in internal/kibana/role.go [20:251]
func ResourceRole() *schema.Resource {
roleSchema := map[string]*schema.Schema{
"name": {
Description: "The name for the role.",
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
"elasticsearch": {
Description: "Elasticsearch cluster and index privileges.",
Type: schema.TypeSet,
Required: true,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"cluster": {
Description: "List of the cluster privileges.",
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
"indices": {
Description: "A list of indices permissions entries.",
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"field_security": {
Description: "The document fields that the owners of the role have read access to.",
Type: schema.TypeList,
Optional: true,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"grant": {
Description: "List of the fields to grant the access to.",
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
"except": {
Description: "List of the fields to which the grants will not be applied.",
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
},
},
},
"query": {
Description: "A search query that defines the documents the owners of the role have read access to.",
Type: schema.TypeString,
ValidateFunc: validation.StringIsJSON,
DiffSuppressFunc: utils.DiffJsonSuppress,
Optional: true,
},
"names": {
Description: "A list of indices (or index name patterns) to which the permissions in this entry apply.",
Type: schema.TypeSet,
Required: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
"privileges": {
Description: "The index level privileges that the owners of the role have on the specified indices.",
Type: schema.TypeSet,
Required: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
},
},
},
"remote_indices": {
Description: "A list of remote indices permissions entries. Remote indices are effective for remote clusters configured with the API key based model. They have no effect for remote clusters configured with the certificate based model.",
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"clusters": {
Description: "A list of cluster aliases to which the permissions in this entry apply.",
Type: schema.TypeSet,
Required: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
"field_security": {
Description: "The document fields that the owners of the role have read access to.",
Type: schema.TypeList,
Optional: true,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"grant": {
Description: "List of the fields to grant the access to.",
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
"except": {
Description: "List of the fields to which the grants will not be applied.",
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
},
},
},
"query": {
Description: "A search query that defines the documents the owners of the role have read access to.",
Type: schema.TypeString,
ValidateFunc: validation.StringIsJSON,
DiffSuppressFunc: utils.DiffJsonSuppress,
Optional: true,
},
"names": {
Description: "A list of indices (or index name patterns) to which the permissions in this entry apply.",
Type: schema.TypeSet,
Required: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
"privileges": {
Description: "The index level privileges that the owners of the role have on the specified indices.",
Type: schema.TypeSet,
Required: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
},
},
},
"run_as": {
Description: "A list of usernames the owners of this role can impersonate.",
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
},
},
},
"kibana": {
Description: "The list of objects that specify the Kibana privileges for the role.",
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"base": {
Description: "A base privilege. When specified, the base must be [\"all\"] or [\"read\"]. When the base privileges are specified, you are unable to use the \"feature\" section.",
Type: schema.TypeSet,
Optional: true,
MaxItems: 1,
Elem: &schema.Schema{
Type: schema.TypeString,
ValidateFunc: validation.StringInSlice([]string{"all", "read"}, true),
},
},
"feature": {
Description: "List of privileges for specific features. When the feature privileges are specified, you are unable to use the \"base\" section.",
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"name": {
Description: "Feature name.",
Type: schema.TypeString,
Required: true,
},
"privileges": {
Description: "Feature privileges.",
Type: schema.TypeSet,
Required: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
},
},
},
"spaces": {
Description: "The spaces to apply the privileges to. To grant access to all spaces, set to [\"*\"], or omit the value.",
Type: schema.TypeSet,
Required: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
},
},
},
"metadata": {
Description: "Optional meta-data.",
Type: schema.TypeString,
Optional: true,
Computed: true,
ValidateFunc: validation.StringIsJSON,
DiffSuppressFunc: utils.DiffJsonSuppress,
},
}
return &schema.Resource{
Description: "Creates a Kibana role. See, https://www.elastic.co/guide/en/kibana/master/role-management-api-put.html",
CreateContext: resourceRoleUpsert,
UpdateContext: resourceRoleUpsert,
ReadContext: resourceRoleRead,
DeleteContext: resourceRoleDelete,
Importer: &schema.ResourceImporter{
StateContext: schema.ImportStatePassthroughContext,
},
Schema: roleSchema,
}
}