elastic
diff --git a/‎.buildkite/release.yml‎
Lines changed: 2 additions & 2 deletions b/‎.buildkite/release.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 12 additions & 1 deletion b/‎CHANGELOG.md‎
Lines changed: 12 additions & 1 deletion
diff --git a/‎Makefile‎
Lines changed: 4 additions & 2 deletions b/‎Makefile‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎docs/resources/fleet_agent_policy.md‎
Lines changed: 9 additions & 7 deletions b/‎docs/resources/fleet_agent_policy.md‎
Lines changed: 9 additions & 7 deletions
diff --git a/‎docs/resources/kibana_security_exception_item.md‎
Lines changed: 137 additions & 0 deletions b/‎docs/resources/kibana_security_exception_item.md‎
Lines changed: 137 additions & 0 deletions
diff --git a/‎docs/resources/kibana_security_exception_list.md‎
Lines changed: 57 additions & 0 deletions b/‎docs/resources/kibana_security_exception_list.md‎
Lines changed: 57 additions & 0 deletions
diff --git a/‎docs/resources/kibana_security_list.md‎
Lines changed: 63 additions & 0 deletions b/‎docs/resources/kibana_security_list.md‎
Lines changed: 63 additions & 0 deletions
@@ -1,9 +1,9 @@
 steps:
   - label: Release
     agents:
-      image: "golang:1.25.5@sha256:20b91eda7a9627c127c0225b0d4e8ec927b476fa4130c6760928b849d769c149"
+      image: "golang:1.25.5@sha256:0ece421d4bb2525b7c0b4cad5791d52be38edf4807582407525ca353a429eccc"
       cpu: "16"
       memory: "24G"
-      ephemeralStorage: "20G"
+      ephemeralStorage: "40G"
     command:
       - ".buildkite/scripts/release.sh"
@@ -1,5 +1,7 @@
 ## [Unreleased]
 
+## [0.13.0] - 2025-12-10
+
 ### Breaking changes
 
 #### `elasticstack_elasticsearch_index.alias` block has changed to a set attribute. 
@@ -40,6 +42,8 @@ alias = [
 
 ### Changes
 
+- Fix `elasticstack_kibana_action_connector` failing with "inconsistent result after apply" when config contains null values ([#1524](https://github.com/elastic/terraform-provider-elasticstack/pull/1524))
+- Add `host_name_format` to `elasticstack_fleet_agent_policy` to configure host name format (hostname or FQDN) ([#1312](https://github.com/elastic/terraform-provider-elasticstack/pull/1312))
 - Create `elasticstack_kibana_prebuilt_rule` resource ([#1296](https://github.com/elastic/terraform-provider-elasticstack/pull/1296))
 - Add `required_versions` to `elasticstack_fleet_agent_policy` ([#1436](https://github.com/elastic/terraform-provider-elasticstack/pull/1436))
 - Migrate `elasticstack_elasticsearch_security_role` resource to Terraform Plugin Framework ([#1330](https://github.com/elastic/terraform-provider-elasticstack/pull/1330))
@@ -50,6 +54,12 @@ alias = [
 - Add `elasticstack_elasticsearch_alias` resource ([#1343](https://github.com/elastic/terraform-provider-elasticstack/pull/1343))
 - Add `mapping_total_fields_limit` to `elasticstack_elasticsearch_index` ([#1494](https://github.com/elastic/terraform-provider-elasticstack/pull/1494))
 - Add `elasticstack_kibana_default_data_view` resource ([#1379](https://github.com/elastic/terraform-provider-elasticstack/pull/1379))
+- Add support for [Security Exceptions](https://github.com/elastic/terraform-provider-elasticstack/issues/1332)
+  - Add `elasticstack_kibana_security_exception_item` resource ([#1496](https://github.com/elastic/terraform-provider-elasticstack/pull/1496))
+  - Add `elasticstack_kibana_security_exception_list` resource ([#1495](https://github.com/elastic/terraform-provider-elasticstack/pull/1495))
+  - Add `elasticstack_kibana_security_list` resource ([#1489](https://github.com/elastic/terraform-provider-elasticstack/pull/1489))
+  - Add `elasticstack_kibana_security_list_item` resource ([#1492](https://github.com/elastic/terraform-provider-elasticstack/pull/1492))
+  - Add `elasticstack_kibana_security_list_data_streams` resource ([#1525](https://github.com/elastic/terraform-provider-elasticstack/pull/1525))
 
 ## [0.12.2] - 2025-11-19
 - Fix `elasticstack_elasticsearch_snapshot_lifecycle` metadata type conversion causing terraform apply to fail ([#1409](https://github.com/elastic/terraform-provider-elasticstack/issues/1409))
@@ -590,7 +600,8 @@ resource "elasticstack_fleet_output" "output" {
 - Initial set of docs
 - CI integration
 
-[Unreleased]: https://github.com/elastic/terraform-provider-elasticstack/compare/v0.12.2...HEAD
+[Unreleased]: https://github.com/elastic/terraform-provider-elasticstack/compare/v0.13.0...HEAD
+[0.13.0]: https://github.com/elastic/terraform-provider-elasticstack/compare/v0.12.2...v0.13.0
 [0.12.2]: https://github.com/elastic/terraform-provider-elasticstack/compare/v0.12.1...v0.12.2
 [0.12.1]: https://github.com/elastic/terraform-provider-elasticstack/compare/v0.12.0...v0.12.1
 [0.12.0]: https://github.com/elastic/terraform-provider-elasticstack/compare/v0.11.18...v0.12.0
 
@@ -1,7 +1,7 @@
 .DEFAULT_GOAL = help
 SHELL := /bin/bash
 
-VERSION ?= 0.12.2
+VERSION ?= 0.13.0
 
 NAME = elasticstack
 BINARY = terraform-provider-${NAME}
@@ -28,6 +28,8 @@ KIBANA_API_KEY_NAME ?= kibana-api-key
 FLEET_NAME ?= terraform-elasticstack-fleet
 FLEET_ENDPOINT ?= https://$(FLEET_NAME):8220
 
+RERUN_FAILS ?= 3
+
 export GOBIN = $(shell pwd)/bin
 
 
@@ -53,7 +55,7 @@ testacc-vs-docker:
 
 .PHONY: testacc
 testacc: ## Run acceptance tests
-	TF_ACC=1 go tool gotestsum --format testname --rerun-fails=3 --packages="-v ./..." -- -count $(ACCTEST_COUNT) -parallel $(ACCTEST_PARALLELISM) $(TESTARGS) -timeout $(ACCTEST_TIMEOUT)
+	TF_ACC=1 go tool gotestsum --format testname --rerun-fails=$(RERUN_FAILS) --packages="-v ./..." -- -count $(ACCTEST_COUNT) -parallel $(ACCTEST_PARALLELISM) $(TESTARGS) -timeout $(ACCTEST_TIMEOUT)
 
 .PHONY: test
 test: ## Run unit tests
 
@@ -18,13 +18,14 @@ provider "elasticstack" {
 }
 
 resource "elasticstack_fleet_agent_policy" "test_policy" {
-  name            = "Test Policy"
-  namespace       = "default"
-  description     = "Test Agent Policy"
-  sys_monitoring  = true
-  monitor_logs    = true
-  monitor_metrics = true
-  space_ids       = ["default"]
+  name             = "Test Policy"
+  namespace        = "default"
+  description      = "Test Agent Policy"
+  sys_monitoring   = true
+  monitor_logs     = true
+  monitor_metrics  = true
+  space_ids        = ["default"]
+  host_name_format = "hostname" # or "fqdn" for fully qualified domain names
 
   global_data_tags = {
     first_tag = {
@@ -52,6 +53,7 @@ resource "elasticstack_fleet_agent_policy" "test_policy" {
 - `download_source_id` (String) The identifier for the Elastic Agent binary download server.
 - `fleet_server_host_id` (String) The identifier for the Fleet server host.
 - `global_data_tags` (Attributes Map) User-defined data tags to apply to all inputs. Values can be strings (string_value) or numbers (number_value) but not both. Example -- key1 = {string_value = value1}, key2 = {number_value = 42} (see [below for nested schema](#nestedatt--global_data_tags))
+- `host_name_format` (String) Determines the format of the host.name field in events. Can be 'hostname' (short hostname, e.g., 'myhost') or 'fqdn' (fully qualified domain name, e.g., 'myhost.example.com'). Defaults to 'hostname'.
 - `inactivity_timeout` (String) The inactivity timeout for the agent policy. If an agent does not report within this time period, it will be considered inactive. Supports duration strings (e.g., '30s', '2m', '1h').
 - `monitor_logs` (Boolean) Enable collection of agent logs.
 - `monitor_metrics` (Boolean) Enable collection of agent metrics.
 
@@ -0,0 +1,137 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "elasticstack_kibana_security_exception_item Resource - terraform-provider-elasticstack"
+subcategory: "Kibana"
+description: |-
+  Manages a Kibana Exception Item. Exception items define the specific query conditions used to prevent rules from generating alerts.
+  See the Kibana Exceptions API documentation https://www.elastic.co/docs/api/doc/kibana/group/endpoint-security-exceptions-api for more details.
+---
+
+# elasticstack_kibana_security_exception_item (Resource)
+
+Manages a Kibana Exception Item. Exception items define the specific query conditions used to prevent rules from generating alerts.
+
+See the [Kibana Exceptions API documentation](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-security-exceptions-api) for more details.
+
+## Example Usage
+
+```terraform
+resource "elasticstack_kibana_security_exception_list" "example" {
+  list_id        = "my-exception-list"
+  name           = "My Exception List"
+  description    = "List of exceptions"
+  type           = "detection"
+  namespace_type = "single"
+}
+
+resource "elasticstack_kibana_security_exception_item" "complex_entry" {
+  list_id        = elasticstack_kibana_security_exception_list.example.list_id
+  item_id        = "complex-exception"
+  name           = "Complex Exception with Multiple Entries"
+  description    = "Exception with multiple conditions"
+  type           = "simple"
+  namespace_type = "single"
+
+  # Multiple entries with different operators
+  entries = [
+    {
+      type     = "match"
+      field    = "host.name"
+      operator = "included"
+      value    = "trusted-host"
+    },
+    {
+      type     = "match_any"
+      field    = "user.name"
+      operator = "excluded"
+      values   = ["admin", "root"]
+    }
+  ]
+
+  os_types = ["linux"]
+  tags     = ["complex", "multi-condition"]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `description` (String) Describes the exception item.
+- `entries` (Attributes List) The exception item entries. This defines the conditions under which the exception applies. (see [below for nested schema](#nestedatt--entries))
+- `list_id` (String) The exception list's identifier that this item belongs to.
+- `name` (String) The name of the exception item.
+- `type` (String) The type of exception item. Must be `simple`.
+
+### Optional
+
+- `comments` (Attributes List) Array of comments about the exception item. (see [below for nested schema](#nestedatt--comments))
+- `expire_time` (String) The exception item's expiration date in RFC3339 format. This field is only available for regular exception items, not endpoint exceptions.
+- `item_id` (String) The exception item's human readable string identifier.
+- `meta` (String) Placeholder for metadata about the exception item as JSON string.
+- `namespace_type` (String) Determines whether the exception item is available in all Kibana spaces or just the space in which it is created. Can be `single` (default) or `agnostic`.
+- `os_types` (Set of String) Array of OS types for which the exceptions apply. Valid values: `linux`, `macos`, `windows`.
+- `space_id` (String) An identifier for the space. If space_id is not provided, the default space is used.
+- `tags` (Set of String) String array containing words and phrases to help categorize exception items.
+
+### Read-Only
+
+- `created_at` (String) The timestamp of when the exception item was created.
+- `created_by` (String) The user who created the exception item.
+- `id` (String) The unique identifier of the exception item (auto-generated by Kibana).
+- `tie_breaker_id` (String) Field used in search to ensure all items are sorted and returned correctly.
+- `updated_at` (String) The timestamp of when the exception item was last updated.
+- `updated_by` (String) The user who last updated the exception item.
+
+<a id="nestedatt--entries"></a>
+### Nested Schema for `entries`
+
+Required:
+
+- `field` (String) The field name. Required for all entry types.
+- `type` (String) The type of entry. Valid values: `match`, `match_any`, `list`, `exists`, `nested`, `wildcard`.
+
+Optional:
+
+- `entries` (Attributes List) Nested entries (for `nested` type). Only `match`, `match_any`, and `exists` entry types are allowed as nested entries. (see [below for nested schema](#nestedatt--entries--entries))
+- `list` (Attributes) Value list reference (for `list` type). (see [below for nested schema](#nestedatt--entries--list))
+- `operator` (String) The operator to use. Valid values: `included`, `excluded`. Note: The operator field is not supported for nested entry types and will be ignored if specified.
+- `value` (String) The value to match (for `match` and `wildcard` types).
+- `values` (List of String) Array of values to match (for `match_any` type).
+
+<a id="nestedatt--entries--entries"></a>
+### Nested Schema for `entries.entries`
+
+Required:
+
+- `field` (String) The field name.
+- `operator` (String) The operator to use. Valid values: `included`, `excluded`.
+- `type` (String) The type of nested entry. Valid values: `match`, `match_any`, `exists`.
+
+Optional:
+
+- `value` (String) The value to match (for `match` type).
+- `values` (List of String) Array of values to match (for `match_any` type).
+
+
+<a id="nestedatt--entries--list"></a>
+### Nested Schema for `entries.list`
+
+Required:
+
+- `id` (String) The value list ID.
+- `type` (String) The value list type (e.g., `keyword`, `ip`, `ip_range`).
+
+
+
+<a id="nestedatt--comments"></a>
+### Nested Schema for `comments`
+
+Required:
+
+- `comment` (String) The comment text.
+
+Read-Only:
+
+- `id` (String) The unique identifier of the comment (auto-generated by Kibana).
@@ -0,0 +1,57 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "elasticstack_kibana_security_exception_list Resource - terraform-provider-elasticstack"
+subcategory: "Kibana"
+description: |-
+  Manages a Kibana Exception List. Exception lists are containers for exception items used to prevent security rules from generating alerts.
+  See the Kibana Exceptions API documentation https://www.elastic.co/docs/api/doc/kibana/group/endpoint-security-exceptions-api for more details.
+---
+
+# elasticstack_kibana_security_exception_list (Resource)
+
+Manages a Kibana Exception List. Exception lists are containers for exception items used to prevent security rules from generating alerts.
+
+See the [Kibana Exceptions API documentation](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-security-exceptions-api) for more details.
+
+## Example Usage
+
+```terraform
+resource "elasticstack_kibana_security_exception_list" "endpoint" {
+  list_id        = "my-endpoint-exception-list"
+  name           = "My Endpoint Exception List"
+  description    = "List of endpoint exceptions"
+  type           = "endpoint"
+  namespace_type = "agnostic"
+
+  os_types = ["linux", "windows", "macos"]
+  tags     = ["endpoint", "security"]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `description` (String) Describes the exception list.
+- `name` (String) The name of the exception list.
+- `type` (String) The type of exception list. Can be one of: `detection`, `endpoint`, `endpoint_trusted_apps`, `endpoint_events`, `endpoint_host_isolation_exceptions`, `endpoint_blocklists`.
+
+### Optional
+
+- `list_id` (String) The exception list's human readable string identifier.
+- `meta` (String) Placeholder for metadata about the list container as JSON string.
+- `namespace_type` (String) Determines whether the exception list is available in all Kibana spaces or just the space in which it is created. Can be `single` (default) or `agnostic`.
+- `os_types` (Set of String) Array of OS types for which the exceptions apply. Valid values: `linux`, `macos`, `windows`.
+- `space_id` (String) An identifier for the space. If space_id is not provided, the default space is used.
+- `tags` (Set of String) String array containing words and phrases to help categorize exception containers.
+
+### Read-Only
+
+- `created_at` (String) The timestamp of when the exception list was created.
+- `created_by` (String) The user who created the exception list.
+- `id` (String) The unique identifier of the exception list (auto-generated by Kibana).
+- `immutable` (Boolean) Whether the exception list is immutable.
+- `tie_breaker_id` (String) Field used in search to ensure all containers are sorted and returned correctly.
+- `updated_at` (String) The timestamp of when the exception list was last updated.
+- `updated_by` (String) The user who last updated the exception list.
@@ -0,0 +1,63 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "elasticstack_kibana_security_list Resource - terraform-provider-elasticstack"
+subcategory: "Kibana"
+description: |-
+  Manages Kibana security lists (also known as value lists). Security lists are used by exception items to define sets of values for matching or excluding in security rules.
+  Relevant Kibana docs can be found here https://www.elastic.co/docs/api/doc/kibana/group/endpoint-security-lists-api.
+  Notes
+  Security lists define the type of data they can contain via the type attributeOnce created, the type of a list cannot be changedLists can be referenced by exception items to create more sophisticated matching rulesThe list_id is auto-generated if not provided
+---
+
+# elasticstack_kibana_security_list (Resource)
+
+Manages Kibana security lists (also known as value lists). Security lists are used by exception items to define sets of values for matching or excluding in security rules.
+
+Relevant Kibana docs can be found [here](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-security-lists-api).
+
+## Notes
+
+- Security lists define the type of data they can contain via the `type` attribute
+- Once created, the `type` of a list cannot be changed
+- Lists can be referenced by exception items to create more sophisticated matching rules
+- The `list_id` is auto-generated if not provided
+
+## Example Usage
+
+```terraform
+resource "elasticstack_kibana_security_list" "ip_list" {
+  space_id    = "default"
+  name        = "Trusted IP Addresses"
+  description = "List of trusted IP addresses for security rules"
+  type        = "ip"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `description` (String) Describes the security list.
+- `name` (String) The name of the security list.
+- `type` (String) Specifies the Elasticsearch data type of values the list contains. Valid values include: `binary`, `boolean`, `byte`, `date`, `date_nanos`, `date_range`, `double`, `double_range`, `float`, `float_range`, `geo_point`, `geo_shape`, `half_float`, `integer`, `integer_range`, `ip`, `ip_range`, `keyword`, `long`, `long_range`, `shape`, `short`, `text`.
+
+### Optional
+
+- `deserializer` (String) Determines how retrieved list item values are presented. By default, list items are presented using Handlebars expressions based on the type.
+- `id` (String) The unique identifier of the security list (auto-generated by Kibana if not specified).
+- `list_id` (String) The value list's human-readable identifier.
+- `meta` (String) Placeholder for metadata about the value list as JSON string.
+- `serializer` (String) Determines how uploaded list item values are parsed. By default, list items are parsed using named regex groups based on the type.
+- `space_id` (String) An identifier for the space. If space_id is not provided, the default space is used.
+- `version` (Number) The document version number.
+
+### Read-Only
+
+- `created_at` (String) The timestamp of when the list was created.
+- `created_by` (String) The user who created the list.
+- `immutable` (Boolean) Whether the list is immutable.
+- `tie_breaker_id` (String) Field used in search to ensure all containers are sorted and returned correctly.
+- `updated_at` (String) The timestamp of when the list was last updated.
+- `updated_by` (String) The user who last updated the list.
+- `version_id` (String) The version id, normally returned by the API when the document is retrieved. Use it to ensure updates are done against the latest version.