add security attribute

RobsonSutton · RobsonSutton · commit 737ad6335b10 · 2022-07-23T13:05:12.000+01:00
diff --git a/.gitignore b/.gitignore
@@ -25,6 +25,7 @@ website/node_modules
 *.iml
 *.test
 *.iml
+*.vscode
 
 website/vendor
 
diff --git a/internal/elasticsearch/security/role.go b/internal/elasticsearch/security/role.go
@@ -126,6 +126,11 @@ func ResourceRole() *schema.Resource {
 						DiffSuppressFunc: utils.DiffJsonSuppress,
 						Optional:         true,
 					},
+					"allow_restricted_indices": {
+						Description: "Include matching restricted indices in names parameter.",
+						Type:        schema.TypeBool,
+						Optional:    true,
+					},
 				},
 			},
 		},
@@ -269,6 +274,10 @@ func resourceSecurityRolePut(ctx context.Context, d *schema.ResourceData, meta i
 				}
 				newIndex.FieldSecurity = &fieldSecurity
 			}
+
+			allowRestrictedIndices := index["allow_restricted_indices"].(bool)
+			newIndex.AllowRestrictedIndices = &allowRestrictedIndices
+
 			indices[i] = newIndex
 		}
 		role.Indices = indices
@@ -392,6 +401,7 @@ func flattenIndicesData(indices *[]models.IndexPerms) []interface{} {
 			oi["names"] = index.Names
 			oi["privileges"] = index.Privileges
 			oi["query"] = index.Query
+			oi["allow_restricted_indices"] = index.AllowRestrictedIndices
 
 			if index.FieldSecurity != nil {
 				fsec := make(map[string]interface{})
diff --git a/internal/elasticsearch/security/role_test.go b/internal/elasticsearch/security/role_test.go
@@ -58,8 +58,8 @@ resource "elasticstack_elasticsearch_security_role" "test" {
   cluster = ["all"]
 
   indices {
-    names      = ["index1", "index2"]
-    privileges = ["all"]
+    names                    = ["index1", "index2"]
+    privileges               = ["all"]
   }
 
   applications {
diff --git a/internal/models/models.go b/internal/models/models.go
@@ -22,10 +22,11 @@ type Role struct {
 }
 
 type IndexPerms struct {
-	FieldSecurity *FieldSecurity `json:"field_security,omitempty"`
-	Names         []string       `json:"names"`
-	Privileges    []string       `json:"privileges"`
-	Query         *string        `json:"query,omitempty"`
+	FieldSecurity          *FieldSecurity `json:"field_security,omitempty"`
+	Names                  []string       `json:"names"`
+	Privileges             []string       `json:"privileges"`
+	Query                  *string        `json:"query,omitempty"`
+	AllowRestrictedIndices *bool          `json:"allow_restricted_indices,omitempty"`
 }
 
 type FieldSecurity struct {
diff --git a/main.tf b/main.tf
@@ -0,0 +1,8 @@
+provider "elasticstack" {
+  elasticsearch {
+    username  = "elastic"
+    password  = "changeme"
+    endpoints = ["http://localhost:9200"]
+  }
+}
+

Original file line number	Diff line number	Diff line change
`@@ -58,8 +58,8 @@ resource "elasticstack_elasticsearch_security_role" "test" {`
`58`	`58`	`cluster = ["all"]`
`59`	`59`
`60`	`60`	`indices {`
`61`		`- names = ["index1", "index2"]`
`62`		`- privileges = ["all"]`
	`61`	`+ names = ["index1", "index2"]`
	`62`	`+ privileges = ["all"]`
`63`	`63`	`}`
`64`	`64`
`65`	`65`	`applications {`
Original file line number	Diff line number	Diff line change
`@@ -22,10 +22,11 @@ type Role struct {`
`22`	`22`	`}`
`23`	`23`
`24`	`24`	`type IndexPerms struct {`
`25`		- FieldSecurity *FieldSecurity `json:"field_security,omitempty"`
`26`		- Names []string `json:"names"`
`27`		- Privileges []string `json:"privileges"`
`28`		- Query *string `json:"query,omitempty"`
	`25`	+ FieldSecurity *FieldSecurity `json:"field_security,omitempty"`
	`26`	+ Names []string `json:"names"`
	`27`	+ Privileges []string `json:"privileges"`
	`28`	+ Query *string `json:"query,omitempty"`
	`29`	+ AllowRestrictedIndices *bool `json:"allow_restricted_indices,omitempty"`
`29`	`30`	`}`
`30`	`31`
`31`	`32`	`type FieldSecurity struct {`