hopefully fixed drone signing

.drone.yml

@@ -41,7 +41,16 @@ steps:
     environment:
       GITEA_TOKEN:
         from_secret: gitea_token
+      GPG_PRIVATE_KEY:
+        from_secret: GPG_PRIVATE_KEY
+      GPG_FINGERPRINT:
+        from_secret: GPG_FINGERPRINT
+      GPG_PRIVATE_KEY_BASE64:
+        from_secret: GPG_PRIVATE_KEY_BASE64
     commands:
+      - apk add gpg-agent
+      - gpg-agent --daemon --default-cache-ttl 7200
+      - echo $GPG_PRIVATE_KEY_BASE64 | base64 -d | gpg --import --batch --no-tty
       - goreleaser release
     resources:
       limits:

.goreleaser.yml

@@ -4,6 +4,9 @@ before:
   hooks:
     # this is just an example and not a requirement for provider building/publishing
     - go mod tidy
+gitea_urls:
+  api: https://git.uploadfilter24.eu/api/v1/
+  download: https://git.uploadfilter24.eu
 builds:
 - env:
     # goreleaser does not work with CGO, it could also complicate
@@ -51,6 +54,9 @@ signs:
       - "--detach-sign"
       - "${artifact}"
 release:
+  gitea:
+    owner: lerentis
+    name: terraform-provider-gitea
   extra_files:
     - glob: 'terraform-registry-manifest.json'
       name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json'

Makefile

@@ -3,7 +3,7 @@ GOFMT_FILES?=$$(find . -name '*.go' |grep -v vendor)
 
 GOFMT ?= gofmt -s
 
-VERSION = 0.3.0
+VERSION = 0.5.0
 
 test: fmt-check
 	go test -i $(TEST) || exit 1
@@ -37,3 +37,5 @@ install: build
 	@echo ~/.terraform.d/plugins/terraform.local/lerentis/gitea/${VERSION}/linux_amd64/terraform-provider-gitea_${VERSION}
 	@mkdir -p ~/.terraform.d/plugins/terraform.local/lerentis/gitea/${VERSION}/linux_amd64
 	@mv terraform-provider-gitea_${VERSION} ~/.terraform.d/plugins/terraform.local/lerentis/gitea/${VERSION}/linux_amd64/terraform-provider-gitea_${VERSION}
+doc:
+	tfplugindocs

docs/resources/public_key.md

@@ -0,0 +1,52 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "gitea_public_key Resource - terraform-provider-gitea"
+subcategory: ""
+description: |-
+  gitea_public_key manages ssh key that are associated with users.
+---
+
+# gitea_public_key (Resource)
+
+`gitea_public_key` manages ssh key that are associated with users.
+
+## Example Usage
+
+```terraform
+resource "gitea_user" "test" {
+  username             = "test"
+  login_name           = "test"
+  password             = "Geheim1!"
+  email                = "test@user.dev"
+  must_change_password = false
+}
+
+
+resource "gitea_public_key" "test_user_key" {
+  title     = "test"
+  key       = file("${path.module}/id_ed25519.pub")
+  username  = gitea_user.test.username
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `key` (String, Sensitive) An armored SSH key to add
+- `title` (String) Title of the key to add
+- `username` (String) User to associate with the added key
+
+### Optional
+
+- `read_only` (Boolean) Describe if the key has only read access or read/write
+
+### Read-Only
+
+- `created` (String)
+- `fingerprint` (String)
+- `id` (String) The ID of this resource.
+- `type` (String)
+
+

docs/resources/user.md

@@ -0,0 +1,60 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "gitea_user Resource - terraform-provider-gitea"
+subcategory: ""
+description: |-
+  gitea_user manages a native gitea user.
+  If you are using OIDC or other kinds of authentication mechanisms you can still try to managessh keys or other ressources this way
+---
+
+# gitea_user (Resource)
+
+`gitea_user` manages a native gitea user.
+
+If you are using OIDC or other kinds of authentication mechanisms you can still try to managessh keys or other ressources this way
+
+## Example Usage
+
+```terraform
+resource "gitea_user" "test" {
+  username             = "test"
+  login_name           = "test"
+  password             = "Geheim1!"
+  email                = "test@user.dev"
+  must_change_password = false
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `email` (String) E-Mail Address of the user
+- `login_name` (String) The login name can differ from the username
+- `password` (String, Sensitive) Password to be set for the user
+- `username` (String) Username of the user to be created
+
+### Optional
+
+- `active` (Boolean) Flag if this user should be active or not
+- `admin` (Boolean) Flag if this user should be an administrator or not
+- `allow_create_organization` (Boolean)
+- `allow_git_hook` (Boolean)
+- `allow_import_local` (Boolean)
+- `description` (String) A description of the user
+- `force_password_change` (Boolean) Flag if the user defined password should be overwritten or not
+- `full_name` (String) Full name of the user
+- `location` (String)
+- `max_repo_creation` (Number)
+- `must_change_password` (Boolean) Flag if the user should change the password after first login
+- `prohibit_login` (Boolean) Flag if the user should not be allowed to log in (bot user)
+- `restricted` (Boolean)
+- `send_notification` (Boolean) Flag to send a notification about the user creation to the defined `email`
+- `visibility` (String) Visibility of the user. Can be `public`, `limited` or `private`
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+

examples/.gitignore

@@ -2,4 +2,5 @@
 .terraform.lock.hcl
 terraform.tfstate
 terraform.tfstate.backup
-*.tfvars
+*.tfvars
+id_ed25519

examples/main.tf

@@ -23,5 +23,26 @@ resource "gitea_org" "test_org" {
 
 resource "gitea_repository" "org_repo" {
   username = gitea_org.test_org.name
-  name = "org-test-repo"
-}
+  name     = "org-test-repo"
+}
+
+data "gitea_user" "me" {
+  username = "lerentis"
+}
+
+resource "gitea_user" "test" {
+  username             = "test"
+  login_name           = "test"
+  password             = "Geheim1!"
+  email                = "test@user.dev"
+  must_change_password = false
+  admin                = true
+}
+
+
+resource "gitea_public_key" "test_user_key" {
+  title     = "test"
+  key       = file("${path.module}/resources/gitea_public_key/id_ed25519.pub")
+  read_only = true
+  username  = gitea_user.test.username
+}

examples/provider.tf

@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    gitea = {
+      source = "terraform.local/lerentis/gitea"
+      version = "0.5.0"
+    }
+  }
+}
+
+provider "gitea" {
+  base_url = var.gitea_url
+  token    = var.gitea_token
+}

examples/resources/gitea_public_key/id_ed25519.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINn6hAP48oKz6MVWjYvn0fne2YeaOv/zC6zuvFXlJKf2 test@dev.local

examples/resources/gitea_public_key/resource.tf

@@ -0,0 +1,14 @@
+resource "gitea_user" "test" {
+  username             = "test"
+  login_name           = "test"
+  password             = "Geheim1!"
+  email                = "test@user.dev"
+  must_change_password = false
+}
+
+
+resource "gitea_public_key" "test_user_key" {
+  title     = "test"
+  key       = file("${path.module}/id_ed25519.pub")
+  username  = gitea_user.test.username
+}

examples/resources/gitea_user/resource.tf

@@ -0,0 +1,7 @@
+resource "gitea_user" "test" {
+  username             = "test"
+  login_name           = "test"
+  password             = "Geheim1!"
+  email                = "test@user.dev"
+  must_change_password = false
+}

gitea/provider.go

@@ -76,9 +76,10 @@ func Provider() terraform.ResourceProvider {
 			"gitea_org": resourceGiteaOrg(),
 			// "gitea_team": resourceGiteaTeam(),
 			// "gitea_repo": resourceGiteaRepo(),
-			// "gitea_user": resourceGiteaUser(),
+			"gitea_user":       resourceGiteaUser(),
 			"gitea_oauth2_app": resourceGiteaOauthApp(),
 			"gitea_repository": resourceGiteaRepository(),
+			"gitea_public_key": resourceGiteaPublicKey(),
 		},
 
 		ConfigureFunc: providerConfigure,

gitea/resource_gitea_organisation.go

@@ -17,8 +17,6 @@ const (
 	RepoAdminChangeTeamAccess string = "repo_admin_change_team_access"
 )
 
-type VisibleType string
-
 func resourceOrgRead(d *schema.ResourceData, meta interface{}) (err error) {
 	client := meta.(*gitea.Client)
 
@@ -97,7 +95,7 @@ func resourceOrgUpdate(d *schema.ResourceData, meta interface{}) (err error) {
 	return
 }
 
-func respurceOrgDelete(d *schema.ResourceData, meta interface{}) (err error) {
+func resourceOrgDelete(d *schema.ResourceData, meta interface{}) (err error) {
 	client := meta.(*gitea.Client)
 
 	var resp *gitea.Response
@@ -133,7 +131,7 @@ func resourceGiteaOrg() *schema.Resource {
 		Read:   resourceOrgRead,
 		Create: resourceOrgCreate,
 		Update: resourceOrgUpdate,
-		Delete: respurceOrgDelete,
+		Delete: resourceOrgDelete,
 		Importer: &schema.ResourceImporter{
 			State: schema.ImportStatePassthrough,
 		},

gitea/resource_gitea_public_key.go

@@ -0,0 +1,155 @@
+package gitea
+
+import (
+	"fmt"
+	"strconv"
+
+	"code.gitea.io/sdk/gitea"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+)
+
+const (
+	PublicKeyUser         string = "username"
+	PublicKey             string = "key"
+	PublicKeyReadOnlyFlag string = "read_only"
+	PublicKeyTitle        string = "title"
+	PublicKeyId           string = "id"
+	PublicKeyFingerprint  string = "fingerprint"
+	PublicKeyCreated      string = "created"
+	PublicKeyType         string = "type"
+)
+
+func resourcePublicKeyRead(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+
+	id, err := strconv.ParseInt(d.Id(), 10, 64)
+
+	var resp *gitea.Response
+	var pubKey *gitea.PublicKey
+
+	pubKey, resp, err = client.GetPublicKey(id)
+
+	if err != nil {
+		if resp.StatusCode == 404 {
+			d.SetId("")
+			return nil
+		} else {
+			return err
+		}
+	}
+
+	err = setPublicKeyResourceData(pubKey, d)
+
+	return
+}
+
+func resourcePublicKeyCreate(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+
+	var pubKey *gitea.PublicKey
+
+	opts := gitea.CreateKeyOption{
+		Title:    d.Get(PublicKeyTitle).(string),
+		Key:      d.Get(PublicKey).(string),
+		ReadOnly: d.Get(PublicKeyReadOnlyFlag).(bool),
+	}
+
+	pubKey, _, err = client.AdminCreateUserPublicKey(d.Get(PublicKeyUser).(string), opts)
+
+	err = setPublicKeyResourceData(pubKey, d)
+
+	return
+}
+
+func resourcePublicKeyUpdate(d *schema.ResourceData, meta interface{}) (err error) {
+	// update = recreate
+	resourcePublicKeyDelete(d, meta)
+	resourcePublicKeyCreate(d, meta)
+	return
+}
+
+func resourcePublicKeyDelete(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+
+	id, err := strconv.ParseInt(d.Id(), 10, 64)
+
+	var resp *gitea.Response
+
+	resp, err = client.AdminDeleteUserPublicKey(d.Get(PublicKeyUser).(string), int(id))
+
+	if err != nil {
+		if resp.StatusCode == 404 {
+			return
+		} else {
+			return err
+		}
+	}
+
+	return
+}
+
+func setPublicKeyResourceData(pubKey *gitea.PublicKey, d *schema.ResourceData) (err error) {
+	d.SetId(fmt.Sprintf("%d", pubKey.ID))
+	d.Set(PublicKeyUser, pubKey.Owner.UserName)
+	d.Set(PublicKey, pubKey.Key)
+	d.Set(PublicKeyTitle, pubKey.Title)
+	d.Set(PublicKeyReadOnlyFlag, pubKey.ReadOnly)
+	d.Set(PublicKeyCreated, pubKey.Created)
+	d.Set(PublicKeyFingerprint, pubKey.Fingerprint)
+	d.Set(PublicKeyType, pubKey.KeyType)
+	return
+}
+
+func resourceGiteaPublicKey() *schema.Resource {
+	return &schema.Resource{
+		Read:   resourcePublicKeyRead,
+		Create: resourcePublicKeyCreate,
+		Update: resourcePublicKeyUpdate,
+		Delete: resourcePublicKeyDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+		Schema: map[string]*schema.Schema{
+			"title": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "Title of the key to add",
+			},
+			"key": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Sensitive:   true,
+				Description: "An armored SSH key to add",
+			},
+			"read_only": {
+				Type:        schema.TypeBool,
+				Required:    false,
+				Optional:    true,
+				Default:     false,
+				Description: "Describe if the key has only read access or read/write",
+			},
+			"username": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Optional:    false,
+				ForceNew:    true,
+				Description: "User to associate with the added key",
+			},
+			"fingerprint": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"created": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"type": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+		Description: "`gitea_public_key` manages ssh key that are associated with users.",
+	}
+}

gitea/resource_gitea_user.go

@@ -0,0 +1,365 @@
+package gitea
+
+import (
+	"fmt"
+	"strconv"
+
+	"code.gitea.io/sdk/gitea"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+)
+
+const (
+	userName                string = "username"
+	userLoginName           string = "login_name"
+	userEmail               string = "email"
+	userFullName            string = "full_name"
+	userPassword            string = "password"
+	userMustChangePassword  string = "must_change_password"
+	userSendNotification    string = "send_notification"
+	userVisibility          string = "visibility"
+	userDescription         string = "description"
+	userLocation            string = "location"
+	userActive              string = "active"
+	userAdmin               string = "admin"
+	userAllowGitHook        string = "allow_git_hook"
+	userAllowLocalImport    string = "allow_import_local"
+	userMaxRepoCreation     string = "max_repo_creation"
+	userPhorbitLogin        string = "prohibit_login"
+	userAllowCreateOrgs     string = "allow_create_organization"
+	userRestricted          string = "restricted"
+	userForcePasswordChange string = "force_password_change"
+)
+
+func resourceUserRead(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+
+	id, err := strconv.ParseInt(d.Id(), 10, 64)
+
+	var resp *gitea.Response
+	var user *gitea.User
+
+	user, resp, err = client.GetUserByID(id)
+
+	if err != nil {
+		if resp.StatusCode == 404 {
+			d.SetId("")
+			return nil
+		} else {
+			return err
+		}
+	}
+
+	err = setUserResourceData(user, d)
+
+	return
+}
+
+func resourceUserCreate(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+
+	var user *gitea.User
+	visibility := gitea.VisibleType(d.Get(userVisibility).(string))
+	changePassword := d.Get(userMustChangePassword).(bool)
+
+	opts := gitea.CreateUserOption{
+		SourceID:           0,
+		LoginName:          d.Get(userLoginName).(string),
+		Username:           d.Get(userName).(string),
+		FullName:           d.Get(userFullName).(string),
+		Email:              d.Get(userEmail).(string),
+		Password:           d.Get(userPassword).(string),
+		MustChangePassword: &changePassword,
+		SendNotify:         d.Get(userSendNotification).(bool),
+		Visibility:         &visibility,
+	}
+
+	user, _, err = client.AdminCreateUser(opts)
+	if err != nil {
+		return
+	}
+
+	d.SetId(fmt.Sprintf("%d", user.ID))
+
+	err = resourceUserUpdate(d, meta)
+
+	return
+}
+
+func resourceUserUpdate(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+
+	id, err := strconv.ParseInt(d.Id(), 10, 64)
+	var resp *gitea.Response
+	var user *gitea.User
+
+	user, resp, err = client.GetUserByID(id)
+
+	if err != nil {
+		if resp.StatusCode == 404 {
+			resourceUserCreate(d, meta)
+		} else {
+			return err
+		}
+	}
+
+	mail := d.Get(userEmail).(string)
+	fullName := d.Get(userFullName).(string)
+	description := d.Get(userDescription).(string)
+	changePassword := d.Get(userMustChangePassword).(bool)
+	location := d.Get(userLocation).(string)
+	active := d.Get(userActive).(bool)
+	admin := d.Get(userAdmin).(bool)
+	allowHook := d.Get(userAllowGitHook).(bool)
+	allowImport := d.Get(userAllowLocalImport).(bool)
+	maxRepoCreation := d.Get(userMaxRepoCreation).(int)
+	accessDenied := d.Get(userPhorbitLogin).(bool)
+	allowOrgs := d.Get(userAllowCreateOrgs).(bool)
+	restricted := d.Get(userRestricted).(bool)
+	visibility := gitea.VisibleType(d.Get(userVisibility).(string))
+
+	if d.Get(userForcePasswordChange).(bool) {
+		opts := gitea.EditUserOption{
+			SourceID:                0,
+			LoginName:               d.Get(userLoginName).(string),
+			Email:                   &mail,
+			FullName:                &fullName,
+			Password:                d.Get(userPassword).(string),
+			Description:             &description,
+			MustChangePassword:      &changePassword,
+			Location:                &location,
+			Active:                  &active,
+			Admin:                   &admin,
+			AllowGitHook:            &allowHook,
+			AllowImportLocal:        &allowImport,
+			MaxRepoCreation:         &maxRepoCreation,
+			ProhibitLogin:           &accessDenied,
+			AllowCreateOrganization: &allowOrgs,
+			Restricted:              &restricted,
+			Visibility:              &visibility,
+		}
+		_, err = client.AdminEditUser(d.Get(userName).(string), opts)
+
+		if err != nil {
+			return err
+		}
+
+	} else {
+		opts := gitea.EditUserOption{
+			SourceID:                0,
+			LoginName:               d.Get(userLoginName).(string),
+			Email:                   &mail,
+			FullName:                &fullName,
+			Description:             &description,
+			MustChangePassword:      &changePassword,
+			Location:                &location,
+			Active:                  &active,
+			Admin:                   &admin,
+			AllowGitHook:            &allowHook,
+			AllowImportLocal:        &allowImport,
+			MaxRepoCreation:         &maxRepoCreation,
+			ProhibitLogin:           &accessDenied,
+			AllowCreateOrganization: &allowOrgs,
+			Restricted:              &restricted,
+			Visibility:              &visibility,
+		}
+		_, err = client.AdminEditUser(d.Get(userName).(string), opts)
+
+		if err != nil {
+			return err
+		}
+	}
+
+	user, _, err = client.GetUserByID(id)
+
+	err = setUserResourceData(user, d)
+
+	return
+}
+
+func resourceUserDelete(d *schema.ResourceData, meta interface{}) (err error) {
+	client := meta.(*gitea.Client)
+
+	var resp *gitea.Response
+
+	resp, err = client.AdminDeleteUser(d.Get(userName).(string))
+
+	if err != nil {
+		if resp.StatusCode == 404 {
+			return
+		} else {
+			return err
+		}
+	}
+
+	return
+}
+
+func setUserResourceData(user *gitea.User, d *schema.ResourceData) (err error) {
+	d.SetId(fmt.Sprintf("%d", user.ID))
+	d.Set("id", user.ID)
+	d.Set(userName, user.UserName)
+	d.Set(userEmail, user.Email)
+	d.Set(userFullName, user.FullName)
+	d.Set(userAdmin, user.IsAdmin)
+	d.Set("created", user.Created)
+	d.Set("avatar_url", user.AvatarURL)
+	d.Set("last_login", user.LastLogin)
+	d.Set("language", user.Language)
+	d.Set(userLoginName, d.Get(userLoginName).(string))
+	d.Set(userMustChangePassword, d.Get(userMustChangePassword).(bool))
+	d.Set(userSendNotification, d.Get(userSendNotification).(bool))
+	d.Set(userVisibility, d.Get(userVisibility).(string))
+	d.Set(userDescription, d.Get(userDescription).(string))
+	d.Set(userLocation, d.Get(userLocation).(string))
+	d.Set(userActive, d.Get(userActive).(bool))
+	d.Set(userAllowGitHook, d.Get(userAllowGitHook).(bool))
+	d.Set(userAllowLocalImport, d.Get(userAllowLocalImport).(bool))
+	d.Set(userMaxRepoCreation, d.Get(userMaxRepoCreation).(int))
+	d.Set(userPhorbitLogin, d.Get(userPhorbitLogin).(bool))
+	d.Set(userAllowCreateOrgs, d.Get(userAllowCreateOrgs).(bool))
+	d.Set(userRestricted, d.Get(userRestricted).(bool))
+	d.Set(userForcePasswordChange, d.Get(userForcePasswordChange).(bool))
+
+	return
+}
+
+func resourceGiteaUser() *schema.Resource {
+	return &schema.Resource{
+		Read:   resourceUserRead,
+		Create: resourceUserCreate,
+		Update: resourceUserUpdate,
+		Delete: resourceUserDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+		Schema: map[string]*schema.Schema{
+			"username": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "Username of the user to be created",
+			},
+			"login_name": {
+				Type:        schema.TypeString,
+				Optional:    false,
+				Required:    true,
+				Description: "The login name can differ from the username",
+			},
+			"email": {
+				Type:        schema.TypeString,
+				Optional:    false,
+				Required:    true,
+				Description: "E-Mail Address of the user",
+			},
+			"full_name": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Optional:    true,
+				Required:    false,
+				Description: "Full name of the user",
+			},
+			"password": {
+				Type:        schema.TypeString,
+				Optional:    false,
+				Required:    true,
+				Sensitive:   true,
+				Description: "Password to be set for the user",
+			},
+			"must_change_password": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Required:    false,
+				Default:     true,
+				Description: "Flag if the user should change the password after first login",
+			},
+			"send_notification": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Required:    false,
+				Default:     true,
+				Description: "Flag to send a notification about the user creation to the defined `email`",
+			},
+			"visibility": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Required:    false,
+				Default:     "public",
+				Description: "Visibility of the user. Can be `public`, `limited` or `private`",
+			},
+			"description": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Required:    false,
+				Default:     "",
+				Description: "A description of the user",
+			},
+			"location": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Required: false,
+				Default:  "",
+			},
+			"active": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Required:    false,
+				Default:     true,
+				Description: "Flag if this user should be active or not",
+			},
+			"admin": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Required:    false,
+				Default:     false,
+				Description: "Flag if this user should be an administrator or not",
+			},
+			"allow_git_hook": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Required: false,
+				Default:  true,
+			},
+			"allow_import_local": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Required: false,
+				Default:  true,
+			},
+			"max_repo_creation": {
+				Type:     schema.TypeInt,
+				Optional: true,
+				Required: false,
+				Default:  -1,
+			},
+			"prohibit_login": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Required:    false,
+				Default:     false,
+				Description: "Flag if the user should not be allowed to log in (bot user)",
+			},
+			"allow_create_organization": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Required: false,
+				Default:  true,
+			},
+			"restricted": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Required: false,
+				Default:  false,
+			},
+			"force_password_change": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Required:    false,
+				Default:     false,
+				Description: "Flag if the user defined password should be overwritten or not",
+			},
+		},
+		Description: "`gitea_user` manages a native gitea user.\n\n" +
+			"If you are using OIDC or other kinds of authentication mechanisms you can still try to manage" +
+			"ssh keys or other ressources this way",
+	}
+}