Add resource to allow Opensearch audit config to be updated (#276)

see: https://discuss.hashicorp.com/t/cannot-run-terraform-provider-tests-unexpected-content-type-application-vnd-hashicorp-releases-api-v0-json/39643/2


Co-authored-by: Joanna Sommer <[email protected]>

Author: rm-hull

README.md

@@ -286,6 +286,53 @@ Please see [the documentation](./docs/index.md#AWS-authentication) for details.
 go build -o /path/to/binary/terraform-provider-elasticsearch
 ```
 
+### Running tests locally
+
+Start an instance of ElasticSearch locally with the following:
+
+```sh
+./script/install-tools
+export OSS_IMAGE="opensearchproject/opensearch:1.2.0"
+export ES_OPENDISTRO_IMAGE="opensearchproject/opensearch:1.2.0"
+export ES_COMMAND=""
+export ES_KIBANA_IMAGE=""
+export OPENSEARCH_PREFIX="plugins.security"
+export OSS_ENV_VAR="plugins.security.disabled=true"
+export XPACK_IMAGE="docker.elastic.co/elasticsearch/elasticsearch:7.10.1"
+docker-compose up -d
+docker-compose ps -a
+```
+
+When running tests, ensure that your test/debug profile has environmental variables as below:
+
+- `ELASTICSEARCH_URL=http://localhost:9200_`
+- `TF_ACC=1`
+
+
+
+### Debugging this provider
+
+Build the executable, and start in debug mode:
+
+```console
+$ go build
+$ ./terraform-provider-elasticsearch -debuggable # or start in debug mode in your IDE
+{"@level":"debug","@message":"plugin address","@timestamp":"2022-05-17T10:10:04.331668+01:00","address":"/var/folders/32/3mbbgs9x0r5bf991ltrl3p280000gs/T/plugin1346340234","network":"unix"}
+Provider started, to attach Terraform set the TF_REATTACH_PROVIDERS env var:
+
+        TF_REATTACH_PROVIDERS='{"registry.terraform.io/phillbaker/elasticsearch":{"Protocol":"grpc","ProtocolVersion":5,"Pid":79075,"Test":true,"Addr":{"Network":"unix","String":"/var/folders/32/3mbbgs9x0r5bf991ltrl3p280000gs/T/plugin1346340234"}}}'
+```
+
+In another terminal, you can test your terraform code:
+
+```console
+$ cd <my-project/terraform>
+$ export TF_REATTACH_PROVIDERS=<env var above>
+$ terraform apply
+```
+
+The local provider will be used instead, and you should see debug information printed to the terminal.
+
 ## Licence
 
 See LICENSE.

docs/resources/opensearch_audit_config.md

@@ -0,0 +1,116 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "elasticsearch_opensearch_audit_config Resource - terraform-provider-elasticsearch"
+subcategory: "Elasticsearch Opensource"
+description: |-
+  Audit config lets you configure the security plugin audit log settings. See the guide https://opensearch.org/docs/latest/security-plugin/audit-logs/index/ and AWS specific information https://docs.aws.amazon.com/opensearch-service/latest/developerguide/audit-logs.html.
+---
+
+# elasticsearch_opensearch_audit_config (Resource)
+
+Audit config lets you configure the security plugin audit log settings. See the guide https://opensearch.org/docs/latest/security-plugin/audit-logs/index/ and AWS specific information https://docs.aws.amazon.com/opensearch-service/latest/developerguide/audit-logs.html.
+
+Note that when using with a managed AWS OpenSearch cluster, some values and  permutations are not 
+allowed, and will result in a HTTP 409 (Conflict) error being returned. See the comments in the 
+example below for some know scenario's where this may occur.
+  
+## Example Usage
+
+```terraform
+resource "elasticsearch_opensearch_audit_config" "test" {
+  enabled = true
+
+  audit {
+    enable_rest              = true
+    disabled_rest_categories = ["GRANTED_PRIVILEGES", "AUTHENTICATED"]
+
+    enable_transport              = true
+    disabled_transport_categories = ["GRANTED_PRIVILEGES", "AUTHENTICATED"]
+
+    resolve_bulk_requests = true
+    log_request_body      = true
+    resolve_indices       = true
+
+    # Note: if set false, AWS OpenSearch will return HTTP 409 (Conflict)
+    exclude_sensitive_headers = true
+
+    ignore_users    = ["kibanaserver"]
+    ignore_requests = ["SearchRequest", "indices:data/read/*", "/_cluster/health"]
+  }
+
+  compliance {
+    enabled = true
+
+    # Note: if both internal/external are set true, AWS OpenSearch will return HTTP 409 (Conflict)
+    internal_config = true
+    external_config = false
+
+    read_metadata_only  = true
+    read_ignore_users   = ["read-ignore-1"]
+
+    read_watched_field {
+      index  = "read-index-1"
+      fields = ["field-1", "field-2"]
+    }
+
+    read_watched_field {
+      index  = "read-index-2"
+      fields = ["field-3"]
+    }
+
+    write_metadata_only   = true
+    write_log_diffs       = false
+    write_watched_indices = ["write-index-1", "write-index-2", "log-*", "*"]
+    write_ignore_users    = ["write-ignore-1"]
+  }
+}
+```
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- **enabled** (Boolean)
+
+### Optional
+
+- **audit** (Block Set) (see [below for nested schema](#nestedblock--audit))
+- **compliance** (Block Set) (see [below for nested schema](#nestedblock--compliance))
+- **id** (String) The ID of this resource.
+
+<a id="nestedblock--audit"></a>
+### Nested Schema for `audit`
+
+Optional:
+
+- **disabled_rest_categories** (Set of String)
+- **disabled_transport_categories** (Set of String)
+- **enable_rest** (Boolean)
+- **enable_transport** (Boolean)
+- **exclude_sensitive_headers** (Boolean)
+- **ignore_requests** (Set of String)
+- **ignore_users** (Set of String)
+- **log_request_body** (Boolean)
+- **resolve_bulk_requests** (Boolean)
+- **resolve_indices** (Boolean)
+
+
+<a id="nestedblock--compliance"></a>
+### Nested Schema for `compliance`
+
+Optional:
+
+- **enabled** (Boolean)
+- **external_config** (Boolean)
+- **internal_config** (Boolean)
+- **read_ignore_users** (Set of String)
+- **read_metadata_only** (Boolean)
+- **read_watched_fields** (Map of Set of String)
+- **write_ignore_users** (Set of String)
+- **write_log_diffs** (Boolean)
+- **write_metadata_only** (Boolean)
+- **write_watched_indices** (Set of String)
+
+

es/provider.go

@@ -219,40 +219,41 @@ func Provider() *schema.Provider {
 		},
 
 		ResourcesMap: map[string]*schema.Resource{
-			"elasticsearch_index":                           resourceElasticsearchIndex(),
-			"elasticsearch_index_template":                  resourceElasticsearchIndexTemplate(),
 			"elasticsearch_cluster_settings":                resourceElasticsearchClusterSettings(),
-			"elasticsearch_composable_index_template":       resourceElasticsearchComposableIndexTemplate(),
 			"elasticsearch_component_template":              resourceElasticsearchComponentTemplate(),
+			"elasticsearch_composable_index_template":       resourceElasticsearchComposableIndexTemplate(),
 			"elasticsearch_data_stream":                     resourceElasticsearchDataStream(),
+			"elasticsearch_index_template":                  resourceElasticsearchIndexTemplate(),
+			"elasticsearch_index":                           resourceElasticsearchIndex(),
 			"elasticsearch_ingest_pipeline":                 resourceElasticsearchIngestPipeline(),
 			"elasticsearch_kibana_alert":                    resourceElasticsearchKibanaAlert(),
 			"elasticsearch_kibana_object":                   resourceElasticsearchKibanaObject(),
-			"elasticsearch_snapshot_repository":             resourceElasticsearchSnapshotRepository(),
 			"elasticsearch_opendistro_destination":          resourceElasticsearchOpenDistroDestination(),
-			"elasticsearch_opensearch_destination":          resourceOpenSearchDestination(),
-			"elasticsearch_opendistro_ism_policy":           resourceElasticsearchOpenDistroISMPolicy(),
-			"elasticsearch_opensearch_ism_policy":           resourceOpenSearchISMPolicy(),
 			"elasticsearch_opendistro_ism_policy_mapping":   resourceElasticsearchOpenDistroISMPolicyMapping(),
-			"elasticsearch_opensearch_ism_policy_mapping":   resourceOpenSearchISMPolicyMapping(),
+			"elasticsearch_opendistro_ism_policy":           resourceElasticsearchOpenDistroISMPolicy(),
+			"elasticsearch_opendistro_kibana_tenant":        resourceElasticsearchOpenDistroKibanaTenant(),
 			"elasticsearch_opendistro_monitor":              resourceElasticsearchOpenDistroMonitor(),
-			"elasticsearch_opensearch_monitor":              resourceOpenSearchMonitor(),
-			"elasticsearch_opendistro_roles_mapping":        resourceElasticsearchOpenDistroRolesMapping(),
-			"elasticsearch_opensearch_roles_mapping":        resourceOpenSearchRolesMapping(),
 			"elasticsearch_opendistro_role":                 resourceElasticsearchOpenDistroRole(),
-			"elasticsearch_opensearch_role":                 resourceOpenSearchRole(),
+			"elasticsearch_opendistro_roles_mapping":        resourceElasticsearchOpenDistroRolesMapping(),
 			"elasticsearch_opendistro_user":                 resourceElasticsearchOpenDistroUser(),
-			"elasticsearch_opensearch_user":                 resourceOpenSearchUser(),
-			"elasticsearch_opendistro_kibana_tenant":        resourceElasticsearchOpenDistroKibanaTenant(),
+			"elasticsearch_opensearch_audit_config":         resourceOpenSearchAuditConfig(),
+			"elasticsearch_opensearch_destination":          resourceOpenSearchDestination(),
+			"elasticsearch_opensearch_ism_policy_mapping":   resourceOpenSearchISMPolicyMapping(),
+			"elasticsearch_opensearch_ism_policy":           resourceOpenSearchISMPolicy(),
 			"elasticsearch_opensearch_kibana_tenant":        resourceOpenSearchKibanaTenant(),
+			"elasticsearch_opensearch_monitor":              resourceOpenSearchMonitor(),
+			"elasticsearch_opensearch_role":                 resourceOpenSearchRole(),
+			"elasticsearch_opensearch_roles_mapping":        resourceOpenSearchRolesMapping(),
+			"elasticsearch_opensearch_user":                 resourceOpenSearchUser(),
+			"elasticsearch_script":                          resourceElasticsearchScript(),
+			"elasticsearch_snapshot_repository":             resourceElasticsearchSnapshotRepository(),
 			"elasticsearch_xpack_index_lifecycle_policy":    resourceElasticsearchXpackIndexLifecyclePolicy(),
 			"elasticsearch_xpack_license":                   resourceElasticsearchXpackLicense(),
-			"elasticsearch_xpack_role":                      resourceElasticsearchXpackRole(),
 			"elasticsearch_xpack_role_mapping":              resourceElasticsearchXpackRoleMapping(),
+			"elasticsearch_xpack_role":                      resourceElasticsearchXpackRole(),
 			"elasticsearch_xpack_snapshot_lifecycle_policy": resourceElasticsearchXpackSnapshotLifecyclePolicy(),
 			"elasticsearch_xpack_user":                      resourceElasticsearchXpackUser(),
 			"elasticsearch_xpack_watch":                     resourceElasticsearchXpackWatch(),
-			"elasticsearch_script":                          resourceElasticsearchScript(),
 		},
 
 		DataSourcesMap: map[string]*schema.Resource{