Add security list item resource

Author: nick-benoit

internal/kibana/security_list_item/acc_test.go

@@ -0,0 +1,147 @@
+package security_list_item_test
+
+import (
+	"context"
+	"testing"
+
+	"github.com/elastic/terraform-provider-elasticstack/internal/acctest"
+	"github.com/elastic/terraform-provider-elasticstack/internal/clients"
+	"github.com/elastic/terraform-provider-elasticstack/internal/clients/kibana_oapi"
+	"github.com/google/uuid"
+	"github.com/hashicorp/terraform-plugin-testing/config"
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+)
+
+func ensureListIndexExists(t *testing.T) {
+	client, err := clients.NewAcceptanceTestingClient()
+	if err != nil {
+		t.Fatalf("Failed to create client: %v", err)
+	}
+
+	kibanaClient, err := client.GetKibanaOapiClient()
+	if err != nil {
+		t.Fatalf("Failed to get Kibana client: %v", err)
+	}
+
+	diags := kibana_oapi.CreateListIndex(context.Background(), kibanaClient, "default")
+	if diags.HasError() {
+		// It's OK if it already exists, we'll only fail on other errors
+		for _, d := range diags {
+			if d.Summary() != "Unexpected status code from server: got HTTP 409" {
+				t.Fatalf("Failed to create list index: %v", d.Detail())
+			}
+		}
+	}
+}
+
+func TestAccResourceSecurityListItem(t *testing.T) {
+	listID := "test-list-items-" + uuid.New().String()
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.PreCheck(t)
+			ensureListIndexExists(t)
+		},
+		ProtoV6ProviderFactories: acctest.Providers,
+		Steps: []resource.TestStep{
+			{ // Create
+				ConfigDirectory: acctest.NamedTestCaseDirectory("create"),
+				ConfigVariables: config.Variables{
+					"list_id": config.StringVariable(listID),
+					"value":   config.StringVariable("test-value-1"),
+				},
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet("elasticstack_kibana_security_list_item.test", "id"),
+					resource.TestCheckResourceAttr("elasticstack_kibana_security_list_item.test", "value", "test-value-1"),
+					resource.TestCheckResourceAttrSet("elasticstack_kibana_security_list_item.test", "created_at"),
+					resource.TestCheckResourceAttrSet("elasticstack_kibana_security_list_item.test", "created_by"),
+					resource.TestCheckResourceAttrSet("elasticstack_kibana_security_list_item.test", "updated_at"),
+					resource.TestCheckResourceAttrSet("elasticstack_kibana_security_list_item.test", "updated_by"),
+				),
+			},
+			{ // Update
+				ConfigDirectory: acctest.NamedTestCaseDirectory("update"),
+				ConfigVariables: config.Variables{
+					"list_id": config.StringVariable(listID),
+					"value":   config.StringVariable("test-value-updated"),
+				},
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("elasticstack_kibana_security_list_item.test", "value", "test-value-updated"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccResourceSecurityListItem_Space(t *testing.T) {
+	spaceID := "test-space-" + uuid.New().String()
+	listID := "test-list-" + uuid.New().String()
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			acctest.PreCheck(t)
+			ensureListIndexExistsInSpace(t, spaceID)
+		},
+		ProtoV6ProviderFactories: acctest.Providers,
+		Steps: []resource.TestStep{
+			{ // Create space, list, and list item
+				ConfigDirectory: acctest.NamedTestCaseDirectory("space_create"),
+				ConfigVariables: config.Variables{
+					"space_id": config.StringVariable(spaceID),
+					"list_id":  config.StringVariable(listID),
+					"value":    config.StringVariable("192.168.1.1"),
+				},
+				Check: resource.ComposeTestCheckFunc(
+					// Check space
+					resource.TestCheckResourceAttr("elasticstack_kibana_space.test", "space_id", spaceID),
+					resource.TestCheckResourceAttr("elasticstack_kibana_space.test", "name", "Test Security Lists Space"),
+					// Check list
+					resource.TestCheckResourceAttrSet("elasticstack_kibana_security_list.test", "id"),
+					resource.TestCheckResourceAttr("elasticstack_kibana_security_list.test", "space_id", spaceID),
+					resource.TestCheckResourceAttr("elasticstack_kibana_security_list.test", "list_id", listID),
+					resource.TestCheckResourceAttr("elasticstack_kibana_security_list.test", "name", "IP Blocklist"),
+					resource.TestCheckResourceAttr("elasticstack_kibana_security_list.test", "type", "ip"),
+					// Check list item
+					resource.TestCheckResourceAttrSet("elasticstack_kibana_security_list_item.test", "id"),
+					resource.TestCheckResourceAttr("elasticstack_kibana_security_list_item.test", "space_id", spaceID),
+					resource.TestCheckResourceAttr("elasticstack_kibana_security_list_item.test", "list_id", listID),
+					resource.TestCheckResourceAttr("elasticstack_kibana_security_list_item.test", "value", "192.168.1.1"),
+					resource.TestCheckResourceAttrSet("elasticstack_kibana_security_list_item.test", "created_at"),
+					resource.TestCheckResourceAttrSet("elasticstack_kibana_security_list_item.test", "created_by"),
+				),
+			},
+			{ // Update list item
+				ConfigDirectory: acctest.NamedTestCaseDirectory("space_update"),
+				ConfigVariables: config.Variables{
+					"space_id": config.StringVariable(spaceID),
+					"list_id":  config.StringVariable(listID),
+					"value":    config.StringVariable("10.0.0.1"),
+				},
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("elasticstack_kibana_security_list_item.test", "value", "10.0.0.1"),
+				),
+			},
+		},
+	})
+}
+
+func ensureListIndexExistsInSpace(t *testing.T, spaceID string) {
+	client, err := clients.NewAcceptanceTestingClient()
+	if err != nil {
+		t.Fatalf("Failed to create client: %v", err)
+	}
+
+	kibanaClient, err := client.GetKibanaOapiClient()
+	if err != nil {
+		t.Fatalf("Failed to get Kibana client: %v", err)
+	}
+
+	diags := kibana_oapi.CreateListIndex(context.Background(), kibanaClient, spaceID)
+	if diags.HasError() {
+		// It's OK if it already exists, we'll only fail on other errors
+		for _, d := range diags {
+			if d.Summary() != "Unexpected status code from server: got HTTP 409" {
+				t.Fatalf("Failed to create list index in space %s: %v", spaceID, d.Detail())
+			}
+		}
+	}
+}

internal/kibana/security_list_item/create.go

@@ -0,0 +1,78 @@
+package security_list_item
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/elastic/terraform-provider-elasticstack/generated/kbapi"
+	"github.com/elastic/terraform-provider-elasticstack/internal/clients/kibana_oapi"
+	"github.com/hashicorp/terraform-plugin-framework/resource"
+)
+
+func (r *securityListItemResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {
+	var plan SecurityListItemModel
+	resp.Diagnostics.Append(req.Plan.Get(ctx, &plan)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	// Get Kibana client
+	client, err := r.client.GetKibanaOapiClient()
+	if err != nil {
+		resp.Diagnostics.AddError("Failed to get Kibana client", err.Error())
+		return
+	}
+
+	// Convert plan to API request
+	createReq, diags := plan.toAPICreateModel(ctx)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	// Create the list item
+	createResp, diags := kibana_oapi.CreateListItem(ctx, client, plan.SpaceID.ValueString(), *createReq)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	if createResp == nil || createResp.JSON200 == nil {
+		resp.Diagnostics.AddError("Failed to create security list item", "API returned empty response")
+		return
+	}
+
+	// Read the created list item to populate state
+	id := kbapi.SecurityListsAPIListId(createResp.JSON200.Id)
+	readParams := &kbapi.ReadListItemParams{
+		Id: &id,
+	}
+
+	readResp, diags := kibana_oapi.GetListItem(ctx, client, plan.SpaceID.ValueString(), readParams)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	if readResp == nil || readResp.JSON200 == nil {
+		resp.State.RemoveResource(ctx)
+		resp.Diagnostics.AddError("Failed to fetch security list item", "API returned empty response")
+		return
+	}
+
+	// Unmarshal the response body to get the list item
+	var listItem kbapi.SecurityListsAPIListItem
+	if err := json.Unmarshal(readResp.Body, &listItem); err != nil {
+		resp.Diagnostics.AddError("Failed to parse list item response", err.Error())
+		return
+	}
+
+	// Update state with read response
+	diags = plan.fromAPIModel(ctx, &listItem)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, plan)...)
+}

internal/kibana/security_list_item/delete.go

@@ -0,0 +1,33 @@
+package security_list_item
+
+import (
+	"context"
+
+	"github.com/elastic/terraform-provider-elasticstack/generated/kbapi"
+	"github.com/elastic/terraform-provider-elasticstack/internal/clients/kibana_oapi"
+	"github.com/hashicorp/terraform-plugin-framework/resource"
+)
+
+func (r *securityListItemResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) {
+	var state SecurityListItemModel
+	resp.Diagnostics.Append(req.State.Get(ctx, &state)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	// Get Kibana client
+	client, err := r.client.GetKibanaOapiClient()
+	if err != nil {
+		resp.Diagnostics.AddError("Failed to get Kibana client", err.Error())
+		return
+	}
+
+	// Delete by ID
+	id := kbapi.SecurityListsAPIListItemId(state.ID.ValueString())
+	params := &kbapi.DeleteListItemParams{
+		Id: &id,
+	}
+
+	diags := kibana_oapi.DeleteListItem(ctx, client, state.SpaceID.ValueString(), params)
+	resp.Diagnostics.Append(diags...)
+}

internal/kibana/security_list_item/models.go

@@ -0,0 +1,115 @@
+package security_list_item
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/elastic/terraform-provider-elasticstack/generated/kbapi"
+	"github.com/elastic/terraform-provider-elasticstack/internal/utils"
+	"github.com/hashicorp/terraform-plugin-framework-jsontypes/jsontypes"
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+)
+
+type SecurityListItemModel struct {
+	ID        types.String         `tfsdk:"id"`
+	SpaceID   types.String         `tfsdk:"space_id"`
+	ListID    types.String         `tfsdk:"list_id"`
+	Value     types.String         `tfsdk:"value"`
+	Meta      jsontypes.Normalized `tfsdk:"meta"`
+	CreatedAt types.String         `tfsdk:"created_at"`
+	CreatedBy types.String         `tfsdk:"created_by"`
+	UpdatedAt types.String         `tfsdk:"updated_at"`
+	UpdatedBy types.String         `tfsdk:"updated_by"`
+	Version   types.String         `tfsdk:"version"`
+}
+
+// toAPICreateModel converts the Terraform model to the API create request body
+func (m *SecurityListItemModel) toAPICreateModel(ctx context.Context) (*kbapi.CreateListItemJSONRequestBody, diag.Diagnostics) {
+	var diags diag.Diagnostics
+
+	body := &kbapi.CreateListItemJSONRequestBody{
+		ListId: kbapi.SecurityListsAPIListId(m.ListID.ValueString()),
+		Value:  kbapi.SecurityListsAPIListItemValue(m.Value.ValueString()),
+	}
+
+	// Set optional ID if specified
+	if utils.IsKnown(m.ID) {
+		id := kbapi.SecurityListsAPIListItemId(m.ID.ValueString())
+		body.Id = &id
+	}
+
+	// Set optional meta if specified
+	if utils.IsKnown(m.Meta) {
+		var meta kbapi.SecurityListsAPIListItemMetadata
+		if err := json.Unmarshal([]byte(m.Meta.ValueString()), &meta); err != nil {
+			diags.AddError("Failed to parse meta JSON", err.Error())
+			return nil, diags
+		}
+		body.Meta = &meta
+	}
+
+	return body, diags
+}
+
+// toAPIUpdateModel converts the Terraform model to the API update request body
+func (m *SecurityListItemModel) toAPIUpdateModel(ctx context.Context) (*kbapi.UpdateListItemJSONRequestBody, diag.Diagnostics) {
+	var diags diag.Diagnostics
+
+	body := &kbapi.UpdateListItemJSONRequestBody{
+		Id:    kbapi.SecurityListsAPIListItemId(m.ID.ValueString()),
+		Value: kbapi.SecurityListsAPIListItemValue(m.Value.ValueString()),
+	}
+
+	// Set optional version if available
+	if utils.IsKnown(m.Version) {
+		version := kbapi.SecurityListsAPIListVersionId(m.Version.ValueString())
+		body.UnderscoreVersion = &version
+	}
+
+	// Set optional meta if specified
+	if utils.IsKnown(m.Meta) {
+		var meta kbapi.SecurityListsAPIListItemMetadata
+		if err := json.Unmarshal([]byte(m.Meta.ValueString()), &meta); err != nil {
+			diags.AddError("Failed to parse meta JSON", err.Error())
+			return nil, diags
+		}
+		body.Meta = &meta
+	}
+
+	return body, diags
+}
+
+// fromAPIModel populates the Terraform model from an API response
+func (m *SecurityListItemModel) fromAPIModel(ctx context.Context, apiItem *kbapi.SecurityListsAPIListItem) diag.Diagnostics {
+	var diags diag.Diagnostics
+
+	m.ID = types.StringValue(string(apiItem.Id))
+	m.ListID = types.StringValue(string(apiItem.ListId))
+	m.Value = types.StringValue(string(apiItem.Value))
+	m.CreatedAt = types.StringValue(apiItem.CreatedAt.Format("2006-01-02T15:04:05.000Z"))
+	m.CreatedBy = types.StringValue(apiItem.CreatedBy)
+	m.UpdatedAt = types.StringValue(apiItem.UpdatedAt.Format("2006-01-02T15:04:05.000Z"))
+	m.UpdatedBy = types.StringValue(apiItem.UpdatedBy)
+
+	// Set version if available
+	if apiItem.UnderscoreVersion != nil {
+		m.Version = types.StringValue(string(*apiItem.UnderscoreVersion))
+	} else {
+		m.Version = types.StringNull()
+	}
+
+	// Set meta if available
+	if apiItem.Meta != nil {
+		metaJSON, err := json.Marshal(apiItem.Meta)
+		if err != nil {
+			diags.AddError("Failed to serialize meta", err.Error())
+			return diags
+		}
+		m.Meta = jsontypes.NewNormalizedValue(string(metaJSON))
+	} else {
+		m.Meta = jsontypes.NewNormalizedNull()
+	}
+
+	return diags
+}