Add tests for schema validations

Author: nick-benoit

internal/kibana/security/exception_item/acc_test.go

@@ -2,6 +2,7 @@ package exception_item_test
 
 import (
 	"fmt"
+	"regexp"
 	"testing"
 
 	"github.com/elastic/terraform-provider-elasticstack/internal/acctest"
@@ -304,3 +305,170 @@ func TestAccResourceExceptionItemEntryType_Wildcard(t *testing.T) {
 		},
 	})
 }
+
+func TestAccResourceExceptionItemValidation(t *testing.T) {
+	listID := fmt.Sprintf("test-exception-list-validation-%s", uuid.New().String()[:8])
+	itemID := fmt.Sprintf("test-exception-item-validation-%s", uuid.New().String()[:8])
+
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() { acctest.PreCheck(t) },
+		Steps: []resource.TestStep{
+			// Test 1: Match entry missing value
+			{
+				SkipFunc:                 versionutils.CheckIfVersionIsUnsupported(minExceptionItemAPISupport),
+				ProtoV6ProviderFactories: acctest.Providers,
+				ConfigDirectory:          acctest.NamedTestCaseDirectory("validation_match_missing_value"),
+				ConfigVariables: config.Variables{
+					"list_id": config.StringVariable(listID),
+					"item_id": config.StringVariable(itemID),
+				},
+				ExpectError: regexp.MustCompile("Entry type 'match' requires 'value' to be set"),
+				PlanOnly:    true,
+			},
+			// Test 2: Match entry missing operator
+			{
+				SkipFunc:                 versionutils.CheckIfVersionIsUnsupported(minExceptionItemAPISupport),
+				ProtoV6ProviderFactories: acctest.Providers,
+				ConfigDirectory:          acctest.NamedTestCaseDirectory("validation_match_missing_operator"),
+				ConfigVariables: config.Variables{
+					"list_id": config.StringVariable(listID),
+					"item_id": config.StringVariable(itemID),
+				},
+				ExpectError: regexp.MustCompile("Entry type 'match' requires 'operator' to be set"),
+				PlanOnly:    true,
+			},
+			// Test 3: Wildcard entry missing value
+			{
+				SkipFunc:                 versionutils.CheckIfVersionIsUnsupported(minExceptionItemAPISupport),
+				ProtoV6ProviderFactories: acctest.Providers,
+				ConfigDirectory:          acctest.NamedTestCaseDirectory("validation_wildcard_missing_value"),
+				ConfigVariables: config.Variables{
+					"list_id": config.StringVariable(listID),
+					"item_id": config.StringVariable(itemID),
+				},
+				ExpectError: regexp.MustCompile("Entry type 'wildcard' requires 'value' to be set"),
+				PlanOnly:    true,
+			},
+			// Test 4: MatchAny entry missing values
+			{
+				SkipFunc:                 versionutils.CheckIfVersionIsUnsupported(minExceptionItemAPISupport),
+				ProtoV6ProviderFactories: acctest.Providers,
+				ConfigDirectory:          acctest.NamedTestCaseDirectory("validation_match_any_missing_values"),
+				ConfigVariables: config.Variables{
+					"list_id": config.StringVariable(listID),
+					"item_id": config.StringVariable(itemID),
+				},
+				ExpectError: regexp.MustCompile("Entry type 'match_any' requires 'values' to be set"),
+				PlanOnly:    true,
+			},
+			// Test 5: MatchAny entry missing operator
+			{
+				SkipFunc:                 versionutils.CheckIfVersionIsUnsupported(minExceptionItemAPISupport),
+				ProtoV6ProviderFactories: acctest.Providers,
+				ConfigDirectory:          acctest.NamedTestCaseDirectory("validation_match_any_missing_operator"),
+				ConfigVariables: config.Variables{
+					"list_id": config.StringVariable(listID),
+					"item_id": config.StringVariable(itemID),
+				},
+				ExpectError: regexp.MustCompile("Entry type 'match_any' requires 'operator' to be set"),
+				PlanOnly:    true,
+			},
+			// Test 6: List entry missing list object
+			{
+				SkipFunc:                 versionutils.CheckIfVersionIsUnsupported(minExceptionItemAPISupport),
+				ProtoV6ProviderFactories: acctest.Providers,
+				ConfigDirectory:          acctest.NamedTestCaseDirectory("validation_list_missing_list_object"),
+				ConfigVariables: config.Variables{
+					"list_id": config.StringVariable(listID),
+					"item_id": config.StringVariable(itemID),
+				},
+				ExpectError: regexp.MustCompile("Entry type 'list' requires 'list' object to be set"),
+				PlanOnly:    true,
+			},
+			// Test 7: List entry missing list.id
+			{
+				SkipFunc:                 versionutils.CheckIfVersionIsUnsupported(minExceptionItemAPISupport),
+				ProtoV6ProviderFactories: acctest.Providers,
+				ConfigDirectory:          acctest.NamedTestCaseDirectory("validation_list_missing_list_id"),
+				ConfigVariables: config.Variables{
+					"list_id": config.StringVariable(listID),
+					"item_id": config.StringVariable(itemID),
+				},
+				ExpectError: regexp.MustCompile(`attribute "id" is required`),
+				PlanOnly:    true,
+			},
+			// Test 8: List entry missing list.type
+			{
+				SkipFunc:                 versionutils.CheckIfVersionIsUnsupported(minExceptionItemAPISupport),
+				ProtoV6ProviderFactories: acctest.Providers,
+				ConfigDirectory:          acctest.NamedTestCaseDirectory("validation_list_missing_list_type"),
+				ConfigVariables: config.Variables{
+					"list_id": config.StringVariable(listID),
+					"item_id": config.StringVariable(itemID),
+				},
+				ExpectError: regexp.MustCompile(`attribute "type" is required`),
+				PlanOnly:    true,
+			},
+			// Test 9: Exists entry missing operator
+			{
+				SkipFunc:                 versionutils.CheckIfVersionIsUnsupported(minExceptionItemAPISupport),
+				ProtoV6ProviderFactories: acctest.Providers,
+				ConfigDirectory:          acctest.NamedTestCaseDirectory("validation_exists_missing_operator"),
+				ConfigVariables: config.Variables{
+					"list_id": config.StringVariable(listID),
+					"item_id": config.StringVariable(itemID),
+				},
+				ExpectError: regexp.MustCompile("Entry type 'exists' requires 'operator' to be set"),
+				PlanOnly:    true,
+			},
+			// Test 10: Nested entry missing entries
+			{
+				SkipFunc:                 versionutils.CheckIfVersionIsUnsupported(minExceptionItemAPISupport),
+				ProtoV6ProviderFactories: acctest.Providers,
+				ConfigDirectory:          acctest.NamedTestCaseDirectory("validation_nested_missing_entries"),
+				ConfigVariables: config.Variables{
+					"list_id": config.StringVariable(listID),
+					"item_id": config.StringVariable(itemID),
+				},
+				ExpectError: regexp.MustCompile("Entry type 'nested' requires 'entries' to be set"),
+				PlanOnly:    true,
+			},
+			// Test 11: Nested entry with invalid entry type
+			{
+				SkipFunc:                 versionutils.CheckIfVersionIsUnsupported(minExceptionItemAPISupport),
+				ProtoV6ProviderFactories: acctest.Providers,
+				ConfigDirectory:          acctest.NamedTestCaseDirectory("validation_nested_invalid_entry_type"),
+				ConfigVariables: config.Variables{
+					"list_id": config.StringVariable(listID),
+					"item_id": config.StringVariable(itemID),
+				},
+				ExpectError: regexp.MustCompile(`(Nested entry .* has invalid type|value must be one of:.*"match".*"match_any".*"exists")`),
+				PlanOnly:    true,
+			},
+			// Test 12: Nested match entry missing value
+			{
+				SkipFunc:                 versionutils.CheckIfVersionIsUnsupported(minExceptionItemAPISupport),
+				ProtoV6ProviderFactories: acctest.Providers,
+				ConfigDirectory:          acctest.NamedTestCaseDirectory("validation_nested_entry_missing_value"),
+				ConfigVariables: config.Variables{
+					"list_id": config.StringVariable(listID),
+					"item_id": config.StringVariable(itemID),
+				},
+				ExpectError: regexp.MustCompile("Nested entry type 'match' requires 'value' to be set"),
+				PlanOnly:    true,
+			},
+			// Test 13: Nested entry missing operator
+			{
+				SkipFunc:                 versionutils.CheckIfVersionIsUnsupported(minExceptionItemAPISupport),
+				ProtoV6ProviderFactories: acctest.Providers,
+				ConfigDirectory:          acctest.NamedTestCaseDirectory("validation_nested_entry_missing_operator"),
+				ConfigVariables: config.Variables{
+					"list_id": config.StringVariable(listID),
+					"item_id": config.StringVariable(itemID),
+				},
+				ExpectError: regexp.MustCompile(`(Nested entry requires 'operator' to be set|attribute "operator" is required)`),
+				PlanOnly:    true,
+			},
+		},
+	})
+}

internal/kibana/security/exception_item/testdata/TestAccResourceExceptionItemValidation/validation_exists_missing_operator/exception_item.tf

@@ -0,0 +1,38 @@
+variable "list_id" {
+  description = "The exception list ID"
+  type        = string
+}
+
+variable "item_id" {
+  description = "The exception item ID"
+  type        = string
+}
+
+provider "elasticstack" {
+  elasticsearch {}
+  kibana {}
+}
+
+resource "elasticstack_kibana_security_exception_list" "test" {
+  list_id        = var.list_id
+  name           = "Test Exception List"
+  description    = "Test exception list for validation"
+  type           = "detection"
+  namespace_type = "single"
+}
+
+resource "elasticstack_kibana_security_exception_item" "test" {
+  list_id        = elasticstack_kibana_security_exception_list.test.list_id
+  item_id        = var.item_id
+  name           = "Test Exception Item - Exists Missing Operator"
+  description    = "Test validation: exists entry without operator"
+  type           = "simple"
+  namespace_type = "single"
+  entries = [
+    {
+      type  = "exists"
+      field = "file.hash.sha256"
+      # Missing operator - should trigger validation error
+    }
+  ]
+}

internal/kibana/security/exception_item/testdata/TestAccResourceExceptionItemValidation/validation_list_missing_list_id/exception_item.tf

@@ -0,0 +1,42 @@
+variable "list_id" {
+  description = "The exception list ID"
+  type        = string
+}
+
+variable "item_id" {
+  description = "The exception item ID"
+  type        = string
+}
+
+provider "elasticstack" {
+  elasticsearch {}
+  kibana {}
+}
+
+resource "elasticstack_kibana_security_exception_list" "test" {
+  list_id        = var.list_id
+  name           = "Test Exception List"
+  description    = "Test exception list for validation"
+  type           = "detection"
+  namespace_type = "single"
+}
+
+resource "elasticstack_kibana_security_exception_item" "test" {
+  list_id        = elasticstack_kibana_security_exception_list.test.list_id
+  item_id        = var.item_id
+  name           = "Test Exception Item - List Missing List ID"
+  description    = "Test validation: list entry without list.id"
+  type           = "simple"
+  namespace_type = "single"
+  entries = [
+    {
+      type     = "list"
+      field    = "source.ip"
+      operator = "included"
+      list = {
+        type = "ip"
+        # Missing id - should trigger validation error
+      }
+    }
+  ]
+}

internal/kibana/security/exception_item/testdata/TestAccResourceExceptionItemValidation/validation_list_missing_list_object/exception_item.tf

@@ -0,0 +1,39 @@
+variable "list_id" {
+  description = "The exception list ID"
+  type        = string
+}
+
+variable "item_id" {
+  description = "The exception item ID"
+  type        = string
+}
+
+provider "elasticstack" {
+  elasticsearch {}
+  kibana {}
+}
+
+resource "elasticstack_kibana_security_exception_list" "test" {
+  list_id        = var.list_id
+  name           = "Test Exception List"
+  description    = "Test exception list for validation"
+  type           = "detection"
+  namespace_type = "single"
+}
+
+resource "elasticstack_kibana_security_exception_item" "test" {
+  list_id        = elasticstack_kibana_security_exception_list.test.list_id
+  item_id        = var.item_id
+  name           = "Test Exception Item - List Missing List Object"
+  description    = "Test validation: list entry without list object"
+  type           = "simple"
+  namespace_type = "single"
+  entries = [
+    {
+      type     = "list"
+      field    = "source.ip"
+      operator = "included"
+      # Missing list object - should trigger validation error
+    }
+  ]
+}

internal/kibana/security/exception_item/testdata/TestAccResourceExceptionItemValidation/validation_list_missing_list_type/exception_item.tf

@@ -0,0 +1,42 @@
+variable "list_id" {
+  description = "The exception list ID"
+  type        = string
+}
+
+variable "item_id" {
+  description = "The exception item ID"
+  type        = string
+}
+
+provider "elasticstack" {
+  elasticsearch {}
+  kibana {}
+}
+
+resource "elasticstack_kibana_security_exception_list" "test" {
+  list_id        = var.list_id
+  name           = "Test Exception List"
+  description    = "Test exception list for validation"
+  type           = "detection"
+  namespace_type = "single"
+}
+
+resource "elasticstack_kibana_security_exception_item" "test" {
+  list_id        = elasticstack_kibana_security_exception_list.test.list_id
+  item_id        = var.item_id
+  name           = "Test Exception Item - List Missing List Type"
+  description    = "Test validation: list entry without list.type"
+  type           = "simple"
+  namespace_type = "single"
+  entries = [
+    {
+      type     = "list"
+      field    = "source.ip"
+      operator = "included"
+      list = {
+        id = "test-value-list"
+        # Missing type - should trigger validation error
+      }
+    }
+  ]
+}

internal/kibana/security/exception_item/testdata/TestAccResourceExceptionItemValidation/validation_match_any_missing_operator/exception_item.tf

@@ -0,0 +1,39 @@
+variable "list_id" {
+  description = "The exception list ID"
+  type        = string
+}
+
+variable "item_id" {
+  description = "The exception item ID"
+  type        = string
+}
+
+provider "elasticstack" {
+  elasticsearch {}
+  kibana {}
+}
+
+resource "elasticstack_kibana_security_exception_list" "test" {
+  list_id        = var.list_id
+  name           = "Test Exception List"
+  description    = "Test exception list for validation"
+  type           = "detection"
+  namespace_type = "single"
+}
+
+resource "elasticstack_kibana_security_exception_item" "test" {
+  list_id        = elasticstack_kibana_security_exception_list.test.list_id
+  item_id        = var.item_id
+  name           = "Test Exception Item - MatchAny Missing Operator"
+  description    = "Test validation: match_any entry without operator"
+  type           = "simple"
+  namespace_type = "single"
+  entries = [
+    {
+      type   = "match_any"
+      field  = "process.name"
+      values = ["process1", "process2"]
+      # Missing operator - should trigger validation error
+    }
+  ]
+}