Add examples, documentation templates, and acceptance tests for exception resources

Co-authored-by: nick-benoit <[email protected]>

Author: Copilot

docs/resources/kibana_security_exception_item.md

@@ -58,7 +58,81 @@ resource "elasticstack_kibana_security_exception_item" "example" {
 }
 ```
 
+## Example Usage
+
+### Basic exception item
+
+```terraform
+resource "elasticstack_kibana_security_exception_list" "example" {
+  list_id        = "my-exception-list"
+  name           = "My Exception List"
+  description    = "List of exceptions for security rules"
+  type           = "detection"
+  namespace_type = "single"
+
+  tags = ["security", "detections"]
+}
+
+resource "elasticstack_kibana_security_exception_item" "example" {
+  list_id        = elasticstack_kibana_security_exception_list.example.list_id
+  item_id        = "my-exception-item"
+  name           = "My Exception Item"
+  description    = "Exclude specific processes from alerts"
+  type           = "simple"
+  namespace_type = "single"
 
+  entries = jsonencode([
+    {
+      field    = "process.name"
+      operator = "included"
+      type     = "match"
+      value    = "trusted-process"
+    }
+  ])
+
+  tags = ["trusted", "whitelisted"]
+}
+```
+
+### Complex exception item with multiple entries
+
+```terraform
+resource "elasticstack_kibana_security_exception_list" "example" {
+  list_id        = "my-exception-list"
+  name           = "My Exception List"
+  description    = "List of exceptions"
+  type           = "detection"
+  namespace_type = "single"
+}
+
+resource "elasticstack_kibana_security_exception_item" "complex_entry" {
+  list_id        = elasticstack_kibana_security_exception_list.example.list_id
+  item_id        = "complex-exception"
+  name           = "Complex Exception with Multiple Entries"
+  description    = "Exception with multiple conditions"
+  type           = "simple"
+  namespace_type = "single"
+
+  # Multiple entries with different operators
+  entries = jsonencode([
+    {
+      field    = "host.name"
+      operator = "included"
+      type     = "match"
+      value    = "trusted-host"
+    },
+    {
+      field    = "user.name"
+      operator = "excluded"
+      type     = "match_any"
+      value    = ["admin", "root"]
+    }
+  ])
+
+  os_types = ["linux"]
+  tags     = ["complex", "multi-condition"]
+}
+```
 
 <!-- schema generated by tfplugindocs -->
 ## Schema

docs/resources/kibana_security_exception_list.md

@@ -38,7 +38,36 @@ resource "elasticstack_kibana_security_exception_list" "example" {
 }
 ```
 
+## Example Usage
+
+### Basic exception list
+
+```terraform
+resource "elasticstack_kibana_security_exception_list" "example" {
+  list_id        = "my-detection-exception-list"
+  name           = "My Detection Exception List"
+  description    = "List of exceptions for security detection rules"
+  type           = "detection"
+  namespace_type = "single"
+
+  tags = ["security", "detections"]
+}
+```
 
+### Endpoint exception list with OS types
+
+```terraform
+resource "elasticstack_kibana_security_exception_list" "endpoint" {
+  list_id        = "my-endpoint-exception-list"
+  name           = "My Endpoint Exception List"
+  description    = "List of endpoint exceptions"
+  type           = "endpoint"
+  namespace_type = "agnostic"
+
+  os_types = ["linux", "windows", "macos"]
+  tags     = ["endpoint", "security"]
+}
+```
 
 <!-- schema generated by tfplugindocs -->
 ## Schema

examples/resources/elasticstack_kibana_security_exception_item/resource.tf

@@ -0,0 +1,29 @@
+resource "elasticstack_kibana_security_exception_list" "example" {
+  list_id        = "my-exception-list"
+  name           = "My Exception List"
+  description    = "List of exceptions for security rules"
+  type           = "detection"
+  namespace_type = "single"
+
+  tags = ["security", "detections"]
+}
+
+resource "elasticstack_kibana_security_exception_item" "example" {
+  list_id        = elasticstack_kibana_security_exception_list.example.list_id
+  item_id        = "my-exception-item"
+  name           = "My Exception Item"
+  description    = "Exclude specific processes from alerts"
+  type           = "simple"
+  namespace_type = "single"
+
+  entries = jsonencode([
+    {
+      field    = "process.name"
+      operator = "included"
+      type     = "match"
+      value    = "trusted-process"
+    }
+  ])
+
+  tags = ["trusted", "whitelisted"]
+}

examples/resources/elasticstack_kibana_security_exception_item/resource_complex.tf

@@ -0,0 +1,35 @@
+resource "elasticstack_kibana_security_exception_list" "example" {
+  list_id        = "my-exception-list"
+  name           = "My Exception List"
+  description    = "List of exceptions"
+  type           = "detection"
+  namespace_type = "single"
+}
+
+resource "elasticstack_kibana_security_exception_item" "complex_entry" {
+  list_id        = elasticstack_kibana_security_exception_list.example.list_id
+  item_id        = "complex-exception"
+  name           = "Complex Exception with Multiple Entries"
+  description    = "Exception with multiple conditions"
+  type           = "simple"
+  namespace_type = "single"
+
+  # Multiple entries with different operators
+  entries = jsonencode([
+    {
+      field    = "host.name"
+      operator = "included"
+      type     = "match"
+      value    = "trusted-host"
+    },
+    {
+      field    = "user.name"
+      operator = "excluded"
+      type     = "match_any"
+      value    = ["admin", "root"]
+    }
+  ])
+
+  os_types = ["linux"]
+  tags     = ["complex", "multi-condition"]
+}

examples/resources/elasticstack_kibana_security_exception_list/resource.tf

@@ -0,0 +1,9 @@
+resource "elasticstack_kibana_security_exception_list" "example" {
+  list_id        = "my-detection-exception-list"
+  name           = "My Detection Exception List"
+  description    = "List of exceptions for security detection rules"
+  type           = "detection"
+  namespace_type = "single"
+
+  tags = ["security", "detections"]
+}

examples/resources/elasticstack_kibana_security_exception_list/resource_endpoint.tf

@@ -0,0 +1,10 @@
+resource "elasticstack_kibana_security_exception_list" "endpoint" {
+  list_id        = "my-endpoint-exception-list"
+  name           = "My Endpoint Exception List"
+  description    = "List of endpoint exceptions"
+  type           = "endpoint"
+  namespace_type = "agnostic"
+
+  os_types = ["linux", "windows", "macos"]
+  tags     = ["endpoint", "security"]
+}

internal/kibana/security/exception_item/acc_test.go

@@ -0,0 +1,117 @@
+package exception_item_test
+
+import (
+	"testing"
+
+	"github.com/elastic/terraform-provider-elasticstack/internal/acctest"
+	"github.com/elastic/terraform-provider-elasticstack/internal/versionutils"
+	"github.com/hashicorp/go-version"
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+)
+
+var minExceptionItemAPISupport = version.Must(version.NewVersion("7.9.0"))
+
+func TestAccResourceExceptionItem(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(t) },
+		ProtoV6ProviderFactories: acctest.Providers,
+		Steps: []resource.TestStep{
+			{
+				SkipFunc: versionutils.CheckIfVersionIsUnsupported(minExceptionItemAPISupport),
+				Config:   testAccResourceExceptionItemCreate,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("elasticstack_kibana_security_exception_item.test", "item_id", "test-exception-item"),
+					resource.TestCheckResourceAttr("elasticstack_kibana_security_exception_item.test", "name", "Test Exception Item"),
+					resource.TestCheckResourceAttr("elasticstack_kibana_security_exception_item.test", "description", "Test exception item for acceptance tests"),
+					resource.TestCheckResourceAttr("elasticstack_kibana_security_exception_item.test", "type", "simple"),
+					resource.TestCheckResourceAttr("elasticstack_kibana_security_exception_item.test", "namespace_type", "single"),
+					resource.TestCheckResourceAttr("elasticstack_kibana_security_exception_item.test", "tags.0", "test"),
+					resource.TestCheckResourceAttrSet("elasticstack_kibana_security_exception_item.test", "id"),
+					resource.TestCheckResourceAttrSet("elasticstack_kibana_security_exception_item.test", "entries"),
+					resource.TestCheckResourceAttrSet("elasticstack_kibana_security_exception_item.test", "created_at"),
+					resource.TestCheckResourceAttrSet("elasticstack_kibana_security_exception_item.test", "created_by"),
+				),
+			},
+			{
+				SkipFunc: versionutils.CheckIfVersionIsUnsupported(minExceptionItemAPISupport),
+				Config:   testAccResourceExceptionItemUpdate,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("elasticstack_kibana_security_exception_item.test", "name", "Test Exception Item Updated"),
+					resource.TestCheckResourceAttr("elasticstack_kibana_security_exception_item.test", "description", "Updated description"),
+					resource.TestCheckResourceAttr("elasticstack_kibana_security_exception_item.test", "tags.0", "test"),
+					resource.TestCheckResourceAttr("elasticstack_kibana_security_exception_item.test", "tags.1", "updated"),
+				),
+			},
+		},
+	})
+}
+
+const testAccResourceExceptionItemCreate = `
+provider "elasticstack" {
+  elasticsearch {}
+  kibana {}
+}
+
+resource "elasticstack_kibana_security_exception_list" "test" {
+  list_id        = "test-exception-list-for-item"
+  name           = "Test Exception List for Item"
+  description    = "Test exception list"
+  type           = "detection"
+  namespace_type = "single"
+}
+
+resource "elasticstack_kibana_security_exception_item" "test" {
+  list_id        = elasticstack_kibana_security_exception_list.test.list_id
+  item_id        = "test-exception-item"
+  name           = "Test Exception Item"
+  description    = "Test exception item for acceptance tests"
+  type           = "simple"
+  namespace_type = "single"
+  
+  entries = jsonencode([
+    {
+      field    = "process.name"
+      operator = "included"
+      type     = "match"
+      value    = "test-process"
+    }
+  ])
+  
+  tags = ["test"]
+}
+`
+
+const testAccResourceExceptionItemUpdate = `
+provider "elasticstack" {
+  elasticsearch {}
+  kibana {}
+}
+
+resource "elasticstack_kibana_security_exception_list" "test" {
+  list_id        = "test-exception-list-for-item"
+  name           = "Test Exception List for Item"
+  description    = "Test exception list"
+  type           = "detection"
+  namespace_type = "single"
+}
+
+resource "elasticstack_kibana_security_exception_item" "test" {
+  list_id        = elasticstack_kibana_security_exception_list.test.list_id
+  item_id        = "test-exception-item"
+  name           = "Test Exception Item Updated"
+  description    = "Updated description"
+  type           = "simple"
+  namespace_type = "single"
+  
+  entries = jsonencode([
+    {
+      field    = "process.name"
+      operator = "included"
+      type     = "match"
+      value    = "test-process-updated"
+    }
+  ])
+  
+  tags = ["test", "updated"]
+}
+`