portainer
diff --git a/‎README.md‎
Lines changed: 92 additions & 84 deletions b/‎README.md‎
Lines changed: 92 additions & 84 deletions
diff --git a/‎docs/index.md‎
Lines changed: 7 additions & 7 deletions b/‎docs/index.md‎
Lines changed: 7 additions & 7 deletions
diff --git a/‎docs/resources/settings.md‎
Lines changed: 21 additions & 15 deletions b/‎docs/resources/settings.md‎
Lines changed: 21 additions & 15 deletions
diff --git a/‎internal/resource_cloud_credentials.go‎
Lines changed: 3 additions & 0 deletions b/‎internal/resource_cloud_credentials.go‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎internal/resource_docker_config.go‎
Lines changed: 16 additions & 0 deletions b/‎internal/resource_docker_config.go‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎internal/resource_docker_network.go‎
Lines changed: 89 additions & 104 deletions b/‎internal/resource_docker_network.go‎
Lines changed: 89 additions & 104 deletions
diff --git a/‎internal/resource_docker_node.go‎
Lines changed: 0 additions & 1 deletion b/‎internal/resource_docker_node.go‎
Lines changed: 0 additions & 1 deletion
@@ -68,13 +68,13 @@ $ export PORTAINER_SKIP_SSL_VERIFY=true
 ```
 
 ## Arguments Reference
-| Name              | Type    | Required | Description                                                                                    |
-| ----------------- | ------- | -------- | ---------------------------------------------------------------------------------------------- |
-| `endpoint`        | string  | ✅ yes    | URL of the Portainer instance. `/api` will be appended automatically if missing.               |
-| `api_key`         | string  | ❌ no     | API key for authentication. Mutually exclusive with `api_user` and `api_password`.                     |
-| `api_user`            | string  | ❌ no     | Username for authentication (must be used with `api_password`). Mutually exclusive with `api_key`. |
-| `api_password`        | string  | ❌ no     | Password for authentication (must be used with `api_user`). Mutually exclusive with `api_key`.     |
-| `skip_ssl_verify` | boolean | ❌ no     | Skip TLS certificate verification (useful for self-signed certs). Default: `false`.            |
+| Name              | Type    | Required | Description                                                                                        |
+| ----------------- | ------- | -------- | ---------------------------------------------------------------------------------------------------|
+| `endpoint`        | string  | ✅ yes   | URL of the Portainer instance. `/api` will be appended automatically if missing.                   |
+| `api_key`         | string  | ❌ no    | API key for authentication. Mutually exclusive with `api_user` and `api_password`.                 |
+| `api_user`        | string  | ❌ no    | Username for authentication (must be used with `api_password`). Mutually exclusive with `api_key`. |
+| `api_password`    | string  | ❌ no    | Password for authentication (must be used with `api_user`). Mutually exclusive with `api_key`.     |
+| `skip_ssl_verify` | boolean | ❌ no    | Skip TLS certificate verification (useful for self-signed certs). Default: `false`.                |
 
 ## 🧩 Supported Resources
 | Resource                                       | Status                                                                 |
 
@@ -35,21 +35,27 @@ trraform apply
 
 ## Arguments Reference
 ### Main Attributes
-| Name                          | Type     | Required | Description                                                                  |
-|-------------------------------|----------|----------|------------------------------------------------------------------------------|
-| `authentication_method`       | number   | ✅ yes   | Type of authentication (e.g., `1` = internal, `2` = LDAP, `3` = OAuth)       |
-| `enable_telemetry`            | bool     | 🚫 no    | Enable Portainer telemetry                                                   |
-| `logo_url`                    | string   | 🚫 no    | URL to custom logo                                                           |
-| `snapshot_interval`           | string   | 🚫 no    | How often to run container snapshots (e.g., `"15m"`)                         |
-| `templates_url`               | string   | 🚫 no    | URL to the template list JSON                                                |
-| `user_session_timeout`        | string   | 🚫 no    | Session expiration time (e.g., `"8h"`)                                       |
-| `kubeconfig_expiry`           | string   | 🚫 no    | Expiration time for downloaded Kubeconfigs                                   |
-| `kubectl_shell_image`         | string   | 🚫 no    | Image to be used for the kubectl shell UI                                   |
-| `helm_repository_url`         | string   | 🚫 no    | Default Helm repository URL                                                  |
-| `enable_edge_compute_features`| bool     | 🚫 no    | Enable Edge compute management support                                       |
-| `enforce_edge_id`             | bool     | 🚫 no    | Enforce the use of Portainer Edge ID                                         |
-| `trust_on_first_connect`      | bool   | 🚫 no    | Automatically trust TLS fingerprint on first connection |
-| `edge_agent_checkin_interval` | number | 🚫 no    | Interval (in seconds) for Edge Agent check-ins          |
+| Name                           | Type     | Required | Description                                                                  |
+|--------------------------------|----------|----------|------------------------------------------------------------------------------|
+| `authentication_method`        | number   | ✅ yes   | Type of authentication (e.g., `1` = internal, `2` = LDAP, `3` = OAuth)       |
+| `enable_telemetry`             | bool     | 🚫 no    | Enable Portainer telemetry                                                   |
+| `logo_url`                     | string   | 🚫 no    | URL to custom logo                                                           |
+| `snapshot_interval`            | string   | 🚫 no    | How often to run container snapshots (e.g., `"15m"`)                         |
+| `templates_url`                | string   | 🚫 no    | URL to the template list JSON                                                |
+| `user_session_timeout`         | string   | 🚫 no    | Session expiration time (e.g., `"8h"`)                                       |
+| `kubeconfig_expiry`            | string   | 🚫 no    | Expiration time for downloaded Kubeconfigs                                   |
+| `kubectl_shell_image`          | string   | 🚫 no    | Image to be used for the kubectl shell UI                                    |
+| `helm_repository_url`          | string   | 🚫 no    | Default Helm repository URL                                                  |
+| `enable_edge_compute_features` | bool     | 🚫 no    | Enable Edge compute management support                                       |
+| `enforce_edge_id`              | bool     | 🚫 no    | Enforce the use of Portainer Edge ID                                         |
+| `trust_on_first_connect`       | bool     | 🚫 no    | Automatically trust TLS fingerprint on first connection                      |
+| `edge_agent_checkin_interval`  | number   | 🚫 no    | Interval (in seconds) for Edge Agent check-ins                               |
+| `disable_kube_roles_sync`      | bool     | ❌ no    | Disable Kubernetes role sync from RBAC                                       |
+| `disable_kube_shell`           | bool     | ❌ no    | Disable the Kubectl Shell feature                                            |
+| `disable_kubeconfig_download`  | bool     | ❌ no    | Disable downloading of Kubeconfig files                                      |
+| `display_donation_header`      | bool     | ❌ no    | Show the donation header in UI                                               |
+| `display_external_contributors`| bool     | ❌ no    | Show the list of external contributors in the UI                             |
+| `is_docker_desktop_extension`  | bool     | ❌ no    | Whether Portainer is running as Docker Desktop extension                     |
 
 ### `global_deployment_options` Block
 | Name                        | Type | Required | Description                     |
 
@@ -21,6 +21,9 @@ func resourceCloudCredentials() *schema.Resource {
 		Update: resourceCloudCredentialsUpdate,
 		Delete: resourceCloudCredentialsDelete,
 		Read:   resourceCloudCredentialsRead,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
 		Schema: map[string]*schema.Schema{
 			"cloud_provider": {
 				Type:        schema.TypeString,
 
@@ -15,6 +15,22 @@ func resourceDockerConfig() *schema.Resource {
 		Read:   resourceDockerConfigRead,
 		Update: resourceDockerConfigUpdate,
 		Delete: resourceDockerConfigDelete,
+		Importer: &schema.ResourceImporter{
+			State: func(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
+				importID := d.Id()
+				var endpointID int
+				var configID string
+				n, err := fmt.Sscanf(importID, "%d-%s", &endpointID, &configID)
+				if err != nil || n != 2 {
+					return nil, fmt.Errorf("invalid import ID format. Expected '<endpoint_id>-<config_id>'")
+				}
+				if err := d.Set("endpoint_id", endpointID); err != nil {
+					return nil, err
+				}
+				d.SetId(configID)
+				return []*schema.ResourceData{d}, nil
+			},
+		},
 		Schema: map[string]*schema.Schema{
 			"endpoint_id": {
 				Type:     schema.TypeInt,
 
@@ -5,6 +5,8 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"strconv"
+	"strings"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
@@ -15,11 +17,27 @@ func resourceDockerNetwork() *schema.Resource {
 		Read:   resourceDockerNetworkRead,
 		Delete: resourceDockerNetworkDelete,
 		Update: nil,
+		Importer: &schema.ResourceImporter{
+			State: func(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
+				// Expect ID in format "<endpoint_id>:<network_id>"
+				parts := strings.SplitN(d.Id(), ":", 2)
+				if len(parts) != 2 {
+					return nil, fmt.Errorf("unexpected format of ID (%q), expected <endpoint_id>:<network_id>", d.Id())
+				}
+				endpointID, err := strconv.Atoi(parts[0])
+				if err != nil {
+					return nil, fmt.Errorf("invalid endpoint ID: %w", err)
+				}
+				d.Set("endpoint_id", endpointID)
+				d.SetId(parts[1])
+				return []*schema.ResourceData{d}, nil
+			},
+		},
 		Schema: map[string]*schema.Schema{
 			"endpoint_id": {Type: schema.TypeInt, Required: true, ForceNew: true},
 			"name":        {Type: schema.TypeString, Required: true, ForceNew: true},
 			"driver":      {Type: schema.TypeString, Optional: true, Default: "bridge", ForceNew: true},
-			"scope":       {Type: schema.TypeString, Optional: true, ForceNew: true},
+			"scope":       {Type: schema.TypeString, Optional: true, Default: "local", ForceNew: true},
 			"internal":    {Type: schema.TypeBool, Optional: true, Default: false, ForceNew: true},
 			"attachable":  {Type: schema.TypeBool, Optional: true, Default: false, ForceNew: true},
 			"ingress":     {Type: schema.TypeBool, Optional: true, Default: false, ForceNew: true},
@@ -163,112 +181,79 @@ func resourceDockerNetworkCreate(d *schema.ResourceData, meta interface{}) error
 }
 
 func resourceDockerNetworkRead(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*APIClient)
+	endpointID := d.Get("endpoint_id").(int)
+	networkID := d.Id()
+	path := fmt.Sprintf("/endpoints/%d/docker/networks/%s", endpointID, networkID)
+	resp, err := client.DoRequest(http.MethodGet, path, nil, nil)
+	if err != nil {
+		return fmt.Errorf("failed to read docker network: %w", err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode == 404 {
+		d.SetId("")
+		return nil
+	}
+	if resp.StatusCode != 200 {
+		body, _ := io.ReadAll(resp.Body)
+		return fmt.Errorf("failed to read docker network: %s", string(body))
+	}
+
+	var result struct {
+		Name       string                 `json:"Name"`
+		Driver     string                 `json:"Driver"`
+		Scope      string                 `json:"Scope"`
+		Internal   bool                   `json:"Internal"`
+		Attachable bool                   `json:"Attachable"`
+		Ingress    bool                   `json:"Ingress"`
+		ConfigOnly bool                   `json:"ConfigOnly"`
+		EnableIPv4 bool                   `json:"EnableIPv4"`
+		EnableIPv6 bool                   `json:"EnableIPv6"`
+		Options    map[string]interface{} `json:"Options"`
+		Labels     map[string]string      `json:"Labels"`
+		IPAM       struct {
+			Driver  string                   `json:"Driver"`
+			Options map[string]string        `json:"Options"`
+			Config  []map[string]interface{} `json:"Config"`
+		} `json:"IPAM"`
+	}
+
+	if err := json.NewDecoder(resp.Body).Decode(&result); err != nil {
+		return fmt.Errorf("failed to decode docker network response: %w", err)
+	}
+
+	_ = d.Set("name", result.Name)
+	_ = d.Set("driver", result.Driver)
+	_ = d.Set("scope", result.Scope)
+	_ = d.Set("internal", result.Internal)
+	_ = d.Set("attachable", result.Attachable)
+	_ = d.Set("ingress", result.Ingress)
+	_ = d.Set("config_only", result.ConfigOnly)
+	_ = d.Set("enable_ipv4", result.EnableIPv4)
+	_ = d.Set("enable_ipv6", result.EnableIPv6)
+	_ = d.Set("options", result.Options)
+
+	labels := make(map[string]interface{}, len(result.Labels))
+	for k, v := range result.Labels {
+		labels[k] = v
+	}
+	_ = d.Set("labels", labels)
+
+	// IPAM config
+	_ = d.Set("ipam_driver", result.IPAM.Driver)
+
+	ipamOpts := make(map[string]interface{}, len(result.IPAM.Options))
+	for k, v := range result.IPAM.Options {
+		ipamOpts[k] = v
+	}
+	_ = d.Set("ipam_options", ipamOpts)
+
+	_ = d.Set("ipam_config", result.IPAM.Config)
+
 	return nil
 }
 
-// Use if will be exists PUT (update) methods for Docker Netwerks over API
-///func resourceDockerNetworkRead(d *schema.ResourceData, meta interface{}) error {
-///	client := meta.(*APIClient)
-///	endpointID := d.Get("endpoint_id").(int)
-///	networkID := d.Id()
-///
-///	path := fmt.Sprintf("/endpoints/%d/docker/networks/%s", endpointID, networkID)
-///	resp, err := client.DoRequest(http.MethodGet, path, nil, nil)
-///	if err != nil {
-///		return fmt.Errorf("failed to read docker network: %w", err)
-///	}
-///	defer resp.Body.Close()
-///
-///	if resp.StatusCode == 404 {
-///		d.SetId("")
-///		return nil
-///	} else if resp.StatusCode != 200 {
-///		body, _ := io.ReadAll(resp.Body)
-///		return fmt.Errorf("failed to read docker network: %s", string(body))
-///	}
-///
-///	var network struct {
-///		ID         string            `json:"Id"`
-///		Name       string            `json:"Name"`
-///		Driver     string            `json:"Driver"`
-///		Scope      string            `json:"Scope"`
-///		Internal   bool              `json:"Internal"`
-///		Attachable bool              `json:"Attachable"`
-///		Ingress    bool              `json:"Ingress"`
-///		ConfigOnly bool              `json:"ConfigOnly"`
-///		ConfigFrom map[string]string `json:"ConfigFrom"`
-///		EnableIPv4 *bool             `json:"EnableIPv4,omitempty"`
-///		EnableIPv6 *bool             `json:"EnableIPv6,omitempty"`
-///		IPAM       struct {
-///			Driver  string                   `json:"Driver"`
-///			Options map[string]string        `json:"Options"`
-///			Config  []map[string]interface{} `json:"Config"`
-///		} `json:"IPAM"`
-///		Options map[string]string `json:"Options"`
-///		Labels  map[string]string `json:"Labels"`
-///	}
-///
-///	if err := json.NewDecoder(resp.Body).Decode(&network); err != nil {
-///		return err
-///	}
-///
-///	d.Set("name", network.Name)
-///	d.Set("driver", network.Driver)
-///	d.Set("scope", network.Scope)
-///	d.Set("internal", network.Internal)
-///	d.Set("attachable", network.Attachable)
-///	d.Set("ingress", network.Ingress)
-///	d.Set("config_only", network.ConfigOnly)
-///
-///	if network.EnableIPv4 != nil {
-///		d.Set("enable_ipv4", *network.EnableIPv4)
-///	}
-///	if network.EnableIPv6 != nil {
-///		d.Set("enable_ipv6", *network.EnableIPv6)
-///	}
-///
-///	if v, ok := network.ConfigFrom["Network"]; ok {
-///		d.Set("config_from", v)
-///	}
-///
-///	d.Set("ipam_driver", network.IPAM.Driver)
-///
-///	if network.IPAM.Options != nil {
-///		d.Set("ipam_options", network.IPAM.Options)
-///	} else {
-///		d.Set("ipam_options", map[string]string{})
-///	}
-///
-///	var ipamConfigList []map[string]interface{}
-///	for _, c := range network.IPAM.Config {
-///		entry := map[string]interface{}{}
-///		if subnet, ok := c["Subnet"]; ok {
-///			entry["subnet"] = subnet
-///		}
-///		if ipRange, ok := c["IPRange"]; ok {
-///			entry["ip_range"] = ipRange
-///		}
-///		if gateway, ok := c["Gateway"]; ok {
-///			entry["gateway"] = gateway
-///		}
-///		if aux, ok := c["AuxiliaryAddresses"]; ok {
-///			entry["auxiliary_addresses"] = aux
-///		}
-///		ipamConfigList = append(ipamConfigList, entry)
-///	}
-///
-///	if ipamConfigList != nil {
-///		d.Set("ipam_config", ipamConfigList)
-///	} else {
-///		d.Set("ipam_config", []interface{}{})
-///	}
-///
-///	d.Set("options", network.Options)
-///	d.Set("labels", network.Labels)
-///
-///	return nil
-///
-
 func resourceDockerNetworkDelete(d *schema.ResourceData, meta interface{}) error {
 	client := meta.(*APIClient)
 	endpointID := d.Get("endpoint_id").(int)
 
@@ -24,7 +24,6 @@ func resourceDockerNode() *schema.Resource {
 		Read:   resourceDockerNodeRead,
 		Update: resourceDockerNodeUpdate,
 		Delete: resourceDockerNodeDelete,
-
 		Schema: map[string]*schema.Schema{
 			"endpoint_id": {
 				Type:     schema.TypeInt,