Prepare 0.13.0 release (#1532)

Author: tobio

CHANGELOG.md

@@ -1,5 +1,7 @@
 ## [Unreleased]
 
+## [0.13.0] - 2025-12-10
+
 ### Breaking changes
 
 #### `elasticstack_elasticsearch_index.alias` block has changed to a set attribute. 

Makefile

@@ -1,7 +1,7 @@
 .DEFAULT_GOAL = help
 SHELL := /bin/bash
 
-VERSION ?= 0.12.2
+VERSION ?= 0.13.0
 
 NAME = elasticstack
 BINARY = terraform-provider-${NAME}

docs/resources/kibana_security_exception_item.md

@@ -0,0 +1,137 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "elasticstack_kibana_security_exception_item Resource - terraform-provider-elasticstack"
+subcategory: "Kibana"
+description: |-
+  Manages a Kibana Exception Item. Exception items define the specific query conditions used to prevent rules from generating alerts.
+  See the Kibana Exceptions API documentation https://www.elastic.co/docs/api/doc/kibana/group/endpoint-security-exceptions-api for more details.
+---
+
+# elasticstack_kibana_security_exception_item (Resource)
+
+Manages a Kibana Exception Item. Exception items define the specific query conditions used to prevent rules from generating alerts.
+
+See the [Kibana Exceptions API documentation](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-security-exceptions-api) for more details.
+
+## Example Usage
+
+```terraform
+resource "elasticstack_kibana_security_exception_list" "example" {
+  list_id        = "my-exception-list"
+  name           = "My Exception List"
+  description    = "List of exceptions"
+  type           = "detection"
+  namespace_type = "single"
+}
+
+resource "elasticstack_kibana_security_exception_item" "complex_entry" {
+  list_id        = elasticstack_kibana_security_exception_list.example.list_id
+  item_id        = "complex-exception"
+  name           = "Complex Exception with Multiple Entries"
+  description    = "Exception with multiple conditions"
+  type           = "simple"
+  namespace_type = "single"
+
+  # Multiple entries with different operators
+  entries = [
+    {
+      type     = "match"
+      field    = "host.name"
+      operator = "included"
+      value    = "trusted-host"
+    },
+    {
+      type     = "match_any"
+      field    = "user.name"
+      operator = "excluded"
+      values   = ["admin", "root"]
+    }
+  ]
+
+  os_types = ["linux"]
+  tags     = ["complex", "multi-condition"]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `description` (String) Describes the exception item.
+- `entries` (Attributes List) The exception item entries. This defines the conditions under which the exception applies. (see [below for nested schema](#nestedatt--entries))
+- `list_id` (String) The exception list's identifier that this item belongs to.
+- `name` (String) The name of the exception item.
+- `type` (String) The type of exception item. Must be `simple`.
+
+### Optional
+
+- `comments` (Attributes List) Array of comments about the exception item. (see [below for nested schema](#nestedatt--comments))
+- `expire_time` (String) The exception item's expiration date in RFC3339 format. This field is only available for regular exception items, not endpoint exceptions.
+- `item_id` (String) The exception item's human readable string identifier.
+- `meta` (String) Placeholder for metadata about the exception item as JSON string.
+- `namespace_type` (String) Determines whether the exception item is available in all Kibana spaces or just the space in which it is created. Can be `single` (default) or `agnostic`.
+- `os_types` (Set of String) Array of OS types for which the exceptions apply. Valid values: `linux`, `macos`, `windows`.
+- `space_id` (String) An identifier for the space. If space_id is not provided, the default space is used.
+- `tags` (Set of String) String array containing words and phrases to help categorize exception items.
+
+### Read-Only
+
+- `created_at` (String) The timestamp of when the exception item was created.
+- `created_by` (String) The user who created the exception item.
+- `id` (String) The unique identifier of the exception item (auto-generated by Kibana).
+- `tie_breaker_id` (String) Field used in search to ensure all items are sorted and returned correctly.
+- `updated_at` (String) The timestamp of when the exception item was last updated.
+- `updated_by` (String) The user who last updated the exception item.
+
+<a id="nestedatt--entries"></a>
+### Nested Schema for `entries`
+
+Required:
+
+- `field` (String) The field name. Required for all entry types.
+- `type` (String) The type of entry. Valid values: `match`, `match_any`, `list`, `exists`, `nested`, `wildcard`.
+
+Optional:
+
+- `entries` (Attributes List) Nested entries (for `nested` type). Only `match`, `match_any`, and `exists` entry types are allowed as nested entries. (see [below for nested schema](#nestedatt--entries--entries))
+- `list` (Attributes) Value list reference (for `list` type). (see [below for nested schema](#nestedatt--entries--list))
+- `operator` (String) The operator to use. Valid values: `included`, `excluded`. Note: The operator field is not supported for nested entry types and will be ignored if specified.
+- `value` (String) The value to match (for `match` and `wildcard` types).
+- `values` (List of String) Array of values to match (for `match_any` type).
+
+<a id="nestedatt--entries--entries"></a>
+### Nested Schema for `entries.entries`
+
+Required:
+
+- `field` (String) The field name.
+- `operator` (String) The operator to use. Valid values: `included`, `excluded`.
+- `type` (String) The type of nested entry. Valid values: `match`, `match_any`, `exists`.
+
+Optional:
+
+- `value` (String) The value to match (for `match` type).
+- `values` (List of String) Array of values to match (for `match_any` type).
+
+
+<a id="nestedatt--entries--list"></a>
+### Nested Schema for `entries.list`
+
+Required:
+
+- `id` (String) The value list ID.
+- `type` (String) The value list type (e.g., `keyword`, `ip`, `ip_range`).
+
+
+
+<a id="nestedatt--comments"></a>
+### Nested Schema for `comments`
+
+Required:
+
+- `comment` (String) The comment text.
+
+Read-Only:
+
+- `id` (String) The unique identifier of the comment (auto-generated by Kibana).

docs/resources/kibana_security_exception_list.md

@@ -0,0 +1,57 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "elasticstack_kibana_security_exception_list Resource - terraform-provider-elasticstack"
+subcategory: "Kibana"
+description: |-
+  Manages a Kibana Exception List. Exception lists are containers for exception items used to prevent security rules from generating alerts.
+  See the Kibana Exceptions API documentation https://www.elastic.co/docs/api/doc/kibana/group/endpoint-security-exceptions-api for more details.
+---
+
+# elasticstack_kibana_security_exception_list (Resource)
+
+Manages a Kibana Exception List. Exception lists are containers for exception items used to prevent security rules from generating alerts.
+
+See the [Kibana Exceptions API documentation](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-security-exceptions-api) for more details.
+
+## Example Usage
+
+```terraform
+resource "elasticstack_kibana_security_exception_list" "endpoint" {
+  list_id        = "my-endpoint-exception-list"
+  name           = "My Endpoint Exception List"
+  description    = "List of endpoint exceptions"
+  type           = "endpoint"
+  namespace_type = "agnostic"
+
+  os_types = ["linux", "windows", "macos"]
+  tags     = ["endpoint", "security"]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `description` (String) Describes the exception list.
+- `name` (String) The name of the exception list.
+- `type` (String) The type of exception list. Can be one of: `detection`, `endpoint`, `endpoint_trusted_apps`, `endpoint_events`, `endpoint_host_isolation_exceptions`, `endpoint_blocklists`.
+
+### Optional
+
+- `list_id` (String) The exception list's human readable string identifier.
+- `meta` (String) Placeholder for metadata about the list container as JSON string.
+- `namespace_type` (String) Determines whether the exception list is available in all Kibana spaces or just the space in which it is created. Can be `single` (default) or `agnostic`.
+- `os_types` (Set of String) Array of OS types for which the exceptions apply. Valid values: `linux`, `macos`, `windows`.
+- `space_id` (String) An identifier for the space. If space_id is not provided, the default space is used.
+- `tags` (Set of String) String array containing words and phrases to help categorize exception containers.
+
+### Read-Only
+
+- `created_at` (String) The timestamp of when the exception list was created.
+- `created_by` (String) The user who created the exception list.
+- `id` (String) The unique identifier of the exception list (auto-generated by Kibana).
+- `immutable` (Boolean) Whether the exception list is immutable.
+- `tie_breaker_id` (String) Field used in search to ensure all containers are sorted and returned correctly.
+- `updated_at` (String) The timestamp of when the exception list was last updated.
+- `updated_by` (String) The user who last updated the exception list.

docs/resources/kibana_security_list.md

@@ -0,0 +1,63 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "elasticstack_kibana_security_list Resource - terraform-provider-elasticstack"
+subcategory: "Kibana"
+description: |-
+  Manages Kibana security lists (also known as value lists). Security lists are used by exception items to define sets of values for matching or excluding in security rules.
+  Relevant Kibana docs can be found here https://www.elastic.co/docs/api/doc/kibana/group/endpoint-security-lists-api.
+  Notes
+  Security lists define the type of data they can contain via the type attributeOnce created, the type of a list cannot be changedLists can be referenced by exception items to create more sophisticated matching rulesThe list_id is auto-generated if not provided
+---
+
+# elasticstack_kibana_security_list (Resource)
+
+Manages Kibana security lists (also known as value lists). Security lists are used by exception items to define sets of values for matching or excluding in security rules.
+
+Relevant Kibana docs can be found [here](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-security-lists-api).
+
+## Notes
+
+- Security lists define the type of data they can contain via the `type` attribute
+- Once created, the `type` of a list cannot be changed
+- Lists can be referenced by exception items to create more sophisticated matching rules
+- The `list_id` is auto-generated if not provided
+
+## Example Usage
+
+```terraform
+resource "elasticstack_kibana_security_list" "ip_list" {
+  space_id    = "default"
+  name        = "Trusted IP Addresses"
+  description = "List of trusted IP addresses for security rules"
+  type        = "ip"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `description` (String) Describes the security list.
+- `name` (String) The name of the security list.
+- `type` (String) Specifies the Elasticsearch data type of values the list contains. Valid values include: `binary`, `boolean`, `byte`, `date`, `date_nanos`, `date_range`, `double`, `double_range`, `float`, `float_range`, `geo_point`, `geo_shape`, `half_float`, `integer`, `integer_range`, `ip`, `ip_range`, `keyword`, `long`, `long_range`, `shape`, `short`, `text`.
+
+### Optional
+
+- `deserializer` (String) Determines how retrieved list item values are presented. By default, list items are presented using Handlebars expressions based on the type.
+- `id` (String) The unique identifier of the security list (auto-generated by Kibana if not specified).
+- `list_id` (String) The value list's human-readable identifier.
+- `meta` (String) Placeholder for metadata about the value list as JSON string.
+- `serializer` (String) Determines how uploaded list item values are parsed. By default, list items are parsed using named regex groups based on the type.
+- `space_id` (String) An identifier for the space. If space_id is not provided, the default space is used.
+- `version` (Number) The document version number.
+
+### Read-Only
+
+- `created_at` (String) The timestamp of when the list was created.
+- `created_by` (String) The user who created the list.
+- `immutable` (Boolean) Whether the list is immutable.
+- `tie_breaker_id` (String) Field used in search to ensure all containers are sorted and returned correctly.
+- `updated_at` (String) The timestamp of when the list was last updated.
+- `updated_by` (String) The user who last updated the list.
+- `version_id` (String) The version id, normally returned by the API when the document is retrieved. Use it to ensure updates are done against the latest version.

docs/resources/kibana_security_list_data_streams.md

@@ -0,0 +1,40 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "elasticstack_kibana_security_list_data_streams Resource - terraform-provider-elasticstack"
+subcategory: "Kibana"
+description: |-
+  Creates .lists and .items data streams in the relevant Kibana space. These data streams are required before you can start using security lists and exceptions that reference value lists.
+  Before you can start working with exceptions that use value lists, you must create the .lists and .items data streams for the relevant Kibana space. Once these data streams are created, your role needs privileges to manage rules.
+---
+
+# elasticstack_kibana_security_list_data_streams (Resource)
+
+Creates `.lists` and `.items` data streams in the relevant Kibana space. These data streams are required before you can start using security lists and exceptions that reference value lists.
+
+Before you can start working with exceptions that use value lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. Once these data streams are created, your role needs privileges to manage rules.
+
+## Example Usage
+
+```terraform
+# Create list data streams in the default space
+resource "elasticstack_kibana_security_list_data_streams" "default" {
+}
+
+# Create list data streams in a custom space
+resource "elasticstack_kibana_security_list_data_streams" "custom" {
+  space_id = "my-space"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `space_id` (String) An identifier for the space. If space_id is not provided, the default space is used.
+
+### Read-Only
+
+- `id` (String) The unique identifier for the data streams in the format `{space_id}`.
+- `list_index` (Boolean) Indicates whether the `.lists` data stream exists.
+- `list_item_index` (Boolean) Indicates whether the `.items` data stream exists.

docs/resources/kibana_security_list_item.md

@@ -0,0 +1,63 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "elasticstack_kibana_security_list_item Resource - terraform-provider-elasticstack"
+subcategory: "Kibana"
+description: |-
+  Manages items within Kibana security value lists. Value lists are containers for values that can be used within exception lists to define conditions. This resource allows you to add, update, and remove individual values (items) in those lists.
+  Value list items are used to store data values that match the type of their parent security list (e.g., IP addresses, keywords, etc.). These items can then be referenced in exception list entries to define exception conditions.
+  Kibana docs can be found here https://www.elastic.co/docs/api/doc/kibana/group/endpoint-security-lists-api
+---
+
+# elasticstack_kibana_security_list_item (Resource)
+
+Manages items within Kibana security value lists. Value lists are containers for values that can be used within exception lists to define conditions. This resource allows you to add, update, and remove individual values (items) in those lists.
+
+Value list items are used to store data values that match the type of their parent security list (e.g., IP addresses, keywords, etc.). These items can then be referenced in exception list entries to define exception conditions.
+
+Kibana docs can be found [here](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-security-lists-api)
+
+## Example Usage
+
+```terraform
+# First create a security list
+resource "elasticstack_kibana_security_list" "my_list" {
+  list_id     = "allowed_domains"
+  name        = "Allowed Domains"
+  description = "List of allowed domains"
+  type        = "keyword"
+}
+
+# Add an item to the list
+resource "elasticstack_kibana_security_list_item" "domain_example" {
+  list_id = elasticstack_kibana_security_list.my_list.list_id
+  value   = "example.com"
+  meta = jsonencode({
+    category = "internal"
+    owner    = "infrastructure-team"
+    note     = "Primary internal domain"
+  })
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `list_id` (String) The value list's identifier that this item belongs to.
+- `value` (String) The value used to evaluate exceptions. The value's data type must match the list's type.
+
+### Optional
+
+- `list_item_id` (String) The value list item's identifier (auto-generated by Kibana if not specified).
+- `meta` (String) Placeholder for metadata about the value list item as JSON string.
+- `space_id` (String) An identifier for the space. If space_id is not provided, the default space is used.
+
+### Read-Only
+
+- `created_at` (String) The timestamp of when the list item was created.
+- `created_by` (String) The user who created the list item.
+- `id` (String) Internal identifier for the resource (format: `<space_id>/<list_item_id>`).
+- `updated_at` (String) The timestamp of when the list item was last updated.
+- `updated_by` (String) The user who last updated the list item.
+- `version_id` (String) The version id, normally returned by the API when the document is retrieved. Used to ensure updates are done against the latest version.