Add kibana security list

Author: nick-benoit

docs/resources/kibana_security_exception_item.md

@@ -126,13 +126,13 @@ resource "elasticstack_kibana_security_exception_item" "complex_entry" {
 Required:
 
 - `field` (String) The field name. Required for all entry types.
-- `operator` (String) The operator to use. Valid values: `included`, `excluded`.
 - `type` (String) The type of entry. Valid values: `match`, `match_any`, `list`, `exists`, `nested`, `wildcard`.
 
 Optional:
 
 - `entries` (Attributes List) Nested entries (for `nested` type). Only `match`, `match_any`, and `exists` entry types are allowed as nested entries. (see [below for nested schema](#nestedatt--entries--entries))
 - `list` (Attributes) Value list reference (for `list` type). (see [below for nested schema](#nestedatt--entries--list))
+- `operator` (String) The operator to use. Valid values: `included`, `excluded`. Note: The operator field is not supported for nested entry types and will be ignored if specified.
 - `value` (String) The value to match (for `match` and `wildcard` types).
 - `values` (List of String) Array of values to match (for `match_any` type).
 

docs/resources/kibana_security_list_item.md

@@ -0,0 +1,197 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "elasticstack_kibana_security_list_item Resource - terraform-provider-elasticstack"
+subcategory: "Kibana"
+description: |-
+  subcategory: "Kibana"
+  layout: ""
+  page_title: "Elasticstack: elasticstack_kibana_security_list_item Resource"
+  description: |-
+  Manages items within Kibana security value lists.
+  Resource: elasticstack_kibana_security_list_item
+  Manages items within Kibana security value lists. Value lists are containers for values that can be used within exception lists to define conditions. This resource allows you to add, update, and remove individual values (items) in those lists.
+  Value list items are used to store data values that match the type of their parent security list (e.g., IP addresses, keywords, etc.). These items can then be referenced in exception list entries to define exception conditions.
+  Example Usage
+  
+  # First create a security list
+  resource "elasticstack_kibana_security_list" "ip_list" {
+    list_id     = "allowed_ips"
+    name        = "Allowed IP Addresses"
+    description = "List of IP addresses that are allowed"
+    type        = "ip"
+  }
+  
+  # Add an IP address to the list
+  resource "elasticstack_kibana_security_list_item" "ip_item_1" {
+    list_id = elasticstack_kibana_security_list.ip_list.list_id
+    value   = "192.168.1.1"
+  }
+  
+  # Add another IP address
+  resource "elasticstack_kibana_security_list_item" "ip_item_2" {
+    list_id = elasticstack_kibana_security_list.ip_list.list_id
+    value   = "10.0.0.1"
+  }
+  
+  # Add a keyword item with metadata
+  resource "elasticstack_kibana_security_list" "keyword_list" {
+    list_id     = "allowed_domains"
+    name        = "Allowed Domains"
+    description = "List of domains that are allowed"
+    type        = "keyword"
+  }
+  
+  resource "elasticstack_kibana_security_list_item" "domain_item" {
+    list_id = elasticstack_kibana_security_list.keyword_list.list_id
+    value   = "example.com"
+    meta    = jsonencode({
+      note = "Primary corporate domain"
+    })
+  }
+  
+  Note on Space Support
+  Important: The generated Kibana API client does not currently support space_id for list item operations. While the space_id attribute is available in the schema for future compatibility, list items currently operate in the default space only. This is a known limitation that will be addressed in a future update when the API client is regenerated with proper space support.
+---
+
+# elasticstack_kibana_security_list_item (Resource)
+
+---
+subcategory: "Kibana"
+layout: ""
+page_title: "Elasticstack: elasticstack_kibana_security_list_item Resource"
+description: |-
+  Manages items within Kibana security value lists.
+---
+
+# Resource: elasticstack_kibana_security_list_item
+
+Manages items within Kibana security value lists. Value lists are containers for values that can be used within exception lists to define conditions. This resource allows you to add, update, and remove individual values (items) in those lists.
+
+Value list items are used to store data values that match the type of their parent security list (e.g., IP addresses, keywords, etc.). These items can then be referenced in exception list entries to define exception conditions.
+
+## Example Usage
+
+```terraform
+# First create a security list
+resource "elasticstack_kibana_security_list" "ip_list" {
+  list_id     = "allowed_ips"
+  name        = "Allowed IP Addresses"
+  description = "List of IP addresses that are allowed"
+  type        = "ip"
+}
+
+# Add an IP address to the list
+resource "elasticstack_kibana_security_list_item" "ip_item_1" {
+  list_id = elasticstack_kibana_security_list.ip_list.list_id
+  value   = "192.168.1.1"
+}
+
+# Add another IP address
+resource "elasticstack_kibana_security_list_item" "ip_item_2" {
+  list_id = elasticstack_kibana_security_list.ip_list.list_id
+  value   = "10.0.0.1"
+}
+
+# Add a keyword item with metadata
+resource "elasticstack_kibana_security_list" "keyword_list" {
+  list_id     = "allowed_domains"
+  name        = "Allowed Domains"
+  description = "List of domains that are allowed"
+  type        = "keyword"
+}
+
+resource "elasticstack_kibana_security_list_item" "domain_item" {
+  list_id = elasticstack_kibana_security_list.keyword_list.list_id
+  value   = "example.com"
+  meta    = jsonencode({
+    note = "Primary corporate domain"
+  })
+}
+```
+
+## Note on Space Support
+
+**Important**: The generated Kibana API client does not currently support space_id for list item operations. While the `space_id` attribute is available in the schema for future compatibility, list items currently operate in the default space only. This is a known limitation that will be addressed in a future update when the API client is regenerated with proper space support.
+
+## Example Usage
+
+### Basic keyword value
+
+```terraform
+# First create a security list
+resource "elasticstack_kibana_security_list" "my_list" {
+  list_id     = "allowed_domains"
+  name        = "Allowed Domains"
+  description = "List of allowed domains"
+  type        = "keyword"
+}
+
+# Add an item to the list
+resource "elasticstack_kibana_security_list_item" "domain_example" {
+  list_id = elasticstack_kibana_security_list.my_list.list_id
+  value   = "example.com"
+}
+```
+
+### IP address value
+
+```terraform
+# First create an IP address list
+resource "elasticstack_kibana_security_list" "ip_list" {
+  list_id     = "allowed_ips"
+  name        = "Allowed IP Addresses"
+  description = "List of allowed IP addresses"
+  type        = "ip"
+}
+
+# Add an IP address to the list
+resource "elasticstack_kibana_security_list_item" "ip_example" {
+  list_id = elasticstack_kibana_security_list.ip_list.list_id
+  value   = "192.168.1.1"
+}
+```
+
+### Value with metadata
+
+```terraform
+# First create a security list
+resource "elasticstack_kibana_security_list" "tagged_domains" {
+  list_id     = "tagged_domains"
+  name        = "Tagged Domains"
+  description = "Domains with associated metadata"
+  type        = "keyword"
+}
+
+# Add an item with metadata
+resource "elasticstack_kibana_security_list_item" "domain_with_meta" {
+  list_id = elasticstack_kibana_security_list.tagged_domains.list_id
+  value   = "internal.example.com"
+  meta = jsonencode({
+    category = "internal"
+    owner    = "infrastructure-team"
+    note     = "Primary internal domain"
+  })
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `list_id` (String) The value list's identifier that this item belongs to.
+- `value` (String) The value used to evaluate exceptions. The value's data type must match the list's type.
+
+### Optional
+
+- `id` (String) The value list item's identifier (auto-generated by Kibana if not specified).
+- `meta` (String) Placeholder for metadata about the value list item as JSON string.
+- `space_id` (String) An identifier for the space. If space_id is not provided, the default space is used.
+
+### Read-Only
+
+- `created_at` (String) The timestamp of when the list item was created.
+- `created_by` (String) The user who created the list item.
+- `updated_at` (String) The timestamp of when the list item was last updated.
+- `updated_by` (String) The user who last updated the list item.
+- `version` (String) The version id, normally returned by the API when the document is retrieved. Used to ensure updates are done against the latest version.

examples/resources/elasticstack_kibana_security_list_item/resource.tf

@@ -0,0 +1,13 @@
+# First create a security list
+resource "elasticstack_kibana_security_list" "my_list" {
+  list_id     = "allowed_domains"
+  name        = "Allowed Domains"
+  description = "List of allowed domains"
+  type        = "keyword"
+}
+
+# Add an item to the list
+resource "elasticstack_kibana_security_list_item" "domain_example" {
+  list_id = elasticstack_kibana_security_list.my_list.list_id
+  value   = "example.com"
+}

examples/resources/elasticstack_kibana_security_list_item/resource_ip.tf

@@ -0,0 +1,13 @@
+# First create an IP address list
+resource "elasticstack_kibana_security_list" "ip_list" {
+  list_id     = "allowed_ips"
+  name        = "Allowed IP Addresses"
+  description = "List of allowed IP addresses"
+  type        = "ip"
+}
+
+# Add an IP address to the list
+resource "elasticstack_kibana_security_list_item" "ip_example" {
+  list_id = elasticstack_kibana_security_list.ip_list.list_id
+  value   = "192.168.1.1"
+}

examples/resources/elasticstack_kibana_security_list_item/resource_with_meta.tf

@@ -0,0 +1,18 @@
+# First create a security list
+resource "elasticstack_kibana_security_list" "tagged_domains" {
+  list_id     = "tagged_domains"
+  name        = "Tagged Domains"
+  description = "Domains with associated metadata"
+  type        = "keyword"
+}
+
+# Add an item with metadata
+resource "elasticstack_kibana_security_list_item" "domain_with_meta" {
+  list_id = elasticstack_kibana_security_list.tagged_domains.list_id
+  value   = "internal.example.com"
+  meta = jsonencode({
+    category = "internal"
+    owner    = "infrastructure-team"
+    note     = "Primary internal domain"
+  })
+}

internal/clients/kibana_oapi/security_lists.go

@@ -88,3 +88,75 @@ func DeleteList(ctx context.Context, client *Client, spaceId string, params *kba
 		return reportUnknownError(resp.StatusCode(), resp.Body)
 	}
 }
+
+// GetListItem reads a security list item from the API by ID or list_id and value
+// Note: The generated Kibana API client does not support space_id for list items yet,
+// so this function operates in the default space only.
+func GetListItem(ctx context.Context, client *Client, params *kbapi.ReadListItemParams) (*kbapi.ReadListItemResponse, diag.Diagnostics) {
+	resp, err := client.API.ReadListItemWithResponse(ctx, params)
+	if err != nil {
+		return nil, diagutil.FrameworkDiagFromError(err)
+	}
+
+	switch resp.StatusCode() {
+	case http.StatusOK:
+		return resp, nil
+	case http.StatusNotFound:
+		return nil, nil
+	default:
+		return nil, reportUnknownError(resp.StatusCode(), resp.Body)
+	}
+}
+
+// CreateListItem creates a new security list item.
+// Note: The generated Kibana API client does not support space_id for list items yet,
+// so this function operates in the default space only.
+func CreateListItem(ctx context.Context, client *Client, body kbapi.CreateListItemJSONRequestBody) (*kbapi.CreateListItemResponse, diag.Diagnostics) {
+	resp, err := client.API.CreateListItemWithResponse(ctx, body)
+	if err != nil {
+		return nil, diagutil.FrameworkDiagFromError(err)
+	}
+
+	switch resp.StatusCode() {
+	case http.StatusOK:
+		return resp, nil
+	default:
+		return nil, reportUnknownError(resp.StatusCode(), resp.Body)
+	}
+}
+
+// UpdateListItem updates an existing security list item.
+// Note: The generated Kibana API client does not support space_id for list items yet,
+// so this function operates in the default space only.
+func UpdateListItem(ctx context.Context, client *Client, body kbapi.UpdateListItemJSONRequestBody) (*kbapi.UpdateListItemResponse, diag.Diagnostics) {
+	resp, err := client.API.UpdateListItemWithResponse(ctx, body)
+	if err != nil {
+		return nil, diagutil.FrameworkDiagFromError(err)
+	}
+
+	switch resp.StatusCode() {
+	case http.StatusOK:
+		return resp, nil
+	default:
+		return nil, reportUnknownError(resp.StatusCode(), resp.Body)
+	}
+}
+
+// DeleteListItem deletes an existing security list item.
+// Note: The generated Kibana API client does not support space_id for list items yet,
+// so this function operates in the default space only.
+func DeleteListItem(ctx context.Context, client *Client, params *kbapi.DeleteListItemParams) diag.Diagnostics {
+	resp, err := client.API.DeleteListItemWithResponse(ctx, params)
+	if err != nil {
+		return diagutil.FrameworkDiagFromError(err)
+	}
+
+	switch resp.StatusCode() {
+	case http.StatusOK:
+		return nil
+	case http.StatusNotFound:
+		return nil
+	default:
+		return reportUnknownError(resp.StatusCode(), resp.Body)
+	}
+}

internal/kibana/security/exception_item/acc_test.go

@@ -199,6 +199,7 @@ func TestAccResourceExceptionItemEntryType_List(t *testing.T) {
 	exceptionListID := fmt.Sprintf("test-exception-list-list-entry-%s", uuid.New().String()[:8])
 	itemID := fmt.Sprintf("test-exception-item-list-entry-%s", uuid.New().String()[:8])
 	valueListID := fmt.Sprintf("test-value-list-%s", uuid.New().String()[:8])
+	valueListValue := "192.168.1.1"
 
 	resource.Test(t, resource.TestCase{
 		PreCheck: func() { acctest.PreCheck(t) },
@@ -211,6 +212,7 @@ func TestAccResourceExceptionItemEntryType_List(t *testing.T) {
 					"exception_list_id": config.StringVariable(exceptionListID),
 					"item_id":           config.StringVariable(itemID),
 					"value_list_id":     config.StringVariable(valueListID),
+					"value_list_value":  config.StringVariable(valueListValue),
 				},
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr("elasticstack_kibana_security_exception_item.test", "entries.0.type", "list"),

internal/kibana/security/exception_item/testdata/TestAccResourceExceptionItemEntryType_List/list/exception_item.tf

@@ -12,6 +12,10 @@ variable "value_list_id" {
   description = "The value list ID"
   type        = string
 }
+variable "value_list_value" {
+  description = "The value list value"
+  type        = string
+}
 
 provider "elasticstack" {
   elasticsearch {}
@@ -25,14 +29,17 @@ resource "elasticstack_kibana_security_exception_list" "test" {
   type           = "detection"
   namespace_type = "single"
 }
+resource "elasticstack_kibana_security_list_item" "test-item" {
+  list_id = elasticstack_kibana_security_list.test.list_id
+  value   = var.value_list_value
+}
 
 # Create a value list to reference in the exception item
 resource "elasticstack_kibana_security_list" "test" {
   list_id     = var.value_list_id
   name        = "Test Value List"
   description = "Test value list for list entry type"
   type        = "ip"
-  # values      = ["192.168.1.1", "192.168.1.2", "10.0.0.1"]
 }
 
 resource "elasticstack_kibana_security_exception_item" "test" {