Fix linting issues and add changelog entry

Author: Copilot

CHANGELOG.md

@@ -1,5 +1,6 @@
 ## [Unreleased]
 
+- Create `elasticstack_kibana_security_detection_rule` resource to manage Kibana Security Detection Rules. ([#1290](https://github.com/elastic/terraform-provider-elasticstack/pull/1290))
 - Create `elasticstack_kibana_maintenance_window` resource. ([#1224](https://github.com/elastic/terraform-provider-elasticstack/pull/1224))
 - Add support for `solution` field in `elasticstack_kibana_space` resource and data source ([#1102](https://github.com/elastic/terraform-provider-elasticstack/issues/1102))
 - Add `slo_id` validation to `elasticstack_kibana_slo` ([#1221](https://github.com/elastic/terraform-provider-elasticstack/pull/1221))

internal/kibana/security/detection_rule/acc_test.go

@@ -45,4 +45,4 @@ resource "elasticstack_kibana_security_detection_rule" "test" {
   from        = "now-6m"
   to          = "now"
 }`
-}
+}

internal/kibana/security/detection_rule/client.go

@@ -12,63 +12,63 @@ import (
 
 // SecurityDetectionRuleRequest represents a security detection rule creation/update request
 type SecurityDetectionRuleRequest struct {
-	Name               string              `json:"name"`
-	Description        string              `json:"description"`
-	Type               string              `json:"type"`
-	Query              *string             `json:"query,omitempty"`
-	Language           *string             `json:"language,omitempty"`
-	Index              []string            `json:"index,omitempty"`
-	Severity           string              `json:"severity"`
-	Risk               int                 `json:"risk_score"`
-	Enabled            bool                `json:"enabled"`
-	Tags               []string            `json:"tags,omitempty"`
-	From               string              `json:"from"`
-	To                 string              `json:"to"`
-	Interval           string              `json:"interval"`
-	Meta               *map[string]any     `json:"meta,omitempty"`
-	Author             []string            `json:"author,omitempty"`
-	License            *string             `json:"license,omitempty"`
-	RuleNameOverride   *string             `json:"rule_name_override,omitempty"`
-	TimestampOverride  *string             `json:"timestamp_override,omitempty"`
-	Note               *string             `json:"note,omitempty"`
-	References         []string            `json:"references,omitempty"`
-	FalsePositives     []string            `json:"false_positives,omitempty"`
-	ExceptionsList     []any               `json:"exceptions_list,omitempty"`
-	Version            int                 `json:"version"`
-	MaxSignals         int                 `json:"max_signals"`
+	Name              string          `json:"name"`
+	Description       string          `json:"description"`
+	Type              string          `json:"type"`
+	Query             *string         `json:"query,omitempty"`
+	Language          *string         `json:"language,omitempty"`
+	Index             []string        `json:"index,omitempty"`
+	Severity          string          `json:"severity"`
+	Risk              int             `json:"risk_score"`
+	Enabled           bool            `json:"enabled"`
+	Tags              []string        `json:"tags,omitempty"`
+	From              string          `json:"from"`
+	To                string          `json:"to"`
+	Interval          string          `json:"interval"`
+	Meta              *map[string]any `json:"meta,omitempty"`
+	Author            []string        `json:"author,omitempty"`
+	License           *string         `json:"license,omitempty"`
+	RuleNameOverride  *string         `json:"rule_name_override,omitempty"`
+	TimestampOverride *string         `json:"timestamp_override,omitempty"`
+	Note              *string         `json:"note,omitempty"`
+	References        []string        `json:"references,omitempty"`
+	FalsePositives    []string        `json:"false_positives,omitempty"`
+	ExceptionsList    []any           `json:"exceptions_list,omitempty"`
+	Version           int             `json:"version"`
+	MaxSignals        int             `json:"max_signals"`
 }
 
 // SecurityDetectionRuleResponse represents the API response for a security detection rule
 type SecurityDetectionRuleResponse struct {
-	ID                 string              `json:"id"`
-	Name               string              `json:"name"`
-	Description        string              `json:"description"`
-	Type               string              `json:"type"`
-	Query              *string             `json:"query,omitempty"`
-	Language           *string             `json:"language,omitempty"`
-	Index              []string            `json:"index,omitempty"`
-	Severity           string              `json:"severity"`
-	Risk               int                 `json:"risk_score"`
-	Enabled            bool                `json:"enabled"`
-	Tags               []string            `json:"tags,omitempty"`
-	From               string              `json:"from"`
-	To                 string              `json:"to"`
-	Interval           string              `json:"interval"`
-	Meta               *map[string]any     `json:"meta,omitempty"`
-	Author             []string            `json:"author,omitempty"`
-	License            *string             `json:"license,omitempty"`
-	RuleNameOverride   *string             `json:"rule_name_override,omitempty"`
-	TimestampOverride  *string             `json:"timestamp_override,omitempty"`
-	Note               *string             `json:"note,omitempty"`
-	References         []string            `json:"references,omitempty"`
-	FalsePositives     []string            `json:"false_positives,omitempty"`
-	ExceptionsList     []any               `json:"exceptions_list,omitempty"`
-	Version            int                 `json:"version"`
-	MaxSignals         int                 `json:"max_signals"`
-	CreatedAt          string              `json:"created_at"`
-	CreatedBy          string              `json:"created_by"`
-	UpdatedAt          string              `json:"updated_at"`
-	UpdatedBy          string              `json:"updated_by"`
+	ID                string          `json:"id"`
+	Name              string          `json:"name"`
+	Description       string          `json:"description"`
+	Type              string          `json:"type"`
+	Query             *string         `json:"query,omitempty"`
+	Language          *string         `json:"language,omitempty"`
+	Index             []string        `json:"index,omitempty"`
+	Severity          string          `json:"severity"`
+	Risk              int             `json:"risk_score"`
+	Enabled           bool            `json:"enabled"`
+	Tags              []string        `json:"tags,omitempty"`
+	From              string          `json:"from"`
+	To                string          `json:"to"`
+	Interval          string          `json:"interval"`
+	Meta              *map[string]any `json:"meta,omitempty"`
+	Author            []string        `json:"author,omitempty"`
+	License           *string         `json:"license,omitempty"`
+	RuleNameOverride  *string         `json:"rule_name_override,omitempty"`
+	TimestampOverride *string         `json:"timestamp_override,omitempty"`
+	Note              *string         `json:"note,omitempty"`
+	References        []string        `json:"references,omitempty"`
+	FalsePositives    []string        `json:"false_positives,omitempty"`
+	ExceptionsList    []any           `json:"exceptions_list,omitempty"`
+	Version           int             `json:"version"`
+	MaxSignals        int             `json:"max_signals"`
+	CreatedAt         string          `json:"created_at"`
+	CreatedBy         string          `json:"created_by"`
+	UpdatedAt         string          `json:"updated_at"`
+	UpdatedBy         string          `json:"updated_by"`
 }
 
 // CreateSecurityDetectionRule creates a new security detection rule
@@ -228,4 +228,4 @@ func DeleteSecurityDetectionRule(ctx context.Context, client *clients.ApiClient,
 	}
 
 	return diags
-}
+}

internal/kibana/security/detection_rule/create.go

@@ -62,7 +62,7 @@ func (r *securityDetectionRuleResource) Create(ctx context.Context, req resource
 
 func dataToAPIRequest(ctx context.Context, data *SecurityDetectionRuleData) (*SecurityDetectionRuleRequest, diag.Diagnostics) {
 	var diags diag.Diagnostics
-	
+
 	req := &SecurityDetectionRuleRequest{
 		Name:        data.Name.ValueString(),
 		Description: data.Description.ValueString(),
@@ -248,7 +248,7 @@ func apiResponseToData(ctx context.Context, result *SecurityDetectionRuleRespons
 	}
 
 	// Handle arrays
-	if result.Index != nil && len(result.Index) > 0 {
+	if len(result.Index) > 0 {
 		indexValues := make([]types.String, len(result.Index))
 		for i, idx := range result.Index {
 			indexValues[i] = types.StringValue(idx)
@@ -259,7 +259,7 @@ func apiResponseToData(ctx context.Context, result *SecurityDetectionRuleRespons
 		data.Index, _ = types.ListValueFrom(ctx, types.StringType, []types.String{types.StringValue("*")})
 	}
 
-	if result.Tags != nil && len(result.Tags) > 0 {
+	if len(result.Tags) > 0 {
 		tagValues := make([]types.String, len(result.Tags))
 		for i, tag := range result.Tags {
 			tagValues[i] = types.StringValue(tag)
@@ -269,7 +269,7 @@ func apiResponseToData(ctx context.Context, result *SecurityDetectionRuleRespons
 		data.Tags, _ = types.ListValueFrom(ctx, types.StringType, []types.String{})
 	}
 
-	if result.Author != nil && len(result.Author) > 0 {
+	if len(result.Author) > 0 {
 		authorValues := make([]types.String, len(result.Author))
 		for i, author := range result.Author {
 			authorValues[i] = types.StringValue(author)
@@ -279,7 +279,7 @@ func apiResponseToData(ctx context.Context, result *SecurityDetectionRuleRespons
 		data.Author, _ = types.ListValueFrom(ctx, types.StringType, []types.String{})
 	}
 
-	if result.References != nil && len(result.References) > 0 {
+	if len(result.References) > 0 {
 		refValues := make([]types.String, len(result.References))
 		for i, ref := range result.References {
 			refValues[i] = types.StringValue(ref)
@@ -289,7 +289,7 @@ func apiResponseToData(ctx context.Context, result *SecurityDetectionRuleRespons
 		data.References, _ = types.ListValueFrom(ctx, types.StringType, []types.String{})
 	}
 
-	if result.FalsePositives != nil && len(result.FalsePositives) > 0 {
+	if len(result.FalsePositives) > 0 {
 		fpValues := make([]types.String, len(result.FalsePositives))
 		for i, fp := range result.FalsePositives {
 			fpValues[i] = types.StringValue(fp)
@@ -299,7 +299,7 @@ func apiResponseToData(ctx context.Context, result *SecurityDetectionRuleRespons
 		data.FalsePositives, _ = types.ListValueFrom(ctx, types.StringType, []types.String{})
 	}
 
-	if result.ExceptionsList != nil && len(result.ExceptionsList) > 0 {
+	if len(result.ExceptionsList) > 0 {
 		// Convert exceptions to strings (simplified)
 		excValues := make([]types.String, len(result.ExceptionsList))
 		for i, exc := range result.ExceptionsList {
@@ -317,4 +317,4 @@ func apiResponseToData(ctx context.Context, result *SecurityDetectionRuleRespons
 	}
 
 	return diags
-}
+}

internal/kibana/security/detection_rule/delete.go

@@ -32,4 +32,4 @@ func (r *securityDetectionRuleResource) Delete(ctx context.Context, req resource
 	}
 
 	// Resource is automatically removed from state
-}
+}

internal/kibana/security/detection_rule/models.go

@@ -5,32 +5,32 @@ import (
 )
 
 type SecurityDetectionRuleData struct {
-	Id                 types.String `tfsdk:"id"`
-	KibanaConnection   types.List   `tfsdk:"kibana_connection"`
-	SpaceId            types.String `tfsdk:"space_id"`
-	RuleId             types.String `tfsdk:"rule_id"`
-	Name               types.String `tfsdk:"name"`
-	Description        types.String `tfsdk:"description"`
-	Type               types.String `tfsdk:"type"`
-	Query              types.String `tfsdk:"query"`
-	Language           types.String `tfsdk:"language"`
-	Index              types.List   `tfsdk:"index"`
-	Severity           types.String `tfsdk:"severity"`
-	Risk               types.Int64  `tfsdk:"risk"`
-	Enabled            types.Bool   `tfsdk:"enabled"`
-	Tags               types.List   `tfsdk:"tags"`
-	From               types.String `tfsdk:"from"`
-	To                 types.String `tfsdk:"to"`
-	Interval           types.String `tfsdk:"interval"`
-	Meta               types.String `tfsdk:"meta"`
-	Author             types.List   `tfsdk:"author"`
-	License            types.String `tfsdk:"license"`
-	RuleNameOverride   types.String `tfsdk:"rule_name_override"`
-	TimestampOverride  types.String `tfsdk:"timestamp_override"`
-	Note               types.String `tfsdk:"note"`
-	References         types.List   `tfsdk:"references"`
-	FalsePositives     types.List   `tfsdk:"false_positives"`
-	ExceptionsList     types.List   `tfsdk:"exceptions_list"`
-	Version            types.Int64  `tfsdk:"version"`
-	MaxSignals         types.Int64  `tfsdk:"max_signals"`
-}
+	Id                types.String `tfsdk:"id"`
+	KibanaConnection  types.List   `tfsdk:"kibana_connection"`
+	SpaceId           types.String `tfsdk:"space_id"`
+	RuleId            types.String `tfsdk:"rule_id"`
+	Name              types.String `tfsdk:"name"`
+	Description       types.String `tfsdk:"description"`
+	Type              types.String `tfsdk:"type"`
+	Query             types.String `tfsdk:"query"`
+	Language          types.String `tfsdk:"language"`
+	Index             types.List   `tfsdk:"index"`
+	Severity          types.String `tfsdk:"severity"`
+	Risk              types.Int64  `tfsdk:"risk"`
+	Enabled           types.Bool   `tfsdk:"enabled"`
+	Tags              types.List   `tfsdk:"tags"`
+	From              types.String `tfsdk:"from"`
+	To                types.String `tfsdk:"to"`
+	Interval          types.String `tfsdk:"interval"`
+	Meta              types.String `tfsdk:"meta"`
+	Author            types.List   `tfsdk:"author"`
+	License           types.String `tfsdk:"license"`
+	RuleNameOverride  types.String `tfsdk:"rule_name_override"`
+	TimestampOverride types.String `tfsdk:"timestamp_override"`
+	Note              types.String `tfsdk:"note"`
+	References        types.List   `tfsdk:"references"`
+	FalsePositives    types.List   `tfsdk:"false_positives"`
+	ExceptionsList    types.List   `tfsdk:"exceptions_list"`
+	Version           types.Int64  `tfsdk:"version"`
+	MaxSignals        types.Int64  `tfsdk:"max_signals"`
+}

internal/kibana/security/detection_rule/read.go

@@ -35,7 +35,7 @@ func (r *securityDetectionRuleResource) Read(ctx context.Context, req resource.R
 	// If rule not found, remove from state
 	if result == nil {
 		tflog.Warn(ctx, "Security detection rule not found, removing from state", map[string]interface{}{
-			"rule_id": ruleId,
+			"rule_id":  ruleId,
 			"space_id": spaceId,
 		})
 		resp.State.RemoveResource(ctx)
@@ -49,8 +49,8 @@ func (r *securityDetectionRuleResource) Read(ctx context.Context, req resource.R
 		return
 	}
 
-	// Set space_id from the composite ID
-	data.SpaceId = data.SpaceId // Keep the original value from config
+	// Set space_id from the composite ID (keep existing value from config)
+	// data.SpaceId remains unchanged
 
 	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
-}
+}

internal/kibana/security/detection_rule/resource.go

@@ -23,4 +23,4 @@ func (r *securityDetectionRuleResource) Configure(_ context.Context, req resourc
 	client, diags := clients.ConvertProviderData(req.ProviderData)
 	resp.Diagnostics.Append(diags...)
 	r.client = client
-}
+}

internal/kibana/security/detection_rule/schema.go

@@ -197,4 +197,4 @@ func GetSchema() schema.Schema {
 			},
 		},
 	}
-}
+}

internal/kibana/security/detection_rule/update.go

@@ -46,4 +46,4 @@ func (r *securityDetectionRuleResource) Update(ctx context.Context, req resource
 	}
 
 	resp.Diagnostics.Append(resp.State.Set(ctx, &data)...)
-}
+}