From ebc022096d7e030aaf25b65b55701006278e4714 Mon Sep 17 00:00:00 2001 From: Adrian Bruinhout Date: Wed, 23 Nov 2022 16:09:30 +1100 Subject: [PATCH 1/9] DRY up ES connection schema --- internal/schema/connection.go | 103 ++++++++++++++++++++++++++++++++++ internal/utils/utils.go | 85 ++-------------------------- provider/provider.go | 86 ++-------------------------- 3 files changed, 113 insertions(+), 161 deletions(-) create mode 100644 internal/schema/connection.go diff --git a/internal/schema/connection.go b/internal/schema/connection.go new file mode 100644 index 000000000..2f9029586 --- /dev/null +++ b/internal/schema/connection.go @@ -0,0 +1,103 @@ +package schema + +import ( + "fmt" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func GetConnectionResource(keyName string) *schema.Resource { + username := makePathRef(keyName, "username") + password := makePathRef(keyName, "password") + caFile := makePathRef(keyName, "ca_file") + caData := makePathRef(keyName, "ca_data") + certFile := makePathRef(keyName, "cert_file") + certData := makePathRef(keyName, "cert_data") + keyFile := makePathRef(keyName, "key_file") + keyData := makePathRef(keyName, "key_data") + + return &schema.Resource{ + Schema: map[string]*schema.Schema{ + "username": { + Description: "A username to use for API authentication to Elasticsearch.", + Type: schema.TypeString, + Optional: true, + RequiredWith: []string{password}, + }, + "password": { + Description: "A password to use for API authentication to Elasticsearch.", + Type: schema.TypeString, + Optional: true, + Sensitive: true, + RequiredWith: []string{username}, + }, + "api_key": { + Description: "API Key to use for authentication to Elasticsearch", + Type: schema.TypeString, + Optional: true, + Sensitive: true, + ConflictsWith: []string{username, password}, + }, + "endpoints": { + Description: "A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number.", + Type: schema.TypeList, + Optional: true, + Sensitive: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "insecure": { + Description: "Disable TLS certificate validation", + Type: schema.TypeBool, + Optional: true, + DefaultFunc: schema.EnvDefaultFunc("ELASTICSEARCH_INSECURE", false), + }, + "ca_file": { + Description: "Path to a custom Certificate Authority certificate", + Type: schema.TypeString, + Optional: true, + ConflictsWith: []string{caData}, + }, + "ca_data": { + Description: "PEM-encoded custom Certificate Authority certificate", + Type: schema.TypeString, + Optional: true, + ConflictsWith: []string{caFile}, + }, + "cert_file": { + Description: "Path to a file containing the PEM encoded certificate for client auth", + Type: schema.TypeString, + Optional: true, + RequiredWith: []string{keyFile}, + ConflictsWith: []string{certData, keyData}, + }, + "key_file": { + Description: "Path to a file containing the PEM encoded private key for client auth", + Type: schema.TypeString, + Optional: true, + RequiredWith: []string{certFile}, + ConflictsWith: []string{certData, keyData}, + }, + "cert_data": { + Description: "PEM encoded certificate for client auth", + Type: schema.TypeString, + Optional: true, + RequiredWith: []string{keyData}, + ConflictsWith: []string{certFile, keyFile}, + }, + "key_data": { + Description: "PEM encoded private key for client auth", + Type: schema.TypeString, + Optional: true, + Sensitive: true, + RequiredWith: []string{certData}, + ConflictsWith: []string{certFile, keyFile}, + }, + }, + } +} + +func makePathRef(keyName string, keyValue string) string { + return fmt.Sprintf("%s.0.%s", keyName, keyValue) +} diff --git a/internal/utils/utils.go b/internal/utils/utils.go index 46dd0dbed..1b6b08a48 100644 --- a/internal/utils/utils.go +++ b/internal/utils/utils.go @@ -11,6 +11,7 @@ import ( "time" "github.com/elastic/go-elasticsearch/v7/esapi" + providerSchema "github.com/elastic/terraform-provider-elasticstack/internal/schema" "github.com/hashicorp/terraform-plugin-log/tflog" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" @@ -123,90 +124,14 @@ func IsEmpty(v interface{}) bool { // Returns the common connection schema for all the Elasticsearch resources, // which defines the fields which can be used to configure the API access func AddConnectionSchema(providedSchema map[string]*schema.Schema) { - providedSchema["elasticsearch_connection"] = &schema.Schema{ + connectionKeyName := "elasticsearch_connection" + + providedSchema[connectionKeyName] = &schema.Schema{ Description: "Used to establish connection to Elasticsearch server. Overrides environment variables if present.", Type: schema.TypeList, Optional: true, MaxItems: 1, - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "username": { - Description: "A username to use for API authentication to Elasticsearch.", - Type: schema.TypeString, - Optional: true, - RequiredWith: []string{"elasticsearch_connection.0.password"}, - }, - "password": { - Description: "A password to use for API authentication to Elasticsearch.", - Type: schema.TypeString, - Optional: true, - Sensitive: true, - RequiredWith: []string{"elasticsearch_connection.0.username"}, - }, - "api_key": { - Description: "API Key to use for authentication to Elasticsearch", - Type: schema.TypeString, - Optional: true, - Sensitive: true, - ConflictsWith: []string{"elasticsearch_connection.0.username", "elasticsearch_connection.0.password"}, - }, - "endpoints": { - Description: "A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number.", - Type: schema.TypeList, - Optional: true, - Sensitive: true, - Elem: &schema.Schema{ - Type: schema.TypeString, - }, - }, - "insecure": { - Description: "Disable TLS certificate validation", - Type: schema.TypeBool, - Optional: true, - Default: false, - }, - "ca_file": { - Description: "Path to a custom Certificate Authority certificate", - Type: schema.TypeString, - Optional: true, - ConflictsWith: []string{"elasticsearch_connection.0.ca_data"}, - }, - "ca_data": { - Description: "PEM-encoded custom Certificate Authority certificate", - Type: schema.TypeString, - Optional: true, - ConflictsWith: []string{"elasticsearch_connection.0.ca_file"}, - }, - "cert_file": { - Description: "Path to a file containing the PEM encoded certificate for client auth", - Type: schema.TypeString, - Optional: true, - RequiredWith: []string{"elasticsearch_connection.0.key_file"}, - ConflictsWith: []string{"elasticsearch_connection.0.cert_data", "elasticsearch_connection.0.key_data"}, - }, - "key_file": { - Description: "Path to a file containing the PEM encoded private key for client auth", - Type: schema.TypeString, - Optional: true, - RequiredWith: []string{"elasticsearch_connection.0.cert_file"}, - ConflictsWith: []string{"elasticsearch_connection.0.cert_data", "elasticsearch_connection.0.key_data"}, - }, - "cert_data": { - Description: "PEM encoded certificate for client auth", - Type: schema.TypeString, - Optional: true, - RequiredWith: []string{"elasticsearch_connection.0.key_data"}, - ConflictsWith: []string{"elasticsearch_connection.0.cert_file", "elasticsearch_connection.0.key_file"}, - }, - "key_data": { - Description: "PEM encoded private key for client auth", - Type: schema.TypeString, - Optional: true, - RequiredWith: []string{"elasticsearch_connection.0.cert_data"}, - ConflictsWith: []string{"elasticsearch_connection.0.cert_file", "elasticsearch_connection.0.key_file"}, - }, - }, - }, + Elem: providerSchema.GetConnectionResource(connectionKeyName), } } diff --git a/provider/provider.go b/provider/provider.go index b5b1e63a9..a671fb8d9 100644 --- a/provider/provider.go +++ b/provider/provider.go @@ -7,6 +7,7 @@ import ( "github.com/elastic/terraform-provider-elasticstack/internal/elasticsearch/ingest" "github.com/elastic/terraform-provider-elasticstack/internal/elasticsearch/logstash" "github.com/elastic/terraform-provider-elasticstack/internal/elasticsearch/security" + providerSchema "github.com/elastic/terraform-provider-elasticstack/internal/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) @@ -17,95 +18,18 @@ func init() { } func New(version string) func() *schema.Provider { + esKeyName := "elasticsearch" + return func() *schema.Provider { p := &schema.Provider{ Schema: map[string]*schema.Schema{ - "elasticsearch": { + esKeyName: { Description: "Default Elasticsearch connection configuration block.", Type: schema.TypeList, MaxItems: 1, Optional: true, - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "username": { - Description: "Username to use for API authentication to Elasticsearch.", - Type: schema.TypeString, - Optional: true, - DefaultFunc: schema.EnvDefaultFunc("ELASTICSEARCH_USERNAME", nil), - }, - "password": { - Description: "Password to use for API authentication to Elasticsearch.", - Type: schema.TypeString, - Optional: true, - Sensitive: true, - DefaultFunc: schema.EnvDefaultFunc("ELASTICSEARCH_PASSWORD", nil), - }, - "api_key": { - Description: "API Key to use for authentication to Elasticsearch", - Type: schema.TypeString, - Optional: true, - Sensitive: true, - DefaultFunc: schema.EnvDefaultFunc("ELASTICSEARCH_API_KEY", nil), - }, - "endpoints": { - Description: "A comma-separated list of endpoints where the terraform provider will point to, this must include the http(s) schema and port number.", - Type: schema.TypeList, - Optional: true, - Sensitive: true, - Elem: &schema.Schema{ - Type: schema.TypeString, - }, - }, - "insecure": { - Description: "Disable TLS certificate validation", - Type: schema.TypeBool, - Optional: true, - DefaultFunc: schema.EnvDefaultFunc("ELASTICSEARCH_INSECURE", false), - }, - "ca_file": { - Description: "Path to a custom Certificate Authority certificate", - Type: schema.TypeString, - Optional: true, - ConflictsWith: []string{"elasticsearch.0.ca_data"}, - }, - "ca_data": { - Description: "PEM-encoded custom Certificate Authority certificate", - Type: schema.TypeString, - Optional: true, - ConflictsWith: []string{"elasticsearch.0.ca_file"}, - }, - "cert_file": { - Description: "Path to a file containing the PEM encoded certificate for client auth", - Type: schema.TypeString, - Optional: true, - RequiredWith: []string{"elasticsearch.0.key_file"}, - ConflictsWith: []string{"elasticsearch.0.cert_data", "elasticsearch.0.key_data"}, - }, - "key_file": { - Description: "Path to a file containing the PEM encoded private key for client auth", - Type: schema.TypeString, - Optional: true, - RequiredWith: []string{"elasticsearch.0.cert_file"}, - ConflictsWith: []string{"elasticsearch.0.cert_data", "elasticsearch.0.key_data"}, - }, - "cert_data": { - Description: "PEM encoded certificate for client auth", - Type: schema.TypeString, - Optional: true, - RequiredWith: []string{"elasticsearch.0.key_data"}, - ConflictsWith: []string{"elasticsearch.0.cert_file", "elasticsearch.0.key_file"}, - }, - "key_data": { - Description: "PEM encoded private key for client auth", - Type: schema.TypeString, - Optional: true, - Sensitive: true, - RequiredWith: []string{"elasticsearch.0.cert_data"}, - ConflictsWith: []string{"elasticsearch.0.cert_file", "elasticsearch.0.key_file"}, - }, - }, - }, + Elem: providerSchema.GetConnectionResource(esKeyName), }, }, DataSourcesMap: map[string]*schema.Resource{ From 8c70e02c73e3d5de8bb2e92f2fa8540abdd4ce92 Mon Sep 17 00:00:00 2001 From: Adrian Bruinhout Date: Wed, 23 Nov 2022 15:22:30 +1100 Subject: [PATCH 2/9] Begin DRYing up ES connection resource --- internal/schema/connection.go | 51 ++++++++++++++++++----------------- 1 file changed, 27 insertions(+), 24 deletions(-) diff --git a/internal/schema/connection.go b/internal/schema/connection.go index 2f9029586..0cc3a61aa 100644 --- a/internal/schema/connection.go +++ b/internal/schema/connection.go @@ -7,39 +7,42 @@ import ( ) func GetConnectionResource(keyName string) *schema.Resource { - username := makePathRef(keyName, "username") - password := makePathRef(keyName, "password") - caFile := makePathRef(keyName, "ca_file") - caData := makePathRef(keyName, "ca_data") - certFile := makePathRef(keyName, "cert_file") - certData := makePathRef(keyName, "cert_data") - keyFile := makePathRef(keyName, "key_file") - keyData := makePathRef(keyName, "key_data") + usernamePath := makePathRef(keyName, "username") + passwordPath := makePathRef(keyName, "password") + caFilePath := makePathRef(keyName, "ca_file") + caDataPath := makePathRef(keyName, "ca_data") + certFilePath := makePathRef(keyName, "cert_file") + certDataPath := makePathRef(keyName, "cert_data") + keyFilePath := makePathRef(keyName, "key_file") + keyDataPath := makePathRef(keyName, "key_data") return &schema.Resource{ Schema: map[string]*schema.Schema{ "username": { - Description: "A username to use for API authentication to Elasticsearch.", + Description: "Username to use for API authentication to Elasticsearch.", Type: schema.TypeString, Optional: true, - RequiredWith: []string{password}, + DefaultFunc: schema.EnvDefaultFunc("ELASTICSEARCH_USERNAME", nil), + RequiredWith: []string{passwordPath}, }, "password": { - Description: "A password to use for API authentication to Elasticsearch.", + Description: "Password to use for API authentication to Elasticsearch.", Type: schema.TypeString, Optional: true, Sensitive: true, - RequiredWith: []string{username}, + DefaultFunc: schema.EnvDefaultFunc("ELASTICSEARCH_PASSWORD", nil), + RequiredWith: []string{usernamePath}, }, "api_key": { Description: "API Key to use for authentication to Elasticsearch", Type: schema.TypeString, Optional: true, Sensitive: true, - ConflictsWith: []string{username, password}, + DefaultFunc: schema.EnvDefaultFunc("ELASTICSEARCH_API_KEY", nil), + ConflictsWith: []string{usernamePath, passwordPath}, }, "endpoints": { - Description: "A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number.", + Description: "A comma-separated list of endpoints where the terraform provider will point to, this must include the http(s) schema and port number.", Type: schema.TypeList, Optional: true, Sensitive: true, @@ -57,42 +60,42 @@ func GetConnectionResource(keyName string) *schema.Resource { Description: "Path to a custom Certificate Authority certificate", Type: schema.TypeString, Optional: true, - ConflictsWith: []string{caData}, + ConflictsWith: []string{caDataPath}, }, "ca_data": { Description: "PEM-encoded custom Certificate Authority certificate", Type: schema.TypeString, Optional: true, - ConflictsWith: []string{caFile}, + ConflictsWith: []string{caFilePath}, }, "cert_file": { Description: "Path to a file containing the PEM encoded certificate for client auth", Type: schema.TypeString, Optional: true, - RequiredWith: []string{keyFile}, - ConflictsWith: []string{certData, keyData}, + RequiredWith: []string{keyFilePath}, + ConflictsWith: []string{certDataPath, keyDataPath}, }, "key_file": { Description: "Path to a file containing the PEM encoded private key for client auth", Type: schema.TypeString, Optional: true, - RequiredWith: []string{certFile}, - ConflictsWith: []string{certData, keyData}, + RequiredWith: []string{certFilePath}, + ConflictsWith: []string{certDataPath, keyDataPath}, }, "cert_data": { Description: "PEM encoded certificate for client auth", Type: schema.TypeString, Optional: true, - RequiredWith: []string{keyData}, - ConflictsWith: []string{certFile, keyFile}, + RequiredWith: []string{keyDataPath}, + ConflictsWith: []string{certFilePath, keyFilePath}, }, "key_data": { Description: "PEM encoded private key for client auth", Type: schema.TypeString, Optional: true, Sensitive: true, - RequiredWith: []string{certData}, - ConflictsWith: []string{certFile, keyFile}, + RequiredWith: []string{certDataPath}, + ConflictsWith: []string{certFilePath, keyFilePath}, }, }, } From 27a5531e2de26113b61fdc3406bf6be4d107b50d Mon Sep 17 00:00:00 2001 From: Adrian Bruinhout Date: Wed, 23 Nov 2022 16:37:44 +1100 Subject: [PATCH 3/9] Commenting out RequiredWith, until I can figure out why it's not optional --- internal/schema/connection.go | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/internal/schema/connection.go b/internal/schema/connection.go index 0cc3a61aa..a6b45b8f5 100644 --- a/internal/schema/connection.go +++ b/internal/schema/connection.go @@ -19,19 +19,19 @@ func GetConnectionResource(keyName string) *schema.Resource { return &schema.Resource{ Schema: map[string]*schema.Schema{ "username": { - Description: "Username to use for API authentication to Elasticsearch.", - Type: schema.TypeString, - Optional: true, - DefaultFunc: schema.EnvDefaultFunc("ELASTICSEARCH_USERNAME", nil), - RequiredWith: []string{passwordPath}, + Description: "Username to use for API authentication to Elasticsearch.", + Type: schema.TypeString, + Optional: true, + DefaultFunc: schema.EnvDefaultFunc("ELASTICSEARCH_USERNAME", nil), + // RequiredWith: []string{passwordPath}, }, "password": { - Description: "Password to use for API authentication to Elasticsearch.", - Type: schema.TypeString, - Optional: true, - Sensitive: true, - DefaultFunc: schema.EnvDefaultFunc("ELASTICSEARCH_PASSWORD", nil), - RequiredWith: []string{usernamePath}, + Description: "Password to use for API authentication to Elasticsearch.", + Type: schema.TypeString, + Optional: true, + Sensitive: true, + DefaultFunc: schema.EnvDefaultFunc("ELASTICSEARCH_PASSWORD", nil), + // RequiredWith: []string{usernamePath}, }, "api_key": { Description: "API Key to use for authentication to Elasticsearch", From 5ee9209e3e793e664cbc715b8a0557a3b900b3fb Mon Sep 17 00:00:00 2001 From: Adrian Bruinhout Date: Wed, 23 Nov 2022 16:57:57 +1100 Subject: [PATCH 4/9] Abstract Schema instead of just the Resource --- internal/schema/connection.go | 166 ++++++++++++++++++---------------- internal/utils/utils.go | 8 +- provider/provider.go | 8 +- 3 files changed, 88 insertions(+), 94 deletions(-) diff --git a/internal/schema/connection.go b/internal/schema/connection.go index a6b45b8f5..a533c141a 100644 --- a/internal/schema/connection.go +++ b/internal/schema/connection.go @@ -6,7 +6,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) -func GetConnectionResource(keyName string) *schema.Resource { +func GetConnectionSchema(keyName string) *schema.Schema { usernamePath := makePathRef(keyName, "username") passwordPath := makePathRef(keyName, "password") caFilePath := makePathRef(keyName, "ca_file") @@ -16,86 +16,92 @@ func GetConnectionResource(keyName string) *schema.Resource { keyFilePath := makePathRef(keyName, "key_file") keyDataPath := makePathRef(keyName, "key_data") - return &schema.Resource{ - Schema: map[string]*schema.Schema{ - "username": { - Description: "Username to use for API authentication to Elasticsearch.", - Type: schema.TypeString, - Optional: true, - DefaultFunc: schema.EnvDefaultFunc("ELASTICSEARCH_USERNAME", nil), - // RequiredWith: []string{passwordPath}, - }, - "password": { - Description: "Password to use for API authentication to Elasticsearch.", - Type: schema.TypeString, - Optional: true, - Sensitive: true, - DefaultFunc: schema.EnvDefaultFunc("ELASTICSEARCH_PASSWORD", nil), - // RequiredWith: []string{usernamePath}, - }, - "api_key": { - Description: "API Key to use for authentication to Elasticsearch", - Type: schema.TypeString, - Optional: true, - Sensitive: true, - DefaultFunc: schema.EnvDefaultFunc("ELASTICSEARCH_API_KEY", nil), - ConflictsWith: []string{usernamePath, passwordPath}, - }, - "endpoints": { - Description: "A comma-separated list of endpoints where the terraform provider will point to, this must include the http(s) schema and port number.", - Type: schema.TypeList, - Optional: true, - Sensitive: true, - Elem: &schema.Schema{ - Type: schema.TypeString, + return &schema.Schema{ + Description: "Elasticsearch connection configuration block.", + Type: schema.TypeList, + MaxItems: 1, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "username": { + Description: "Username to use for API authentication to Elasticsearch.", + Type: schema.TypeString, + Optional: true, + DefaultFunc: schema.EnvDefaultFunc("ELASTICSEARCH_USERNAME", nil), + // RequiredWith: []string{passwordPath}, + }, + "password": { + Description: "Password to use for API authentication to Elasticsearch.", + Type: schema.TypeString, + Optional: true, + Sensitive: true, + DefaultFunc: schema.EnvDefaultFunc("ELASTICSEARCH_PASSWORD", nil), + // RequiredWith: []string{usernamePath}, + }, + "api_key": { + Description: "API Key to use for authentication to Elasticsearch", + Type: schema.TypeString, + Optional: true, + Sensitive: true, + DefaultFunc: schema.EnvDefaultFunc("ELASTICSEARCH_API_KEY", nil), + ConflictsWith: []string{usernamePath, passwordPath}, + }, + "endpoints": { + Description: "A comma-separated list of endpoints where the terraform provider will point to, this must include the http(s) schema and port number.", + Type: schema.TypeList, + Optional: true, + Sensitive: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "insecure": { + Description: "Disable TLS certificate validation", + Type: schema.TypeBool, + Optional: true, + DefaultFunc: schema.EnvDefaultFunc("ELASTICSEARCH_INSECURE", false), + }, + "ca_file": { + Description: "Path to a custom Certificate Authority certificate", + Type: schema.TypeString, + Optional: true, + ConflictsWith: []string{caDataPath}, + }, + "ca_data": { + Description: "PEM-encoded custom Certificate Authority certificate", + Type: schema.TypeString, + Optional: true, + ConflictsWith: []string{caFilePath}, + }, + "cert_file": { + Description: "Path to a file containing the PEM encoded certificate for client auth", + Type: schema.TypeString, + Optional: true, + RequiredWith: []string{keyFilePath}, + ConflictsWith: []string{certDataPath, keyDataPath}, + }, + "key_file": { + Description: "Path to a file containing the PEM encoded private key for client auth", + Type: schema.TypeString, + Optional: true, + RequiredWith: []string{certFilePath}, + ConflictsWith: []string{certDataPath, keyDataPath}, + }, + "cert_data": { + Description: "PEM encoded certificate for client auth", + Type: schema.TypeString, + Optional: true, + RequiredWith: []string{keyDataPath}, + ConflictsWith: []string{certFilePath, keyFilePath}, + }, + "key_data": { + Description: "PEM encoded private key for client auth", + Type: schema.TypeString, + Optional: true, + Sensitive: true, + RequiredWith: []string{certDataPath}, + ConflictsWith: []string{certFilePath, keyFilePath}, }, - }, - "insecure": { - Description: "Disable TLS certificate validation", - Type: schema.TypeBool, - Optional: true, - DefaultFunc: schema.EnvDefaultFunc("ELASTICSEARCH_INSECURE", false), - }, - "ca_file": { - Description: "Path to a custom Certificate Authority certificate", - Type: schema.TypeString, - Optional: true, - ConflictsWith: []string{caDataPath}, - }, - "ca_data": { - Description: "PEM-encoded custom Certificate Authority certificate", - Type: schema.TypeString, - Optional: true, - ConflictsWith: []string{caFilePath}, - }, - "cert_file": { - Description: "Path to a file containing the PEM encoded certificate for client auth", - Type: schema.TypeString, - Optional: true, - RequiredWith: []string{keyFilePath}, - ConflictsWith: []string{certDataPath, keyDataPath}, - }, - "key_file": { - Description: "Path to a file containing the PEM encoded private key for client auth", - Type: schema.TypeString, - Optional: true, - RequiredWith: []string{certFilePath}, - ConflictsWith: []string{certDataPath, keyDataPath}, - }, - "cert_data": { - Description: "PEM encoded certificate for client auth", - Type: schema.TypeString, - Optional: true, - RequiredWith: []string{keyDataPath}, - ConflictsWith: []string{certFilePath, keyFilePath}, - }, - "key_data": { - Description: "PEM encoded private key for client auth", - Type: schema.TypeString, - Optional: true, - Sensitive: true, - RequiredWith: []string{certDataPath}, - ConflictsWith: []string{certFilePath, keyFilePath}, }, }, } diff --git a/internal/utils/utils.go b/internal/utils/utils.go index 1b6b08a48..2296481b5 100644 --- a/internal/utils/utils.go +++ b/internal/utils/utils.go @@ -126,13 +126,7 @@ func IsEmpty(v interface{}) bool { func AddConnectionSchema(providedSchema map[string]*schema.Schema) { connectionKeyName := "elasticsearch_connection" - providedSchema[connectionKeyName] = &schema.Schema{ - Description: "Used to establish connection to Elasticsearch server. Overrides environment variables if present.", - Type: schema.TypeList, - Optional: true, - MaxItems: 1, - Elem: providerSchema.GetConnectionResource(connectionKeyName), - } + providedSchema[connectionKeyName] = providerSchema.GetConnectionSchema(connectionKeyName) } func StringToHash(s string) (*string, error) { diff --git a/provider/provider.go b/provider/provider.go index a671fb8d9..de2e2dafb 100644 --- a/provider/provider.go +++ b/provider/provider.go @@ -24,13 +24,7 @@ func New(version string) func() *schema.Provider { p := &schema.Provider{ Schema: map[string]*schema.Schema{ - esKeyName: { - Description: "Default Elasticsearch connection configuration block.", - Type: schema.TypeList, - MaxItems: 1, - Optional: true, - Elem: providerSchema.GetConnectionResource(esKeyName), - }, + esKeyName: providerSchema.GetConnectionSchema(esKeyName), }, DataSourcesMap: map[string]*schema.Resource{ "elasticstack_elasticsearch_ingest_processor_append": ingest.DataSourceProcessorAppend(), From 9c77a8868e5c4b7509f5758968d21d63a066010e Mon Sep 17 00:00:00 2001 From: Adrian Bruinhout Date: Wed, 23 Nov 2022 17:08:41 +1100 Subject: [PATCH 5/9] docs --- docs/data-sources/elasticsearch_security_role.md | 10 +++++----- .../elasticsearch_security_role_mapping.md | 10 +++++----- docs/data-sources/elasticsearch_security_user.md | 10 +++++----- docs/data-sources/elasticsearch_snapshot_repository.md | 10 +++++----- docs/index.md | 2 +- docs/resources/elasticsearch_cluster_settings.md | 10 +++++----- docs/resources/elasticsearch_component_template.md | 10 +++++----- docs/resources/elasticsearch_data_stream.md | 10 +++++----- docs/resources/elasticsearch_index.md | 10 +++++----- docs/resources/elasticsearch_index_lifecycle.md | 10 +++++----- docs/resources/elasticsearch_index_template.md | 10 +++++----- docs/resources/elasticsearch_ingest_pipeline.md | 10 +++++----- docs/resources/elasticsearch_logstash_pipeline.md | 10 +++++----- docs/resources/elasticsearch_script.md | 10 +++++----- docs/resources/elasticsearch_security_api_key.md | 10 +++++----- docs/resources/elasticsearch_security_role.md | 10 +++++----- docs/resources/elasticsearch_security_role_mapping.md | 10 +++++----- docs/resources/elasticsearch_security_system_user.md | 10 +++++----- docs/resources/elasticsearch_security_user.md | 10 +++++----- docs/resources/elasticsearch_snapshot_lifecycle.md | 10 +++++----- docs/resources/elasticsearch_snapshot_repository.md | 10 +++++----- 21 files changed, 101 insertions(+), 101 deletions(-) diff --git a/docs/data-sources/elasticsearch_security_role.md b/docs/data-sources/elasticsearch_security_role.md index f6de31042..6d4c79695 100644 --- a/docs/data-sources/elasticsearch_security_role.md +++ b/docs/data-sources/elasticsearch_security_role.md @@ -35,7 +35,7 @@ output "role" { ### Optional -- `elasticsearch_connection` (Block List, Max: 1) Used to establish connection to Elasticsearch server. Overrides environment variables if present. (see [below for nested schema](#nestedblock--elasticsearch_connection)) +- `elasticsearch_connection` (Block List, Max: 1) Elasticsearch connection configuration block. (see [below for nested schema](#nestedblock--elasticsearch_connection)) - `run_as` (Set of String) A list of users that the owners of this role can impersonate. ### Read-Only @@ -57,12 +57,12 @@ Optional: - `ca_file` (String) Path to a custom Certificate Authority certificate - `cert_data` (String) PEM encoded certificate for client auth - `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth -- `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number. +- `endpoints` (List of String, Sensitive) A comma-separated list of endpoints where the terraform provider will point to, this must include the http(s) schema and port number. - `insecure` (Boolean) Disable TLS certificate validation -- `key_data` (String) PEM encoded private key for client auth +- `key_data` (String, Sensitive) PEM encoded private key for client auth - `key_file` (String) Path to a file containing the PEM encoded private key for client auth -- `password` (String, Sensitive) A password to use for API authentication to Elasticsearch. -- `username` (String) A username to use for API authentication to Elasticsearch. +- `password` (String, Sensitive) Password to use for API authentication to Elasticsearch. +- `username` (String) Username to use for API authentication to Elasticsearch. diff --git a/docs/data-sources/elasticsearch_security_role_mapping.md b/docs/data-sources/elasticsearch_security_role_mapping.md index 522289b31..e72af73d7 100644 --- a/docs/data-sources/elasticsearch_security_role_mapping.md +++ b/docs/data-sources/elasticsearch_security_role_mapping.md @@ -35,7 +35,7 @@ output "user" { ### Optional -- `elasticsearch_connection` (Block List, Max: 1) Used to establish connection to Elasticsearch server. Overrides environment variables if present. (see [below for nested schema](#nestedblock--elasticsearch_connection)) +- `elasticsearch_connection` (Block List, Max: 1) Elasticsearch connection configuration block. (see [below for nested schema](#nestedblock--elasticsearch_connection)) ### Read-Only @@ -56,9 +56,9 @@ Optional: - `ca_file` (String) Path to a custom Certificate Authority certificate - `cert_data` (String) PEM encoded certificate for client auth - `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth -- `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number. +- `endpoints` (List of String, Sensitive) A comma-separated list of endpoints where the terraform provider will point to, this must include the http(s) schema and port number. - `insecure` (Boolean) Disable TLS certificate validation -- `key_data` (String) PEM encoded private key for client auth +- `key_data` (String, Sensitive) PEM encoded private key for client auth - `key_file` (String) Path to a file containing the PEM encoded private key for client auth -- `password` (String, Sensitive) A password to use for API authentication to Elasticsearch. -- `username` (String) A username to use for API authentication to Elasticsearch. +- `password` (String, Sensitive) Password to use for API authentication to Elasticsearch. +- `username` (String) Username to use for API authentication to Elasticsearch. diff --git a/docs/data-sources/elasticsearch_security_user.md b/docs/data-sources/elasticsearch_security_user.md index 634fff7b0..1feef883b 100644 --- a/docs/data-sources/elasticsearch_security_user.md +++ b/docs/data-sources/elasticsearch_security_user.md @@ -35,7 +35,7 @@ output "user" { ### Optional -- `elasticsearch_connection` (Block List, Max: 1) Used to establish connection to Elasticsearch server. Overrides environment variables if present. (see [below for nested schema](#nestedblock--elasticsearch_connection)) +- `elasticsearch_connection` (Block List, Max: 1) Elasticsearch connection configuration block. (see [below for nested schema](#nestedblock--elasticsearch_connection)) ### Read-Only @@ -56,9 +56,9 @@ Optional: - `ca_file` (String) Path to a custom Certificate Authority certificate - `cert_data` (String) PEM encoded certificate for client auth - `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth -- `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number. +- `endpoints` (List of String, Sensitive) A comma-separated list of endpoints where the terraform provider will point to, this must include the http(s) schema and port number. - `insecure` (Boolean) Disable TLS certificate validation -- `key_data` (String) PEM encoded private key for client auth +- `key_data` (String, Sensitive) PEM encoded private key for client auth - `key_file` (String) Path to a file containing the PEM encoded private key for client auth -- `password` (String, Sensitive) A password to use for API authentication to Elasticsearch. -- `username` (String) A username to use for API authentication to Elasticsearch. +- `password` (String, Sensitive) Password to use for API authentication to Elasticsearch. +- `username` (String) Username to use for API authentication to Elasticsearch. diff --git a/docs/data-sources/elasticsearch_snapshot_repository.md b/docs/data-sources/elasticsearch_snapshot_repository.md index 9c4806467..24ab9e154 100644 --- a/docs/data-sources/elasticsearch_snapshot_repository.md +++ b/docs/data-sources/elasticsearch_snapshot_repository.md @@ -61,7 +61,7 @@ output "repo_url" { ### Optional -- `elasticsearch_connection` (Block List, Max: 1) Used to establish connection to Elasticsearch server. Overrides environment variables if present. (see [below for nested schema](#nestedblock--elasticsearch_connection)) +- `elasticsearch_connection` (Block List, Max: 1) Elasticsearch connection configuration block. (see [below for nested schema](#nestedblock--elasticsearch_connection)) ### Read-Only @@ -84,12 +84,12 @@ Optional: - `ca_file` (String) Path to a custom Certificate Authority certificate - `cert_data` (String) PEM encoded certificate for client auth - `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth -- `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number. +- `endpoints` (List of String, Sensitive) A comma-separated list of endpoints where the terraform provider will point to, this must include the http(s) schema and port number. - `insecure` (Boolean) Disable TLS certificate validation -- `key_data` (String) PEM encoded private key for client auth +- `key_data` (String, Sensitive) PEM encoded private key for client auth - `key_file` (String) Path to a file containing the PEM encoded private key for client auth -- `password` (String, Sensitive) A password to use for API authentication to Elasticsearch. -- `username` (String) A username to use for API authentication to Elasticsearch. +- `password` (String, Sensitive) Password to use for API authentication to Elasticsearch. +- `username` (String) Username to use for API authentication to Elasticsearch. diff --git a/docs/index.md b/docs/index.md index e8c76573d..f0d18233d 100644 --- a/docs/index.md +++ b/docs/index.md @@ -85,7 +85,7 @@ provider "elasticstack" { ### Optional -- `elasticsearch` (Block List, Max: 1) Default Elasticsearch connection configuration block. (see [below for nested schema](#nestedblock--elasticsearch)) +- `elasticsearch` (Block List, Max: 1) Elasticsearch connection configuration block. (see [below for nested schema](#nestedblock--elasticsearch)) ### Nested Schema for `elasticsearch` diff --git a/docs/resources/elasticsearch_cluster_settings.md b/docs/resources/elasticsearch_cluster_settings.md index ff76a40db..524e6fb23 100644 --- a/docs/resources/elasticsearch_cluster_settings.md +++ b/docs/resources/elasticsearch_cluster_settings.md @@ -51,7 +51,7 @@ resource "elasticstack_elasticsearch_cluster_settings" "my_cluster_settings" { ### Optional -- `elasticsearch_connection` (Block List, Max: 1) Used to establish connection to Elasticsearch server. Overrides environment variables if present. (see [below for nested schema](#nestedblock--elasticsearch_connection)) +- `elasticsearch_connection` (Block List, Max: 1) Elasticsearch connection configuration block. (see [below for nested schema](#nestedblock--elasticsearch_connection)) - `persistent` (Block List, Max: 1) Settings will apply across restarts. (see [below for nested schema](#nestedblock--persistent)) - `transient` (Block List, Max: 1) Settings do not survive a full cluster restart. (see [below for nested schema](#nestedblock--transient)) @@ -69,12 +69,12 @@ Optional: - `ca_file` (String) Path to a custom Certificate Authority certificate - `cert_data` (String) PEM encoded certificate for client auth - `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth -- `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number. +- `endpoints` (List of String, Sensitive) A comma-separated list of endpoints where the terraform provider will point to, this must include the http(s) schema and port number. - `insecure` (Boolean) Disable TLS certificate validation -- `key_data` (String) PEM encoded private key for client auth +- `key_data` (String, Sensitive) PEM encoded private key for client auth - `key_file` (String) Path to a file containing the PEM encoded private key for client auth -- `password` (String, Sensitive) A password to use for API authentication to Elasticsearch. -- `username` (String) A username to use for API authentication to Elasticsearch. +- `password` (String, Sensitive) Password to use for API authentication to Elasticsearch. +- `username` (String) Username to use for API authentication to Elasticsearch. diff --git a/docs/resources/elasticsearch_component_template.md b/docs/resources/elasticsearch_component_template.md index 09ddd4159..e6781019d 100644 --- a/docs/resources/elasticsearch_component_template.md +++ b/docs/resources/elasticsearch_component_template.md @@ -49,7 +49,7 @@ resource "elasticstack_elasticsearch_index_template" "my_template" { ### Optional -- `elasticsearch_connection` (Block List, Max: 1) Used to establish connection to Elasticsearch server. Overrides environment variables if present. (see [below for nested schema](#nestedblock--elasticsearch_connection)) +- `elasticsearch_connection` (Block List, Max: 1) Elasticsearch connection configuration block. (see [below for nested schema](#nestedblock--elasticsearch_connection)) - `metadata` (String) Optional user metadata about the component template. - `version` (Number) Version number used to manage component templates externally. @@ -94,12 +94,12 @@ Optional: - `ca_file` (String) Path to a custom Certificate Authority certificate - `cert_data` (String) PEM encoded certificate for client auth - `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth -- `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number. +- `endpoints` (List of String, Sensitive) A comma-separated list of endpoints where the terraform provider will point to, this must include the http(s) schema and port number. - `insecure` (Boolean) Disable TLS certificate validation -- `key_data` (String) PEM encoded private key for client auth +- `key_data` (String, Sensitive) PEM encoded private key for client auth - `key_file` (String) Path to a file containing the PEM encoded private key for client auth -- `password` (String, Sensitive) A password to use for API authentication to Elasticsearch. -- `username` (String) A username to use for API authentication to Elasticsearch. +- `password` (String, Sensitive) Password to use for API authentication to Elasticsearch. +- `username` (String) Username to use for API authentication to Elasticsearch. ## Import diff --git a/docs/resources/elasticsearch_data_stream.md b/docs/resources/elasticsearch_data_stream.md index d20c9ce57..3a6cd9985 100644 --- a/docs/resources/elasticsearch_data_stream.md +++ b/docs/resources/elasticsearch_data_stream.md @@ -74,7 +74,7 @@ resource "elasticstack_elasticsearch_data_stream" "my_data_stream" { ### Optional -- `elasticsearch_connection` (Block List, Max: 1) Used to establish connection to Elasticsearch server. Overrides environment variables if present. (see [below for nested schema](#nestedblock--elasticsearch_connection)) +- `elasticsearch_connection` (Block List, Max: 1) Elasticsearch connection configuration block. (see [below for nested schema](#nestedblock--elasticsearch_connection)) ### Read-Only @@ -100,12 +100,12 @@ Optional: - `ca_file` (String) Path to a custom Certificate Authority certificate - `cert_data` (String) PEM encoded certificate for client auth - `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth -- `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number. +- `endpoints` (List of String, Sensitive) A comma-separated list of endpoints where the terraform provider will point to, this must include the http(s) schema and port number. - `insecure` (Boolean) Disable TLS certificate validation -- `key_data` (String) PEM encoded private key for client auth +- `key_data` (String, Sensitive) PEM encoded private key for client auth - `key_file` (String) Path to a file containing the PEM encoded private key for client auth -- `password` (String, Sensitive) A password to use for API authentication to Elasticsearch. -- `username` (String) A username to use for API authentication to Elasticsearch. +- `password` (String, Sensitive) Password to use for API authentication to Elasticsearch. +- `username` (String) Username to use for API authentication to Elasticsearch. diff --git a/docs/resources/elasticsearch_index.md b/docs/resources/elasticsearch_index.md index 988401e79..d2abb8edd 100644 --- a/docs/resources/elasticsearch_index.md +++ b/docs/resources/elasticsearch_index.md @@ -75,7 +75,7 @@ resource "elasticstack_elasticsearch_index" "my_index" { - `blocks_write` (Boolean) Set to `true` to disable data write operations against the index. This setting does not affect metadata. - `codec` (String) The `default` value compresses stored data with LZ4 compression, but this can be set to `best_compression` which uses DEFLATE for a higher compression ratio. This can be set only on creation. - `default_pipeline` (String) The default ingest node pipeline for this index. Index requests will fail if the default pipeline is set and the pipeline does not exist. -- `elasticsearch_connection` (Block List, Max: 1) Used to establish connection to Elasticsearch server. Overrides environment variables if present. (see [below for nested schema](#nestedblock--elasticsearch_connection)) +- `elasticsearch_connection` (Block List, Max: 1) Elasticsearch connection configuration block. (see [below for nested schema](#nestedblock--elasticsearch_connection)) - `final_pipeline` (String) Final ingest pipeline for the index. Indexing requests will fail if the final pipeline is set and the pipeline does not exist. The final pipeline always runs after the request pipeline (if specified) and the default pipeline (if it exists). The special pipeline name _none indicates no ingest pipeline will run. - `gc_deletes` (String) The length of time that a deleted document's version number remains available for further versioned operations. - `highlight_max_analyzed_offset` (Number) The maximum number of characters that will be analyzed for a highlight request. @@ -156,12 +156,12 @@ Optional: - `ca_file` (String) Path to a custom Certificate Authority certificate - `cert_data` (String) PEM encoded certificate for client auth - `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth -- `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number. +- `endpoints` (List of String, Sensitive) A comma-separated list of endpoints where the terraform provider will point to, this must include the http(s) schema and port number. - `insecure` (Boolean) Disable TLS certificate validation -- `key_data` (String) PEM encoded private key for client auth +- `key_data` (String, Sensitive) PEM encoded private key for client auth - `key_file` (String) Path to a file containing the PEM encoded private key for client auth -- `password` (String, Sensitive) A password to use for API authentication to Elasticsearch. -- `username` (String) A username to use for API authentication to Elasticsearch. +- `password` (String, Sensitive) Password to use for API authentication to Elasticsearch. +- `username` (String) Username to use for API authentication to Elasticsearch. diff --git a/docs/resources/elasticsearch_index_lifecycle.md b/docs/resources/elasticsearch_index_lifecycle.md index 3914aa93d..61a432727 100644 --- a/docs/resources/elasticsearch_index_lifecycle.md +++ b/docs/resources/elasticsearch_index_lifecycle.md @@ -64,7 +64,7 @@ resource "elasticstack_elasticsearch_index_lifecycle" "my_ilm" { - `cold` (Block List, Max: 1) The index is no longer being updated and is queried infrequently. The information still needs to be searchable, but it’s okay if those queries are slower. (see [below for nested schema](#nestedblock--cold)) - `delete` (Block List, Max: 1) The index is no longer needed and can safely be removed. (see [below for nested schema](#nestedblock--delete)) -- `elasticsearch_connection` (Block List, Max: 1) Used to establish connection to Elasticsearch server. Overrides environment variables if present. (see [below for nested schema](#nestedblock--elasticsearch_connection)) +- `elasticsearch_connection` (Block List, Max: 1) Elasticsearch connection configuration block. (see [below for nested schema](#nestedblock--elasticsearch_connection)) - `frozen` (Block List, Max: 1) The index is no longer being updated and is queried rarely. The information still needs to be searchable, but it’s okay if those queries are extremely slow. (see [below for nested schema](#nestedblock--frozen)) - `hot` (Block List, Max: 1) The index is actively being updated and queried. (see [below for nested schema](#nestedblock--hot)) - `metadata` (String) Optional user metadata about the ilm policy. Must be valid JSON document. @@ -190,12 +190,12 @@ Optional: - `ca_file` (String) Path to a custom Certificate Authority certificate - `cert_data` (String) PEM encoded certificate for client auth - `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth -- `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number. +- `endpoints` (List of String, Sensitive) A comma-separated list of endpoints where the terraform provider will point to, this must include the http(s) schema and port number. - `insecure` (Boolean) Disable TLS certificate validation -- `key_data` (String) PEM encoded private key for client auth +- `key_data` (String, Sensitive) PEM encoded private key for client auth - `key_file` (String) Path to a file containing the PEM encoded private key for client auth -- `password` (String, Sensitive) A password to use for API authentication to Elasticsearch. -- `username` (String) A username to use for API authentication to Elasticsearch. +- `password` (String, Sensitive) Password to use for API authentication to Elasticsearch. +- `username` (String) Username to use for API authentication to Elasticsearch. diff --git a/docs/resources/elasticsearch_index_template.md b/docs/resources/elasticsearch_index_template.md index 6a1b897e0..4c7b33340 100644 --- a/docs/resources/elasticsearch_index_template.md +++ b/docs/resources/elasticsearch_index_template.md @@ -57,7 +57,7 @@ resource "elasticstack_elasticsearch_index_template" "my_data_stream" { - `composed_of` (List of String) An ordered list of component template names. - `data_stream` (Block List, Max: 1) If this object is included, the template is used to create data streams and their backing indices. Supports an empty object. (see [below for nested schema](#nestedblock--data_stream)) -- `elasticsearch_connection` (Block List, Max: 1) Used to establish connection to Elasticsearch server. Overrides environment variables if present. (see [below for nested schema](#nestedblock--elasticsearch_connection)) +- `elasticsearch_connection` (Block List, Max: 1) Elasticsearch connection configuration block. (see [below for nested schema](#nestedblock--elasticsearch_connection)) - `metadata` (String) Optional user metadata about the index template. - `priority` (Number) Priority to determine index template precedence when a new data stream or index is created. - `template` (Block List, Max: 1) Template to be applied. It may optionally include an aliases, mappings, or settings configuration. (see [below for nested schema](#nestedblock--template)) @@ -86,12 +86,12 @@ Optional: - `ca_file` (String) Path to a custom Certificate Authority certificate - `cert_data` (String) PEM encoded certificate for client auth - `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth -- `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number. +- `endpoints` (List of String, Sensitive) A comma-separated list of endpoints where the terraform provider will point to, this must include the http(s) schema and port number. - `insecure` (Boolean) Disable TLS certificate validation -- `key_data` (String) PEM encoded private key for client auth +- `key_data` (String, Sensitive) PEM encoded private key for client auth - `key_file` (String) Path to a file containing the PEM encoded private key for client auth -- `password` (String, Sensitive) A password to use for API authentication to Elasticsearch. -- `username` (String) A username to use for API authentication to Elasticsearch. +- `password` (String, Sensitive) Password to use for API authentication to Elasticsearch. +- `username` (String) Username to use for API authentication to Elasticsearch. diff --git a/docs/resources/elasticsearch_ingest_pipeline.md b/docs/resources/elasticsearch_ingest_pipeline.md index 9de853d13..f132a9102 100644 --- a/docs/resources/elasticsearch_ingest_pipeline.md +++ b/docs/resources/elasticsearch_ingest_pipeline.md @@ -81,7 +81,7 @@ resource "elasticstack_elasticsearch_ingest_pipeline" "ingest" { ### Optional - `description` (String) Description of the ingest pipeline. -- `elasticsearch_connection` (Block List, Max: 1) Used to establish connection to Elasticsearch server. Overrides environment variables if present. (see [below for nested schema](#nestedblock--elasticsearch_connection)) +- `elasticsearch_connection` (Block List, Max: 1) Elasticsearch connection configuration block. (see [below for nested schema](#nestedblock--elasticsearch_connection)) - `metadata` (String) Optional user metadata about the index template. - `on_failure` (List of String) Processors to run immediately after a processor failure. Each processor supports a processor-level `on_failure` value. If a processor without an `on_failure` value fails, Elasticsearch uses this pipeline-level parameter as a fallback. The processors in this parameter run sequentially in the order specified. Elasticsearch will not attempt to run the pipeline’s remaining processors. See: https://www.elastic.co/guide/en/elasticsearch/reference/current/processors.html. Each record must be a valid JSON document @@ -99,12 +99,12 @@ Optional: - `ca_file` (String) Path to a custom Certificate Authority certificate - `cert_data` (String) PEM encoded certificate for client auth - `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth -- `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number. +- `endpoints` (List of String, Sensitive) A comma-separated list of endpoints where the terraform provider will point to, this must include the http(s) schema and port number. - `insecure` (Boolean) Disable TLS certificate validation -- `key_data` (String) PEM encoded private key for client auth +- `key_data` (String, Sensitive) PEM encoded private key for client auth - `key_file` (String) Path to a file containing the PEM encoded private key for client auth -- `password` (String, Sensitive) A password to use for API authentication to Elasticsearch. -- `username` (String) A username to use for API authentication to Elasticsearch. +- `password` (String, Sensitive) Password to use for API authentication to Elasticsearch. +- `username` (String) Username to use for API authentication to Elasticsearch. ## Import diff --git a/docs/resources/elasticsearch_logstash_pipeline.md b/docs/resources/elasticsearch_logstash_pipeline.md index 96f11ca86..3eb34d609 100644 --- a/docs/resources/elasticsearch_logstash_pipeline.md +++ b/docs/resources/elasticsearch_logstash_pipeline.md @@ -66,7 +66,7 @@ output "pipeline" { ### Optional - `description` (String) Description of the pipeline. -- `elasticsearch_connection` (Block List, Max: 1) Used to establish connection to Elasticsearch server. Overrides environment variables if present. (see [below for nested schema](#nestedblock--elasticsearch_connection)) +- `elasticsearch_connection` (Block List, Max: 1) Elasticsearch connection configuration block. (see [below for nested schema](#nestedblock--elasticsearch_connection)) - `pipeline_batch_delay` (Number) Time in milliseconds to wait for each event before sending an undersized batch to pipeline workers. - `pipeline_batch_size` (Number) The maximum number of events an individual worker thread collects before executing filters and outputs. - `pipeline_ecs_compatibility` (String) Sets the pipeline default value for ecs_compatibility, a setting that is available to plugins that implement an ECS compatibility mode for use with the Elastic Common Schema. @@ -101,12 +101,12 @@ Optional: - `ca_file` (String) Path to a custom Certificate Authority certificate - `cert_data` (String) PEM encoded certificate for client auth - `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth -- `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number. +- `endpoints` (List of String, Sensitive) A comma-separated list of endpoints where the terraform provider will point to, this must include the http(s) schema and port number. - `insecure` (Boolean) Disable TLS certificate validation -- `key_data` (String) PEM encoded private key for client auth +- `key_data` (String, Sensitive) PEM encoded private key for client auth - `key_file` (String) Path to a file containing the PEM encoded private key for client auth -- `password` (String, Sensitive) A password to use for API authentication to Elasticsearch. -- `username` (String) A username to use for API authentication to Elasticsearch. +- `password` (String, Sensitive) Password to use for API authentication to Elasticsearch. +- `username` (String) Username to use for API authentication to Elasticsearch. ## Import diff --git a/docs/resources/elasticsearch_script.md b/docs/resources/elasticsearch_script.md index 102ea9df5..4d4cd2c10 100644 --- a/docs/resources/elasticsearch_script.md +++ b/docs/resources/elasticsearch_script.md @@ -54,7 +54,7 @@ resource "elasticstack_elasticsearch_script" "my_search_template" { ### Optional - `context` (String) Context in which the script or search template should run. -- `elasticsearch_connection` (Block List, Max: 1) Used to establish connection to Elasticsearch server. Overrides environment variables if present. (see [below for nested schema](#nestedblock--elasticsearch_connection)) +- `elasticsearch_connection` (Block List, Max: 1) Elasticsearch connection configuration block. (see [below for nested schema](#nestedblock--elasticsearch_connection)) - `params` (String) Parameters for the script or search template. ### Read-Only @@ -71,12 +71,12 @@ Optional: - `ca_file` (String) Path to a custom Certificate Authority certificate - `cert_data` (String) PEM encoded certificate for client auth - `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth -- `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number. +- `endpoints` (List of String, Sensitive) A comma-separated list of endpoints where the terraform provider will point to, this must include the http(s) schema and port number. - `insecure` (Boolean) Disable TLS certificate validation -- `key_data` (String) PEM encoded private key for client auth +- `key_data` (String, Sensitive) PEM encoded private key for client auth - `key_file` (String) Path to a file containing the PEM encoded private key for client auth -- `password` (String, Sensitive) A password to use for API authentication to Elasticsearch. -- `username` (String) A username to use for API authentication to Elasticsearch. +- `password` (String, Sensitive) Password to use for API authentication to Elasticsearch. +- `username` (String) Username to use for API authentication to Elasticsearch. ## Import diff --git a/docs/resources/elasticsearch_security_api_key.md b/docs/resources/elasticsearch_security_api_key.md index 710c72f02..5d35b5041 100644 --- a/docs/resources/elasticsearch_security_api_key.md +++ b/docs/resources/elasticsearch_security_api_key.md @@ -56,7 +56,7 @@ output "api_key" { ### Optional -- `elasticsearch_connection` (Block List, Max: 1) Used to establish connection to Elasticsearch server. Overrides environment variables if present. (see [below for nested schema](#nestedblock--elasticsearch_connection)) +- `elasticsearch_connection` (Block List, Max: 1) Elasticsearch connection configuration block. (see [below for nested schema](#nestedblock--elasticsearch_connection)) - `expiration` (String) Expiration time for the API key. By default, API keys never expire. - `metadata` (String) Arbitrary metadata that you want to associate with the API key. - `role_descriptors` (String) Role descriptors for this API key. @@ -78,12 +78,12 @@ Optional: - `ca_file` (String) Path to a custom Certificate Authority certificate - `cert_data` (String) PEM encoded certificate for client auth - `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth -- `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number. +- `endpoints` (List of String, Sensitive) A comma-separated list of endpoints where the terraform provider will point to, this must include the http(s) schema and port number. - `insecure` (Boolean) Disable TLS certificate validation -- `key_data` (String) PEM encoded private key for client auth +- `key_data` (String, Sensitive) PEM encoded private key for client auth - `key_file` (String) Path to a file containing the PEM encoded private key for client auth -- `password` (String, Sensitive) A password to use for API authentication to Elasticsearch. -- `username` (String) A username to use for API authentication to Elasticsearch. +- `password` (String, Sensitive) Password to use for API authentication to Elasticsearch. +- `username` (String) Username to use for API authentication to Elasticsearch. ## Import diff --git a/docs/resources/elasticsearch_security_role.md b/docs/resources/elasticsearch_security_role.md index d66ff2c7f..4145d51fa 100644 --- a/docs/resources/elasticsearch_security_role.md +++ b/docs/resources/elasticsearch_security_role.md @@ -55,7 +55,7 @@ output "role" { - `applications` (Block Set) A list of application privilege entries. (see [below for nested schema](#nestedblock--applications)) - `cluster` (Set of String) A list of cluster privileges. These privileges define the cluster level actions that users with this role are able to execute. -- `elasticsearch_connection` (Block List, Max: 1) Used to establish connection to Elasticsearch server. Overrides environment variables if present. (see [below for nested schema](#nestedblock--elasticsearch_connection)) +- `elasticsearch_connection` (Block List, Max: 1) Elasticsearch connection configuration block. (see [below for nested schema](#nestedblock--elasticsearch_connection)) - `global` (String) An object defining global privileges. - `indices` (Block Set) A list of indices permissions entries. (see [below for nested schema](#nestedblock--indices)) - `metadata` (String) Optional meta-data. @@ -85,12 +85,12 @@ Optional: - `ca_file` (String) Path to a custom Certificate Authority certificate - `cert_data` (String) PEM encoded certificate for client auth - `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth -- `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number. +- `endpoints` (List of String, Sensitive) A comma-separated list of endpoints where the terraform provider will point to, this must include the http(s) schema and port number. - `insecure` (Boolean) Disable TLS certificate validation -- `key_data` (String) PEM encoded private key for client auth +- `key_data` (String, Sensitive) PEM encoded private key for client auth - `key_file` (String) Path to a file containing the PEM encoded private key for client auth -- `password` (String, Sensitive) A password to use for API authentication to Elasticsearch. -- `username` (String) A username to use for API authentication to Elasticsearch. +- `password` (String, Sensitive) Password to use for API authentication to Elasticsearch. +- `username` (String) Username to use for API authentication to Elasticsearch. diff --git a/docs/resources/elasticsearch_security_role_mapping.md b/docs/resources/elasticsearch_security_role_mapping.md index 46be1af67..0fb0e03d5 100644 --- a/docs/resources/elasticsearch_security_role_mapping.md +++ b/docs/resources/elasticsearch_security_role_mapping.md @@ -46,7 +46,7 @@ output "role" { ### Optional -- `elasticsearch_connection` (Block List, Max: 1) Used to establish connection to Elasticsearch server. Overrides environment variables if present. (see [below for nested schema](#nestedblock--elasticsearch_connection)) +- `elasticsearch_connection` (Block List, Max: 1) Elasticsearch connection configuration block. (see [below for nested schema](#nestedblock--elasticsearch_connection)) - `enabled` (Boolean) Mappings that have `enabled` set to `false` are ignored when role mapping is performed. - `metadata` (String) Additional metadata that helps define which roles are assigned to each user. Keys beginning with `_` are reserved for system usage. - `role_templates` (String) A list of mustache templates that will be evaluated to determine the roles names that should granted to the users that match the role mapping rules. @@ -66,12 +66,12 @@ Optional: - `ca_file` (String) Path to a custom Certificate Authority certificate - `cert_data` (String) PEM encoded certificate for client auth - `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth -- `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number. +- `endpoints` (List of String, Sensitive) A comma-separated list of endpoints where the terraform provider will point to, this must include the http(s) schema and port number. - `insecure` (Boolean) Disable TLS certificate validation -- `key_data` (String) PEM encoded private key for client auth +- `key_data` (String, Sensitive) PEM encoded private key for client auth - `key_file` (String) Path to a file containing the PEM encoded private key for client auth -- `password` (String, Sensitive) A password to use for API authentication to Elasticsearch. -- `username` (String) A username to use for API authentication to Elasticsearch. +- `password` (String, Sensitive) Password to use for API authentication to Elasticsearch. +- `username` (String) Username to use for API authentication to Elasticsearch. ## Import diff --git a/docs/resources/elasticsearch_security_system_user.md b/docs/resources/elasticsearch_security_system_user.md index e8fc2c207..8c62cce87 100644 --- a/docs/resources/elasticsearch_security_system_user.md +++ b/docs/resources/elasticsearch_security_system_user.md @@ -41,7 +41,7 @@ resource "elasticstack_elasticsearch_security_system_user" "kibana_system" { ### Optional -- `elasticsearch_connection` (Block List, Max: 1) Used to establish connection to Elasticsearch server. Overrides environment variables if present. (see [below for nested schema](#nestedblock--elasticsearch_connection)) +- `elasticsearch_connection` (Block List, Max: 1) Elasticsearch connection configuration block. (see [below for nested schema](#nestedblock--elasticsearch_connection)) - `enabled` (Boolean) Specifies whether the user is enabled. The default value is true. - `password` (String, Sensitive) The user’s password. Passwords must be at least 6 characters long. - `password_hash` (String, Sensitive) A hash of the user’s password. This must be produced using the same hashing algorithm as has been configured for password storage (see https://www.elastic.co/guide/en/elasticsearch/reference/current/security-settings.html#hashing-settings). @@ -60,9 +60,9 @@ Optional: - `ca_file` (String) Path to a custom Certificate Authority certificate - `cert_data` (String) PEM encoded certificate for client auth - `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth -- `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number. +- `endpoints` (List of String, Sensitive) A comma-separated list of endpoints where the terraform provider will point to, this must include the http(s) schema and port number. - `insecure` (Boolean) Disable TLS certificate validation -- `key_data` (String) PEM encoded private key for client auth +- `key_data` (String, Sensitive) PEM encoded private key for client auth - `key_file` (String) Path to a file containing the PEM encoded private key for client auth -- `password` (String, Sensitive) A password to use for API authentication to Elasticsearch. -- `username` (String) A username to use for API authentication to Elasticsearch. +- `password` (String, Sensitive) Password to use for API authentication to Elasticsearch. +- `username` (String) Username to use for API authentication to Elasticsearch. diff --git a/docs/resources/elasticsearch_security_user.md b/docs/resources/elasticsearch_security_user.md index 26aac6093..e1476034f 100644 --- a/docs/resources/elasticsearch_security_user.md +++ b/docs/resources/elasticsearch_security_user.md @@ -63,7 +63,7 @@ resource "elasticstack_elasticsearch_security_user" "dev" { ### Optional -- `elasticsearch_connection` (Block List, Max: 1) Used to establish connection to Elasticsearch server. Overrides environment variables if present. (see [below for nested schema](#nestedblock--elasticsearch_connection)) +- `elasticsearch_connection` (Block List, Max: 1) Elasticsearch connection configuration block. (see [below for nested schema](#nestedblock--elasticsearch_connection)) - `email` (String) The email of the user. - `enabled` (Boolean) Specifies whether the user is enabled. The default value is true. - `full_name` (String) The full name of the user. @@ -85,12 +85,12 @@ Optional: - `ca_file` (String) Path to a custom Certificate Authority certificate - `cert_data` (String) PEM encoded certificate for client auth - `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth -- `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number. +- `endpoints` (List of String, Sensitive) A comma-separated list of endpoints where the terraform provider will point to, this must include the http(s) schema and port number. - `insecure` (Boolean) Disable TLS certificate validation -- `key_data` (String) PEM encoded private key for client auth +- `key_data` (String, Sensitive) PEM encoded private key for client auth - `key_file` (String) Path to a file containing the PEM encoded private key for client auth -- `password` (String, Sensitive) A password to use for API authentication to Elasticsearch. -- `username` (String) A username to use for API authentication to Elasticsearch. +- `password` (String, Sensitive) Password to use for API authentication to Elasticsearch. +- `username` (String) Username to use for API authentication to Elasticsearch. ## Import diff --git a/docs/resources/elasticsearch_snapshot_lifecycle.md b/docs/resources/elasticsearch_snapshot_lifecycle.md index 3a8039513..5d2ed4b35 100644 --- a/docs/resources/elasticsearch_snapshot_lifecycle.md +++ b/docs/resources/elasticsearch_snapshot_lifecycle.md @@ -57,7 +57,7 @@ resource "elasticstack_elasticsearch_snapshot_lifecycle" "slm_policy" { ### Optional -- `elasticsearch_connection` (Block List, Max: 1) Used to establish connection to Elasticsearch server. Overrides environment variables if present. (see [below for nested schema](#nestedblock--elasticsearch_connection)) +- `elasticsearch_connection` (Block List, Max: 1) Elasticsearch connection configuration block. (see [below for nested schema](#nestedblock--elasticsearch_connection)) - `expand_wildcards` (String) Determines how wildcard patterns in the `indices` parameter match data streams and indices. Supports comma-separated values, such as `closed,hidden`. - `expire_after` (String) Time period after which a snapshot is considered expired and eligible for deletion. - `feature_states` (Set of String) Feature states to include in the snapshot. @@ -84,12 +84,12 @@ Optional: - `ca_file` (String) Path to a custom Certificate Authority certificate - `cert_data` (String) PEM encoded certificate for client auth - `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth -- `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number. +- `endpoints` (List of String, Sensitive) A comma-separated list of endpoints where the terraform provider will point to, this must include the http(s) schema and port number. - `insecure` (Boolean) Disable TLS certificate validation -- `key_data` (String) PEM encoded private key for client auth +- `key_data` (String, Sensitive) PEM encoded private key for client auth - `key_file` (String) Path to a file containing the PEM encoded private key for client auth -- `password` (String, Sensitive) A password to use for API authentication to Elasticsearch. -- `username` (String) A username to use for API authentication to Elasticsearch. +- `password` (String, Sensitive) Password to use for API authentication to Elasticsearch. +- `username` (String) Username to use for API authentication to Elasticsearch. ## Import diff --git a/docs/resources/elasticsearch_snapshot_repository.md b/docs/resources/elasticsearch_snapshot_repository.md index db9ac6b6a..9fb068494 100644 --- a/docs/resources/elasticsearch_snapshot_repository.md +++ b/docs/resources/elasticsearch_snapshot_repository.md @@ -46,7 +46,7 @@ resource "elasticstack_elasticsearch_snapshot_repository" "my_fs_repo" { ### Optional - `azure` (Block List, Max: 1) Support for using Azure Blob storage as a repository for Snapshot/Restore. See: https://www.elastic.co/guide/en/elasticsearch/plugins/current/repository-azure.html (see [below for nested schema](#nestedblock--azure)) -- `elasticsearch_connection` (Block List, Max: 1) Used to establish connection to Elasticsearch server. Overrides environment variables if present. (see [below for nested schema](#nestedblock--elasticsearch_connection)) +- `elasticsearch_connection` (Block List, Max: 1) Elasticsearch connection configuration block. (see [below for nested schema](#nestedblock--elasticsearch_connection)) - `fs` (Block List, Max: 1) Shared filesystem repository. Repositories of this type use a shared filesystem to store snapshots. This filesystem must be accessible to all master and data nodes in the cluster. (see [below for nested schema](#nestedblock--fs)) - `gcs` (Block List, Max: 1) Support for using the Google Cloud Storage service as a repository for Snapshot/Restore. See: https://www.elastic.co/guide/en/elasticsearch/plugins/current/repository-gcs.html (see [below for nested schema](#nestedblock--gcs)) - `hdfs` (Block List, Max: 1) Support for using HDFS File System as a repository for Snapshot/Restore. See: https://www.elastic.co/guide/en/elasticsearch/plugins/current/repository-hdfs.html (see [below for nested schema](#nestedblock--hdfs)) @@ -87,12 +87,12 @@ Optional: - `ca_file` (String) Path to a custom Certificate Authority certificate - `cert_data` (String) PEM encoded certificate for client auth - `cert_file` (String) Path to a file containing the PEM encoded certificate for client auth -- `endpoints` (List of String, Sensitive) A list of endpoints the Terraform provider will point to. They must include the http(s) schema and port number. +- `endpoints` (List of String, Sensitive) A comma-separated list of endpoints where the terraform provider will point to, this must include the http(s) schema and port number. - `insecure` (Boolean) Disable TLS certificate validation -- `key_data` (String) PEM encoded private key for client auth +- `key_data` (String, Sensitive) PEM encoded private key for client auth - `key_file` (String) Path to a file containing the PEM encoded private key for client auth -- `password` (String, Sensitive) A password to use for API authentication to Elasticsearch. -- `username` (String) A username to use for API authentication to Elasticsearch. +- `password` (String, Sensitive) Password to use for API authentication to Elasticsearch. +- `username` (String) Username to use for API authentication to Elasticsearch. From cb6f8e5221d3a66033ad3c4d9fe6db49211aa2dc Mon Sep 17 00:00:00 2001 From: Adrian Bruinhout Date: Thu, 24 Nov 2022 10:36:08 +1100 Subject: [PATCH 6/9] Removing clashing validation field --- internal/schema/connection.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/internal/schema/connection.go b/internal/schema/connection.go index a533c141a..c68931345 100644 --- a/internal/schema/connection.go +++ b/internal/schema/connection.go @@ -28,7 +28,6 @@ func GetConnectionSchema(keyName string) *schema.Schema { Type: schema.TypeString, Optional: true, DefaultFunc: schema.EnvDefaultFunc("ELASTICSEARCH_USERNAME", nil), - // RequiredWith: []string{passwordPath}, }, "password": { Description: "Password to use for API authentication to Elasticsearch.", @@ -36,7 +35,6 @@ func GetConnectionSchema(keyName string) *schema.Schema { Optional: true, Sensitive: true, DefaultFunc: schema.EnvDefaultFunc("ELASTICSEARCH_PASSWORD", nil), - // RequiredWith: []string{usernamePath}, }, "api_key": { Description: "API Key to use for authentication to Elasticsearch", From 24368da6ba7000a8cf3069737c921ec853a99fa5 Mon Sep 17 00:00:00 2001 From: Adrian Bruinhout Date: Thu, 24 Nov 2022 10:37:51 +1100 Subject: [PATCH 7/9] const keys --- internal/utils/utils.go | 6 +++--- provider/provider.go | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/internal/utils/utils.go b/internal/utils/utils.go index 2296481b5..ede227b50 100644 --- a/internal/utils/utils.go +++ b/internal/utils/utils.go @@ -121,12 +121,12 @@ func IsEmpty(v interface{}) bool { return false } +const connectionKeyName = "elasticsearch_connection" + // Returns the common connection schema for all the Elasticsearch resources, // which defines the fields which can be used to configure the API access func AddConnectionSchema(providedSchema map[string]*schema.Schema) { - connectionKeyName := "elasticsearch_connection" - - providedSchema[connectionKeyName] = providerSchema.GetConnectionSchema(connectionKeyName) + providedSchema[connectionKeyName] = providerSchema.GetConnectionSchema(connectionKeyName, false) } func StringToHash(s string) (*string, error) { diff --git a/provider/provider.go b/provider/provider.go index de2e2dafb..4ad77d41e 100644 --- a/provider/provider.go +++ b/provider/provider.go @@ -11,6 +11,8 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) +const esKeyName = "elasticsearch" + func init() { // Set descriptions to support markdown syntax, this will be used in document generation // and the language server. @@ -18,8 +20,6 @@ func init() { } func New(version string) func() *schema.Provider { - esKeyName := "elasticsearch" - return func() *schema.Provider { p := &schema.Provider{ From cb553148b70c2ce63464a948b15869e844278aeb Mon Sep 17 00:00:00 2001 From: Adrian Bruinhout Date: Thu, 24 Nov 2022 10:38:16 +1100 Subject: [PATCH 8/9] Conditionally set env vars from argument --- internal/schema/connection.go | 16 +++++++++++----- provider/provider.go | 2 +- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/internal/schema/connection.go b/internal/schema/connection.go index c68931345..78012a781 100644 --- a/internal/schema/connection.go +++ b/internal/schema/connection.go @@ -6,7 +6,7 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) -func GetConnectionSchema(keyName string) *schema.Schema { +func GetConnectionSchema(keyName string, useEnvAsDefault bool) *schema.Schema { usernamePath := makePathRef(keyName, "username") passwordPath := makePathRef(keyName, "password") caFilePath := makePathRef(keyName, "ca_file") @@ -16,6 +16,12 @@ func GetConnectionSchema(keyName string) *schema.Schema { keyFilePath := makePathRef(keyName, "key_file") keyDataPath := makePathRef(keyName, "key_data") + withEnvDefault := func(key string, dv interface{}) schema.SchemaDefaultFunc { return nil } + + if useEnvAsDefault { + withEnvDefault = func(key string, dv interface{}) schema.SchemaDefaultFunc { return schema.EnvDefaultFunc(key, dv) } + } + return &schema.Schema{ Description: "Elasticsearch connection configuration block.", Type: schema.TypeList, @@ -27,21 +33,21 @@ func GetConnectionSchema(keyName string) *schema.Schema { Description: "Username to use for API authentication to Elasticsearch.", Type: schema.TypeString, Optional: true, - DefaultFunc: schema.EnvDefaultFunc("ELASTICSEARCH_USERNAME", nil), + DefaultFunc: withEnvDefault("ELASTICSEARCH_USERNAME", nil), }, "password": { Description: "Password to use for API authentication to Elasticsearch.", Type: schema.TypeString, Optional: true, Sensitive: true, - DefaultFunc: schema.EnvDefaultFunc("ELASTICSEARCH_PASSWORD", nil), + DefaultFunc: withEnvDefault("ELASTICSEARCH_PASSWORD", nil), }, "api_key": { Description: "API Key to use for authentication to Elasticsearch", Type: schema.TypeString, Optional: true, Sensitive: true, - DefaultFunc: schema.EnvDefaultFunc("ELASTICSEARCH_API_KEY", nil), + DefaultFunc: withEnvDefault("ELASTICSEARCH_API_KEY", nil), ConflictsWith: []string{usernamePath, passwordPath}, }, "endpoints": { @@ -57,7 +63,7 @@ func GetConnectionSchema(keyName string) *schema.Schema { Description: "Disable TLS certificate validation", Type: schema.TypeBool, Optional: true, - DefaultFunc: schema.EnvDefaultFunc("ELASTICSEARCH_INSECURE", false), + DefaultFunc: withEnvDefault("ELASTICSEARCH_INSECURE", false), }, "ca_file": { Description: "Path to a custom Certificate Authority certificate", diff --git a/provider/provider.go b/provider/provider.go index 4ad77d41e..4ef2f8abd 100644 --- a/provider/provider.go +++ b/provider/provider.go @@ -24,7 +24,7 @@ func New(version string) func() *schema.Provider { p := &schema.Provider{ Schema: map[string]*schema.Schema{ - esKeyName: providerSchema.GetConnectionSchema(esKeyName), + esKeyName: providerSchema.GetConnectionSchema(esKeyName, true), }, DataSourcesMap: map[string]*schema.Resource{ "elasticstack_elasticsearch_ingest_processor_append": ingest.DataSourceProcessorAppend(), From e0ad01d84bac53fbc1b282be2735db20752fbc4c Mon Sep 17 00:00:00 2001 From: Adrian Bruinhout Date: Thu, 24 Nov 2022 10:39:05 +1100 Subject: [PATCH 9/9] Adding validation back in when env defaults aren't required --- internal/schema/connection.go | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/internal/schema/connection.go b/internal/schema/connection.go index 78012a781..e591b622b 100644 --- a/internal/schema/connection.go +++ b/internal/schema/connection.go @@ -16,10 +16,17 @@ func GetConnectionSchema(keyName string, useEnvAsDefault bool) *schema.Schema { keyFilePath := makePathRef(keyName, "key_file") keyDataPath := makePathRef(keyName, "key_data") + usernameRequiredWithValidation := []string{passwordPath} + passwordRequiredWithValidation := []string{usernamePath} + withEnvDefault := func(key string, dv interface{}) schema.SchemaDefaultFunc { return nil } if useEnvAsDefault { withEnvDefault = func(key string, dv interface{}) schema.SchemaDefaultFunc { return schema.EnvDefaultFunc(key, dv) } + + // RequireWith validation isn't compatible when used in conjunction with DefaultFunc + usernameRequiredWithValidation = nil + passwordRequiredWithValidation = nil } return &schema.Schema{ @@ -30,17 +37,19 @@ func GetConnectionSchema(keyName string, useEnvAsDefault bool) *schema.Schema { Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "username": { - Description: "Username to use for API authentication to Elasticsearch.", - Type: schema.TypeString, - Optional: true, - DefaultFunc: withEnvDefault("ELASTICSEARCH_USERNAME", nil), + Description: "Username to use for API authentication to Elasticsearch.", + Type: schema.TypeString, + Optional: true, + DefaultFunc: withEnvDefault("ELASTICSEARCH_USERNAME", nil), + RequiredWith: usernameRequiredWithValidation, }, "password": { - Description: "Password to use for API authentication to Elasticsearch.", - Type: schema.TypeString, - Optional: true, - Sensitive: true, - DefaultFunc: withEnvDefault("ELASTICSEARCH_PASSWORD", nil), + Description: "Password to use for API authentication to Elasticsearch.", + Type: schema.TypeString, + Optional: true, + Sensitive: true, + DefaultFunc: withEnvDefault("ELASTICSEARCH_PASSWORD", nil), + RequiredWith: passwordRequiredWithValidation, }, "api_key": { Description: "API Key to use for authentication to Elasticsearch",