complete testing

Author: RobsonSutton

docs/resources/elasticsearch_security_role.md

@@ -99,6 +99,7 @@ Optional:
 
 - **field_security** (Block List, Max: 1) The document fields that the owners of the role have read access to. (see [below for nested schema](#nestedblock--indices--field_security))
 - **query** (String) A search query that defines the documents the owners of the role have read access to.
+- **allow_restricted_indices** (Boolean) Include matching restricted indices in names parameter (usage is strongly discouraged as it can grant unrestricted operations on critical data, make the entire system unstable or leak sensitive information).
 
 <a id="nestedblock--indices--field_security"></a>
 ### Nested Schema for `indices.field_security`

internal/elasticsearch/security/role.go

@@ -127,7 +127,7 @@ func ResourceRole() *schema.Resource {
 						Optional:         true,
 					},
 					"allow_restricted_indices": {
-						Description: "Include matching restricted indices in names parameter.",
+						Description: "Include matching restricted indices in names parameter. Usage is strongly discouraged as it can grant unrestricted operations on critical data, make the entire system unstable or leak sensitive information.",
 						Type:        schema.TypeBool,
 						Optional:    true,
 					},

internal/elasticsearch/security/role_test.go

@@ -24,6 +24,7 @@ func TestAccResourceSecurityRole(t *testing.T) {
 				Config: testAccResourceSecurityRoleCreate(roleName),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr("elasticstack_elasticsearch_security_role.test", "name", roleName),
+					resource.TestCheckResourceAttr("elasticstack_elasticsearch_security_role.test", "indices.0.allow_restricted_indices", "true"),
 					resource.TestCheckTypeSetElemAttr("elasticstack_elasticsearch_security_role.test", "indices.*.names.*", "index1"),
 					resource.TestCheckTypeSetElemAttr("elasticstack_elasticsearch_security_role.test", "indices.*.names.*", "index2"),
 					resource.TestCheckTypeSetElemAttr("elasticstack_elasticsearch_security_role.test", "cluster.*", "all"),
@@ -41,6 +42,7 @@ func TestAccResourceSecurityRole(t *testing.T) {
 					resource.TestCheckNoResourceAttr("elasticstack_elasticsearch_security_role.test", "run_as"),
 					resource.TestCheckNoResourceAttr("elasticstack_elasticsearch_security_role.test", "global"),
 					resource.TestCheckNoResourceAttr("elasticstack_elasticsearch_security_role.test", "applications"),
+					resource.TestCheckNoResourceAttr("elasticstack_elasticsearch_security_role.test", "indices.0.allow_restricted_indices"),
 				),
 			},
 		},
@@ -60,6 +62,7 @@ resource "elasticstack_elasticsearch_security_role" "test" {
   indices {
     names                    = ["index1", "index2"]
     privileges               = ["all"]
+		allow_restricted_indices = true
   }
 
   applications {