Merge branch 'copilot/fix-1290-2' of github.com:elastic/terraform-provider-elasticstack into copilot/fix-1290-2

Author: nick-benoit

internal/kibana/security_detection_rule/models.go

@@ -1180,11 +1180,7 @@ func convertOsqueryResponseActionToModel(ctx context.Context, osqueryAction kbap
 
 	// Convert osquery params
 	paramsModel := ResponseActionParamsModel{}
-	if osqueryAction.Params.Query != nil {
-		paramsModel.Query = types.StringPointerValue(osqueryAction.Params.Query)
-	} else {
-		paramsModel.Query = types.StringNull()
-	}
+	paramsModel.Query = types.StringPointerValue(osqueryAction.Params.Query)
 	if osqueryAction.Params.PackId != nil {
 		paramsModel.PackId = types.StringPointerValue(osqueryAction.Params.PackId)
 	} else {
@@ -1547,25 +1543,25 @@ func (d SecurityDetectionRuleData) alertSuppressionToThresholdApi(ctx context.Co
 	suppression := &kbapi.SecurityDetectionsAPIThresholdAlertSuppression{}
 
 	// Handle duration (required for threshold alert suppression)
-	if utils.IsKnown(model.Duration) {
-		var durationModel AlertSuppressionDurationModel
-		durationDiags := model.Duration.As(ctx, &durationModel, basetypes.ObjectAsOptions{})
-		diags.Append(durationDiags...)
-		if !diags.HasError() {
-			duration := kbapi.SecurityDetectionsAPIAlertSuppressionDuration{
-				Value: int(durationModel.Value.ValueInt64()),
-				Unit:  kbapi.SecurityDetectionsAPIAlertSuppressionDurationUnit(durationModel.Unit.ValueString()),
-			}
-			suppression.Duration = duration
-		}
-	} else {
+	if !utils.IsKnown(model.Duration) {
 		diags.AddError(
 			"Duration required for threshold alert suppression",
 			"Threshold alert suppression requires a duration to be specified",
 		)
 		return nil
 	}
 
+	var durationModel AlertSuppressionDurationModel
+	durationDiags := model.Duration.As(ctx, &durationModel, basetypes.ObjectAsOptions{})
+	diags.Append(durationDiags...)
+	if !diags.HasError() {
+		duration := kbapi.SecurityDetectionsAPIAlertSuppressionDuration{
+			Value: int(durationModel.Value.ValueInt64()),
+			Unit:  kbapi.SecurityDetectionsAPIAlertSuppressionDurationUnit(durationModel.Unit.ValueString()),
+		}
+		suppression.Duration = duration
+	}
+
 	// Note: Threshold alert suppression only supports duration field.
 	// GroupBy and MissingFieldsStrategy are not supported for threshold rules.
 

internal/kibana/security_detection_rule/models_saved_query.go

@@ -212,11 +212,7 @@ func (d *SecurityDetectionRuleData) updateFromSavedQueryRule(ctx context.Context
 	diags.Append(d.updateIndexFromApi(ctx, rule.Index)...)
 
 	// Optional query for saved query rules
-	if rule.Query != nil {
-		d.Query = types.StringValue(*rule.Query)
-	} else {
-		d.Query = types.StringNull()
-	}
+	d.Query = types.StringPointerValue(rule.Query)
 
 	// Language for saved query rules (not a pointer)
 	d.Language = types.StringValue(string(rule.Language))