in internal/elasticsearch/security/role.go [23:249]
func ResourceRole() *schema.Resource {
roleSchema := map[string]*schema.Schema{
"id": {
Description: "Internal identifier of the resource",
Type: schema.TypeString,
Computed: true,
},
"name": {
Description: "The name of the role.",
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
"description": {
Description: "The description of the role.",
Type: schema.TypeString,
Optional: true,
},
"applications": {
Description: "A list of application privilege entries.",
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"application": {
Description: "The name of the application to which this entry applies.",
Type: schema.TypeString,
Required: true,
},
"privileges": {
Description: "A list of strings, where each element is the name of an application privilege or action.",
Type: schema.TypeSet,
Elem: &schema.Schema{
Type: schema.TypeString,
},
Required: true,
},
"resources": {
Description: "A list resources to which the privileges are applied.",
Type: schema.TypeSet,
Elem: &schema.Schema{
Type: schema.TypeString,
},
Required: true,
},
},
},
},
"global": {
Description: "An object defining global privileges.",
Type: schema.TypeString,
Optional: true,
ValidateFunc: validation.StringIsJSON,
DiffSuppressFunc: utils.DiffJsonSuppress,
},
"cluster": {
Description: "A list of cluster privileges. These privileges define the cluster level actions that users with this role are able to execute.",
Type: schema.TypeSet,
Elem: &schema.Schema{
Type: schema.TypeString,
},
Optional: true,
},
"indices": {
Description: "A list of indices permissions entries.",
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"field_security": {
Description: "The document fields that the owners of the role have read access to.",
Type: schema.TypeList,
Optional: true,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"grant": {
Description: "List of the fields to grant the access to.",
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
"except": {
Description: "List of the fields to which the grants will not be applied.",
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
},
},
},
"names": {
Description: "A list of indices (or index name patterns) to which the permissions in this entry apply.",
Type: schema.TypeSet,
Required: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
"privileges": {
Description: "The index level privileges that the owners of the role have on the specified indices.",
Type: schema.TypeSet,
Required: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
"query": {
Description: "A search query that defines the documents the owners of the role have read access to.",
Type: schema.TypeString,
ValidateFunc: validation.StringIsJSON,
DiffSuppressFunc: utils.DiffJsonSuppress,
Optional: true,
},
"allow_restricted_indices": {
Description: "Include matching restricted indices in names parameter. Usage is strongly discouraged as it can grant unrestricted operations on critical data, make the entire system unstable or leak sensitive information.",
Type: schema.TypeBool,
Optional: true,
},
},
},
},
"remote_indices": {
Description: "A list of remote indices permissions entries. Remote indices are effective for remote clusters configured with the API key based model. They have no effect for remote clusters configured with the certificate based model.",
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"clusters": {
Description: "A list of cluster aliases to which the permissions in this entry apply.",
Type: schema.TypeSet,
Required: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
"field_security": {
Description: "The document fields that the owners of the role have read access to.",
Type: schema.TypeList,
Optional: true,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"grant": {
Description: "List of the fields to grant the access to.",
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
"except": {
Description: "List of the fields to which the grants will not be applied.",
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
},
},
},
"query": {
Description: "A search query that defines the documents the owners of the role have read access to.",
Type: schema.TypeString,
ValidateFunc: validation.StringIsJSON,
DiffSuppressFunc: utils.DiffJsonSuppress,
Optional: true,
},
"names": {
Description: "A list of indices (or index name patterns) to which the permissions in this entry apply.",
Type: schema.TypeSet,
Required: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
"privileges": {
Description: "The index level privileges that the owners of the role have on the specified indices.",
Type: schema.TypeSet,
Required: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
},
},
},
"metadata": {
Description: "Optional meta-data.",
Type: schema.TypeString,
Optional: true,
Computed: true,
ValidateFunc: validation.StringIsJSON,
DiffSuppressFunc: utils.DiffJsonSuppress,
},
"run_as": {
Description: "A list of users that the owners of this role can impersonate.",
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
}
utils.AddConnectionSchema(roleSchema)
return &schema.Resource{
Description: "Adds and updates roles in the native realm. See, https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-role.html",
CreateContext: resourceSecurityRolePut,
UpdateContext: resourceSecurityRolePut,
ReadContext: resourceSecurityRoleRead,
DeleteContext: resourceSecurityRoleDelete,
Importer: &schema.ResourceImporter{
StateContext: schema.ImportStatePassthroughContext,
},
Schema: roleSchema,
}
}