Add latest changes from gitlab-org/gitlab@master

5 files changed, 87 insertions, 3 deletions

diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md
index 9b72c7378b8..263689894ca 100644
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -1484,7 +1484,6 @@ Input type: `CiCdSettingsUpdateInput`
 | <a id="mutationcicdsettingsupdatekeeplatestartifact"></a>`keepLatestArtifact` | [`Boolean`](#boolean) | Indicates if the latest artifact should be kept for the project. |
 | <a id="mutationcicdsettingsupdatemergepipelinesenabled"></a>`mergePipelinesEnabled` | [`Boolean`](#boolean) | Indicates if merge pipelines are enabled for the project. |
 | <a id="mutationcicdsettingsupdatemergetrainsenabled"></a>`mergeTrainsEnabled` | [`Boolean`](#boolean) | Indicates if merge trains are enabled for the project. |
-| <a id="mutationcicdsettingsupdateoptinjwt"></a>`optInJwt` | [`Boolean`](#boolean) | When disabled, the JSON Web Token is always available in all jobs in the pipeline. |
 
 #### Fields
 
@@ -4988,7 +4987,6 @@ Input type: `ProjectCiCdSettingsUpdateInput`
 | <a id="mutationprojectcicdsettingsupdatekeeplatestartifact"></a>`keepLatestArtifact` | [`Boolean`](#boolean) | Indicates if the latest artifact should be kept for the project. |
 | <a id="mutationprojectcicdsettingsupdatemergepipelinesenabled"></a>`mergePipelinesEnabled` | [`Boolean`](#boolean) | Indicates if merge pipelines are enabled for the project. |
 | <a id="mutationprojectcicdsettingsupdatemergetrainsenabled"></a>`mergeTrainsEnabled` | [`Boolean`](#boolean) | Indicates if merge trains are enabled for the project. |
-| <a id="mutationprojectcicdsettingsupdateoptinjwt"></a>`optInJwt` | [`Boolean`](#boolean) | When disabled, the JSON Web Token is always available in all jobs in the pipeline. |
 
 #### Fields
 
@@ -20408,7 +20406,6 @@ four standard [pagination arguments](#connection-pagination-arguments):
 | <a id="projectcicdsettingkeeplatestartifact"></a>`keepLatestArtifact` | [`Boolean`](#boolean) | Whether to keep the latest builds artifacts. |
 | <a id="projectcicdsettingmergepipelinesenabled"></a>`mergePipelinesEnabled` | [`Boolean`](#boolean) | Whether merge pipelines are enabled. |
 | <a id="projectcicdsettingmergetrainsenabled"></a>`mergeTrainsEnabled` | [`Boolean`](#boolean) | Whether merge trains are enabled. |
-| <a id="projectcicdsettingoptinjwt"></a>`optInJwt` | [`Boolean`](#boolean) | When disabled, the JSON Web Token is always available in all jobs in the pipeline. |
 | <a id="projectcicdsettingproject"></a>`project` | [`Project`](#project) | Project the CI/CD settings belong to. |
 
 ### `ProjectConversations`
diff --git a/doc/api/graphql/removed_items.md b/doc/api/graphql/removed_items.md
index fb4a1a80340..4c506d93436 100644
--- a/doc/api/graphql/removed_items.md
+++ b/doc/api/graphql/removed_items.md
@@ -30,6 +30,7 @@ Fields removed in GitLab 16.0.
 | -------------------- | --------------------     |---------------------------------------------------------------------|------------------------------------------------|
 | -                    | `vulnerabilityFindingDismiss` | [15.5](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/99170) | `vulnerabilityDismiss` or `securityFindingDismiss` |
 | -                    | `apiFuzzingCiConfigurationCreate` | [15.1](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/87241) | `todos`                                        |
+| -                    | `CiCdSettingsUpdate` | [15.0](https://gitlab.com/gitlab-org/gitlab/-/issues/361801) | `ProjectCiCdSettingsUpdate` |
 
 ## GitLab 15.0
 
diff --git a/doc/api/group_access_tokens.md b/doc/api/group_access_tokens.md
index 82065590b33..446aa3668d8 100644
--- a/doc/api/group_access_tokens.md
+++ b/doc/api/group_access_tokens.md
@@ -123,6 +123,34 @@ curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" \
 }
 ```
 
+## Rotate a group access token
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/403042) in GitLab 16.0
+
+Rotate a group access token. Revokes the previous token and creates a new token that expires in one week.
+
+```plaintext
+POST /groups/:id/access_tokens/:token_id/rotate
+```
+
+| Attribute | Type    | required | Description         |
+|-----------|---------|----------|---------------------|
+| `id` | integer or string | yes | ID or [URL-encoded path of the group](rest/index.md#namespaced-path-encoding) |
+| `token_id` | integer or string | yes | ID of the project access token |
+
+```shell
+curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/<group_id>/access_tokens/<token_id>/rotate"
+```
+
+### Responses
+
+- `200: OK` if existing token is successfully revoked and the new token is created.
+- `400: Bad Request` if not rotated successfully.
+- `401: Unauthorized` if either the:
+  - User does not have access to the token with the specified ID.
+  - Token with the specified ID does not exist.
+- `404: Not Found` if the user is an administrator but the token with the specified ID does not exist.
+
 ## Revoke a group access token
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/77236) in GitLab 14.7.
diff --git a/doc/api/personal_access_tokens.md b/doc/api/personal_access_tokens.md
index 167d3eaedb8..691c094f9eb 100644
--- a/doc/api/personal_access_tokens.md
+++ b/doc/api/personal_access_tokens.md
@@ -205,6 +205,36 @@ Example response:
 }
 ```
 
+## Rotate a personal access token
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/403042) in GitLab 16.0
+
+Rotate a personal access token. Revokes the previous token and creates a new token that expires in one week.
+
+```plaintext
+POST /personal_access_tokens/:id/rotate
+```
+
+| Attribute | Type    | Required | Description         |
+|-----------|---------|----------|---------------------|
+| `id` | integer/string | yes | ID of personal access token |
+
+NOTE:
+Non-administrators can rotate their own tokens. Administrators can rotate tokens of any user.
+
+```shell
+curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/personal_access_tokens/<personal_access_token_id>/rotate"
+```
+
+### Responses
+
+- `200: OK` if the existing token is successfully revoked and the new token successfully created.
+- `400: Bad Request` if not rotated successfully.
+- `401: Unauthorized` if either the:
+  - User does not have access to the token with the specified ID.
+  - Token with the specified ID does not exist.
+- `404: Not Found` if the user is an administrator but the token with the specified ID does not exist.
+
 ## Revoke a personal access token
 
 Revoke a personal access token by either:
diff --git a/doc/api/project_access_tokens.md b/doc/api/project_access_tokens.md
index 6711d1b0261..437bdaa70f4 100644
--- a/doc/api/project_access_tokens.md
+++ b/doc/api/project_access_tokens.md
@@ -132,6 +132,34 @@ curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" \
 }
 ```
 
+## Rotate a project access token
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/403042) in GitLab 16.0
+
+Rotate a project access token. Revokes the previous token and creates a new token that expires in one week.
+
+```plaintext
+POST /projects/:id/access_tokens/:token_id/rotate
+```
+
+| Attribute | Type    | required | Description         |
+|-----------|---------|----------|---------------------|
+| `id` | integer or string | yes | ID or [URL-encoded path of the project](rest/index.md#namespaced-path-encoding) |
+| `token_id` | integer or string | yes | ID of the project access token |
+
+```shell
+curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/<project_id>/access_tokens/<token_id>/rotate"
+```
+
+### Responses
+
+- `200: OK` if the existing token is successfully revoked and the new token is successfully created.
+- `400: Bad Request` if not rotated successfully.
+- `401: Unauthorized` if either the:
+  - User does not have access to the token with the specified ID.
+  - Token with the specified ID does not exist.
+- `404: Not Found` if the user is an administrator but the token with the specified ID does not exist.
+
 ## Revoke a project access token
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/238991) in GitLab 13.9.