Add authentication to Elasticsearch via client cert (#191)

* Add authentication to Elasticsearch via client cert * incorporate review comments
elastic · Nov 23, 2022 · 5adb0f6 · 5adb0f6
1 parent 2fa154b
commit 5adb0f6
Show file tree

Hide file tree

Showing 24 changed files with 232 additions and 10 deletions.
diff --git a/docs/data-sources/elasticsearch_security_role.md b/docs/data-sources/elasticsearch_security_role.md
@@ -55,8 +55,12 @@ Optional:
 - `api_key` (String, Sensitive) API Key to use for authentication to Elasticsearch
 - `ca_data` (String) PEM-encoded custom Certificate Authority certificate
 - `ca_file` (String) Path to a custom Certificate Authority certificate
+- `cert_data` (String) PEM encoded certificate for client auth
+- `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth
 - `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number.
 - `insecure` (Boolean) Disable TLS certificate validation
+- `key_data` (String) PEM encoded private key for client auth
+- `key_file` (String) Path to a file containing the PEM encoded private key for client auth
 - `password` (String, Sensitive) A password to use for API authentication to Elasticsearch.
 - `username` (String) A username to use for API authentication to Elasticsearch.
 

diff --git a/docs/data-sources/elasticsearch_security_role_mapping.md b/docs/data-sources/elasticsearch_security_role_mapping.md
@@ -54,7 +54,11 @@ Optional:
 - `api_key` (String, Sensitive) API Key to use for authentication to Elasticsearch
 - `ca_data` (String) PEM-encoded custom Certificate Authority certificate
 - `ca_file` (String) Path to a custom Certificate Authority certificate
+- `cert_data` (String) PEM encoded certificate for client auth
+- `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth
 - `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number.
 - `insecure` (Boolean) Disable TLS certificate validation
+- `key_data` (String) PEM encoded private key for client auth
+- `key_file` (String) Path to a file containing the PEM encoded private key for client auth
 - `password` (String, Sensitive) A password to use for API authentication to Elasticsearch.
 - `username` (String) A username to use for API authentication to Elasticsearch.
diff --git a/docs/data-sources/elasticsearch_security_user.md b/docs/data-sources/elasticsearch_security_user.md
@@ -54,7 +54,11 @@ Optional:
 - `api_key` (String, Sensitive) API Key to use for authentication to Elasticsearch
 - `ca_data` (String) PEM-encoded custom Certificate Authority certificate
 - `ca_file` (String) Path to a custom Certificate Authority certificate
+- `cert_data` (String) PEM encoded certificate for client auth
+- `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth
 - `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number.
 - `insecure` (Boolean) Disable TLS certificate validation
+- `key_data` (String) PEM encoded private key for client auth
+- `key_file` (String) Path to a file containing the PEM encoded private key for client auth
 - `password` (String, Sensitive) A password to use for API authentication to Elasticsearch.
 - `username` (String) A username to use for API authentication to Elasticsearch.
diff --git a/docs/data-sources/elasticsearch_snapshot_repository.md b/docs/data-sources/elasticsearch_snapshot_repository.md
@@ -82,8 +82,12 @@ Optional:
 - `api_key` (String, Sensitive) API Key to use for authentication to Elasticsearch
 - `ca_data` (String) PEM-encoded custom Certificate Authority certificate
 - `ca_file` (String) Path to a custom Certificate Authority certificate
+- `cert_data` (String) PEM encoded certificate for client auth
+- `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth
 - `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number.
 - `insecure` (Boolean) Disable TLS certificate validation
+- `key_data` (String) PEM encoded private key for client auth
+- `key_file` (String) Path to a file containing the PEM encoded private key for client auth
 - `password` (String, Sensitive) A password to use for API authentication to Elasticsearch.
 - `username` (String) A username to use for API authentication to Elasticsearch.
 

diff --git a/docs/index.md b/docs/index.md
@@ -95,7 +95,11 @@ Optional:
 - `api_key` (String, Sensitive) API Key to use for authentication to Elasticsearch
 - `ca_data` (String) PEM-encoded custom Certificate Authority certificate
 - `ca_file` (String) Path to a custom Certificate Authority certificate
+- `cert_data` (String) PEM encoded certificate for client auth
+- `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth
 - `endpoints` (List of String, Sensitive) A comma-separated list of endpoints where the terraform provider will point to, this must include the http(s) schema and port number.
 - `insecure` (Boolean) Disable TLS certificate validation
+- `key_data` (String, Sensitive) PEM encoded private key for client auth
+- `key_file` (String) Path to a file containing the PEM encoded private key for client auth
 - `password` (String, Sensitive) Password to use for API authentication to Elasticsearch.
 - `username` (String) Username to use for API authentication to Elasticsearch.
diff --git a/docs/resources/elasticsearch_cluster_settings.md b/docs/resources/elasticsearch_cluster_settings.md
@@ -67,8 +67,12 @@ Optional:
 - `api_key` (String, Sensitive) API Key to use for authentication to Elasticsearch
 - `ca_data` (String) PEM-encoded custom Certificate Authority certificate
 - `ca_file` (String) Path to a custom Certificate Authority certificate
+- `cert_data` (String) PEM encoded certificate for client auth
+- `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth
 - `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number.
 - `insecure` (Boolean) Disable TLS certificate validation
+- `key_data` (String) PEM encoded private key for client auth
+- `key_file` (String) Path to a file containing the PEM encoded private key for client auth
 - `password` (String, Sensitive) A password to use for API authentication to Elasticsearch.
 - `username` (String) A username to use for API authentication to Elasticsearch.
 

diff --git a/docs/resources/elasticsearch_component_template.md b/docs/resources/elasticsearch_component_template.md
@@ -92,8 +92,12 @@ Optional:
 - `api_key` (String, Sensitive) API Key to use for authentication to Elasticsearch
 - `ca_data` (String) PEM-encoded custom Certificate Authority certificate
 - `ca_file` (String) Path to a custom Certificate Authority certificate
+- `cert_data` (String) PEM encoded certificate for client auth
+- `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth
 - `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number.
 - `insecure` (Boolean) Disable TLS certificate validation
+- `key_data` (String) PEM encoded private key for client auth
+- `key_file` (String) Path to a file containing the PEM encoded private key for client auth
 - `password` (String, Sensitive) A password to use for API authentication to Elasticsearch.
 - `username` (String) A username to use for API authentication to Elasticsearch.
 

diff --git a/docs/resources/elasticsearch_data_stream.md b/docs/resources/elasticsearch_data_stream.md
@@ -98,8 +98,12 @@ Optional:
 - `api_key` (String, Sensitive) API Key to use for authentication to Elasticsearch
 - `ca_data` (String) PEM-encoded custom Certificate Authority certificate
 - `ca_file` (String) Path to a custom Certificate Authority certificate
+- `cert_data` (String) PEM encoded certificate for client auth
+- `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth
 - `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number.
 - `insecure` (Boolean) Disable TLS certificate validation
+- `key_data` (String) PEM encoded private key for client auth
+- `key_file` (String) Path to a file containing the PEM encoded private key for client auth
 - `password` (String, Sensitive) A password to use for API authentication to Elasticsearch.
 - `username` (String) A username to use for API authentication to Elasticsearch.
 

diff --git a/docs/resources/elasticsearch_index.md b/docs/resources/elasticsearch_index.md
@@ -154,8 +154,12 @@ Optional:
 - `api_key` (String, Sensitive) API Key to use for authentication to Elasticsearch
 - `ca_data` (String) PEM-encoded custom Certificate Authority certificate
 - `ca_file` (String) Path to a custom Certificate Authority certificate
+- `cert_data` (String) PEM encoded certificate for client auth
+- `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth
 - `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number.
 - `insecure` (Boolean) Disable TLS certificate validation
+- `key_data` (String) PEM encoded private key for client auth
+- `key_file` (String) Path to a file containing the PEM encoded private key for client auth
 - `password` (String, Sensitive) A password to use for API authentication to Elasticsearch.
 - `username` (String) A username to use for API authentication to Elasticsearch.
 

diff --git a/docs/resources/elasticsearch_index_lifecycle.md b/docs/resources/elasticsearch_index_lifecycle.md
@@ -188,8 +188,12 @@ Optional:
 - `api_key` (String, Sensitive) API Key to use for authentication to Elasticsearch
 - `ca_data` (String) PEM-encoded custom Certificate Authority certificate
 - `ca_file` (String) Path to a custom Certificate Authority certificate
+- `cert_data` (String) PEM encoded certificate for client auth
+- `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth
 - `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number.
 - `insecure` (Boolean) Disable TLS certificate validation
+- `key_data` (String) PEM encoded private key for client auth
+- `key_file` (String) Path to a file containing the PEM encoded private key for client auth
 - `password` (String, Sensitive) A password to use for API authentication to Elasticsearch.
 - `username` (String) A username to use for API authentication to Elasticsearch.
 

diff --git a/docs/resources/elasticsearch_index_template.md b/docs/resources/elasticsearch_index_template.md
@@ -84,8 +84,12 @@ Optional:
 - `api_key` (String, Sensitive) API Key to use for authentication to Elasticsearch
 - `ca_data` (String) PEM-encoded custom Certificate Authority certificate
 - `ca_file` (String) Path to a custom Certificate Authority certificate
+- `cert_data` (String) PEM encoded certificate for client auth
+- `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth
 - `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number.
 - `insecure` (Boolean) Disable TLS certificate validation
+- `key_data` (String) PEM encoded private key for client auth
+- `key_file` (String) Path to a file containing the PEM encoded private key for client auth
 - `password` (String, Sensitive) A password to use for API authentication to Elasticsearch.
 - `username` (String) A username to use for API authentication to Elasticsearch.
 

diff --git a/docs/resources/elasticsearch_ingest_pipeline.md b/docs/resources/elasticsearch_ingest_pipeline.md
@@ -97,8 +97,12 @@ Optional:
 - `api_key` (String, Sensitive) API Key to use for authentication to Elasticsearch
 - `ca_data` (String) PEM-encoded custom Certificate Authority certificate
 - `ca_file` (String) Path to a custom Certificate Authority certificate
+- `cert_data` (String) PEM encoded certificate for client auth
+- `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth
 - `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number.
 - `insecure` (Boolean) Disable TLS certificate validation
+- `key_data` (String) PEM encoded private key for client auth
+- `key_file` (String) Path to a file containing the PEM encoded private key for client auth
 - `password` (String, Sensitive) A password to use for API authentication to Elasticsearch.
 - `username` (String) A username to use for API authentication to Elasticsearch.
 

diff --git a/docs/resources/elasticsearch_logstash_pipeline.md b/docs/resources/elasticsearch_logstash_pipeline.md
@@ -99,8 +99,12 @@ Optional:
 - `api_key` (String, Sensitive) API Key to use for authentication to Elasticsearch
 - `ca_data` (String) PEM-encoded custom Certificate Authority certificate
 - `ca_file` (String) Path to a custom Certificate Authority certificate
+- `cert_data` (String) PEM encoded certificate for client auth
+- `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth
 - `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number.
 - `insecure` (Boolean) Disable TLS certificate validation
+- `key_data` (String) PEM encoded private key for client auth
+- `key_file` (String) Path to a file containing the PEM encoded private key for client auth
 - `password` (String, Sensitive) A password to use for API authentication to Elasticsearch.
 - `username` (String) A username to use for API authentication to Elasticsearch.
 

diff --git a/docs/resources/elasticsearch_script.md b/docs/resources/elasticsearch_script.md
@@ -69,8 +69,12 @@ Optional:
 - `api_key` (String, Sensitive) API Key to use for authentication to Elasticsearch
 - `ca_data` (String) PEM-encoded custom Certificate Authority certificate
 - `ca_file` (String) Path to a custom Certificate Authority certificate
+- `cert_data` (String) PEM encoded certificate for client auth
+- `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth
 - `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number.
 - `insecure` (Boolean) Disable TLS certificate validation
+- `key_data` (String) PEM encoded private key for client auth
+- `key_file` (String) Path to a file containing the PEM encoded private key for client auth
 - `password` (String, Sensitive) A password to use for API authentication to Elasticsearch.
 - `username` (String) A username to use for API authentication to Elasticsearch.
 

diff --git a/docs/resources/elasticsearch_security_api_key.md b/docs/resources/elasticsearch_security_api_key.md
@@ -76,8 +76,12 @@ Optional:
 - `api_key` (String, Sensitive) API Key to use for authentication to Elasticsearch
 - `ca_data` (String) PEM-encoded custom Certificate Authority certificate
 - `ca_file` (String) Path to a custom Certificate Authority certificate
+- `cert_data` (String) PEM encoded certificate for client auth
+- `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth
 - `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number.
 - `insecure` (Boolean) Disable TLS certificate validation
+- `key_data` (String) PEM encoded private key for client auth
+- `key_file` (String) Path to a file containing the PEM encoded private key for client auth
 - `password` (String, Sensitive) A password to use for API authentication to Elasticsearch.
 - `username` (String) A username to use for API authentication to Elasticsearch.
 

diff --git a/docs/resources/elasticsearch_security_role.md b/docs/resources/elasticsearch_security_role.md
@@ -83,8 +83,12 @@ Optional:
 - `api_key` (String, Sensitive) API Key to use for authentication to Elasticsearch
 - `ca_data` (String) PEM-encoded custom Certificate Authority certificate
 - `ca_file` (String) Path to a custom Certificate Authority certificate
+- `cert_data` (String) PEM encoded certificate for client auth
+- `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth
 - `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number.
 - `insecure` (Boolean) Disable TLS certificate validation
+- `key_data` (String) PEM encoded private key for client auth
+- `key_file` (String) Path to a file containing the PEM encoded private key for client auth
 - `password` (String, Sensitive) A password to use for API authentication to Elasticsearch.
 - `username` (String) A username to use for API authentication to Elasticsearch.
 

diff --git a/docs/resources/elasticsearch_security_role_mapping.md b/docs/resources/elasticsearch_security_role_mapping.md
@@ -64,8 +64,12 @@ Optional:
 - `api_key` (String, Sensitive) API Key to use for authentication to Elasticsearch
 - `ca_data` (String) PEM-encoded custom Certificate Authority certificate
 - `ca_file` (String) Path to a custom Certificate Authority certificate
+- `cert_data` (String) PEM encoded certificate for client auth
+- `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth
 - `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number.
 - `insecure` (Boolean) Disable TLS certificate validation
+- `key_data` (String) PEM encoded private key for client auth
+- `key_file` (String) Path to a file containing the PEM encoded private key for client auth
 - `password` (String, Sensitive) A password to use for API authentication to Elasticsearch.
 - `username` (String) A username to use for API authentication to Elasticsearch.
 

diff --git a/docs/resources/elasticsearch_security_system_user.md b/docs/resources/elasticsearch_security_system_user.md
@@ -58,7 +58,11 @@ Optional:
 - `api_key` (String, Sensitive) API Key to use for authentication to Elasticsearch
 - `ca_data` (String) PEM-encoded custom Certificate Authority certificate
 - `ca_file` (String) Path to a custom Certificate Authority certificate
+- `cert_data` (String) PEM encoded certificate for client auth
+- `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth
 - `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number.
 - `insecure` (Boolean) Disable TLS certificate validation
+- `key_data` (String) PEM encoded private key for client auth
+- `key_file` (String) Path to a file containing the PEM encoded private key for client auth
 - `password` (String, Sensitive) A password to use for API authentication to Elasticsearch.
 - `username` (String) A username to use for API authentication to Elasticsearch.
diff --git a/docs/resources/elasticsearch_security_user.md b/docs/resources/elasticsearch_security_user.md
@@ -83,8 +83,12 @@ Optional:
 - `api_key` (String, Sensitive) API Key to use for authentication to Elasticsearch
 - `ca_data` (String) PEM-encoded custom Certificate Authority certificate
 - `ca_file` (String) Path to a custom Certificate Authority certificate
+- `cert_data` (String) PEM encoded certificate for client auth
+- `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth
 - `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number.
 - `insecure` (Boolean) Disable TLS certificate validation
+- `key_data` (String) PEM encoded private key for client auth
+- `key_file` (String) Path to a file containing the PEM encoded private key for client auth
 - `password` (String, Sensitive) A password to use for API authentication to Elasticsearch.
 - `username` (String) A username to use for API authentication to Elasticsearch.
 

diff --git a/docs/resources/elasticsearch_snapshot_lifecycle.md b/docs/resources/elasticsearch_snapshot_lifecycle.md
@@ -82,8 +82,12 @@ Optional:
 - `api_key` (String, Sensitive) API Key to use for authentication to Elasticsearch
 - `ca_data` (String) PEM-encoded custom Certificate Authority certificate
 - `ca_file` (String) Path to a custom Certificate Authority certificate
+- `cert_data` (String) PEM encoded certificate for client auth
+- `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth
 - `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number.
 - `insecure` (Boolean) Disable TLS certificate validation
+- `key_data` (String) PEM encoded private key for client auth
+- `key_file` (String) Path to a file containing the PEM encoded private key for client auth
 - `password` (String, Sensitive) A password to use for API authentication to Elasticsearch.
 - `username` (String) A username to use for API authentication to Elasticsearch.
 

diff --git a/docs/resources/elasticsearch_snapshot_repository.md b/docs/resources/elasticsearch_snapshot_repository.md
@@ -85,8 +85,12 @@ Optional:
 - `api_key` (String, Sensitive) API Key to use for authentication to Elasticsearch
 - `ca_data` (String) PEM-encoded custom Certificate Authority certificate
 - `ca_file` (String) Path to a custom Certificate Authority certificate
+- `cert_data` (String) PEM encoded certificate for client auth
+- `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth
 - `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number.
 - `insecure` (Boolean) Disable TLS certificate validation
+- `key_data` (String) PEM encoded private key for client auth
+- `key_file` (String) Path to a file containing the PEM encoded private key for client auth
 - `password` (String, Sensitive) A password to use for API authentication to Elasticsearch.
 - `username` (String) A username to use for API authentication to Elasticsearch.