Add exception_list and exception_item resources with CRUD operations

Co-authored-by: nick-benoit <[email protected]>

Author: Copilot

docs/resources/kibana_security_exception_item.md

@@ -0,0 +1,102 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "elasticstack_kibana_security_exception_item Resource - terraform-provider-elasticstack"
+subcategory: "Kibana"
+description: |-
+  Manages a Kibana Exception Item. Exception items define the specific query conditions used to prevent rules from generating alerts.
+  See the Kibana Exceptions API documentation https://www.elastic.co/docs/api/doc/kibana/group/endpoint-security-exceptions-api for more details.
+  Example Usage
+  
+  resource "elasticstack_kibana_security_exception_item" "example" {
+    list_id       = elasticstack_kibana_security_exception_list.example.list_id
+    item_id       = "my-exception-item"
+    name          = "My Exception Item"
+    description   = "Exclude specific processes from alerts"
+    type          = "simple"
+    namespace_type = "single"
+    
+    entries = jsonencode([
+      {
+        field = "process.name"
+        operator = "included"
+        type = "match"
+        value = "my-process"
+      }
+    ])
+    
+    tags = ["tag1", "tag2"]
+  }
+---
+
+# elasticstack_kibana_security_exception_item (Resource)
+
+Manages a Kibana Exception Item. Exception items define the specific query conditions used to prevent rules from generating alerts.
+
+See the [Kibana Exceptions API documentation](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-security-exceptions-api) for more details.
+
+## Example Usage
+
+```terraform
+resource "elasticstack_kibana_security_exception_item" "example" {
+  list_id       = elasticstack_kibana_security_exception_list.example.list_id
+  item_id       = "my-exception-item"
+  name          = "My Exception Item"
+  description   = "Exclude specific processes from alerts"
+  type          = "simple"
+  namespace_type = "single"
+  
+  entries = jsonencode([
+    {
+      field = "process.name"
+      operator = "included"
+      type = "match"
+      value = "my-process"
+    }
+  ])
+  
+  tags = ["tag1", "tag2"]
+}
+```
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `description` (String) Describes the exception item.
+- `entries` (String) The exception item entries as JSON string. This defines the conditions under which the exception applies.
+- `list_id` (String) The exception list's identifier that this item belongs to.
+- `name` (String) The name of the exception item.
+- `type` (String) The type of exception item. Must be `simple`.
+
+### Optional
+
+- `comments` (Attributes List) Array of comments about the exception item. (see [below for nested schema](#nestedatt--comments))
+- `expire_time` (String) The exception item's expiration date in ISO format. This field is only available for regular exception items, not endpoint exceptions.
+- `item_id` (String) The exception item's human readable string identifier.
+- `meta` (String) Placeholder for metadata about the exception item as JSON string.
+- `namespace_type` (String) Determines whether the exception item is available in all Kibana spaces or just the space in which it is created. Can be `single` (default) or `agnostic`.
+- `os_types` (List of String) Array of OS types for which the exceptions apply. Valid values: `linux`, `macos`, `windows`.
+- `tags` (List of String) String array containing words and phrases to help categorize exception items.
+
+### Read-Only
+
+- `created_at` (String) The timestamp of when the exception item was created.
+- `created_by` (String) The user who created the exception item.
+- `id` (String) The unique identifier of the exception item (auto-generated by Kibana).
+- `tie_breaker_id` (String) Field used in search to ensure all items are sorted and returned correctly.
+- `updated_at` (String) The timestamp of when the exception item was last updated.
+- `updated_by` (String) The user who last updated the exception item.
+
+<a id="nestedatt--comments"></a>
+### Nested Schema for `comments`
+
+Required:
+
+- `comment` (String) The comment text.
+
+Read-Only:
+
+- `id` (String) The unique identifier of the comment (auto-generated by Kibana).

docs/resources/kibana_security_exception_list.md

@@ -0,0 +1,69 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "elasticstack_kibana_security_exception_list Resource - terraform-provider-elasticstack"
+subcategory: "Kibana"
+description: |-
+  Manages a Kibana Exception List. Exception lists are containers for exception items used to prevent security rules from generating alerts.
+  See the Kibana Exceptions API documentation https://www.elastic.co/docs/api/doc/kibana/group/endpoint-security-exceptions-api for more details.
+  Example Usage
+  
+  resource "elasticstack_kibana_security_exception_list" "example" {
+    list_id       = "my-exception-list"
+    name          = "My Exception List"
+    description   = "List of exceptions for security rules"
+    type          = "detection"
+    namespace_type = "single"
+    
+    tags = ["tag1", "tag2"]
+  }
+---
+
+# elasticstack_kibana_security_exception_list (Resource)
+
+Manages a Kibana Exception List. Exception lists are containers for exception items used to prevent security rules from generating alerts.
+
+See the [Kibana Exceptions API documentation](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-security-exceptions-api) for more details.
+
+## Example Usage
+
+```terraform
+resource "elasticstack_kibana_security_exception_list" "example" {
+  list_id       = "my-exception-list"
+  name          = "My Exception List"
+  description   = "List of exceptions for security rules"
+  type          = "detection"
+  namespace_type = "single"
+  
+  tags = ["tag1", "tag2"]
+}
+```
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `description` (String) Describes the exception list.
+- `list_id` (String) The exception list's human readable string identifier.
+- `name` (String) The name of the exception list.
+- `type` (String) The type of exception list. Can be one of: `detection`, `endpoint`, `endpoint_trusted_apps`, `endpoint_events`, `endpoint_host_isolation_exceptions`, `endpoint_blocklists`.
+
+### Optional
+
+- `meta` (String) Placeholder for metadata about the list container as JSON string.
+- `namespace_type` (String) Determines whether the exception list is available in all Kibana spaces or just the space in which it is created. Can be `single` (default) or `agnostic`.
+- `os_types` (List of String) Array of OS types for which the exceptions apply. Valid values: `linux`, `macos`, `windows`.
+- `tags` (List of String) String array containing words and phrases to help categorize exception containers.
+
+### Read-Only
+
+- `created_at` (String) The timestamp of when the exception list was created.
+- `created_by` (String) The user who created the exception list.
+- `id` (String) The unique identifier of the exception list (auto-generated by Kibana).
+- `immutable` (Boolean) Whether the exception list is immutable.
+- `tie_breaker_id` (String) Field used in search to ensure all containers are sorted and returned correctly.
+- `updated_at` (String) The timestamp of when the exception list was last updated.
+- `updated_by` (String) The user who last updated the exception list.
+- `version` (Number) The version of the exception list.

internal/clients/kibana_oapi/exceptions.go

@@ -0,0 +1,138 @@
+package kibana_oapi
+
+import (
+	"context"
+	"net/http"
+
+	"github.com/elastic/terraform-provider-elasticstack/generated/kbapi"
+	"github.com/elastic/terraform-provider-elasticstack/internal/diagutil"
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+)
+
+// GetExceptionList reads an exception list from the API by ID or list_id
+func GetExceptionList(ctx context.Context, client *Client, params *kbapi.ReadExceptionListParams) (*kbapi.ReadExceptionListResponse, diag.Diagnostics) {
+	resp, err := client.API.ReadExceptionListWithResponse(ctx, params)
+	if err != nil {
+		return nil, diagutil.FrameworkDiagFromError(err)
+	}
+
+	switch resp.StatusCode() {
+	case http.StatusOK:
+		return resp, nil
+	case http.StatusNotFound:
+		return nil, nil
+	default:
+		return nil, reportUnknownError(resp.StatusCode(), resp.Body)
+	}
+}
+
+// CreateExceptionList creates a new exception list.
+func CreateExceptionList(ctx context.Context, client *Client, body kbapi.CreateExceptionListJSONRequestBody) (*kbapi.CreateExceptionListResponse, diag.Diagnostics) {
+	resp, err := client.API.CreateExceptionListWithResponse(ctx, body)
+	if err != nil {
+		return nil, diagutil.FrameworkDiagFromError(err)
+	}
+
+	switch resp.StatusCode() {
+	case http.StatusOK:
+		return resp, nil
+	default:
+		return nil, reportUnknownError(resp.StatusCode(), resp.Body)
+	}
+}
+
+// UpdateExceptionList updates an existing exception list.
+func UpdateExceptionList(ctx context.Context, client *Client, body kbapi.UpdateExceptionListJSONRequestBody) (*kbapi.UpdateExceptionListResponse, diag.Diagnostics) {
+	resp, err := client.API.UpdateExceptionListWithResponse(ctx, body)
+	if err != nil {
+		return nil, diagutil.FrameworkDiagFromError(err)
+	}
+
+	switch resp.StatusCode() {
+	case http.StatusOK:
+		return resp, nil
+	default:
+		return nil, reportUnknownError(resp.StatusCode(), resp.Body)
+	}
+}
+
+// DeleteExceptionList deletes an existing exception list.
+func DeleteExceptionList(ctx context.Context, client *Client, params *kbapi.DeleteExceptionListParams) diag.Diagnostics {
+	resp, err := client.API.DeleteExceptionListWithResponse(ctx, params)
+	if err != nil {
+		return diagutil.FrameworkDiagFromError(err)
+	}
+
+	switch resp.StatusCode() {
+	case http.StatusOK:
+		return nil
+	case http.StatusNotFound:
+		return nil
+	default:
+		return reportUnknownError(resp.StatusCode(), resp.Body)
+	}
+}
+
+// GetExceptionListItem reads an exception list item from the API by ID or item_id
+func GetExceptionListItem(ctx context.Context, client *Client, params *kbapi.ReadExceptionListItemParams) (*kbapi.ReadExceptionListItemResponse, diag.Diagnostics) {
+	resp, err := client.API.ReadExceptionListItemWithResponse(ctx, params)
+	if err != nil {
+		return nil, diagutil.FrameworkDiagFromError(err)
+	}
+
+	switch resp.StatusCode() {
+	case http.StatusOK:
+		return resp, nil
+	case http.StatusNotFound:
+		return nil, nil
+	default:
+		return nil, reportUnknownError(resp.StatusCode(), resp.Body)
+	}
+}
+
+// CreateExceptionListItem creates a new exception list item.
+func CreateExceptionListItem(ctx context.Context, client *Client, body kbapi.CreateExceptionListItemJSONRequestBody) (*kbapi.CreateExceptionListItemResponse, diag.Diagnostics) {
+	resp, err := client.API.CreateExceptionListItemWithResponse(ctx, body)
+	if err != nil {
+		return nil, diagutil.FrameworkDiagFromError(err)
+	}
+
+	switch resp.StatusCode() {
+	case http.StatusOK:
+		return resp, nil
+	default:
+		return nil, reportUnknownError(resp.StatusCode(), resp.Body)
+	}
+}
+
+// UpdateExceptionListItem updates an existing exception list item.
+func UpdateExceptionListItem(ctx context.Context, client *Client, body kbapi.UpdateExceptionListItemJSONRequestBody) (*kbapi.UpdateExceptionListItemResponse, diag.Diagnostics) {
+	resp, err := client.API.UpdateExceptionListItemWithResponse(ctx, body)
+	if err != nil {
+		return nil, diagutil.FrameworkDiagFromError(err)
+	}
+
+	switch resp.StatusCode() {
+	case http.StatusOK:
+		return resp, nil
+	default:
+		return nil, reportUnknownError(resp.StatusCode(), resp.Body)
+	}
+}
+
+// DeleteExceptionListItem deletes an existing exception list item.
+func DeleteExceptionListItem(ctx context.Context, client *Client, params *kbapi.DeleteExceptionListItemParams) diag.Diagnostics {
+	resp, err := client.API.DeleteExceptionListItemWithResponse(ctx, params)
+	if err != nil {
+		return diagutil.FrameworkDiagFromError(err)
+	}
+
+	switch resp.StatusCode() {
+	case http.StatusOK:
+		return nil
+	case http.StatusNotFound:
+		return nil
+	default:
+		return reportUnknownError(resp.StatusCode(), resp.Body)
+	}
+}