWhitelistDeployKeys).(bool),
+		EnableMergeWhitelist:          enableMergeWhitelist,
+		MergeWhitelistUsernames:       mergeWhitelistUsernames,
+		MergeWhitelistTeams:           mergeWhitelistTeams,
+		EnableStatusCheck:             enableStatusCheck,
+		StatusCheckContexts:           statusCheckContexts,
+		RequiredApprovals:             int64(d.Get(repoBPRequiredApprovals).(int)),
+		EnableApprovalsWhitelist:      enableApprovalsWhitelist,
+		ApprovalsWhitelistUsernames:   approvalsWhitelistUsernames,
+		ApprovalsWhitelistTeams:       approvalsWhitelistTeams,
+		BlockOnRejectedReviews:        d.Get(repoBPBlockMergeOnRejectedReviews).(bool),
+		BlockOnOfficialReviewRequests: d.Get(repoBPBlockMergeOnOfficialReviewRequests).(bool),
+		BlockOnOutdatedBranch:         d.Get(repoBPBlockMergeOnOutdatedBranch).(bool),
+		DismissStaleApprovals:         d.Get(repoBPDismissStaleApprovals).(bool),
+		// IgnoreStaleApprovals:          d.Get(repoBPIgnoreStaleApprovals).(bool),
+		RequireSignedCommits:    d.Get(repoBPRequireSignedCommits).(bool),
+		ProtectedFilePatterns:   d.Get(repoBPProtectedFilePatterns).(string),
+		UnprotectedFilePatterns: d.Get(repoBPUnprotectedFilePatterns).(string),
+	}
+
+	bp, _, err := client.CreateBranchProtection(user, repo, bpOption)
+	if err != nil {
+		return err
+	}
+
+	err = setRepositoryBranchProtectionData(bp, user, repo, d)
+	return err
+}
+
+func resourceRepositoryBranchProtectionUpdate(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+
+	user := d.Get(repoBPUsername).(string)
+	repo := d.Get(repoBPName).(string)
+	rule_name := d.Id()
+
+	enablePushWhitelist, pushWhitelistUsernames, pushWhitelistTeams := generateWhitelist(d, "push_whitelist")
+	enableMergeWhitelist, mergeWhitelistUsernames, mergeWhitelistTeams := generateWhitelist(d, "merge_whitelist")
+	enableApprovalsWhitelist, approvalsWhitelistUsernames, approvalsWhitelistTeams := generateWhitelist(d, "approval_whitelist")
+
+	statusCheckContexts := make([]string, 0)
+	for _, element := range d.Get(repoBPStatusCheckPatterns).([]interface{}) {
+		statusCheckContexts = append(statusCheckContexts, element.(string))
+	}
+
+	enablePush := false
+	if enablePushWhitelist == true || d.Get(repoBPEnablePush).(bool) == true {
+		enablePush = true
+	}
+	pushWhitelistDeployKeys := d.Get(repoBPPushWhitelistDeployKeys).(bool)
+	enableStatusCheck := false
+	if len(statusCheckContexts) > 0 {
+		enableStatusCheck = true
+	}
+	requiredApprovals := int64(d.Get(repoBPRequiredApprovals).(int))
+	blockOnRejectedReviews := d.Get(repoBPBlockMergeOnRejectedReviews).(bool)
+	blockOnOfficialReviewRequests := d.Get(repoBPBlockMergeOnOfficialReviewRequests).(bool)
+	blockOnOutdatedBranch := d.Get(repoBPBlockMergeOnOutdatedBranch).(bool)
+	dismissStaleApprovals := d.Get(repoBPDismissStaleApprovals).(bool)
+	// ignoreStaleApprovals := d.Get(repoBPIgnoreStaleApprovals).(bool)
+	requireSignedCommits := d.Get(repoBPRequireSignedCommits).(bool)
+	protectedFilePatterns := d.Get(repoBPProtectedFilePatterns).(string)
+	unprotectedFilePatterns := d.Get(repoBPUnprotectedFilePatterns).(string)
+
+	bpOption := gitea.EditBranchProtectionOption{
+		EnablePush:                    &enablePush,
+		EnablePushWhitelist:           &enablePushWhitelist,
+		PushWhitelistUsernames:        pushWhitelistUsernames,
+		PushWhitelistTeams:            pushWhitelistTeams,
+		PushWhitelistDeployKeys:       &pushWhitelistDeployKeys,
+		EnableMergeWhitelist:          &enableMergeWhitelist,
+		MergeWhitelistUsernames:       mergeWhitelistUsernames,
+		MergeWhitelistTeams:           mergeWhitelistTeams,
+		EnableStatusCheck:             &enableStatusCheck,
+		StatusCheckContexts:           statusCheckContexts,
+		RequiredApprovals:             &requiredApprovals,
+		EnableApprovalsWhitelist:      &enableApprovalsWhitelist,
+		ApprovalsWhitelistUsernames:   approvalsWhitelistUsernames,
+		ApprovalsWhitelistTeams:       approvalsWhitelistTeams,
+		BlockOnRejectedReviews:        &blockOnRejectedReviews,
+		BlockOnOfficialReviewRequests: &blockOnOfficialReviewRequests,
+		BlockOnOutdatedBranch:         &blockOnOutdatedBranch,
+		DismissStaleApprovals:         &dismissStaleApprovals,
+		// IgnoreStaleApprovals:          &ignoreStaleApprovals,
+		RequireSignedCommits:    &requireSignedCommits,
+		ProtectedFilePatterns:   &protectedFilePatterns,
+		UnprotectedFilePatterns: &unprotectedFilePatterns,
+	}
+
+	bp, _, err := client.EditBranchProtection(user, repo, rule_name, bpOption)
+	if err != nil {
+		return err
+	}
+
+	err = setRepositoryBranchProtectionData(bp, user, repo, d)
+	return err
+}
+
+func resourceRepositoryBranchProtectionDelete(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+
+	user := d.Get(repoBPUsername).(string)
+	repo := d.Get(repoBPName).(string)
+	rule_name := d.Id()
+
+	_, err = client.DeleteBranchProtection(user, repo, rule_name)
+	if err != nil {
+		return err
+	}
+	return err
+}
+
+func setRepositoryBranchProtectionData(bp *gitea.BranchProtection, user string, repo string, d *schema.ResourceData) (err error) {
+	d.SetId(bp.RuleName)
+	d.Set(repoBPUsername, user)
+	d.Set(repoBPName, repo)
+	d.Set(repoBPProtectedFilePatterns, bp.ProtectedFilePatterns)
+	d.Set(repoBPUnprotectedFilePatterns, bp.UnprotectedFilePatterns)
+	d.Set(repoBPEnablePush, bp.EnablePush)
+	d.Set(repoBPEnablePushWhitelist, bp.EnablePushWhitelist)
+	d.Set(repoBPPushWhitelistUsers, bp.PushWhitelistUsernames)
+	d.Set(repoBPPushWhitelistTeams, bp.PushWhitelistTeams)
+	d.Set(repoBPPushWhitelistDeployKeys, bp.PushWhitelistDeployKeys)
+	d.Set(repoBPRequireSignedCommits, bp.RequireSignedCommits)
+	d.Set(repoBPRequiredApprovals, bp.RequiredApprovals)
+	d.Set(repoBPEnableApprovalWhitelist, bp.EnableApprovalsWhitelist)
+	d.Set(repoBPApprovalWhitelistUsers, bp.ApprovalsWhitelistUsernames)
+	d.Set(repoBPApprovalWhitelistTeams, bp.ApprovalsWhitelistTeams)
+	d.Set(repoBPDismissStaleApprovals, bp.DismissStaleApprovals)
+	// d.Set(repoBPIgnoreStaleApprovals, bp.IgnoreStaleApprovals)
+	d.Set(repoBPEnableStatusCheck, bp.EnableStatusCheck)
+	d.Set(repoBPStatusCheckPatterns, bp.StatusCheckContexts)
+	d.Set(repoBPEnableMergeWhitelist, bp.EnableMergeWhitelist)
+	d.Set(repoBPMergeWhitelistUsers, bp.MergeWhitelistUsernames)
+	d.Set(repoBPMergeWhitelistTeams, bp.MergeWhitelistTeams)
+	d.Set(repoBPBlockMergeOnRejectedReviews, bp.BlockOnRejectedReviews)
+	d.Set(repoBPBlockMergeOnOfficialReviewRequests, bp.BlockOnOfficialReviewRequests)
+	d.Set(repoBPBlockMergeOnOutdatedBranch, bp.BlockOnOutdatedBranch)
+	d.Set(repoBPUpdatedAt, bp.Updated)
+	d.Set(repoBPCreatedAt, bp.Created)
+
+	return err
+}
+
+func resourceGiteaRepositoryBranchProtection() *schema.Resource {
+	return &schema.Resource{
+		Read:   resourceRepositoryBranchProtectionRead,
+		Create: resourceRepositoryBranchProtectionCreate,
+		Update: resourceRepositoryBranchProtectionUpdate,
+		Delete: resourceRepositoryBranchProtectionDelete,
+		// TODO: importer ?
+		Schema: map[string]*schema.Schema{
+			"username": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "User name or organization name",
+			},
+			"name": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "Repository name",
+			},
+			"rule_name": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "Protected Branch Name Pattern",
+			},
+			"protected_file_patterns": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				ForceNew:    false,
+				Default:     "",
+				Description: "Protected file patterns (separated using semicolon ';')",
+			},
+			"unprotected_file_patterns": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				ForceNew:    false,
+				Default:     "",
+				Description: "Unprotected file patterns (separated using semicolon ';')",
+			},
+			"enable_push": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				ForceNew: false,
+				Default:  false,
+				Description: `Anyone with write access will be allowed to push to this branch
+								(but not force push), add a whitelist users or teams to limit
+								access.`,
+			},
+			"enable_push_whitelist": {
+				Type:        schema.TypeBool,
+				Computed:    true,
+				Description: "True if a push whitelist is used.",
+			},
+			"push_whitelist_users": {
+				Type: schema.TypeList,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+				RequiredWith: []string{"enable_push"},
+				Optional:     true,
+				ForceNew:     false,
+				Description:  "Allowlisted users for pushing. Requires enable_push to be set to true.",
+			},
+			"push_whitelist_teams": {
+				Type: schema.TypeList,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+				RequiredWith: []string{"enable_push"},
+				Optional:     true,
+				ForceNew:     false,
+				Description:  "Allowlisted teams for pushing. Requires enable_push to be set to true.",
+			},
+			"push_whitelist_deploy_keys": {
+				Type:         schema.TypeBool,
+				RequiredWith: []string{"enable_push"},
+				Optional:     true,
+				ForceNew:     false,
+				Default:      false,
+				Description:  "Allow deploy keys with write access to push. Requires enable_push to be set to true.",
+			},
+			"require_signed_commits": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				ForceNew:    false,
+				Default:     false,
+				Description: "Reject pushes to this branch if they are unsigned or unverifiable.",
+			},
+			"required_approvals": {
+				Type:        schema.TypeInt,
+				Optional:    true,
+				ForceNew:    false,
+				Default:     0,
+				Description: "Allow only to merge pull request with enough positive reviews.",
+			},
+			"enable_approval_whitelist": {
+				Type:        schema.TypeBool,
+				Computed:    true,
+				Description: "True if a approval whitelist is used.",
+			},
+			"approval_whitelist_users": {
+				Type: schema.TypeList,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+				Optional: true,
+				ForceNew: false,
+				Description: `Only reviews from allowlisted users will count to the required
+								approvals. Without approval allowlist, reviews from anyone with
+								write access count to the required approvals.`,
+			},
+			"approval_whitelist_teams": {
+				Type: schema.TypeList,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+				Optional: true,
+				ForceNew: false,
+				Description: `Only reviews from allowlisted teams will count to the required
+								approvals. Without approval allowlist, reviews from anyone with
+								write access count to the required approvals.`,
+			},
+			"dismiss_stale_approvals": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				ForceNew: false,
+				Default:  false,
+				Description: `When new commits that change the content of the pull request
+								are pushed to the branch, old approvals will be dismissed.`,
+			},
+			//
+			// not implemented in go-gitea-sdk
+			//
+			// "ignore_stale_approvals": {
+			// 	Type:        schema.TypeBool,
+			//  Optional 	 true,
+			// 	ForceNew:    false,
+			// 	Default:     false,
+			// 	Description: `Do not count approvals that were made on older commits (stale
+			//					reviews) towards how many approvals the PR has. Irrelevant if
+			//					stale reviews are already dismissed.`,
+			// },
+			"enable_status_check": {
+				Type:     schema.TypeBool,
+				Computed: true,
+				Description: `Require status checks to pass before merging. When enabled,
+								commits must first be pushed to another branch, then merged
+								or pushed directly to a branch that matches this rule after
+								status checks have passed. If no contexts are matched, the
+								last commit must be successful regardless of context`,
+			},
+			"status_check_patterns": {
+				Type: schema.TypeList,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+				Optional: true,
+				ForceNew: false,
+				Description: `Enter patterns to specify which status checks must pass before
+								branches can be merged into a branch that matches this rule.
+								Each line specifies a pattern. Patterns cannot be empty.`,
+			},
+			"enable_merge_whitelist": {
+				Type:        schema.TypeBool,
+				Computed:    true,
+				Description: "True if a merge whitelist is used.",
+			},
+			"merge_whitelist_users": {
+				Type: schema.TypeList,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+				Optional:    true,
+				ForceNew:    false,
+				Description: "Allow only allowlisted users to merge pull requests into this branch.",
+			},
+			"merge_whitelist_teams": {
+				Type: schema.TypeList,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+				Optional:    true,
+				ForceNew:    false,
+				Description: "Allow only allowlisted teams to merge pull requests into this branch.",
+			},
+			"block_merge_on_rejected_reviews": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				ForceNew: false,
+				Default:  false,
+				Description: `Merging will not be possible when changes are
+								requested by official reviewers, even if there are enough
+								approvals.`,
+			},
+			"block_merge_on_official_review_requests": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				ForceNew: false,
+				Default:  false,
+				Description: `Merging will not be possible when it has official
+								review requests, even if there are enough approvals.`,
+			},
+			"block_merge_on_outdated_branch": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				ForceNew:    false,
+				Default:     false,
+				Description: "Merging will not be possible when head branch is behind base branch.",
+			},
+			"updated_at": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Webhook creation timestamp",
+			},
+			"created_at": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Webhook creation timestamp",
+			},
+		},
+		Description: "This resource allows you to create and manage branch protections for repositories.",
+	}
+}

gitea/resource_gitea_repository_webhook.go

@@ -0,0 +1,255 @@
+package gitea
+
+import (
+	"strconv"
+
+	"code.gitea.io/sdk/gitea"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+const (
+	repoWebhookUsername            string = "username"
+	repoWebhookName                string = "name"
+	repoWebhookType                string = "type"
+	repoWebhookUrl                 string = "url"
+	repoWebhookContentType         string = "content_type"
+	repoWebhookSecret              string = "secret"
+	repoWebhookAuthorizationHeader string = "authorization_header"
+	repoWebhookEvents              string = "events"
+	repoWebhookBranchFilter        string = "branch_filter"
+	repoWebhookActive              string = "active"
+	repoWebhookCreatedAt           string = "created_at"
+)
+
+func resourceRepositoryWebhookRead(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+
+	id, err := strconv.ParseInt(d.Id(), 10, 64)
+	if err != nil {
+		return err
+	}
+
+	user := d.Get(repoWebhookUsername).(string)
+	repo := d.Get(repoWebhookName).(string)
+
+	hook, resp, err := client.GetRepoHook(user, repo, id)
+	if err != nil {
+		if resp.StatusCode == 404 {
+			d.SetId("")
+			return
+		} else {
+			return err
+		}
+	}
+
+	err = setRepositoryWebhookData(hook, d)
+
+	return
+}
+
+func resourceRepositoryWebhookCreate(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+
+	user := d.Get(repoWebhookUsername).(string)
+	repo := d.Get(repoWebhookName).(string)
+
+	config := map[string]string{
+		"url":          d.Get(repoWebhookUrl).(string),
+		"content_type": d.Get(repoWebhookContentType).(string),
+	}
+
+	secret := d.Get(repoWebhookSecret).(string)
+	if secret != "" {
+		config["secret"] = secret
+	}
+
+	events := make([]string, 0)
+	for _, element := range d.Get(repoWebhookEvents).([]interface{}) {
+		events = append(events, element.(string))
+	}
+
+	hookOption := gitea.CreateHookOption{
+		Type:                gitea.HookType(d.Get(repoWebhookType).(string)),
+		Config:              config,
+		Events:              events,
+		BranchFilter:        d.Get(repoWebhookBranchFilter).(string),
+		Active:              d.Get(repoWebhookActive).(bool),
+		AuthorizationHeader: d.Get(repoWebhookAuthorizationHeader).(string),
+	}
+
+	hook, _, err := client.CreateRepoHook(user, repo, hookOption)
+	if err != nil {
+		return err
+	}
+
+	err = setRepositoryWebhookData(hook, d)
+
+	return
+}
+
+func resourceRepositoryWebhookUpdate(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+
+	user := d.Get(repoWebhookUsername).(string)
+	repo := d.Get(repoWebhookName).(string)
+	id, err := strconv.ParseInt(d.Id(), 10, 64)
+	if err != nil {
+		return err
+	}
+
+	config := map[string]string{
+		"url":          d.Get(repoWebhookUrl).(string),
+		"content_type": d.Get(repoWebhookContentType).(string),
+	}
+
+	secret := d.Get(repoWebhookSecret).(string)
+	if secret != "" {
+		config["secret"] = secret
+	}
+
+	events := make([]string, 0)
+	for _, element := range d.Get(repoWebhookEvents).([]interface{}) {
+		events = append(events, element.(string))
+	}
+
+	active := d.Get(repoWebhookActive).(bool)
+
+	hookOption := gitea.EditHookOption{
+		Config:              config,
+		Events:              events,
+		BranchFilter:        d.Get(repoWebhookBranchFilter).(string),
+		Active:              &active,
+		AuthorizationHeader: d.Get(repoWebhookAuthorizationHeader).(string),
+	}
+
+	_, err = client.EditRepoHook(user, repo, id, hookOption)
+	if err != nil {
+		return err
+	}
+
+	hook, _, err := client.GetRepoHook(user, repo, id)
+	if err != nil {
+		return err
+	}
+
+	err = setRepositoryWebhookData(hook, d)
+
+	return
+}
+
+func resourceRepositoryWebhookDelete(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+
+	user := d.Get(repoWebhookUsername).(string)
+	repo := d.Get(repoWebhookName).(string)
+	id, err := strconv.ParseInt(d.Id(), 10, 64)
+	if err != nil {
+		return err
+	}
+
+	_, err = client.DeleteRepoHook(user, repo, id)
+	if err != nil {
+		return err
+	}
+
+	return
+}
+
+func setRepositoryWebhookData(hook *gitea.Hook, d *schema.ResourceData) (err error) {
+	d.SetId(strconv.FormatInt(hook.ID, 10))
+
+	d.Set(repoWebhookUsername, d.Get(repoWebhookUsername).(string))
+	d.Set(repoWebhookName, d.Get(repoWebhookName).(string))
+	d.Set(repoWebhookType, d.Get(repoWebhookType).(string))
+	d.Set(repoWebhookUrl, d.Get(repoWebhookUrl).(string))
+	d.Set(repoWebhookContentType, d.Get(repoWebhookContentType).(string))
+
+	secret := d.Get(repoWebhookSecret).(string)
+	if secret != "" {
+		d.Set(repoWebhookSecret, secret)
+	}
+
+	d.Set(repoWebhookEvents, d.Get(repoWebhookEvents))
+	d.Set(repoWebhookBranchFilter, d.Get(repoWebhookBranchFilter).(string))
+	d.Set(repoWebhookActive, d.Get(repoWebhookActive).(bool))
+	d.Set(repoWebhookCreatedAt, hook.Created)
+
+	authorizationHeader := d.Get(repoWebhookAuthorizationHeader).(string)
+	if authorizationHeader != "" {
+		d.Set(repoWebhookAuthorizationHeader, authorizationHeader)
+	}
+
+	return
+}
+
+func resourceGiteaRepositoryWebhook() *schema.Resource {
+	return &schema.Resource{
+		Read:   resourceRepositoryWebhookRead,
+		Create: resourceRepositoryWebhookCreate,
+		Update: resourceRepositoryWebhookUpdate,
+		Delete: resourceRepositoryWebhookDelete,
+		Schema: map[string]*schema.Schema{
+			"username": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "User name or organization name",
+			},
+			"name": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "Repository name",
+			},
+			"type": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Webhook type, e.g. `gitea`",
+			},
+			"url": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Target URL of the webhook",
+			},
+			"content_type": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "The content type of the payload. It can be `json`, or `form`",
+			},
+			"secret": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Webhook secret",
+			},
+			"authorization_header": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Webhook authorization header",
+			},
+			"events": {
+				Type: schema.TypeList,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+				Required:    true,
+				Description: "A list of events that will trigger the webhool, e.g. `[\"push\"]`",
+			},
+			"branch_filter": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Set branch filter on the webhook, e.g. `\"*\"`",
+			},
+			"active": {
+				Type:        schema.TypeBool,
+				Required:    true,
+				Description: "Set webhook to active, e.g. `true`",
+			},
+			"created_at": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Webhook creation timestamp",
+			},
+		},
+		Description: "This resource allows you to create and manage webhooks for repositories.",
+	}
+}

gitea/resource_gitea_team.go

@@ -18,7 +18,6 @@ const (
 	TeamCreateRepoFlag      string = "can_create_repos"
 	TeamIncludeAllReposFlag string = "include_all_repositories"
 	TeamUnits               string = "units"
-	TeamMembers             string = "members"
 	TeamRepositories        string = "repositories"
 )
 
@@ -94,17 +93,6 @@ func resourceTeamCreate(d *schema.ResourceData, meta interface{}) (err error) {
 		return
 	}
 
-	users := d.Get(TeamMembers).([]interface{})
-
-	for _, user := range users {
-		if user != "" {
-			_, err = client.AddTeamMember(team.ID, user.(string))
-			if err != nil {
-				return err
-			}
-		}
-	}
-
 	if !includeAllRepos {
 		err = setTeamRepositories(team, d, meta, false)
 		if err != nil {
@@ -181,17 +169,6 @@ func resourceTeamUpdate(d *schema.ResourceData, meta interface{}) (err error) {
 		return err
 	}
 
-	users := d.Get(TeamMembers).([]interface{})
-
-	for _, user := range users {
-		if user != "" {
-			_, err = client.AddTeamMember(team.ID, user.(string))
-			if err != nil {
-				return err
-			}
-		}
-	}
-
 	if !includeAllRepos {
 		err = setTeamRepositories(team, d, meta, true)
 		if err != nil {
@@ -240,8 +217,8 @@ func setTeamResourceData(team *gitea.Team, d *schema.ResourceData, meta interfac
 	d.Set(TeamPermissions, string(team.Permission))
 	d.Set(TeamIncludeAllReposFlag, team.IncludesAllRepositories)
 	d.Set(TeamUnits, d.Get(TeamUnits).(string))
-	d.Set(TeamMembers, d.Get(TeamMembers))
 	d.Set(TeamRepositories, d.Get(TeamRepositories))
+
 	return
 }
 
@@ -304,16 +281,6 @@ func resourceGiteaTeam() *schema.Resource {
 				Description: "List of types of Repositories that should be allowed to be created from Team members.\n" +
 					"Can be `repo.code`, `repo.issues`, `repo.ext_issues`, `repo.wiki`, `repo.pulls`, `repo.releases`, `repo.projects` and/or `repo.ext_wiki`",
 			},
-			"members": {
-				Type: schema.TypeList,
-				Elem: &schema.Schema{
-					Type: schema.TypeString,
-				},
-				Optional:    true,
-				Required:    false,
-				Computed:    true,
-				Description: "List of Users that should be part of this team",
-			},
 			"repositories": {
 				Type: schema.TypeList,
 				Elem: &schema.Schema{

gitea/resource_gitea_team_members.go

@@ -0,0 +1,150 @@
+package gitea
+
+import (
+	"fmt"
+
+	"code.gitea.io/sdk/gitea"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+const (
+	membersTeamID 	   string = "team_id"
+	membersTeamMembers string = "members"
+)
+
+func getTeamMembers(team_id int, meta interface{}) (membersNames []string, err error) {
+	client := meta.(*gitea.Client)
+
+	var memberNames []string
+	var members []*gitea.User
+
+	// Get all pages of users
+	page := 1
+	for {
+		// Set options for current page
+		opts := gitea.ListTeamMembersOptions{
+			ListOptions: gitea.ListOptions{Page: page, PageSize: 50},
+		}
+
+		// Get page of team members
+		members, _, err = client.ListTeamMembers(int64(team_id), opts)
+		if err != nil {
+			return nil, err
+		}
+
+		// If no members were returned, we are done
+		if len(members) == 0 {
+			break
+		}
+
+		// Update list of usernames with data from current page
+		for _, m := range members {
+			memberNames = append(memberNames, m.UserName)
+		}
+
+		// Next page
+		page += 1
+	}
+
+	return memberNames, nil
+}
+
+func resourceTeamMembersCreate(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+	team_id := d.Get(membersTeamID).(int)
+
+	var memberNames []string 
+
+	// What if team already has member?
+	// What if user is already in the team?
+	// What if user does not exist?
+	
+	// Add members to the team
+	for _, name := range d.Get(membersTeamMembers).(*schema.Set).List() {
+		_ , err = client.AddTeamMember(int64(team_id), name.(string))
+		if err != nil {
+			return err
+		}
+		// Update list of usernames of the team members
+		memberNames = append(memberNames, name.(string))
+	}
+
+	err = setTeamMembersData(team_id, memberNames, d)
+
+	return
+}
+
+func resourceTeamMembersRead(d *schema.ResourceData, meta interface{}) (err error) {
+	team_id := d.Get(membersTeamID).(int)
+
+	memberNames, err := getTeamMembers(team_id, meta)
+	if err != nil {
+		return err
+	}
+
+	err = setTeamMembersData(team_id, memberNames, d)
+
+	return
+}
+
+func resourceTeamMembersDelete(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+	team_id := d.Get(membersTeamID).(int)
+
+	var memberNames []string
+
+	memberNames , err = getTeamMembers(team_id, meta)
+	if err != nil {
+		return err
+	}
+
+	// Delete all memberships
+	for _, username := range memberNames {
+		_, err = client.RemoveTeamMember(int64(team_id), username)
+		if err != nil {
+			return err
+		}
+	}
+
+	return
+}
+
+func setTeamMembersData(team_id int, memberNames []string, d *schema.ResourceData) (err error) {
+	d.SetId(fmt.Sprintf("%d", team_id))
+	d.Set(membersTeamID, team_id)
+	d.Set(membersTeamMembers, memberNames)
+
+	return
+}
+
+func resourceGiteaTeamMembers() *schema.Resource {
+	return &schema.Resource{
+		Read:   resourceTeamMembersRead,
+		Create: resourceTeamMembersCreate,
+		Delete: resourceTeamMembersDelete,
+		Importer: &schema.ResourceImporter{
+			StateContext: schema.ImportStatePassthroughContext,
+		},
+		Schema: map[string]*schema.Schema{
+			"team_id": {
+				Type:        schema.TypeInt,
+				Required:    true,
+				ForceNew:    true,
+				Description: "The ID of the team.",
+			},
+			"members": {
+				// TypeSet is better than TypeList because
+				// reordering the members will not trigger recreation
+				Type:        schema.TypeSet,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+				Required:    true,
+				ForceNew:	 true,
+				Description: "The user names of the members of the team.",
+			},
+
+		},
+		Description: "`gitea_team_members` manages all members of a single team. This resource will be recreated on member changes.",
+	}
+}

gitea/resource_gitea_team_membership.go

@@ -0,0 +1,111 @@
+package gitea
+
+import (
+	"fmt"
+
+	"code.gitea.io/sdk/gitea"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+const (
+	membershipTeamID 	string = "team_id"
+	membershipUserName 	string = "username"
+)
+
+func resourceTeamMembershipCreate(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+
+	team_id := d.Get(membershipTeamID).(int)
+	username := d.Get(membershipUserName).(string)
+
+	// Create the membership
+	_ , err = client.AddTeamMember(int64(team_id), username)
+
+	// What if the membership exists? Consider error messages
+	// Does this do anything? Will err not be return in the end anyway
+	if err != nil {
+		return
+	}
+	
+	err = setTeamMembershipData(team_id, username, d)
+
+	return
+}
+
+func resourceTeamMembershipRead(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+	
+	var resp *gitea.Response
+
+	team_id := d.Get(membershipTeamID).(int)
+	username := d.Get(membershipUserName).(string)
+
+	// Attempt to get the user from the team. If the user is not a member of the team, this will return a 404 
+	_, resp, err = client.GetTeamMember(int64(team_id), username)
+	if err != nil {
+		return err
+	}
+
+	// The membership does not exist in Gitea
+	if resp.StatusCode == 404 {
+		// No ID in the resource indicates that it does not exist
+		d.SetId("")
+		return nil
+	}
+
+	err = setTeamMembershipData(team_id, username, d)
+
+	return
+}
+
+func resourceTeamMembershipDelete(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+
+	team_id := d.Get(membershipTeamID).(int)
+	username := d.Get(membershipUserName).(string)
+
+	// Delete the membership
+	_, err = client.RemoveTeamMember(int64(team_id), username)
+
+	if err != nil {
+		return err
+	}
+
+	return
+}
+
+func setTeamMembershipData(team_id int, username string, d *schema.ResourceData) (err error) {
+	// This can't be team or usename only as that would not be unique since the
+	// team can have multiple members and the user can have multiple memberships. 
+	d.SetId(fmt.Sprintf("%d_%s", team_id, username))
+	d.Set(membershipTeamID, team_id)
+	d.Set(membershipUserName, username)
+
+	return
+}
+
+func resourceGiteaTeamMembership() *schema.Resource {
+	return &schema.Resource{
+		Read:   resourceTeamMembershipRead,
+		Create: resourceTeamMembershipCreate,
+		Delete: resourceTeamMembershipDelete,
+		Importer: &schema.ResourceImporter{
+			StateContext: schema.ImportStatePassthroughContext,
+		},
+		Schema: map[string]*schema.Schema{
+			"team_id": {
+				Type:        schema.TypeInt,
+				Required:    true,
+				ForceNew:    true,
+				Description: "The ID of the team.",
+			},
+			"username": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "The username of the team member.",
+			},
+		},
+		Description: "`gitea_team_membership` manages a single user's membership of a single team.",
+	}
+}

gitea/resource_gitea_token.go

@@ -9,12 +9,36 @@ import (
 )
 
 const (
-	TokenUsername  string = "username"
 	TokenName      string = "name"
 	TokenHash      string = "token"
 	TokenLastEight string = "last_eight"
+	TokenScopes    string = "scopes"
 )
 
+// validScopes contains the valid scopes for tokens as listed
+// at https://docs.gitea.com/development/oauth2-provider#scopes
+var validScopes = map[string]bool{
+	"all": true,
+	"read:activitypub": true,
+	"write:activitypub": true,
+	"read:admin": true,
+	"write:admin": true,
+	"read:issue": true,
+	"write:issue": true,
+	"read:misc": true,
+	"write:misc": true,
+	"read:notification": true,
+	"write:notification": true,
+	"read:organization": true,
+	"write:organization": true,
+	"read:package": true,
+	"write:package": true,
+	"read:repository": true,
+	"write:repository": true,
+	"read:user": true,
+	"write:user": true,
+}
+
 func searchTokenById(c *gitea.Client, id int64) (res *gitea.AccessToken, err error) {
 	page := 1
 
@@ -47,10 +71,23 @@ func resourceTokenCreate(d *schema.ResourceData, meta interface{}) (err error) {
 
 	client := meta.(*gitea.Client)
 
-	var opt gitea.CreateAccessTokenOption
-	opt.Name = d.Get(TokenName).(string)
+	// Create a list of valid scopes. Thrown an error if an invalid scope is found
+	var scopes []gitea.AccessTokenScope
+	for _, s := range d.Get(TokenScopes).(*schema.Set).List() {
+		s := s.(string)
+		if validScopes[s] {
+			scopes = append(scopes, gitea.AccessTokenScope(s))
+		} else {
+			return fmt.Errorf("Invalid token scope: '%s'", s)
+		}
+	}
 
-	token, _, err := client.CreateAccessToken(opt)
+	opts := gitea.CreateAccessTokenOption{
+		Name: 	d.Get(TokenName).(string),
+		Scopes: scopes,
+	}
+
+	token, _, err := client.CreateAccessToken(opts)
 
 	if err != nil {
 		return err
@@ -106,6 +143,7 @@ func setTokenResourceData(token *gitea.AccessToken, d *schema.ResourceData) (err
 		d.Set(TokenHash, token.Token)
 	}
 	d.Set(TokenLastEight, token.TokenLastEight)
+	d.Set(TokenScopes, token.Scopes)
 
 	return
 }
@@ -119,12 +157,6 @@ func resourceGiteaToken() *schema.Resource {
 			StateContext: schema.ImportStatePassthroughContext,
 		},
 		Schema: map[string]*schema.Schema{
-			"username": {
-				Type:        schema.TypeString,
-				Required:    true,
-				ForceNew:    true,
-				Description: "The owner of the Access Token",
-			},
 			"name": {
 				Type:        schema.TypeString,
 				Required:    true,
@@ -141,6 +173,15 @@ func resourceGiteaToken() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+			"scopes": {
+				Type: schema.TypeSet,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+				Required:    true,
+				ForceNew:    true,
+				Description: "List of string representations of scopes for the token",
+			},
 		},
 		Description: "`gitea_token` manages gitea Access Tokens.\n\n" +
 			"Due to upstream limitations (see https://gitea.com/gitea/go-sdk/issues/610) this resource\n" +

go.mod

@@ -3,48 +3,56 @@ module code.gitea.io/terraform-provider-gitea
 go 1.21
 
 require (
-	code.gitea.io/sdk/gitea v0.15.1
-	github.com/hashicorp/terraform-plugin-docs v0.16.0
+	code.gitea.io/sdk/gitea v0.19.0
+	github.com/hashicorp/terraform-plugin-docs v0.19.4
 	github.com/hashicorp/terraform-plugin-log v0.9.0
-	github.com/hashicorp/terraform-plugin-sdk/v2 v2.27.0
+	github.com/hashicorp/terraform-plugin-sdk/v2 v2.34.0
 )
 
 require (
+	github.com/BurntSushi/toml v1.2.1 // indirect
+	github.com/Kunde21/markdownfmt/v3 v3.1.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
-	github.com/Masterminds/semver/v3 v3.1.1 // indirect
-	github.com/Masterminds/sprig/v3 v3.2.2 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect
+	github.com/Masterminds/semver/v3 v3.2.0 // indirect
+	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
+	github.com/ProtonMail/go-crypto v1.1.0-alpha.2 // indirect
 	github.com/agext/levenshtein v1.2.2 // indirect
 	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
+	github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
 	github.com/armon/go-radix v1.0.0 // indirect
 	github.com/bgentry/speakeasy v0.1.0 // indirect
-	github.com/cloudflare/circl v1.3.3 // indirect
-	github.com/fatih/color v1.13.0 // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
-	github.com/google/uuid v1.3.0 // indirect
+	github.com/bmatcuk/doublestar/v4 v4.6.1 // indirect
+	github.com/cloudflare/circl v1.3.7 // indirect
+	github.com/davidmz/go-pageant v1.0.2 // indirect
+	github.com/fatih/color v1.16.0 // indirect
+	github.com/go-fed/httpsig v1.1.0 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/hashicorp/cli v1.1.6 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-checkpoint v0.5.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 // indirect
 	github.com/hashicorp/go-hclog v1.5.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
-	github.com/hashicorp/go-plugin v1.4.10 // indirect
+	github.com/hashicorp/go-plugin v1.6.0 // indirect
 	github.com/hashicorp/go-uuid v1.0.3 // indirect
-	github.com/hashicorp/go-version v1.6.0 // indirect
-	github.com/hashicorp/hc-install v0.5.2 // indirect
-	github.com/hashicorp/hcl/v2 v2.17.0 // indirect
+	github.com/hashicorp/go-version v1.7.0 // indirect
+	github.com/hashicorp/hc-install v0.7.0 // indirect
+	github.com/hashicorp/hcl/v2 v2.20.1 // indirect
 	github.com/hashicorp/logutils v1.0.0 // indirect
-	github.com/hashicorp/terraform-exec v0.18.1 // indirect
-	github.com/hashicorp/terraform-json v0.17.1 // indirect
-	github.com/hashicorp/terraform-plugin-go v0.16.0 // indirect
-	github.com/hashicorp/terraform-registry-address v0.2.1 // indirect
+	github.com/hashicorp/terraform-exec v0.21.0 // indirect
+	github.com/hashicorp/terraform-json v0.22.1 // indirect
+	github.com/hashicorp/terraform-plugin-go v0.23.0 // indirect
+	github.com/hashicorp/terraform-registry-address v0.2.3 // indirect
 	github.com/hashicorp/terraform-svchost v0.1.1 // indirect
-	github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d // indirect
-	github.com/huandu/xstrings v1.3.2 // indirect
-	github.com/imdario/mergo v0.3.13 // indirect
+	github.com/hashicorp/yamux v0.1.1 // indirect
+	github.com/huandu/xstrings v1.3.3 // indirect
+	github.com/imdario/mergo v0.3.15 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.16 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mattn/go-runewidth v0.0.9 // indirect
 	github.com/mitchellh/cli v1.1.5 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
@@ -57,17 +65,24 @@ require (
 	github.com/shopspring/decimal v1.3.1 // indirect
 	github.com/spf13/cast v1.5.0 // indirect
 	github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect
-	github.com/vmihailenco/msgpack/v5 v5.3.5 // indirect
+	github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect
 	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
-	github.com/zclconf/go-cty v1.13.2 // indirect
-	golang.org/x/crypto v0.10.0 // indirect
+	github.com/yuin/goldmark v1.7.1 // indirect
+	github.com/yuin/goldmark-meta v1.1.0 // indirect
+	github.com/zclconf/go-cty v1.14.4 // indirect
+	go.abhg.dev/goldmark/frontmatter v0.2.0 // indirect
+	golang.org/x/crypto v0.23.0 // indirect
 	golang.org/x/exp v0.0.0-20230626212559-97b1e661b5df // indirect
-	golang.org/x/mod v0.11.0 // indirect
-	golang.org/x/net v0.11.0 // indirect
-	golang.org/x/sys v0.9.0 // indirect
-	golang.org/x/text v0.11.0 // indirect
-	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
-	google.golang.org/grpc v1.56.0 // indirect
-	google.golang.org/protobuf v1.30.0 // indirect
+	golang.org/x/mod v0.17.0 // indirect
+	golang.org/x/net v0.23.0 // indirect
+	golang.org/x/sys v0.20.0 // indirect
+	golang.org/x/text v0.15.0 // indirect
+	golang.org/x/tools v0.13.0 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240227224415-6ceb2ff114de // indirect
+	google.golang.org/grpc v1.63.2 // indirect
+	google.golang.org/protobuf v1.34.0 // indirect
+	gopkg.in/yaml.v2 v2.3.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -1,39 +1,78 @@
 code.gitea.io/gitea-vet v0.2.1/go.mod h1:zcNbT/aJEmivCAhfmkHOlT645KNOf9W2KnkLgFjGGfE=
 code.gitea.io/sdk/gitea v0.15.1 h1:WJreC7YYuxbn0UDaPuWIe/mtiNKTvLN8MLkaw71yx/M=
 code.gitea.io/sdk/gitea v0.15.1/go.mod h1:klY2LVI3s3NChzIk/MzMn7G1FHrfU7qd63iSMVoHRBA=
+code.gitea.io/sdk/gitea v0.16.0 h1:gAfssETO1Hv9QbE+/nhWu7EjoFQYKt6kPoyDytQgw00=
+code.gitea.io/sdk/gitea v0.16.0/go.mod h1:ndkDk99BnfiUCCYEUhpNzi0lpmApXlwRFqClBlOlEBg=
+code.gitea.io/sdk/gitea v0.17.0 h1:8JPBss4+Jf7AE1YcfyiGrngTXE8dFSG3si/bypsTH34=
+code.gitea.io/sdk/gitea v0.17.0/go.mod h1:ndkDk99BnfiUCCYEUhpNzi0lpmApXlwRFqClBlOlEBg=
+code.gitea.io/sdk/gitea v0.17.1 h1:3jCPOG2ojbl8AcfaUCRYLT5MUcBMFwS0OSK2mA5Zok8=
+code.gitea.io/sdk/gitea v0.17.1/go.mod h1:aCnBqhHpoEWA180gMbaCtdX9Pl6BWBAuuP2miadoTNM=
+code.gitea.io/sdk/gitea v0.18.0 h1:+zZrwVmujIrgobt6wVBWCqITz6bn1aBjnCUHmpZrerI=
+code.gitea.io/sdk/gitea v0.18.0/go.mod h1:IG9xZJoltDNeDSW0qiF2Vqx5orMWa7OhVWrjvrd5NpI=
+code.gitea.io/sdk/gitea v0.19.0 h1:8I6s1s4RHgzxiPHhOQdgim1RWIRcr0LVMbHBjBFXq4Y=
+code.gitea.io/sdk/gitea v0.19.0/go.mod h1:IG9xZJoltDNeDSW0qiF2Vqx5orMWa7OhVWrjvrd5NpI=
+github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak=
+github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
+github.com/Kunde21/markdownfmt/v3 v3.1.0 h1:KiZu9LKs+wFFBQKhrZJrFZwtLnCCWJahL+S+E/3VnM0=
+github.com/Kunde21/markdownfmt/v3 v3.1.0/go.mod h1:tPXN1RTyOzJwhfHoon9wUr4HGYmWgVxSQN6VBJDkrVc=
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
 github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc=
 github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
+github.com/Masterminds/semver/v3 v3.2.0 h1:3MEsd0SM6jqZojhjLWWeBY+Kcjy9i6MQAeY7YgDP83g=
+github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
 github.com/Masterminds/sprig/v3 v3.2.1/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=
 github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8=
 github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=
+github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA=
+github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM=
 github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA=
 github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 h1:wPbRQzjjwFc0ih8puEVAOFGELsn1zoIIYdxvML7mDxA=
 github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g=
+github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 h1:KLq8BE0KwCL+mmXnjLWEAOYO+2l2AE4YMmqG1ZpZHBs=
+github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
+github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 h1:kkhsdkhsCvIsutKu5zLMgWtgh9YxGCNAw8Ad8hjwfYg=
+github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
+github.com/ProtonMail/go-crypto v1.1.0-alpha.0 h1:nHGfwXmFvJrSR9xu8qL7BkO4DqTHXE9N5vPhgY2I+j0=
+github.com/ProtonMail/go-crypto v1.1.0-alpha.0/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE=
+github.com/ProtonMail/go-crypto v1.1.0-alpha.2 h1:bkyFVUP+ROOARdgCiJzNQo2V2kiB97LyUpzH9P6Hrlg=
+github.com/ProtonMail/go-crypto v1.1.0-alpha.2/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE=
 github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ=
 github.com/agext/levenshtein v1.2.2 h1:0S/Yg6LYmFJ5stwQeRp6EeOcCbj7xiqQSdNelsXvaqE=
 github.com/agext/levenshtein v1.2.2/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
 github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec=
 github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw=
 github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
+github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY=
+github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI=
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/bgentry/speakeasy v0.1.0 h1:ByYyxL9InA1OWqxJqqp2A5pYHUrCiAL6K3J+LKSsQkY=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
+github.com/bmatcuk/doublestar/v4 v4.6.1 h1:FH9SifrbvJhnlQpztAx++wlkk70QBf0iBWDwNy7PA4I=
+github.com/bmatcuk/doublestar/v4 v4.6.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
 github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
+github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
 github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I=
 github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs=
 github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
+github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
+github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davidmz/go-pageant v1.0.2 h1:bPblRCh5jGU+Uptpz6LgMZGD5hJoOt7otgT454WvHn0=
+github.com/davidmz/go-pageant v1.0.2/go.mod h1:P2EDDnMqIwG5Rrp05dTRITj9z2zpGcD9efWSkTNKLIE=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
+github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
+github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
 github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
+github.com/go-fed/httpsig v1.1.0 h1:9M+hb0jkEICD8/cAiNqEB66R87tTINszBRTjwjQzWcI=
+github.com/go-fed/httpsig v1.1.0/go.mod h1:RCMrTZvN1bJYtofsG4rd5NaO5obxQ5xBkdiS7xsT7bM=
 github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4=
 github.com/go-git/go-billy/v5 v5.4.1 h1:Uwp5tDRkPr+l/TnbHOQzp+tmJfLceOlbVucgpTz8ix4=
 github.com/go-git/go-git/v5 v5.6.1 h1:q4ZRqQl4pR/ZJHc1L5CFjGA1a10u76aV1iC+nh+bHsk=
@@ -41,16 +80,29 @@ github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68=
 github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
 github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
+github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4=
+github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/hashicorp/cli v1.1.6 h1:CMOV+/LJfL1tXCOKrgAX0uRKnzjj/mpmqNXloRSy2K8=
+github.com/hashicorp/cli v1.1.6/go.mod h1:MPon5QYlgjjo0BSoAiN0ESeT5fRzDjVRp+uioJ0piz4=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
@@ -68,42 +120,123 @@ github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+l
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/hashicorp/go-plugin v1.4.10 h1:xUbmA4jC6Dq163/fWcp8P3JuHilrHHMLNRxzGQJ9hNk=
 github.com/hashicorp/go-plugin v1.4.10/go.mod h1:6/1TEzT0eQznvI/gV2CM29DLSkAK/e58mUWKVsPaph0=
+github.com/hashicorp/go-plugin v1.5.1 h1:oGm7cWBaYIp3lJpx1RUEfLWophprE2EV/KUeqBYo+6k=
+github.com/hashicorp/go-plugin v1.5.1/go.mod h1:w1sAEES3g3PuV/RzUrgow20W2uErMly84hhD3um1WL4=
+github.com/hashicorp/go-plugin v1.6.0 h1:wgd4KxHJTVGGqWBq4QPB1i5BZNEx9BR8+OFmHDmTk8A=
+github.com/hashicorp/go-plugin v1.6.0/go.mod h1:lBS5MtSSBZk0SHc66KACcjjlU6WzEVP/8pwz68aMkCI=
 github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
 github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
+github.com/hashicorp/go-version v1.5.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek=
 github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
+github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY=
+github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/hc-install v0.5.2 h1:SfwMFnEXVVirpwkDuSF5kymUOhrUxrTq3udEseZdOD0=
 github.com/hashicorp/hc-install v0.5.2/go.mod h1:9QISwe6newMWIfEiXpzuu1k9HAGtQYgnSH8H9T8wmoI=
+github.com/hashicorp/hc-install v0.6.0 h1:fDHnU7JNFNSQebVKYhHZ0va1bC6SrPQ8fpebsvNr2w4=
+github.com/hashicorp/hc-install v0.6.0/go.mod h1:10I912u3nntx9Umo1VAeYPUUuehk0aRQJYpMwbX5wQA=
+github.com/hashicorp/hc-install v0.6.1 h1:IGxShH7AVhPaSuSJpKtVi/EFORNjO+OYVJJrAtGG2mY=
+github.com/hashicorp/hc-install v0.6.1/go.mod h1:0fW3jpg+wraYSnFDJ6Rlie3RvLf1bIqVIkzoon4KoVE=
+github.com/hashicorp/hc-install v0.6.2 h1:V1k+Vraqz4olgZ9UzKiAcbman9i9scg9GgSt/U3mw/M=
+github.com/hashicorp/hc-install v0.6.2/go.mod h1:2JBpd+NCFKiHiu/yYCGaPyPHhZLxXTpz8oreHa/a3Ps=
+github.com/hashicorp/hc-install v0.6.3 h1:yE/r1yJvWbtrJ0STwScgEnCanb0U9v7zp0Gbkmcoxqs=
+github.com/hashicorp/hc-install v0.6.3/go.mod h1:KamGdbodYzlufbWh4r9NRo8y6GLHWZP2GBtdnms1Ln0=
+github.com/hashicorp/hc-install v0.6.4 h1:QLqlM56/+SIIGvGcfFiwMY3z5WGXT066suo/v9Km8e0=
+github.com/hashicorp/hc-install v0.6.4/go.mod h1:05LWLy8TD842OtgcfBbOT0WMoInBMUSHjmDx10zuBIA=
+github.com/hashicorp/hc-install v0.7.0 h1:Uu9edVqjKQxxuD28mR5TikkKDd/p55S8vzPC1659aBk=
+github.com/hashicorp/hc-install v0.7.0/go.mod h1:ELmmzZlGnEcqoUMKUuykHaPCIR1sYLYX+KSggWSKZuA=
 github.com/hashicorp/hcl/v2 v2.17.0 h1:z1XvSUyXd1HP10U4lrLg5e0JMVz6CPaJvAgxM0KNZVY=
 github.com/hashicorp/hcl/v2 v2.17.0/go.mod h1:gJyW2PTShkJqQBKpAmPO3yxMxIuoXkOF2TpqXzrQyx4=
+github.com/hashicorp/hcl/v2 v2.18.0 h1:wYnG7Lt31t2zYkcquwgKo6MWXzRUDIeIVU5naZwHLl8=
+github.com/hashicorp/hcl/v2 v2.18.0/go.mod h1:ThLC89FV4p9MPW804KVbe/cEXoQ8NZEh+JtMeeGErHE=
+github.com/hashicorp/hcl/v2 v2.19.1 h1://i05Jqznmb2EXqa39Nsvyan2o5XyMowW5fnCKW5RPI=
+github.com/hashicorp/hcl/v2 v2.19.1/go.mod h1:ThLC89FV4p9MPW804KVbe/cEXoQ8NZEh+JtMeeGErHE=
+github.com/hashicorp/hcl/v2 v2.20.1 h1:M6hgdyz7HYt1UN9e61j+qKJBqR3orTWbI1HKBJEdxtc=
+github.com/hashicorp/hcl/v2 v2.20.1/go.mod h1:TZDqQ4kNKCbh1iJp99FdPiUaVDDUPivbqxZulxDYqL4=
 github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y=
 github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
 github.com/hashicorp/terraform-exec v0.18.1 h1:LAbfDvNQU1l0NOQlTuudjczVhHj061fNX5H8XZxHlH4=
 github.com/hashicorp/terraform-exec v0.18.1/go.mod h1:58wg4IeuAJ6LVsLUeD2DWZZoc/bYi6dzhLHzxM41980=
+github.com/hashicorp/terraform-exec v0.19.0 h1:FpqZ6n50Tk95mItTSS9BjeOVUb4eg81SpgVtZNNtFSM=
+github.com/hashicorp/terraform-exec v0.19.0/go.mod h1:tbxUpe3JKruE9Cuf65mycSIT8KiNPZ0FkuTE3H4urQg=
+github.com/hashicorp/terraform-exec v0.20.0 h1:DIZnPsqzPGuUnq6cH8jWcPunBfY+C+M8JyYF3vpnuEo=
+github.com/hashicorp/terraform-exec v0.20.0/go.mod h1:ckKGkJWbsNqFKV1itgMnE0hY9IYf1HoiekpuN0eWoDw=
+github.com/hashicorp/terraform-exec v0.21.0 h1:uNkLAe95ey5Uux6KJdua6+cv8asgILFVWkd/RG0D2XQ=
+github.com/hashicorp/terraform-exec v0.21.0/go.mod h1:1PPeMYou+KDUSSeRE9szMZ/oHf4fYUmB923Wzbq1ICg=
 github.com/hashicorp/terraform-json v0.17.1 h1:eMfvh/uWggKmY7Pmb3T85u86E2EQg6EQHgyRwf3RkyA=
 github.com/hashicorp/terraform-json v0.17.1/go.mod h1:Huy6zt6euxaY9knPAFKjUITn8QxUFIe9VuSzb4zn/0o=
+github.com/hashicorp/terraform-json v0.18.0 h1:pCjgJEqqDESv4y0Tzdqfxr/edOIGkjs8keY42xfNBwU=
+github.com/hashicorp/terraform-json v0.18.0/go.mod h1:qdeBs11ovMzo5puhrRibdD6d2Dq6TyE/28JiU4tIQxk=
+github.com/hashicorp/terraform-json v0.20.0 h1:cJcvn4gIOTi0SD7pIy+xiofV1zFA3hza+6K+fo52IX8=
+github.com/hashicorp/terraform-json v0.20.0/go.mod h1:qdeBs11ovMzo5puhrRibdD6d2Dq6TyE/28JiU4tIQxk=
+github.com/hashicorp/terraform-json v0.21.0 h1:9NQxbLNqPbEMze+S6+YluEdXgJmhQykRyRNd+zTI05U=
+github.com/hashicorp/terraform-json v0.21.0/go.mod h1:qdeBs11ovMzo5puhrRibdD6d2Dq6TyE/28JiU4tIQxk=
+github.com/hashicorp/terraform-json v0.22.1 h1:xft84GZR0QzjPVWs4lRUwvTcPnegqlyS7orfb5Ltvec=
+github.com/hashicorp/terraform-json v0.22.1/go.mod h1:JbWSQCLFSXFFhg42T7l9iJwdGXBYV8fmmD6o/ML4p3A=
 github.com/hashicorp/terraform-plugin-docs v0.16.0 h1:UmxFr3AScl6Wged84jndJIfFccGyBZn52KtMNsS12dI=
 github.com/hashicorp/terraform-plugin-docs v0.16.0/go.mod h1:M3ZrlKBJAbPMtNOPwHicGi1c+hZUh7/g0ifT/z7TVfA=
+github.com/hashicorp/terraform-plugin-docs v0.17.0 h1:H1Yc+bgB//Geau5g7YKkhG5v9tghI3vplfIYTOl85Uw=
+github.com/hashicorp/terraform-plugin-docs v0.17.0/go.mod h1:cKC8GSLE+0a0bi7LtlpXgrqnlRDCGoGDn15PTEA+Ang=
+github.com/hashicorp/terraform-plugin-docs v0.18.0 h1:2bINhzXc+yDeAcafurshCrIjtdu1XHn9zZ3ISuEhgpk=
+github.com/hashicorp/terraform-plugin-docs v0.18.0/go.mod h1:iIUfaJpdUmpi+rI42Kgq+63jAjI8aZVTyxp3Bvk9Hg8=
+github.com/hashicorp/terraform-plugin-docs v0.19.2 h1:YjdKa1vuqt9EnPYkkrv9HnGZz175HhSJ7Vsn8yZeWus=
+github.com/hashicorp/terraform-plugin-docs v0.19.2/go.mod h1:gad2aP6uObFKhgNE8DR9nsEuEQnibp7il0jZYYOunWY=
+github.com/hashicorp/terraform-plugin-docs v0.19.3 h1:xoxpeIuBfnoGxXY0dTajdj4GjEv6TihZdj0lHNXbKew=
+github.com/hashicorp/terraform-plugin-docs v0.19.3/go.mod h1:4pLASsatTmRynVzsjEhbXZ6s7xBlUw/2Kt0zfrq8HxA=
+github.com/hashicorp/terraform-plugin-docs v0.19.4 h1:G3Bgo7J22OMtegIgn8Cd/CaSeyEljqjH3G39w28JK4c=
+github.com/hashicorp/terraform-plugin-docs v0.19.4/go.mod h1:4pLASsatTmRynVzsjEhbXZ6s7xBlUw/2Kt0zfrq8HxA=
 github.com/hashicorp/terraform-plugin-go v0.16.0 h1:DSOQ0rz5FUiVO4NUzMs8ln9gsPgHMTsfns7Nk+6gPuE=
 github.com/hashicorp/terraform-plugin-go v0.16.0/go.mod h1:4sn8bFuDbt+2+Yztt35IbOrvZc0zyEi87gJzsTgCES8=
+github.com/hashicorp/terraform-plugin-go v0.19.0 h1:BuZx/6Cp+lkmiG0cOBk6Zps0Cb2tmqQpDM3iAtnhDQU=
+github.com/hashicorp/terraform-plugin-go v0.19.0/go.mod h1:EhRSkEPNoylLQntYsk5KrDHTZJh9HQoumZXbOGOXmec=
+github.com/hashicorp/terraform-plugin-go v0.20.0 h1:oqvoUlL+2EUbKNsJbIt3zqqZ7wi6lzn4ufkn/UA51xQ=
+github.com/hashicorp/terraform-plugin-go v0.20.0/go.mod h1:Rr8LBdMlY53a3Z/HpP+ZU3/xCDqtKNCkeI9qOyT10QE=
+github.com/hashicorp/terraform-plugin-go v0.21.0 h1:VSjdVQYNDKR0l2pi3vsFK1PdMQrw6vGOshJXMNFeVc0=
+github.com/hashicorp/terraform-plugin-go v0.21.0/go.mod h1:piJp8UmO1uupCvC9/H74l2C6IyKG0rW4FDedIpwW5RQ=
+github.com/hashicorp/terraform-plugin-go v0.22.0 h1:1OS1Jk5mO0f5hrziWJGXXIxBrMe2j/B8E+DVGw43Xmc=
+github.com/hashicorp/terraform-plugin-go v0.22.0/go.mod h1:mPULV91VKss7sik6KFEcEu7HuTogMLLO/EvWCuFkRVE=
+github.com/hashicorp/terraform-plugin-go v0.23.0 h1:AALVuU1gD1kPb48aPQUjug9Ir/125t+AAurhqphJ2Co=
+github.com/hashicorp/terraform-plugin-go v0.23.0/go.mod h1:1E3Cr9h2vMlahWMbsSEcNrOCxovCZhOOIXjFHbjc/lQ=
 github.com/hashicorp/terraform-plugin-log v0.9.0 h1:i7hOA+vdAItN1/7UrfBqBwvYPQ9TFvymaRGZED3FCV0=
 github.com/hashicorp/terraform-plugin-log v0.9.0/go.mod h1:rKL8egZQ/eXSyDqzLUuwUYLVdlYeamldAHSxjUFADow=
 github.com/hashicorp/terraform-plugin-sdk/v2 v2.27.0 h1:I8efBnjuDrgPjNF1MEypHy48VgcTIUY4X6rOFunrR3Y=
 github.com/hashicorp/terraform-plugin-sdk/v2 v2.27.0/go.mod h1:cUEP4ly/nxlHy5HzD6YRrHydtlheGvGRJDhiWqqVik4=
+github.com/hashicorp/terraform-plugin-sdk/v2 v2.29.0 h1:wcOKYwPI9IorAJEBLzgclh3xVolO7ZorYd6U1vnok14=
+github.com/hashicorp/terraform-plugin-sdk/v2 v2.29.0/go.mod h1:qH/34G25Ugdj5FcM95cSoXzUgIbgfhVLXCcEcYaMwq8=
+github.com/hashicorp/terraform-plugin-sdk/v2 v2.30.0 h1:X7vB6vn5tON2b49ILa4W7mFAsndeqJ7bZFOGbVO+0Cc=
+github.com/hashicorp/terraform-plugin-sdk/v2 v2.30.0/go.mod h1:ydFcxbdj6klCqYEPkPvdvFKiNGKZLUs+896ODUXCyao=
+github.com/hashicorp/terraform-plugin-sdk/v2 v2.31.0 h1:Bl3e2ei2j/Z3Hc2HIS15Gal2KMKyLAZ2om1HCEvK6es=
+github.com/hashicorp/terraform-plugin-sdk/v2 v2.31.0/go.mod h1:i2C41tszDjiWfziPQDL5R/f3Zp0gahXe5No/MIO9rCE=
+github.com/hashicorp/terraform-plugin-sdk/v2 v2.32.0 h1:7xdO9aOXVmhvMxNAq8UloyyqW0EEzyAY37llSTHJgjo=
+github.com/hashicorp/terraform-plugin-sdk/v2 v2.32.0/go.mod h1:LxQzs7AQl/5JE1IGFd6LX8E4A0InRJ/7s245gOmsejA=
+github.com/hashicorp/terraform-plugin-sdk/v2 v2.33.0 h1:qHprzXy/As0rxedphECBEQAh3R4yp6pKksKHcqZx5G8=
+github.com/hashicorp/terraform-plugin-sdk/v2 v2.33.0/go.mod h1:H+8tjs9TjV2w57QFVSMBQacf8k/E1XwLXGCARgViC6A=
+github.com/hashicorp/terraform-plugin-sdk/v2 v2.34.0 h1:kJiWGx2kiQVo97Y5IOGR4EMcZ8DtMswHhUuFibsCQQE=
+github.com/hashicorp/terraform-plugin-sdk/v2 v2.34.0/go.mod h1:sl/UoabMc37HA6ICVMmGO+/0wofkVIRxf+BMb/dnoIg=
 github.com/hashicorp/terraform-registry-address v0.2.1 h1:QuTf6oJ1+WSflJw6WYOHhLgwUiQ0FrROpHPYFtwTYWM=
 github.com/hashicorp/terraform-registry-address v0.2.1/go.mod h1:BSE9fIFzp0qWsJUUyGquo4ldV9k2n+psif6NYkBRS3Y=
+github.com/hashicorp/terraform-registry-address v0.2.2 h1:lPQBg403El8PPicg/qONZJDC6YlgCVbWDtNmmZKtBno=
+github.com/hashicorp/terraform-registry-address v0.2.2/go.mod h1:LtwNbCihUoUZ3RYriyS2wF/lGPB6gF9ICLRtuDk7hSo=
+github.com/hashicorp/terraform-registry-address v0.2.3 h1:2TAiKJ1A3MAkZlH1YI/aTVcLZRu7JseiXNRHbOAyoTI=
+github.com/hashicorp/terraform-registry-address v0.2.3/go.mod h1:lFHA76T8jfQteVfT7caREqguFrW3c4MFSPhZB7HHgUM=
 github.com/hashicorp/terraform-svchost v0.1.1 h1:EZZimZ1GxdqFRinZ1tpJwVxxt49xc/S52uzrw4x0jKQ=
 github.com/hashicorp/terraform-svchost v0.1.1/go.mod h1:mNsjQfZyf/Jhz35v6/0LWcv26+X7JPS+buii2c9/ctc=
 github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d h1:kJCB4vdITiW1eC1vq2e6IsrXKrZit1bv/TDYFGMp4BQ=
 github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
+github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE=
+github.com/hashicorp/yamux v0.1.1/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ=
 github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw=
 github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
+github.com/huandu/xstrings v1.3.3 h1:/Gcsuc1x8JVbJ9/rlye4xZnVAbEkGauT8lbebqcQws4=
+github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk=
 github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg=
+github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM=
+github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
 github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
@@ -123,6 +256,10 @@ github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Ky
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
 github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0=
+github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/mitchellh/cli v1.1.5 h1:OxRIeJXpAMztws/XHlN2vu6imG5Dpq+j61AzAX5fLng=
 github.com/mitchellh/cli v1.1.5/go.mod h1:v8+iFts2sPIKUV1ltktPXMCC8fumSKFItNcD2cLtRR4=
 github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
@@ -161,6 +298,7 @@ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.2 h1:4jaiDzPyXQvSd7D0EjG45355tLlV3VOECpq10pLC+8s=
 github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
 github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
@@ -168,75 +306,236 @@ github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaU
 github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
 github.com/vmihailenco/msgpack/v5 v5.3.5 h1:5gO0H1iULLWGhs2H5tbAHIZTV8/cYafcFOr9znI5mJU=
 github.com/vmihailenco/msgpack/v5 v5.3.5/go.mod h1:7xyJ9e+0+9SaZT0Wt1RGleJXzli6Q/V5KbhBonMG9jc=
+github.com/vmihailenco/msgpack/v5 v5.4.1 h1:cQriyiUvjTwOHg8QZaPihLWeRAAVoCpE00IUPn0Bjt8=
+github.com/vmihailenco/msgpack/v5 v5.4.1/go.mod h1:GaZTsDaehaPpQVyxrf5mtQlH+pc21PIudVV/E3rRQok=
 github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g=
 github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV6mEfg5OIWRZA9qds=
 github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+github.com/yuin/goldmark v1.6.0 h1:boZcn2GTjpsynOsC0iJHnBWa4Bi0qzfJjthwauItG68=
+github.com/yuin/goldmark v1.6.0/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+github.com/yuin/goldmark v1.7.1 h1:3bajkSilaCbjdKVsKdZjZCLBNPL9pYzrCakKaf4U49U=
+github.com/yuin/goldmark v1.7.1/go.mod h1:uzxRWxtg69N339t3louHJ7+O03ezfj6PlliRlaOzY1E=
+github.com/yuin/goldmark-meta v1.1.0 h1:pWw+JLHGZe8Rk0EGsMVssiNb/AaPMHfSRszZeUeiOUc=
+github.com/yuin/goldmark-meta v1.1.0/go.mod h1:U4spWENafuA7Zyg+Lj5RqK/MF+ovMYtBvXi1lBb2VP0=
 github.com/zclconf/go-cty v1.13.2 h1:4GvrUxe/QUDYuJKAav4EYqdM47/kZa672LwmXFmEKT0=
 github.com/zclconf/go-cty v1.13.2/go.mod h1:YKQzy/7pZ7iq2jNFzy5go57xdxdWoLLpaEp4u238AE0=
+github.com/zclconf/go-cty v1.14.0 h1:/Xrd39K7DXbHzlisFP9c4pHao4yyf+/Ug9LEz+Y/yhc=
+github.com/zclconf/go-cty v1.14.0/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE=
+github.com/zclconf/go-cty v1.14.1 h1:t9fyA35fwjjUMcmL5hLER+e/rEPqrbCK1/OSE4SI9KA=
+github.com/zclconf/go-cty v1.14.1/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE=
+github.com/zclconf/go-cty v1.14.2 h1:kTG7lqmBou0Zkx35r6HJHUQTvaRPr5bIAf3AoHS0izI=
+github.com/zclconf/go-cty v1.14.2/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE=
+github.com/zclconf/go-cty v1.14.4 h1:uXXczd9QDGsgu0i/QFR/hzI5NYCHLf6NQw/atrbnhq8=
+github.com/zclconf/go-cty v1.14.4/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE=
+go.abhg.dev/goldmark/frontmatter v0.2.0 h1:P8kPG0YkL12+aYk2yU3xHv4tcXzeVnN+gU0tJ5JnxRw=
+go.abhg.dev/goldmark/frontmatter v0.2.0/go.mod h1:XqrEkZuM57djk7zrlRUB02x8I5J0px76YjkOzhB4YlU=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
+golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
+golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
 golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM=
 golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I=
+golang.org/x/crypto v0.13.0 h1:mvySKfSWJ+UKUii46M40LOvyWfN0s2U+46/jDd0e6Ck=
+golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
+golang.org/x/crypto v0.15.0 h1:frVn1TEaCEaZcn3Tmd7Y2b5KKPaZ+I32Q2OA3kYp5TA=
+golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g=
+golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY=
+golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
+golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
+golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
+golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo=
+golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
+golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
+golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
+golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30=
+golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M=
+golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI=
+golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
 golang.org/x/exp v0.0.0-20230626212559-97b1e661b5df h1:UA2aFVmmsIlefxMk29Dp2juaUSth8Pyn3Tq5Y5mJGME=
 golang.org/x/exp v0.0.0-20230626212559-97b1e661b5df/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.11.0 h1:bUO06HqtnRcc/7l71XBe4WcqTZ+3AH1J59zWDDwLKgU=
 golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
+golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY=
+golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0=
+golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.15.0 h1:SernR4v+D55NyBH2QiEQrlBAnj1ECL6AGrA5+dPaMY8=
+golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.16.0 h1:QX4fJ0Rr5cPQCF7O9lh9Se4pmwfwskqZfq5moyldzic=
+golang.org/x/mod v0.16.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
+golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU=
 golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ=
+golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY=
+golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
+golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
+golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/net v0.18.0 h1:mIYleuAkSbHh0tCv7RvjL3F6ZVbLjq4+R7zbOn3Kokg=
+golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ=
+golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c=
+golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
+golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc=
+golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
+golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s=
 golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o=
+golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q=
+golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
+golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
+golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
+golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
+golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
+golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
+golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
+golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
+golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4=
 golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
+golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk=
+golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200325010219-a49f79bcc224/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ=
+golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
 google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
+google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
 google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A=
 google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU=
+google.golang.org/genproto v0.0.0-20230526161137-0005af68ea54 h1:9NWlQfY2ePejTmfwUH1OWwmznFa+0kKcHGPDvcPza9M=
+google.golang.org/genproto v0.0.0-20230526161137-0005af68ea54/go.mod h1:zqTuNwFlFRsw5zIts5VnzLQxSRqh+CGOTVMlYbY0Eyk=
+google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97 h1:SeZZZx0cP0fqUyA+oRzP9k7cSwJlvDFiROO72uwD6i0=
+google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97/go.mod h1:t1VqOqqvce95G3hIDCT5FeO3YUc6Q4Oe24L/+rNMxRk=
+google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 h1:wpZ8pe2x1Q3f2KyT5f8oP/fa9rHAKgFPr/HZdNuS+PQ=
+google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:J7XzRzVy1+IPwWHZUzoD0IccYZIrXILAQpc+Qy9CMhY=
+google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de h1:F6qOa9AZTYJXOUEr4jDysRDLrm4PHePlge4v4TGAlxY=
+google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de/go.mod h1:VUhTRKeHn9wwcdrk73nvdC9gF178Tzhmt/qyaFcPLSo=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19 h1:0nDDozoAU19Qb2HwhXadU8OcsiO/09cnTqhUtq2MEOM=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231002182017-d307bd883b97 h1:6GQBEOdGkX6MMTLT9V+TjtIRZCw9VPD5Z+yHY9wMgS0=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231002182017-d307bd883b97/go.mod h1:v7nGkzlmW8P3n/bKmWBn2WpBjpOEx8Q6gMueudAmKfY=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 h1:Jyp0Hsi0bmHXG6k9eATXoYtjd6e2UzZ1SCn/wIupY14=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:oQ5rr10WTTMvP4A36n8JpR1OrO1BEiV4f78CneXZxkA=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240227224415-6ceb2ff114de h1:cZGRis4/ot9uVm639a+rHCUaG0JJHEsdyzSQTMX+suY=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240227224415-6ceb2ff114de/go.mod h1:H4O17MA/PE9BsGx3w+a+W2VOLLD1Qf7oJneAoU6WktY=
 google.golang.org/grpc v1.56.0 h1:+y7Bs8rtMd07LeXmL3NxcTLn7mUkbKZqEpPhMNkwJEE=
 google.golang.org/grpc v1.56.0/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s=
+google.golang.org/grpc v1.57.0 h1:kfzNeI/klCGD2YPMUlaGNT3pxvYfga7smW3Vth8Zsiw=
+google.golang.org/grpc v1.57.0/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo=
+google.golang.org/grpc v1.57.1 h1:upNTNqv0ES+2ZOOqACwVtS3Il8M12/+Hz41RCPzAjQg=
+google.golang.org/grpc v1.57.1/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo=
+google.golang.org/grpc v1.60.0 h1:6FQAR0kM31P6MRdeluor2w2gPaS4SVNrD/DNTxrQ15k=
+google.golang.org/grpc v1.60.0/go.mod h1:OlCHIeLYqSSsLi6i49B5QGdzaMZK9+M7LXN2FKz4eGM=
+google.golang.org/grpc v1.61.0 h1:TOvOcuXn30kRao+gfcvsebNEa5iZIiLkisYEkf7R7o0=
+google.golang.org/grpc v1.61.0/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs=
+google.golang.org/grpc v1.61.1 h1:kLAiWrZs7YeDM6MumDe7m3y4aM6wacLzM1Y/wiLP9XY=
+google.golang.org/grpc v1.61.1/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs=
+google.golang.org/grpc v1.63.2 h1:MUeiw1B2maTVZthpU5xvASfTh3LDbxHd6IJ6QQVU+xM=
+google.golang.org/grpc v1.63.2/go.mod h1:WAX/8DgncnokcFUldAxq7GeB5DXHDbMF+lLvDomNkRA=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
 google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
+google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I=
+google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+google.golang.org/protobuf v1.34.0 h1:Qo/qEd2RZPCf2nKuorzksSknv0d3ERwp1vFG38gSmH4=
+google.golang.org/protobuf v1.34.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

renovate.json5

@@ -0,0 +1,6 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "local>gitea/renovate-config"
+  ]
+}

scripts/docker-compose.yaml

@@ -0,0 +1,23 @@
+version: "3"
+
+networks:
+  gitea:
+    external: false
+
+services:
+  server:
+    image: gitea/gitea:1.22.1
+    container_name: gitea
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+      - DISABLE_GIT_HOOKS=false
+    restart: always
+    networks:
+      - gitea
+    volumes:
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - "3000:3000"
+      - "222:22"

tests/branch_protection.tf

@@ -0,0 +1,29 @@
+resource "gitea_repository_branch_protection" "bp" {
+  username                                = var.repo_user_name
+  name                                    = var.repo_name
+  rule_name                               = var.rule_name
+  protected_file_patterns                 = var.protected_file_patterns
+  unprotected_file_patterns               = var.unprotected_file_patterns
+  enable_push                             = var.enable_push
+  push_whitelist_users                    = var.push_whitelist_users
+  push_whitelist_teams                    = var.push_whitelist_teams
+  push_whitelist_deploy_keys              = var.push_whitelist_deploy_keys
+  require_signed_commits                  = var.require_signed_commits
+  required_approvals                      = var.required_approvals
+  approval_whitelist_users                = var.approval_whitelist_users
+  approval_whitelist_teams                = var.approval_whitelist_teams
+  dismiss_stale_approvals                 = var.dismiss_stale_approvals
+  status_check_patterns                   = var.status_check_patterns
+  merge_whitelist_users                   = var.merge_whitelist_users
+  merge_whitelist_teams                   = var.merge_whitelist_teams
+  block_merge_on_rejected_reviews         = var.block_merge_on_rejected_reviews
+  block_merge_on_official_review_requests = var.block_merge_on_official_review_requests
+  block_merge_on_outdated_branch          = var.block_merge_on_outdated_branch
+}
+
+# //
+# // not implemented in go-gitea-sdk
+# //
+# // "ignore_stale_approvals": {
+# // Description: `Do not count approvals that were made on older commits (stale reviews) towards how many approvals the PR has. Irrelevant if stale reviews are already dismissed.`,
+# // },

tests/branch_protection.tftest.hcl

@@ -0,0 +1,306 @@
+# run "create_org" {
+#   assert {
+#     condition     = gitea_org.test_org.name == var.org_name
+#     error_message = "${gitea_org.test_org.name} not eq ${var.org_name}"
+#   }
+# }
+#
+# run "create_repo" {
+#   assert {
+#     condition     = gitea_repository.org_repo.name == var.repo_name
+#     error_message = "${gitea_repository.org_repo.name} not eq ${var.repo_name}"
+#   }
+# }
+
+# run "create_user" {
+#   assert {
+#     condition     = gitea_user.test_user.username == var.user_name
+#     error_message = "${gitea_user.test_user.username} not eq ${var.user_name}"
+#   }
+# }
+#
+# run "create_user_repo" {
+#   assert {
+#     condition     = gitea_repository.user_repo.name == var.repo_name
+#     error_message = "${gitea_repository.user_repo.name} not eq ${var.repo_name}"
+#   }
+# }
+
+run "setup" {
+  module {
+    source = "./setup"
+  }
+}
+
+run "apply_defaults" {
+  variables {
+    rule_name = "apply_defaults"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.name == var.repo_name
+    error_message = "${gitea_repository_branch_protection.bp.name} not eq ${var.repo_name}"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.username == var.user_name
+    error_message = "${gitea_repository_branch_protection.bp.username} not eq ${var.user_name}"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.rule_name == var.rule_name
+    error_message = "${gitea_repository_branch_protection.bp.rule_name} not eq ${var.rule_name}"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.protected_file_patterns == var.protected_file_patterns
+    error_message = "${gitea_repository_branch_protection.bp.protected_file_patterns} not eq ${var.protected_file_patterns}"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.unprotected_file_patterns == var.unprotected_file_patterns
+    error_message = "${gitea_repository_branch_protection.bp.unprotected_file_patterns} not eq ${var.unprotected_file_patterns}"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.enable_push == var.enable_push
+    error_message = "${gitea_repository_branch_protection.bp.enable_push} not eq ${var.enable_push}"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.push_whitelist_users == var.push_whitelist_users
+    error_message = "${join(",", gitea_repository_branch_protection.bp.push_whitelist_users)} not eq ${join(",", var.push_whitelist_users)}"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.push_whitelist_teams == var.push_whitelist_teams
+    error_message = "${join(",", gitea_repository_branch_protection.bp.push_whitelist_teams)} not eq ${join(",", var.push_whitelist_teams)}"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.push_whitelist_deploy_keys == var.push_whitelist_deploy_keys
+    error_message = "${gitea_repository_branch_protection.bp.push_whitelist_deploy_keys} not eq ${var.push_whitelist_deploy_keys}"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.require_signed_commits == var.require_signed_commits
+    error_message = "${gitea_repository_branch_protection.bp.require_signed_commits} not eq ${var.require_signed_commits}"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.required_approvals == var.required_approvals
+    error_message = "${gitea_repository_branch_protection.bp.required_approvals} not eq ${var.required_approvals}"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.approval_whitelist_users == var.approval_whitelist_users
+    error_message = "${join(",", gitea_repository_branch_protection.bp.approval_whitelist_users)} not eq ${join(",", var.approval_whitelist_users)}"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.approval_whitelist_teams == var.approval_whitelist_teams
+    error_message = "${join(",", gitea_repository_branch_protection.bp.approval_whitelist_teams)} not eq ${join(",", var.approval_whitelist_teams)}"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.dismiss_stale_approvals == var.dismiss_stale_approvals
+    error_message = "${gitea_repository_branch_protection.bp.dismiss_stale_approvals} not eq ${var.dismiss_stale_approvals}"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.status_check_patterns == var.status_check_patterns
+    error_message = "${join(",", gitea_repository_branch_protection.bp.status_check_patterns)} not eq ${join(",", var.status_check_patterns)}"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.merge_whitelist_users == var.merge_whitelist_users
+    error_message = "${join(",", gitea_repository_branch_protection.bp.merge_whitelist_users)} not eq ${join(",", var.merge_whitelist_users)}"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.merge_whitelist_teams == var.merge_whitelist_teams
+    error_message = "${join(",", gitea_repository_branch_protection.bp.merge_whitelist_teams)} not eq ${join(",", var.merge_whitelist_teams)}"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.block_merge_on_rejected_reviews == var.block_merge_on_rejected_reviews
+    error_message = "${gitea_repository_branch_protection.bp.block_merge_on_rejected_reviews} not eq ${var.block_merge_on_rejected_reviews}"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.block_merge_on_official_review_requests == var.block_merge_on_official_review_requests
+    error_message = "${gitea_repository_branch_protection.bp.block_merge_on_official_review_requests} not eq ${var.block_merge_on_official_review_requests}"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.block_merge_on_outdated_branch == var.block_merge_on_outdated_branch
+    error_message = "${gitea_repository_branch_protection.bp.block_merge_on_outdated_branch} not eq ${var.block_merge_on_outdated_branch}"
+  }
+}
+
+run "simple_params" {
+  variables {
+    rule_name                               = "simple_params"
+    protected_file_patterns                 = "foobar.yaml"
+    unprotected_file_patterns               = "foobar.yaml"
+    require_signed_commits                  = true
+    required_approvals                      = 10
+    dismiss_stale_approvals                 = true
+    block_merge_on_rejected_reviews         = true
+    block_merge_on_official_review_requests = true
+    block_merge_on_outdated_branch          = true
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.protected_file_patterns == var.protected_file_patterns
+    error_message = "${gitea_repository_branch_protection.bp.protected_file_patterns} not eq ${var.protected_file_patterns}"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.unprotected_file_patterns == var.unprotected_file_patterns
+    error_message = "${gitea_repository_branch_protection.bp.unprotected_file_patterns} not eq ${var.unprotected_file_patterns}"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.require_signed_commits == var.require_signed_commits
+    error_message = "${gitea_repository_branch_protection.bp.require_signed_commits} not eq ${var.require_signed_commits}"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.required_approvals == var.required_approvals
+    error_message = "${gitea_repository_branch_protection.bp.required_approvals} not eq ${var.required_approvals}"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.dismiss_stale_approvals == var.dismiss_stale_approvals
+    error_message = "${gitea_repository_branch_protection.bp.dismiss_stale_approvals} not eq ${var.dismiss_stale_approvals}"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.block_merge_on_rejected_reviews == var.block_merge_on_rejected_reviews
+    error_message = "${gitea_repository_branch_protection.bp.block_merge_on_rejected_reviews} not eq ${var.block_merge_on_rejected_reviews}"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.block_merge_on_official_review_requests == var.block_merge_on_official_review_requests
+    error_message = "${gitea_repository_branch_protection.bp.block_merge_on_official_review_requests} not eq ${var.block_merge_on_official_review_requests}"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.block_merge_on_outdated_branch == var.block_merge_on_outdated_branch
+    error_message = "${gitea_repository_branch_protection.bp.block_merge_on_outdated_branch} not eq ${var.block_merge_on_outdated_branch}"
+  }
+}
+
+run "enable_push" {
+  variables {
+    rule_name   = "enable_push"
+    enable_push = true
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.enable_push == var.enable_push
+    error_message = "${gitea_repository_branch_protection.bp.enable_push} not eq ${var.enable_push}"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.enable_push_whitelist == false
+    error_message = "${gitea_repository_branch_protection.bp.enable_push_whitelist} not eq `false`"
+  }
+}
+
+run "implicit_push_whitelist_with_users" {
+  variables {
+    enable_push          = true
+    rule_name            = "implicit_and_push_whitelist_with_users"
+    push_whitelist_users = ["test_user"]
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.enable_push_whitelist == true
+    error_message = "${gitea_repository_branch_protection.bp.enable_push_whitelist} not eq `true`"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.push_whitelist_users == tolist(var.push_whitelist_users)
+    error_message = "${join(",", gitea_repository_branch_protection.bp.push_whitelist_users)} not eq ${join(",", var.push_whitelist_users)}"
+  }
+}
+
+run "implicit_push_whitelist_with_teams" {
+  variables {
+    rule_name            = "implicit_and_push_whitelist_with_teams"
+    repo_user_name       = "test-org"
+    enable_push          = true
+    push_whitelist_teams = ["Owners"]
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.enable_push_whitelist == true
+    error_message = "${gitea_repository_branch_protection.bp.enable_push_whitelist} not eq `true`"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.push_whitelist_teams == tolist(var.push_whitelist_teams)
+    error_message = "${join(",", gitea_repository_branch_protection.bp.push_whitelist_teams)} not eq ${join(",", var.push_whitelist_teams)}"
+  }
+}
+
+run "implicit_push_whitelist_with_deploy_keys" {
+  variables {
+    rule_name                  = "implicit_push_whitelist_with_deploy_keys"
+    enable_push                = true
+    push_whitelist_deploy_keys = true
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.enable_push_whitelist == true
+    error_message = "${gitea_repository_branch_protection.bp.enable_push_whitelist} not eq `true`"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.push_whitelist_deploy_keys == var.push_whitelist_deploy_keys
+    error_message = "${gitea_repository_branch_protection.bp.push_whitelist_deploy_keys} not eq ${var.push_whitelist_deploy_keys}"
+  }
+}
+
+run "implicit_enable_approve_whitelist_with_users" {
+  variables {
+    rule_name                = "implicit_enable_approve_whitelist_with_users"
+    approval_whitelist_users = ["test_user"]
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.enable_approval_whitelist == true
+    error_message = "${gitea_repository_branch_protection.bp.enable_approval_whitelist} not eq `true`"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.approval_whitelist_users == tolist(var.approval_whitelist_users)
+    error_message = "${join(",", gitea_repository_branch_protection.bp.approval_whitelist_users)} not eq ${join(",", var.approval_whitelist_users)}"
+  }
+}
+
+run "implicit_enable_approve_whitelist_with_teams" {
+  variables {
+    rule_name                = "implicit_enable_approve_whitelist_with_teams"
+    repo_user_name           = "test-org"
+    approval_whitelist_teams = ["Owners"]
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.enable_approval_whitelist == true
+    error_message = "${gitea_repository_branch_protection.bp.enable_approval_whitelist} not eq `true`"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.approval_whitelist_teams == tolist(var.approval_whitelist_teams)
+    error_message = "${join(",", gitea_repository_branch_protection.bp.approval_whitelist_teams)} not eq ${join(",", var.approval_whitelist_teams)}"
+  }
+}
+
+run "implicit_enable_merge_whitelist_with_users" {
+  variables {
+    rule_name             = "implicit_enable_merge_whitelist_with_users"
+    merge_whitelist_users = ["test_user"]
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.enable_merge_whitelist == true
+    error_message = "${gitea_repository_branch_protection.bp.enable_merge_whitelist} not eq `true`"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.merge_whitelist_users == tolist(var.merge_whitelist_users)
+    error_message = "${join(",", gitea_repository_branch_protection.bp.merge_whitelist_users)} not eq ${join(",", var.merge_whitelist_users)}"
+  }
+}
+
+run "implicit_enable_merge_whitelist_with_teams" {
+  variables {
+    rule_name             = "implicit_enable_merge_whitelist_with_teams"
+    repo_user_name        = "test-org"
+    merge_whitelist_teams = ["Owners"]
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.enable_merge_whitelist == true
+    error_message = "${gitea_repository_branch_protection.bp.enable_merge_whitelist} not eq `true`"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.merge_whitelist_teams == tolist(var.merge_whitelist_teams)
+    error_message = "${join(",", gitea_repository_branch_protection.bp.merge_whitelist_teams)} not eq ${join(",", var.merge_whitelist_teams)}"
+  }
+}
+
+run "implicit_enable_status_check" {
+  variables {
+    rule_name             = "implicit_enable_status_check"
+    status_check_patterns = ["terraform-tests", "tf fmt"]
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.enable_status_check == true
+    error_message = "${gitea_repository_branch_protection.bp.enable_status_check} not eq `true`"
+  }
+  assert {
+    condition     = gitea_repository_branch_protection.bp.status_check_patterns == tolist(var.status_check_patterns)
+    error_message = "${join(",", gitea_repository_branch_protection.bp.status_check_patterns)} not eq ${join(",", var.status_check_patterns)}"
+  }
+}

tests/readme.md

@@ -0,0 +1,14 @@
+# How to run tests
+
+```bash
+docker run -p 3000:3000 gitea/gitea:latest-rootless
+```
+
+1. Setup gitea under http://localhost:3000
+2. Username: gitea_admin
+3. Password: gitea_admin
+4. Email: admin@gitea.local
+
+```bash
+terraform test
+```

tests/setup/main.tf

@@ -0,0 +1,22 @@
+resource "gitea_org" "test_org" {
+  name = var.org_name
+}
+
+resource "gitea_repository" "org_repo" {
+  username = gitea_org.test_org.name
+  name     = var.repo_name
+}
+
+resource "gitea_user" "test_user" {
+  password             = "Geheim1!"
+  email                = "terraform@local.host"
+  username             = var.user_name
+  login_name           = var.user_name
+  must_change_password = false
+}
+
+resource "gitea_repository" "user_repo" {
+  username = gitea_user.test_user.username
+  name     = var.repo_name
+}
+

tests/setup/variables.tf

@@ -0,0 +1,15 @@
+variable "repo_name" {
+  type    = string
+  default = "test-repo"
+}
+
+variable "org_name" {
+  type    = string
+  default = "test-org"
+}
+
+variable "user_name" {
+  type    = string
+  default = "test_user"
+}
+

tests/setup/versions.tf

@@ -0,0 +1,16 @@
+terraform {
+  required_providers {
+    gitea = {
+      source  = "go-gitea/gitea"
+      version = "0.3.0"
+    }
+  }
+  required_version = ">= 0.13"
+}
+
+provider "gitea" {
+  base_url = "http://localhost:3000"
+  username = "gitea_admin"
+  password = "gitea_admin"
+  insecure = true
+}

tests/variables.tf

@@ -0,0 +1,117 @@
+variable "repo_name" {
+  type    = string
+  default = "test-repo"
+}
+
+variable "org_name" {
+  type    = string
+  default = "test-org"
+}
+
+variable "repo_user_name" {
+  type    = string
+  default = "test_user"
+}
+
+variable "user_name" {
+  type    = string
+  default = "test_user"
+}
+
+variable "rule_name" {
+  type    = string
+  default = "branch-protection"
+}
+
+variable "protected_file_patterns" {
+  type    = string
+  default = ""
+}
+
+variable "unprotected_file_patterns" {
+  type    = string
+  default = ""
+}
+
+variable "enable_push" {
+  type    = bool
+  default = true
+}
+
+variable "push_whitelist_users" {
+  type    = list(string)
+  default = []
+}
+
+variable "push_whitelist_teams" {
+  type    = list(string)
+  default = []
+}
+
+variable "push_whitelist_deploy_keys" {
+  type    = bool
+  default = false
+}
+
+variable "require_signed_commits" {
+  type    = bool
+  default = false
+}
+
+variable "required_approvals" {
+  type    = number
+  default = 0
+}
+
+variable "approval_whitelist_users" {
+  type    = list(string)
+  default = []
+}
+
+variable "approval_whitelist_teams" {
+  type    = list(string)
+  default = []
+}
+
+variable "dismiss_stale_approvals" {
+  type    = bool
+  default = false
+}
+
+variable "status_check_patterns" {
+  type    = list(string)
+  default = []
+}
+
+variable "merge_whitelist_users" {
+  type    = list(string)
+  default = []
+}
+
+variable "merge_whitelist_teams" {
+  type    = list(string)
+  default = []
+}
+
+variable "block_merge_on_rejected_reviews" {
+  type    = bool
+  default = false
+}
+
+variable "block_merge_on_official_review_requests" {
+  type    = bool
+  default = false
+}
+
+variable "block_merge_on_outdated_branch" {
+  type    = bool
+  default = false
+}
+
+# // not implemented in go-gitea-sdk
+//
+# //
+# // "ignore_stale_approvals": {
+# // Description: `Do not count approvals that were made on older commits (stale reviews) towards how many approvals the PR has. Irrelevant if stale reviews are already dismissed.`,
+# // },
+

tests/versions.tf

@@ -0,0 +1,16 @@
+terraform {
+  required_providers {
+    gitea = {
+      source  = "go-gitea/gitea"
+      version = "0.3.0"
+    }
+  }
+  required_version = ">= 0.13"
+}
+
+provider "gitea" {
+  base_url = "http://localhost:3000"
+  username = "gitea_admin"
+  password = "gitea_admin"
+  insecure = true
+}