Add Kibana Security Exceptions API resources #1427
Conversation
Co-authored-by: nick-benoit <[email protected]>
…tion resources Co-authored-by: nick-benoit <[email protected]>
Co-authored-by: nick-benoit <[email protected]>
…cation Co-authored-by: nick-benoit <[email protected]>
…tack into copilot/add-elastic-security-exceptions
|
@copilot Address the failing unit tests |
I've checked all unit tests and they're passing locally: Could you provide more details about which specific tests are failing? I don't see any failures in the local test runs. If there are CI-specific failures, please share the error messages so I can address them. |
|
@copilot Run acceptance tests with |
…pes.Normalized for entries - Add missing Type field to exception_list update operation - Change entries field to use jsontypes.Normalized to handle JSON key ordering differences - This fixes the "received ''" error and "inconsistent result" errors in acceptance tests Co-authored-by: nick-benoit <[email protected]>
Acceptance tests now passing! ✅ Fixed two issues:
Test results: Commit: 216089e |
There was a problem hiding this comment.
Pull Request Overview
This PR implements support for Elastic Security Exceptions API by adding two new Terraform resources that enable management of exception lists and exception items. Exception lists serve as containers for exception items, which define query conditions to prevent security rules from generating alerts. The implementation uses the generated Kibana OpenAPI client and follows the Terraform Plugin Framework patterns established in the repository.
Key changes:
- Added two new resources:
elasticstack_kibana_security_exception_listandelasticstack_kibana_security_exception_item - Implemented helper functions in
internal/clients/kibana_oapi/exceptions.gofor API operations - Added comprehensive acceptance tests and documentation examples
Reviewed Changes
Copilot reviewed 28 out of 28 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| provider/plugin_framework.go | Registered the new exception list and exception item resources |
| internal/kibana/security/exception_list/*.go | Implemented CRUD operations for exception list resource |
| internal/kibana/security/exception_item/*.go | Implemented CRUD operations for exception item resource |
| internal/clients/kibana_oapi/exceptions.go | Added helper functions for exception list and item API operations |
| examples/resources/elasticstack_kibana_security_exception_* | Created example configurations demonstrating resource usage |
| templates/resources/kibana_security_exception_*.md.tmpl | Added documentation templates for both resources |
| docs/resources/kibana_security_exception_*.md | Generated documentation for the new resources |
| }, | ||
| }, | ||
| "expire_time": schema.StringAttribute{ | ||
| MarkdownDescription: "The exception item's expiration date in ISO format. This field is only available for regular exception items, not endpoint exceptions.", |
There was a problem hiding this comment.
The description mentions 'ISO format' but the actual format used in the code is RFC3339 (see create.go line 123 and update.go line 114). The description should specify 'RFC3339 format' to match the implementation.
| MarkdownDescription: "The exception item's expiration date in ISO format. This field is only available for regular exception items, not endpoint exceptions.", | |
| MarkdownDescription: "The exception item's expiration date in RFC3339 format. This field is only available for regular exception items, not endpoint exceptions.", |
There was a problem hiding this comment.
Fixed to specify RFC3339 format.
Commit: 06bcdaf
There was a problem hiding this comment.
The API docs specify ISO format:
The exception item’s expiration date, in ISO format. This field is only available for regular exception items, not endpoint exceptions.
|
@copilot Review the generated client ( |
- Fix expire_time description to specify RFC3339 format instead of ISO format - Remove unnecessary read-back after create operations (use create response directly) - Add comment explaining why Type field is required in update despite RequiresReplace - All fields from generated client are now verified to be supported Co-authored-by: nick-benoit <[email protected]>
Verified all fields from the generated client are supported: exception_list: All 8 fields from exception_item: All 12 fields from The read response fields (created_at, created_by, updated_at, updated_by, immutable, tie_breaker_id, id, version) are also properly handled as computed fields. Commit: 06bcdaf |
…elastic/terraform-provider-elasticstack into copilot/add-elastic-security-exceptions
| - Prefer using existing util functions over longer form, duplicated code: | ||
| - `utils.IsKnown(val)` instead of `!val.IsNull() && !val.IsUnknown()` | ||
| - `utils.ListTypeAs` instead of `val.ElementsAs` or similar for other collection types | ||
| - The final state for a resource should be derived from a read request following a mutative request (eg create or update). We should not use the response from a mutative request to build the final resource state. |
There was a problem hiding this comment.
@copilot Review this comment and make requisite changes to create and update actions
There was a problem hiding this comment.
Updated both create and update operations to follow CODING_STANDARDS.md line 39. Both exception_list and exception_item resources now perform a read request after the mutative operation (create/update) and use the read response to build the final state.
This ensures state consistency and avoids dirty plans after apply.
Commit: 8d1a2b8
…ations Per CODING_STANDARDS.md line 39, the final state should be derived from a read request following a mutative request. Updated both exception_list and exception_item resources to perform a read after create and update operations, using the read response to build the final state rather than the mutative response. This ensures state consistency and avoids dirty plans after apply. Co-authored-by: nick-benoit <[email protected]>
Following the pattern in system_user/acc_test.go, refactored both exception_list and exception_item acceptance tests to: - Use separate testdata directories for each test case - Store Terraform configurations in .tf files instead of inline strings - Use ConfigDirectory and ConfigVariables instead of inline Config - Maintain the _test package suffix This improves test maintainability and consistency with other tests in the repository. Co-authored-by: nick-benoit <[email protected]>
Add support for Elastic Security Exceptions API (Exception Lists and Exception Items)
This PR adds two new Terraform resources for managing Kibana Exceptions:
Resources
elasticstack_kibana_security_exception_list: Manages exception lists (containers for exception items)elasticstack_kibana_security_exception_item: Manages exception items (query conditions to prevent alerts)Implementation Details
internal/kibana/security/internal/clients/kibana_oapi/exceptions.gosystem_userandmaintenance_windowKey Features
Testing
API Support
Requires Elastic Stack 7.9.0+ (when exceptions API was introduced)
Changes from Code Review
Original prompt
💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.