Merge branch 'main' into add-script-resource

Author: k-yomo

.ci/Makefile.ci

@@ -12,6 +12,10 @@ ELASTICSEARCH_MEM ?= 1024m
 
 SOURCE_LOCATION ?= $(shell pwd)
 
+.PHONY: build-ci
+build-ci: ## build the terraform provider
+	go build -o ${BINARY}
+
 # Retry command - first argumment is how many attempts are required, second argument is the command to run
 # Backoff starts with 1 second and double with next itteration
 retry = until [ $$(if [ -z "$$attempt" ]; then echo -n "0"; else echo -n "$$attempt"; fi) -ge $(1) ]; do \

.github/workflows/test.yml

@@ -28,7 +28,7 @@ jobs:
         run: go mod download
 
       - name: Build
-        run: make build
+        run: make build-ci
 
   lint:
     name: Lint

CHANGELOG.md

@@ -3,6 +3,12 @@
 ### Added
 - New resource `elasticstack_elasticsearch_logstash_pipeline` to manage Logstash pipelines ([Centralized Pipeline Management](https://www.elastic.co/guide/en/logstash/current/logstash-centralized-pipeline-management.html)) ([#151](https://github.com/elastic/terraform-provider-elasticstack/pull/151))
 - Add `elasticstack_elasticsearch_script` resource ([#173](https://github.com/elastic/terraform-provider-elasticstack/pull/173))
+- Add `elasticstack_elasticsearch_security_role` data source ([#177](https://github.com/elastic/terraform-provider-elasticstack/pull/177))
+- Add `elasticstack_elasticsearch_security_role_mapping` data source ([#178](https://github.com/elastic/terraform-provider-elasticstack/pull/178))
+
+### Fixed
+- Remove unnecessary unsetting id on delete ([#174](https://github.com/elastic/terraform-provider-elasticstack/pull/174))
+- Fix not found handling for snapshot repository ([#175](https://github.com/elastic/terraform-provider-elasticstack/pull/175))
 
 ## [0.4.0] - 2022-10-07
 ### Added

Makefile

@@ -20,8 +20,7 @@ $(GOBIN): ## create bin/ in the current directory
 
 
 .PHONY: build
-build: lint ## build the terraform provider
-	go build -o ${BINARY}
+build: lint build-ci ## build the terraform provider
 
 
 .PHONY: testacc
@@ -30,7 +29,7 @@ testacc: ## Run acceptance tests
 
 
 .PHONY: test
-test: lint ## Run unit tests
+test: ## Run unit tests
 	go test -v $(TEST) $(TESTARGS) -timeout=5m -parallel=4
 
 

README.md

@@ -1,6 +1,6 @@
 # Terraform Provider Elastic Stack
 
-[![Acceptance Status](https://devops-ci.elastic.co/job/elastic+terraform-provider-elasticstack+main/badge/icon?subject=acceptance)](https://devops-ci.elastic.co/job/elastic+terraform-provider-elasticstack+main/)
+[![Acceptance Status](https://github.com/elastic/terraform-provider-elasticstack/actions/workflows/test.yml/badge.svg)](https://github.com/elastic/terraform-provider-elasticstack/actions/workflows/test.yml)
 
 ## Use of the provider
 The Elastic Stack provider allows you to manage and configure the Elastic stack (Elasticsearch, Kibana, etc) as code using `terraform`.

docs/data-sources/elasticsearch_security_role.md

@@ -0,0 +1,91 @@
+---
+subcategory: "Security"
+layout: ""
+page_title: "Elasticstack: elasticstack_elasticsearch_security_role Data Source"
+description: |-
+  Retrieves roles in the native realm.
+---
+
+# Data Source: elasticstack_elasticsearch_security_role
+
+Use this data source to get information about an existing Elasticsearch role. See, https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-role.html
+
+## Example Usage
+
+```terraform
+provider "elasticstack" {
+  elasticsearch {}
+}
+
+data "elasticstack_elasticsearch_security_role" "role" {
+  name = "testrole"
+}
+
+output "role" {
+  value = data.elasticstack_elasticsearch_security_role.role.name
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) The name of the role.
+
+### Optional
+
+- `elasticsearch_connection` (Block List, Max: 1) Used to establish connection to Elasticsearch server. Overrides environment variables if present. (see [below for nested schema](#nestedblock--elasticsearch_connection))
+- `run_as` (Set of String) A list of users that the owners of this role can impersonate.
+
+### Read-Only
+
+- `applications` (Set of Object) A list of application privilege entries. (see [below for nested schema](#nestedatt--applications))
+- `cluster` (Set of String) A list of cluster privileges. These privileges define the cluster level actions that users with this role are able to execute.
+- `global` (String) An object defining global privileges.
+- `id` (String) Internal identifier of the resource
+- `indices` (Set of Object) A list of indices permissions entries. (see [below for nested schema](#nestedatt--indices))
+- `metadata` (String) Optional meta-data.
+
+<a id="nestedblock--elasticsearch_connection"></a>
+### Nested Schema for `elasticsearch_connection`
+
+Optional:
+
+- `api_key` (String, Sensitive) API Key to use for authentication to Elasticsearch
+- `ca_data` (String) PEM-encoded custom Certificate Authority certificate
+- `ca_file` (String) Path to a custom Certificate Authority certificate
+- `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number.
+- `insecure` (Boolean) Disable TLS certificate validation
+- `password` (String, Sensitive) A password to use for API authentication to Elasticsearch.
+- `username` (String) A username to use for API authentication to Elasticsearch.
+
+
+<a id="nestedatt--applications"></a>
+### Nested Schema for `applications`
+
+Read-Only:
+
+- `application` (String)
+- `privileges` (Set of String)
+- `resources` (Set of String)
+
+
+<a id="nestedatt--indices"></a>
+### Nested Schema for `indices`
+
+Read-Only:
+
+- `allow_restricted_indices` (Boolean)
+- `field_security` (List of Object) (see [below for nested schema](#nestedobjatt--indices--field_security))
+- `names` (Set of String)
+- `privileges` (Set of String)
+- `query` (String)
+
+<a id="nestedobjatt--indices--field_security"></a>
+### Nested Schema for `indices.field_security`
+
+Read-Only:
+
+- `except` (Set of String)
+- `grant` (Set of String)

docs/data-sources/elasticsearch_security_role_mapping.md

@@ -0,0 +1,60 @@
+---
+subcategory: "Security"
+layout: ""
+page_title: "Elasticstack: elasticstack_elasticsearch_security_role_mapping Data Source"
+description: |-
+  Retrieves role mappings.
+---
+
+# Data Source: elasticstack_elasticsearch_security_role_mapping
+
+Retrieves role mappings. See, https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-role-mapping.html
+
+## Example Usage
+
+```terraform
+provider "elasticstack" {
+  elasticsearch {}
+}
+
+data "elasticstack_elasticsearch_security_role_mapping" "mapping" {
+  name = "my_mapping"
+}
+
+output "user" {
+  value = data.elasticstack_elasticsearch_security_role_mapping.mapping.name
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) The distinct name that identifies the role mapping, used solely as an identifier.
+
+### Optional
+
+- `elasticsearch_connection` (Block List, Max: 1) Used to establish connection to Elasticsearch server. Overrides environment variables if present. (see [below for nested schema](#nestedblock--elasticsearch_connection))
+
+### Read-Only
+
+- `enabled` (Boolean) Mappings that have `enabled` set to `false` are ignored when role mapping is performed.
+- `id` (String) Internal identifier of the resource
+- `metadata` (String) Additional metadata that helps define which roles are assigned to each user. Keys beginning with `_` are reserved for system usage.
+- `role_templates` (String) A list of mustache templates that will be evaluated to determine the roles names that should granted to the users that match the role mapping rules.
+- `roles` (Set of String) A list of role names that are granted to the users that match the role mapping rules.
+- `rules` (String) The rules that determine which users should be matched by the mapping. A rule is a logical condition that is expressed by using a JSON DSL.
+
+<a id="nestedblock--elasticsearch_connection"></a>
+### Nested Schema for `elasticsearch_connection`
+
+Optional:
+
+- `api_key` (String, Sensitive) API Key to use for authentication to Elasticsearch
+- `ca_data` (String) PEM-encoded custom Certificate Authority certificate
+- `ca_file` (String) Path to a custom Certificate Authority certificate
+- `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number.
+- `insecure` (Boolean) Disable TLS certificate validation
+- `password` (String, Sensitive) A password to use for API authentication to Elasticsearch.
+- `username` (String) A username to use for API authentication to Elasticsearch.

examples/data-sources/elasticstack_elasticsearch_security_role/data-source.tf

@@ -0,0 +1,11 @@
+provider "elasticstack" {
+  elasticsearch {}
+}
+
+data "elasticstack_elasticsearch_security_role" "role" {
+  name = "testrole"
+}
+
+output "role" {
+  value = data.elasticstack_elasticsearch_security_role.role.name
+}

examples/data-sources/elasticstack_elasticsearch_security_role_mapping/data-source.tf

@@ -0,0 +1,11 @@
+provider "elasticstack" {
+  elasticsearch {}
+}
+
+data "elasticstack_elasticsearch_security_role_mapping" "mapping" {
+  name = "my_mapping"
+}
+
+output "user" {
+  value = data.elasticstack_elasticsearch_security_role_mapping.mapping.name
+}

go.mod

@@ -3,7 +3,7 @@ module github.com/elastic/terraform-provider-elasticstack
 go 1.19
 
 require (
-	github.com/elastic/go-elasticsearch/v7 v7.17.1
+	github.com/elastic/go-elasticsearch/v7 v7.17.7
 	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320
 	github.com/hashicorp/terraform-plugin-log v0.7.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.24.0

go.sum

@@ -33,8 +33,8 @@ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ3
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/elastic/go-elasticsearch/v7 v7.17.1 h1:49mHcHx7lpCL8cW1aioEwSEVKQF3s+Igi4Ye/QTWwmk=
-github.com/elastic/go-elasticsearch/v7 v7.17.1/go.mod h1:OJ4wdbtDNk5g503kvlHLyErCgQwwzmDtaFC4XyOxXA4=
+github.com/elastic/go-elasticsearch/v7 v7.17.7 h1:pcYNfITNPusl+cLwLN6OLmVT+F73Els0nbaWOmYachs=
+github.com/elastic/go-elasticsearch/v7 v7.17.7/go.mod h1:OJ4wdbtDNk5g503kvlHLyErCgQwwzmDtaFC4XyOxXA4=
 github.com/emirpasic/gods v1.12.0 h1:QAUIPSaCu4G+POclxeqb3F+WPpdKqFGlw36+yOzGlrg=
 github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=

internal/clients/cluster.go

@@ -39,12 +39,7 @@ func (a *ApiClient) GetElasticsearchSnapshotRepository(ctx context.Context, name
 	}
 	defer res.Body.Close()
 	if res.StatusCode == http.StatusNotFound {
-		diags = append(diags, diag.Diagnostic{
-			Severity: diag.Error,
-			Summary:  "Unable to find requested repository",
-			Detail:   fmt.Sprintf(`Repository "%s" is missing in the ES API response`, name),
-		})
-		return nil, diags
+		return nil, nil
 	}
 	if diags := utils.CheckError(res, fmt.Sprintf("Unable to get the information about snapshot repository: %s", name)); diags.HasError() {
 		return nil, diags
@@ -113,10 +108,10 @@ func (a *ApiClient) GetElasticsearchSlm(ctx context.Context, slmName string) (*m
 	if diags := utils.CheckError(res, "Unable to get SLM policy from ES API"); diags.HasError() {
 		return nil, diags
 	}
-	type SlmReponse = map[string]struct {
+	type SlmResponse = map[string]struct {
 		Policy models.SnapshotPolicy `json:"policy"`
 	}
-	var slmResponse SlmReponse
+	var slmResponse SlmResponse
 	if err := json.NewDecoder(res.Body).Decode(&slmResponse); err != nil {
 		return nil, diag.FromErr(err)
 	}

internal/elasticsearch/cluster/settings.go

@@ -287,6 +287,5 @@ func resourceClusterSettingsDelete(ctx context.Context, d *schema.ResourceData,
 		return diags
 	}
 
-	d.SetId("")
 	return diags
 }

internal/elasticsearch/cluster/slm.go

@@ -339,6 +339,5 @@ func resourceSlmDelete(ctx context.Context, d *schema.ResourceData, meta interfa
 	if diags := client.DeleteElasticsearchSlm(ctx, id.ResourceId); diags.HasError() {
 		return diags
 	}
-	d.SetId("")
 	return diags
 }

internal/elasticsearch/cluster/snapshot_repository.go

@@ -10,6 +10,7 @@ import (
 	"github.com/elastic/terraform-provider-elasticstack/internal/clients"
 	"github.com/elastic/terraform-provider-elasticstack/internal/models"
 	"github.com/elastic/terraform-provider-elasticstack/internal/utils"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
@@ -374,6 +375,7 @@ func resourceSnapRepoRead(ctx context.Context, d *schema.ResourceData, meta inte
 
 	currentRepo, diags := client.GetElasticsearchSnapshotRepository(ctx, compId.ResourceId)
 	if currentRepo == nil && diags == nil {
+		tflog.Warn(ctx, fmt.Sprintf(`Snapshot repository "%s" not found, removing from state`, compId.ResourceId))
 		d.SetId("")
 		return diags
 	}
@@ -454,6 +456,5 @@ func resourceSnapRepoDelete(ctx context.Context, d *schema.ResourceData, meta in
 	if diags := client.DeleteElasticsearchSnapshotRepository(ctx, compId.ResourceId); diags.HasError() {
 		return diags
 	}
-	d.SetId("")
 	return diags
 }

internal/elasticsearch/index/component_template.go

@@ -293,6 +293,5 @@ func resourceComponentTemplateDelete(ctx context.Context, d *schema.ResourceData
 	if diags := client.DeleteElasticsearchComponentTemplate(ctx, compId.ResourceId); diags.HasError() {
 		return diags
 	}
-	d.SetId("")
 	return diags
 }

internal/elasticsearch/index/data_stream.go

@@ -222,6 +222,5 @@ func resourceDataStreamDelete(ctx context.Context, d *schema.ResourceData, meta
 		return diags
 	}
 
-	d.SetId("")
 	return diags
 }

internal/elasticsearch/index/ilm.go

@@ -651,6 +651,5 @@ func resourceIlmDelete(ctx context.Context, d *schema.ResourceData, meta interfa
 		return diags
 	}
 
-	d.SetId("")
 	return diags
 }

internal/elasticsearch/index/index.go

@@ -927,6 +927,5 @@ func resourceIndexDelete(ctx context.Context, d *schema.ResourceData, meta inter
 	if diags := client.DeleteElasticsearchIndex(ctx, compId.ResourceId); diags.HasError() {
 		return diags
 	}
-	d.SetId("")
 	return diags
 }

internal/elasticsearch/index/template.go

@@ -420,6 +420,5 @@ func resourceIndexTemplateDelete(ctx context.Context, d *schema.ResourceData, me
 	if diags := client.DeleteElasticsearchIndexTemplate(ctx, compId.ResourceId); diags.HasError() {
 		return diags
 	}
-	d.SetId("")
 	return diags
 }

internal/elasticsearch/ingest/pipeline.go

@@ -218,6 +218,5 @@ func resourceIngestPipelineTemplateDelete(ctx context.Context, d *schema.Resourc
 		return diags
 	}
 
-	d.SetId("")
 	return diags
 }

internal/elasticsearch/security/role.go

@@ -431,6 +431,5 @@ func resourceSecurityRoleDelete(ctx context.Context, d *schema.ResourceData, met
 		return diags
 	}
 
-	d.SetId("")
 	return diags
 }