Merge branch 'main' into dependabot/go_modules/tools/github.com/golan…

…gci/golangci-lint-1.55.2

.buildkite/hooks/pre-command

@@ -3,5 +3,14 @@
 set -euo pipefail
 
 echo "--- Golang version:"
-export GO_VERSION="1.20"
+export GO_VERSION="1.21"
 echo "${GO_VERSION}"
+
+VAULT_PATH=secret/ci/elastic-terraform-provider-elasticstack/terraform-provider-secrets
+
+if [[ "$BUILDKITE_PIPELINE_SLUG" == "terraform-provider-elasticstack-release" ]]; then
+  export GPG_PRIVATE_SECRET=$(scripts/retry.sh 5 vault kv get -field gpg_private ${VAULT_PATH})
+  export GPG_PASSPHRASE_SECRET=$(scripts/retry.sh 5 vault kv get -field gpg_passphrase ${VAULT_PATH})
+  export GPG_FINGERPRINT_SECRET=$(scripts/retry.sh 5 vault kv get -field gpg_fingerprint ${VAULT_PATH})
+  export GITHUB_TOKEN=$(scripts/retry.sh 5 vault kv get -field gh_personal_access_token ${VAULT_PATH})
+fi

.buildkite/release.yml

@@ -2,5 +2,7 @@ steps:
   - label: Release
     agents:
       image: golang:${GO_VERSION}
+      cpu: "8"
+      memory: "4G"
     command:
       - ".buildkite/scripts/release.sh"

.buildkite/scripts/release.sh

@@ -2,45 +2,14 @@
 
 set -euo pipefail
 
-cleanup() {
-    ARG=${?}
-    echo  "--- Clean up"
-
-    unset GPG_FINGERPRINT_SECRET
-    # unset GITHUB_TOKEN
-    rm -rf dist bin
-    exit ${ARG}
-}
-
-trap cleanup EXIT
-
 echo "--- Download dependencies"
 make vendor
 
-echo "--- Import gpg key"
-
-GITHUB_ORGANIZATION=elastic
-REPO_NAME=terraform-provider-elasticstack
-VAULT_PATH=secret/ci/${GITHUB_ORGANIZATION}-${REPO_NAME}
-
-GPG_PRIVATE_SECRET=$(vault read -field=gpg_private ${VAULT_PATH}  | base64 -d)
-
-GPG_PASSPHRASE_SECRET=$(vault read -field=gpg_passphrase ${VAULT_PATH})
+echo "--- Importing GPG key"
+echo -n "$GPG_PRIVATE_SECRET" | base64 --decode | gpg --import --batch --yes --passphrase "$GPG_PASSPHRASE_SECRET"
 
-cat ${GPG_PASSPHRASE_SECRET} | gpg --import --batch --yes --passphrase-fd 0 ${GPG_PRIVATE_SECRET}
-
-echo "--- Cache GPG key and release the binaries"
-
-cat ${GPG_PASSPHRASE_SECRET} | gpg --armor --detach-sign --passphrase-fd 0 --pinentry-mode loopback
+echo "--- Caching GPG passphrase"
+echo "$GPG_PASSPHRASE_SECRET" | gpg --armor --detach-sign --passphrase-fd 0 --pinentry-mode loopback
 
 echo "--- Release the binaries"
-
-# 'make release' calls 'goreleaser' that needs GPG_FINGERPRINT_SECRET and GITHUB_TOKEN env vars
-export GPG_FINGERPRINT_SECRET=$(vault read -field=gpg_fingerprint ${VAULT_PATH} | xargs)
-
-## TODO
-## goreleaser needs GH token to publish binaries to GH
-## it's commented out while the BK pipeline is being tested 
-# export GITHUB_TOKEN=$(vault read -field=github_release_token ${VAULT_PATH} | xargs)
-
-make release
+make release-no-publish

.ci/pipelines/release.Jenkinsfile

@@ -28,7 +28,7 @@ node('docker && gobld/machineType:n1-highcpu-8') {
             stage("Cache GPG key and release the binaries") {
                 script {
                     env.GITHUB_TOKEN = readFile(".ci/.github_token").trim()
-                    env.GPG_FINGERPRINT = readFile(".ci/.gpg_fingerprint").trim()
+                    env.GPG_FINGERPRINT_SECRET = readFile(".ci/.gpg_fingerprint").trim()
                 }
                 sh 'pwd; make -C .ci cache-gpg-passphrase; make release'
             }

.github/workflows/test.yml

@@ -121,6 +121,15 @@ jobs:
           KIBANA_SYSTEM_USERNAME: ${{ env.KIBANA_SYSTEM_USERNAME }}
           KIBANA_SYSTEM_PASSWORD: ${{ env.KIBANA_SYSTEM_PASSWORD }}
 
+      - id: get-api-key
+        name: Get ES API key
+        run: |-
+          echo "apikey=$(make create-es-api-key | jq -r .encoded)" >> "$GITHUB_OUTPUT"
+        env:
+          ELASTICSEARCH_ENDPOINTS: "http://localhost:9200"
+          ELASTICSEARCH_USERNAME: "elastic"
+          ELASTICSEARCH_PASSWORD: ${{ env.ELASTIC_PASSWORD }}
+
       - name: TF acceptance tests
         timeout-minutes: 10
         run: make testacc
@@ -131,3 +140,4 @@ jobs:
           ELASTICSEARCH_USERNAME: "elastic"
           ELASTICSEARCH_PASSWORD: ${{ env.ELASTIC_PASSWORD }}
           KIBANA_ENDPOINT: "http://localhost:5601"
+          KIBANA_API_KEY: ${{ steps.get-api-key.outputs.apikey }}

.goreleaser.yml

@@ -21,10 +21,10 @@ builds:
     - linux
     - darwin
   goarch:
-    - amd64
     - '386'
     - arm
     - arm64
+    - amd64
   ignore:
     - goos: darwin
       goarch: '386'

CHANGELOG.md

@@ -3,6 +3,13 @@
 ### Added
 - Switch to Terraform [protocol version 6](https://developer.hashicorp.com/terraform/plugin/terraform-plugin-protocol#protocol-version-6) that is compatible with Terraform CLI version 1.0 and later.
 - Add 'elasticstack_fleet_package' data source ([#469](https://github.com/elastic/terraform-provider-elasticstack/pull/469))
+- Add `tags` option to Kibana's SLOs ([#495](https://github.com/elastic/terraform-provider-elasticstack/pull/495))
+
+### Fixed
+- Rename fleet package objects to `elasticstack_fleet_integration` and `elasticstack_fleet_integration_policy` ([#476](https://github.com/elastic/terraform-provider-elasticstack/pull/476))
+- Fix a provider crash when managing SLOs outside of the default Kibana space. ([#485](https://github.com/elastic/terraform-provider-elasticstack/pull/485))
+- Make input optional for `elasticstack_fleet_integration_policy` ([#493](https://github.com/elastic/terraform-provider-elasticstack/pull/493))
+- Sort Fleet integration policy inputs to ensure consistency ([#494](https://github.com/elastic/terraform-provider-elasticstack/pull/494))
 
 ## [0.10.0] - 2023-11-02
 

Makefile

@@ -28,6 +28,7 @@ KIBANA_NAME ?= terraform-elasticstack-kb
 KIBANA_ENDPOINT ?= http://$(KIBANA_NAME):5601
 KIBANA_SYSTEM_USERNAME ?= kibana_system
 KIBANA_SYSTEM_PASSWORD ?= password
+KIBANA_API_KEY_NAME ?= kibana-api-key
 
 SOURCE_LOCATION ?= $(shell pwd)
 
@@ -68,7 +69,7 @@ retry = until [ $$(if [ -z "$$attempt" ]; then echo -n "0"; else echo -n "$$atte
 	done
 
 # To run specific test (e.g. TestAccResourceActionConnector) execute `make docker-testacc TESTARGS='-run ^TestAccResourceActionConnector$$'`
-# To enable tracing (or debugging), execute `make docker-testacc TFLOG=TRACE`
+# To enable tracing (or debugging), execute `make docker-testacc TF_LOG=TRACE`
 .PHONY: docker-testacc
 docker-testacc: docker-elasticsearch docker-kibana ## Run acceptance tests in the docker container
 	@ docker run --rm \
@@ -129,6 +130,10 @@ docker-network: ## Create a dedicated network for ES and test runs
 set-kibana-password: ## Sets the ES KIBANA_SYSTEM_USERNAME's password to KIBANA_SYSTEM_PASSWORD. This expects Elasticsearch to be available at localhost:9200
 	@ $(call retry, 10, curl -X POST -u $(ELASTICSEARCH_USERNAME):$(ELASTICSEARCH_PASSWORD) -H "Content-Type: application/json" http://localhost:9200/_security/user/$(KIBANA_SYSTEM_USERNAME)/_password -d "{\"password\":\"$(KIBANA_SYSTEM_PASSWORD)\"}" | grep -q "^{}")
 
+.PHONY: create-es-api-key
+create-es-api-key: ## Creates and outputs a new API Key. This expects Elasticsearch to be available at localhost:9200
+	@ $(call retry, 10, curl -X POST -u $(ELASTICSEARCH_USERNAME):$(ELASTICSEARCH_PASSWORD) -H "Content-Type: application/json" http://localhost:9200/_security/api_key -d "{\"name\":\"$(KIBANA_API_KEY_NAME)\"}")
+
 .PHONY: docker-clean
 docker-clean: ## Try to remove provisioned nodes and assigned network
 	@ docker rm -f $(ELASTICSEARCH_NAME) $(KIBANA_NAME) || true
@@ -207,18 +212,18 @@ release-snapshot: tools ## Make local-only test release to see if it works using
 
 .PHONY: release-no-publish
 release-no-publish: tools check-sign-release ## Make a release without publishing artifacts
-	@ $(GOBIN)/goreleaser release --skip-publish --skip-announce --skip-validate
+	@ $(GOBIN)/goreleaser release --skip=publish,announce,validate  --parallelism=2
 
 
 .PHONY: release
 release: tools check-sign-release check-publish-release ## Build, sign, and upload your release
-	@ $(GOBIN)/goreleaser release --clean
+	@ $(GOBIN)/goreleaser release --clean  --parallelism=4
 
 
 .PHONY: check-sign-release
 check-sign-release:
-ifndef GPG_FINGERPRINT
-	$(error GPG_FINGERPRINT is undefined, but required for signing the release)
+ifndef GPG_FINGERPRINT_SECRET
+	$(error GPG_FINGERPRINT_SECRET is undefined, but required for signing the release)
 endif
 
 

README.md

@@ -83,7 +83,7 @@ If you wish to work on the provider, you'll first need [Go](http://www.golang.or
 
 To compile the provider, run `go install`. This will build the provider and put the provider binary in the `$GOPATH/bin` directory.
 
-To install the provider locally into the `~/.terraform.d/plugins/...` directory one can use `make install` command. This will allow to refer this provider dirrecty in the Terraform configuration without needing to download it from the registry.
+To install the provider locally into the `~/.terraform.d/plugins/...` directory one can use `make install` command. This will allow to refer this provider directly in the Terraform configuration without needing to download it from the registry.
 
 To generate or update documentation, run `make gen`. All the generated docs will have to be committed to the repository as well.
 

catalog-info.yaml

@@ -22,6 +22,12 @@ spec:
     spec:
       repository: elastic/terraform-provider-elasticstack
       pipeline_file: ".buildkite/release.yml"
+      provider_settings:
+        build_branches: false
+        build_pull_request_forks: false
+        build_tags: true
+        filter_condition: 'build.tag =~ /^v[0-9.]+$/'
+        filter_enabled: true
       teams:
         control-plane-stateful-applications:
           access_level: MANAGE_BUILD_AND_READ

docs/data-sources/fleet_package.md → docs/data-sources/fleet_integration.md

@@ -1,12 +1,12 @@
 ---
 subcategory: "Fleet"
 layout: ""
-page_title: "Elasticstack: elasticstack_fleet_package Data Source"
+page_title: "Elasticstack: elasticstack_fleet_integration Data Source"
 description: |-
   Gets information about a Fleet integration package.
 ---
 
-# Data Source: elasticstack_fleet_package
+# Data Source: elasticstack_fleet_integration
 
 This data source provides information about a Fleet integration package. Currently,
 the data source will retrieve the latest available version of the package. Version
@@ -26,7 +26,7 @@ provider "elasticstack" {
   kibana {}
 }
 
-data "elasticstack_fleet_package" "test" {
+data "elasticstack_fleet_integration" "test" {
   name = "tcp"
 }
 ```
@@ -36,7 +36,7 @@ data "elasticstack_fleet_package" "test" {
 
 ### Required
 
-- `name` (String) The package name.
+- `name` (String) The integration package name.
 
 ### Optional
 
@@ -45,4 +45,4 @@ data "elasticstack_fleet_package" "test" {
 ### Read-Only
 
 - `id` (String) The ID of this resource.
-- `version` (String) The package version.
+- `version` (String) The integration package version.

docs/index.md

@@ -92,6 +92,7 @@ Kibana resources will re-use any Elasticsearch credentials specified, these may
 - `KIBANA_USERNAME` - The username to use for Kibana authentication
 - `KIBANA_PASSWORD` - The password to use for Kibana authentication
 - `KIBANA_ENDPOINT` - The Kibana host to connect to
+- `KIBANA_API_KEY` - An Elasticsearch API key to use instead of `KIBANA_USERNAME` and `KIBANA_PASSWORD`
 
 Fleet resources will re-use any Kibana or Elasticsearch credentials specified, these may be overridden with the following variables:
 - `FLEET_USERNAME` - The username to use for Kibana authentication
@@ -179,6 +180,7 @@ Optional:
 
 Optional:
 
+- `api_key` (String, Sensitive) API Key to use for authentication to Kibana
 - `endpoints` (List of String, Sensitive) A comma-separated list of endpoints where the terraform provider will point to, this must include the http(s) schema and port number.
 - `insecure` (Boolean) Disable TLS certificate validation
 - `password` (String, Sensitive) Password to use for API authentication to Kibana.

docs/resources/fleet_package.md → docs/resources/fleet_integration.md

@@ -1,12 +1,12 @@
 ---
 subcategory: "Fleet"
 layout: ""
-page_title: "Elasticstack: elasticstack_fleet_package Resource"
+page_title: "Elasticstack: elasticstack_fleet_integration Resource"
 description: |-
   Installs or uninstalls a Fleet integration package.
 ---
 
-# Resource: elasticstack_fleet_package
+# Resource: elasticstack_fleet_integration
 
 Installs or uninstalls a Fleet integration package. The Kibana Fleet UI can be
 used to view available packages. Additional information for managing integration
@@ -22,7 +22,7 @@ provider "elasticstack" {
   kibana {}
 }
 
-resource "elasticstack_fleet_package" "test_package" {
+resource "elasticstack_fleet_integration" "test_integration" {
   name    = "tcp"
   version = "1.16.0"
   force   = true
@@ -34,13 +34,13 @@ resource "elasticstack_fleet_package" "test_package" {
 
 ### Required
 
-- `name` (String) The package name.
-- `version` (String) The package version.
+- `name` (String) The integration package name.
+- `version` (String) The integration package version.
 
 ### Optional
 
 - `force` (Boolean) Set to true to force the requested action.
-- `skip_destroy` (Boolean) Set to true if you do not wish the package to be uninstalled at destroy time, and instead just remove the package from the Terraform state.
+- `skip_destroy` (Boolean) Set to true if you do not wish the integration package to be uninstalled at destroy time, and instead just remove the integration package from the Terraform state.
 
 ### Read-Only
 

docs/resources/fleet_package_policy.md → docs/resources/fleet_integration_policy.md

@@ -1,14 +1,14 @@
 ---
 subcategory: "Fleet"
 layout: ""
-page_title: "Elasticstack: elasticstack_fleet_package_policy Resource"
+page_title: "Elasticstack: elasticstack_fleet_integration_policy Resource"
 description: |-
-  Creates or updates a Fleet Package Policy.
+  Creates or updates a Fleet Integration Policy.
 ---
 
-# Resource: elasticstack_fleet_package_policy
+# Resource: elasticstack_fleet_integration_policy
 
-Creates or updates a Fleet Package Policy.
+Creates or updates a Fleet Integration Policy.
 
 It is highly recommended that all inputs and streams are provided in the
 Terraform plan, even if some are disabled. Otherwise, differences may appear
@@ -26,14 +26,14 @@ provider "elasticstack" {
   fleet {}
 }
 
-// The package to use.
-resource "elasticstack_fleet_package" "sample" {
+// The integration to use.
+resource "elasticstack_fleet_integration" "sample" {
   name    = "tcp"
   version = "1.16.0"
   force   = true
 }
 
-// An agent policy to hold the package policy.
+// An agent policy to hold the integration policy.
 resource "elasticstack_fleet_agent_policy" "sample" {
   name            = "Sample Agent Policy"
   namespace       = "default"
@@ -48,14 +48,14 @@ data "elasticstack_fleet_enrollment_tokens" "sample" {
   policy_id = elasticstack_fleet_agent_policy.sample.policy_id
 }
 
-// The package policy.
-resource "elasticstack_fleet_package_policy" "sample" {
-  name            = "Sample Package Policy"
-  namespace       = "default"
-  description     = "A sample package policy"
-  agent_policy_id = elasticstack_fleet_agent_policy.sample.policy_id
-  package_name    = elasticstack_fleet_package.sample.name
-  package_version = elasticstack_fleet_package.sample.version
+// The integration policy.
+resource "elasticstack_fleet_integration_policy" "sample" {
+  name                = "Sample Integration Policy"
+  namespace           = "default"
+  description         = "A sample integration policy"
+  agent_policy_id     = elasticstack_fleet_agent_policy.sample.policy_id
+  integration_name    = elasticstack_fleet_integration.sample.name
+  integration_version = elasticstack_fleet_integration.sample.version
 
   input {
     input_id = "tcp-tcp"
@@ -83,19 +83,19 @@ resource "elasticstack_fleet_package_policy" "sample" {
 ### Required
 
 - `agent_policy_id` (String) ID of the agent policy.
-- `input` (Block List, Min: 1) (see [below for nested schema](#nestedblock--input))
-- `name` (String) The name of the package policy.
-- `namespace` (String) The namespace of the package policy.
-- `package_name` (String) The name of the package.
-- `package_version` (String) The version of the package.
+- `integration_name` (String) The name of the integration package.
+- `integration_version` (String) The version of the integration package.
+- `name` (String) The name of the integration policy.
+- `namespace` (String) The namespace of the integration policy.
 
 ### Optional
 
-- `description` (String) The description of the package policy.
-- `enabled` (Boolean) Enable the package policy.
+- `description` (String) The description of the integration policy.
+- `enabled` (Boolean) Enable the integration policy.
 - `force` (Boolean) Force operations, such as creation and deletion, to occur.
-- `policy_id` (String) Unique identifier of the package policy.
-- `vars_json` (String, Sensitive) Package-level variables as JSON.
+- `input` (Block List) (see [below for nested schema](#nestedblock--input))
+- `policy_id` (String) Unique identifier of the integration policy.
+- `vars_json` (String, Sensitive) Integration-level variables as JSON.
 
 ### Read-Only
 
@@ -119,5 +119,5 @@ Optional:
 Import is supported using the following syntax:
 
 ```shell
-terraform import elasticstack_fleet_package_policy.my_policy <fleet_package_policy_id>
+terraform import elasticstack_fleet_integration_policy.my_policy <fleet_integration_policy_id>
 ```