elastic
diff --git a/‎CHANGELOG.md
Lines changed: 3 additions & 0 deletions b/‎CHANGELOG.md
Lines changed: 3 additions & 0 deletions
diff --git a/‎docs/resources/elasticsearch_logstash_pipeline.md
Lines changed: 113 additions & 0 deletions b/‎docs/resources/elasticsearch_logstash_pipeline.md
Lines changed: 113 additions & 0 deletions
diff --git a/‎docs/resources/elasticsearch_security_role_mapping.md
Lines changed: 12 additions & 7 deletions b/‎docs/resources/elasticsearch_security_role_mapping.md
Lines changed: 12 additions & 7 deletions
diff --git a/‎examples/resources/elasticstack_elasticsearch_logstash_pipeline/import.sh
Lines changed: 1 addition & 0 deletions b/‎examples/resources/elasticstack_elasticsearch_logstash_pipeline/import.sh
Lines changed: 1 addition & 0 deletions
diff --git a/‎examples/resources/elasticstack_elasticsearch_logstash_pipeline/resource.tf
Lines changed: 40 additions & 0 deletions b/‎examples/resources/elasticstack_elasticsearch_logstash_pipeline/resource.tf
Lines changed: 40 additions & 0 deletions
diff --git a/‎internal/clients/logstash.go
Lines changed: 77 additions & 0 deletions b/‎internal/clients/logstash.go
Lines changed: 77 additions & 0 deletions
diff --git a/‎internal/elasticsearch/index/ilm.go
Lines changed: 1 addition & 1 deletion b/‎internal/elasticsearch/index/ilm.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎internal/elasticsearch/index/index.go
Lines changed: 6 additions & 27 deletions b/‎internal/elasticsearch/index/index.go
Lines changed: 6 additions & 27 deletions
@@ -1,5 +1,8 @@
 ## [Unreleased]
 
+### Added
+- New resource `elasticstack_elasticsearch_logstash_pipeline` to manage Logstash pipelines ([Centralized Pipeline Management](https://www.elastic.co/guide/en/logstash/current/logstash-centralized-pipeline-management.html)) ([#151](https://github.com/elastic/terraform-provider-elasticstack/pull/151))
+
 ## [0.4.0] - 2022-10-07
 ### Added
 
 
@@ -0,0 +1,113 @@
+---
+subcategory: "Logstash"
+layout: ""
+page_title: "Elasticstack: elasticstack_elasticsearch_logstash_pipeline Resource"
+description: |-
+  Creates or updates centrally managed logstash pipelines.
+---
+
+# Resource: elasticstack_elasticsearch_logstash_pipeline
+
+Creates or updates centrally managed logstash pipelines. See: https://www.elastic.co/guide/en/elasticsearch/reference/current/logstash-apis.html
+
+## Example Usage
+
+```terraform
+provider "elasticstack" {
+  elasticsearch {}
+}
+
+resource "elasticstack_elasticsearch_logstash_pipeline" "example" {
+  pipeline_id = "test_pipeline"
+  description = "This is an example pipeline"
+
+  pipeline = <<-EOF
+  input{}
+  filter{}
+  output{}
+EOF
+
+  pipeline_metadata = {
+    "type"    = "logstash_pipeline"
+    "version" = 1
+  }
+
+  pipeline_batch_delay = 50
+  pipeline_batch_size = 125
+  pipeline_ecs_compatibility = "disabled"
+  pipeline_ordered = "auto"
+  pipeline_plugin_classloaders = false
+  pipeline_unsafe_shutdown = false
+  pipeline_workers = 1
+  queue_checkpoint_acks = 1024
+  queue_checkpoint_retry = true
+  queue_checkpoint_writes = 1024
+  queue_drain = false
+  queue_max_bytes_number = 1
+  queue_max_bytes_units = "gb"
+  queue_max_events = 0
+  queue_page_capacity = "64mb"
+  queue_type = "persisted"
+}
+
+output "pipeline" {
+  value = elasticstack_elasticsearch_logstash_pipeline.example.pipeline_id
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- **pipeline** (String) Configuration for the pipeline.
+- **pipeline_id** (String) Identifier for the pipeline.
+
+### Optional
+
+- **description** (String) Description of the pipeline.
+- **elasticsearch_connection** (Block List, Max: 1) Used to establish connection to Elasticsearch server. Overrides environment variables if present. (see [below for nested schema](#nestedblock--elasticsearch_connection))
+- **pipeline_batch_delay** (Number) Time in milliseconds to wait for each event before sending an undersized batch to pipeline workers.
+- **pipeline_batch_size** (Number) The maximum number of events an individual worker thread collects before executing filters and outputs.
+- **pipeline_ecs_compatibility** (String) Sets the pipeline default value for ecs_compatibility, a setting that is available to plugins that implement an ECS compatibility mode for use with the Elastic Common Schema.
+- **pipeline_metadata** (Map of String) Optional metadata about the pipeline.
+- **pipeline_ordered** (String) Set the pipeline event ordering.
+- **pipeline_plugin_classloaders** (Boolean) (Beta) Load Java plugins in independent classloaders to isolate their dependencies.
+- **pipeline_unsafe_shutdown** (Boolean) Forces Logstash to exit during shutdown even if there are still inflight events in memory.
+- **pipeline_workers** (Number) The number of parallel workers used to run the filter and output stages of the pipeline.
+- **queue_checkpoint_acks** (Number) The maximum number of ACKed events before forcing a checkpoint when persistent queues are enabled.
+- **queue_checkpoint_retry** (Boolean) When enabled, Logstash will retry four times per attempted checkpoint write for any checkpoint writes that fail. Any subsequent errors are not retried.
+- **queue_checkpoint_writes** (Number) The maximum number of written events before forcing a checkpoint when persistent queues are enabled.
+- **queue_drain** (Boolean) When enabled, Logstash waits until the persistent queue is drained before shutting down.
+- **queue_max_bytes_number** (Number) The total capacity of the queue when persistent queues are enabled.
+- **queue_max_bytes_units** (String) Units for the total capacity of the queue when persistent queues are enabled.
+- **queue_max_events** (Number) The maximum number of unread events in the queue when persistent queues are enabled.
+- **queue_page_capacity** (String) The size of the page data files used when persistent queues are enabled. The queue data consists of append-only data files separated into pages.
+- **queue_type** (String) The internal queueing model for event buffering. Options are memory for in-memory queueing, or persisted for disk-based acknowledged queueing.
+- **username** (String) User who last updated the pipeline.
+
+### Read-Only
+
+- **id** (String) Internal identifier of the resource
+- **last_modified** (String) Date the pipeline was last updated.
+
+<a id="nestedblock--elasticsearch_connection"></a>
+### Nested Schema for `elasticsearch_connection`
+
+Optional:
+
+- **api_key** (String, Sensitive) API Key to use for authentication to Elasticsearch
+- **ca_data** (String) PEM-encoded custom Certificate Authority certificate
+- **ca_file** (String) Path to a custom Certificate Authority certificate
+- **endpoints** (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number.
+- **insecure** (Boolean) Disable TLS certificate validation
+- **password** (String, Sensitive) A password to use for API authentication to Elasticsearch.
+- **username** (String) A username to use for API authentication to Elasticsearch.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import elasticstack_elasticsearch_security_logstash_pipeline.my_pipeline <cluster_uuid>/<pipeline ID>
+```
@@ -1,12 +1,12 @@
 ---
-# generated by https://github.com/hashicorp/terraform-plugin-docs
-page_title: "elasticstack_elasticsearch_security_role_mapping Resource - terraform-provider-elasticstack"
-subcategory: ""
+subcategory: "Security"
+layout: ""
+page_title: "Elasticstack: elasticstack_elasticsearch_security_role_mapping Resource"
 description: |-
   Manage role mappings. See, https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-role-mapping.html
 ---
 
-# elasticstack_elasticsearch_security_role_mapping (Resource)
+# Resource: elasticstack_elasticsearch_security_role_mapping
 
 Manage role mappings. See, https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-role-mapping.html
 
@@ -42,22 +42,27 @@ output "role" {
 ### Required
 
 - **name** (String) The distinct name that identifies the role mapping, used solely as an identifier.
-- **roles** (Set of String) A list of role names that are granted to the users that match the role mapping rules.
-- **rules** (String) A list of mustache templates that will be evaluated to determine the role names that should granted to the users that match the role mapping rules. This matches fields of users, rules can be grouped into `all` and `any` top level keys.
+- **rules** (String) The rules that determine which users should be matched by the mapping. A rule is a logical condition that is expressed by using a JSON DSL.
 
 ### Optional
 
 - **elasticsearch_connection** (Block List, Max: 1) Used to establish connection to Elasticsearch server. Overrides environment variables if present. (see [below for nested schema](#nestedblock--elasticsearch_connection))
 - **enabled** (Boolean) Mappings that have `enabled` set to `false` are ignored when role mapping is performed.
-- **id** (String) The ID of this resource.
 - **metadata** (String) Additional metadata that helps define which roles are assigned to each user. Keys beginning with `_` are reserved for system usage.
+- **role_templates** (String) A list of mustache templates that will be evaluated to determine the roles names that should granted to the users that match the role mapping rules.
+- **roles** (Set of String) A list of role names that are granted to the users that match the role mapping rules.
+
+### Read-Only
+
+- **id** (String) Internal identifier of the resource
 
 <a id="nestedblock--elasticsearch_connection"></a>
 ### Nested Schema for `elasticsearch_connection`
 
 Optional:
 
 - **api_key** (String, Sensitive) API Key to use for authentication to Elasticsearch
+- **ca_data** (String) PEM-encoded custom Certificate Authority certificate
 - **ca_file** (String) Path to a custom Certificate Authority certificate
 - **endpoints** (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number.
 - **insecure** (Boolean) Disable TLS certificate validation
 
@@ -0,0 +1 @@
+terraform import elasticstack_elasticsearch_security_logstash_pipeline.my_pipeline <cluster_uuid>/<pipeline ID>
@@ -0,0 +1,40 @@
+provider "elasticstack" {
+  elasticsearch {}
+}
+
+resource "elasticstack_elasticsearch_logstash_pipeline" "example" {
+  pipeline_id = "test_pipeline"
+  description = "This is an example pipeline"
+
+  pipeline = <<-EOF
+  input{}
+  filter{}
+  output{}
+EOF
+
+  pipeline_metadata = {
+    "type"    = "logstash_pipeline"
+    "version" = 1
+  }
+
+  pipeline_batch_delay         = 50
+  pipeline_batch_size          = 125
+  pipeline_ecs_compatibility   = "disabled"
+  pipeline_ordered             = "auto"
+  pipeline_plugin_classloaders = false
+  pipeline_unsafe_shutdown     = false
+  pipeline_workers             = 1
+  queue_checkpoint_acks        = 1024
+  queue_checkpoint_retry       = true
+  queue_checkpoint_writes      = 1024
+  queue_drain                  = false
+  queue_max_bytes_number       = 1
+  queue_max_bytes_units        = "gb"
+  queue_max_events             = 0
+  queue_page_capacity          = "64mb"
+  queue_type                   = "persisted"
+}
+
+output "pipeline" {
+  value = elasticstack_elasticsearch_logstash_pipeline.example.pipeline_id
+}
@@ -0,0 +1,77 @@
+package clients
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+
+	"github.com/elastic/terraform-provider-elasticstack/internal/models"
+	"github.com/elastic/terraform-provider-elasticstack/internal/utils"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+)
+
+func (a *ApiClient) PutLogstashPipeline(ctx context.Context, logstashPipeline *models.LogstashPipeline) diag.Diagnostics {
+	var diags diag.Diagnostics
+	logstashPipelineBytes, err := json.Marshal(logstashPipeline)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+	res, err := a.es.LogstashPutPipeline(logstashPipeline.PipelineID, bytes.NewReader(logstashPipelineBytes), a.es.LogstashPutPipeline.WithContext(ctx))
+	if err != nil {
+		return diag.FromErr(err)
+	}
+	defer res.Body.Close()
+	if diags := utils.CheckError(res, "Unable to create or update logstash pipeline"); diags.HasError() {
+		return diags
+	}
+
+	return diags
+}
+
+func (a *ApiClient) GetLogstashPipeline(ctx context.Context, pipelineID string) (*models.LogstashPipeline, diag.Diagnostics) {
+	var diags diag.Diagnostics
+	res, err := a.es.LogstashGetPipeline(pipelineID, a.es.LogstashGetPipeline.WithContext(ctx))
+	if err != nil {
+		return nil, diag.FromErr(err)
+	}
+	defer res.Body.Close()
+	if res.StatusCode == http.StatusNotFound {
+		return nil, nil
+	}
+	if diags := utils.CheckError(res, "Unable to find logstash pipeline on cluster."); diags.HasError() {
+		return nil, diags
+	}
+
+	logstashPipeline := make(map[string]models.LogstashPipeline)
+	if err := json.NewDecoder(res.Body).Decode(&logstashPipeline); err != nil {
+		return nil, diag.FromErr(err)
+	}
+
+	if logstashPipeline, ok := logstashPipeline[pipelineID]; ok {
+		logstashPipeline.PipelineID = pipelineID
+		return &logstashPipeline, diags
+	}
+
+	diags = append(diags, diag.Diagnostic{
+		Severity: diag.Error,
+		Summary:  "Unable to find logstash pipeline in the cluster",
+		Detail:   fmt.Sprintf(`Unable to find "%s" logstash pipeline in the cluster`, pipelineID),
+	})
+	return nil, diags
+}
+
+func (a *ApiClient) DeleteLogstashPipeline(ctx context.Context, pipeline_id string) diag.Diagnostics {
+	var diags diag.Diagnostics
+	res, err := a.es.LogstashDeletePipeline(pipeline_id, a.es.LogstashDeletePipeline.WithContext(ctx))
+
+	if err != nil && res.IsError() {
+		return diag.FromErr(err)
+	}
+	defer res.Body.Close()
+	if diags := utils.CheckError(res, "Unable to delete logstash pipeline"); diags.HasError() {
+		return diags
+	}
+	return diags
+}
@@ -501,7 +501,7 @@ func expandAction(a []interface{}, settings ...string) (map[string]interface{},
 	def := make(map[string]interface{})
 
 	// can be zero, so we must skip the empty check
-	settingsToSkip := map[string]struct{}{"number_of_replicas": struct{}{}, "priority": struct{}{}}
+	settingsToSkip := map[string]struct{}{"number_of_replicas": {}, "priority": {}}
 
 	if action := a[0]; action != nil {
 		for _, setting := range settings {
 
@@ -521,7 +521,7 @@ If specified, this mapping can include: field names, [field data types](https://
 				// first populate what we can with Read
 				diags := resourceIndexRead(ctx, d, m)
 				if diags.HasError() {
-					return nil, fmt.Errorf("Unable to import requested index")
+					return nil, fmt.Errorf("unable to import requested index")
 				}
 
 				client, err := clients.NewApiClient(d, m)
@@ -530,12 +530,12 @@ If specified, this mapping can include: field names, [field data types](https://
 				}
 				compId, diags := clients.CompositeIdFromStr(d.Id())
 				if diags.HasError() {
-					return nil, fmt.Errorf("Failed to parse provided ID")
+					return nil, fmt.Errorf("failed to parse provided ID")
 				}
 				indexName := compId.ResourceId
 				index, diags := client.GetElasticsearchIndex(ctx, indexName)
 				if diags.HasError() {
-					return nil, fmt.Errorf("Failed to get an ES Index")
+					return nil, fmt.Errorf("failed to get an ES Index")
 				}
 
 				// check the settings and import those as well
@@ -564,7 +564,7 @@ If specified, this mapping can include: field names, [field data types](https://
 							}
 							value = v
 						}
-						if err := d.Set(convertSettingsKeyToTFFieldKey(key), value); err != nil {
+						if err := d.Set(utils.ConvertSettingsKeyToTFFieldKey(key), value); err != nil {
 							return nil, err
 						}
 					}
@@ -672,7 +672,7 @@ func resourceIndexCreate(ctx context.Context, d *schema.ResourceData, meta inter
 	}
 
 	index.Settings = map[string]interface{}{}
-	if settings := expandIndividuallyDefinedIndexSettings(ctx, d, allSettingsKeys); len(settings) > 0 {
+	if settings := utils.ExpandIndividuallyDefinedSettings(ctx, d, allSettingsKeys); len(settings) > 0 {
 		index.Settings = settings
 	}
 
@@ -783,7 +783,7 @@ func resourceIndexUpdate(ctx context.Context, d *schema.ResourceData, meta inter
 	// settings
 	updatedSettings := make(map[string]interface{})
 	for key := range dynamicsSettingsKeys {
-		fieldKey := convertSettingsKeyToTFFieldKey(key)
+		fieldKey := utils.ConvertSettingsKeyToTFFieldKey(key)
 		if d.HasChange(fieldKey) {
 			updatedSettings[key] = d.Get(fieldKey)
 		}
@@ -918,24 +918,3 @@ func resourceIndexDelete(ctx context.Context, d *schema.ResourceData, meta inter
 	d.SetId("")
 	return diags
 }
-
-func expandIndividuallyDefinedIndexSettings(ctx context.Context, d *schema.ResourceData, settingsKeys map[string]schema.ValueType) map[string]interface{} {
-	settings := make(map[string]interface{})
-	for key := range settingsKeys {
-		tfFieldKey := convertSettingsKeyToTFFieldKey(key)
-		if raw, ok := d.GetOk(tfFieldKey); ok {
-			switch field := raw.(type) {
-			case *schema.Set:
-				settings[key] = field.List()
-			default:
-				settings[key] = raw
-			}
-			tflog.Trace(ctx, fmt.Sprintf("expandIndividuallyDefinedIndexSettings: settingsKey:%+v tfFieldKey:%+v value:%+v, %+v", key, tfFieldKey, raw, settings))
-		}
-	}
-	return settings
-}
-
-func convertSettingsKeyToTFFieldKey(settingKey string) string {
-	return strings.Replace(settingKey, ".", "_", -1)
-}
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+terraform import elasticstack_elasticsearch_security_logstash_pipeline.my_pipeline <cluster_uuid>/<pipeline ID>`