Install prebuilt rules (#1296)

* feat: Add prebuilt_rules resource

* fix: ensure minimum versions is satisfied

* fix diags

* fix versions

* fix verions

* skip versions not 8.x+

* fix docs with new generation

* update changelog

* fix: Only install prebuilt rules

* fix resource name in test

* Don't update during a read operation

* make lint

* Fix tests

---------

Co-authored-by: Toby Brain <toby.brain@elastic.co>

Author: tehbooom

CHANGELOG.md

@@ -40,6 +40,7 @@ alias = [
 
 ### Changes
 
+- Create `elasticstack_kibana_prebuilt_rule` resource ([#1296](https://github.com/elastic/terraform-provider-elasticstack/pull/1296))
 - Add `required_versions` to `elasticstack_fleet_agent_policy` ([#1436](https://github.com/elastic/terraform-provider-elasticstack/pull/1436))
 - Migrate `elasticstack_elasticsearch_security_role` resource to Terraform Plugin Framework ([#1330](https://github.com/elastic/terraform-provider-elasticstack/pull/1330))
 - Fix an issue where the `elasticstack_fleet_output` resource would error due to inconsistent state after an ouptut was edited in the Kibana UI ([#1506](https://github.com/elastic/terraform-provider-elasticstack/pull/1506))

docs/resources/kibana_install_prebuilt_rules.md

@@ -0,0 +1,41 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "elasticstack_kibana_install_prebuilt_rules Resource - terraform-provider-elasticstack"
+subcategory: "Kibana"
+description: |-
+  Manages Elastic prebuilt detection rules. This resource installs and updates Elastic prebuilt rules and timelines. See https://www.elastic.co/guide/en/security/current/prebuilt-rules.html
+---
+
+# elasticstack_kibana_install_prebuilt_rules (Resource)
+
+Manages Elastic prebuilt detection rules. This resource installs and updates Elastic prebuilt rules and timelines. See https://www.elastic.co/guide/en/security/current/prebuilt-rules.html
+
+## Example Usage
+
+```terraform
+provider "elasticstack" {
+  kibana {}
+}
+
+
+resource "elasticstack_kibana_install_prebuilt_rules" "example" {
+  space_id = "default"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `space_id` (String) An identifier for the space. If space_id is not provided, the default space is used.
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+- `rules_installed` (Number) Number of prebuilt rules that are installed.
+- `rules_not_installed` (Number) Number of prebuilt rules that are not installed.
+- `rules_not_updated` (Number) Number of prebuilt rules that have updates available.
+- `timelines_installed` (Number) Number of prebuilt timelines that are installed.
+- `timelines_not_installed` (Number) Number of prebuilt timelines that are not installed.
+- `timelines_not_updated` (Number) Number of prebuilt timelines that have updates available.

examples/resources/elasticstack_kibana_install_prebuilt_rules/resource.tf

@@ -0,0 +1,8 @@
+provider "elasticstack" {
+  kibana {}
+}
+
+
+resource "elasticstack_kibana_install_prebuilt_rules" "example" {
+  space_id = "default"
+}

internal/clients/kibana_oapi/client.go

@@ -1,6 +1,7 @@
 package kibana_oapi
 
 import (
+	"context"
 	"crypto/tls"
 	"crypto/x509"
 	"fmt"
@@ -103,3 +104,20 @@ func (t *transport) RoundTrip(req *http.Request) (*http.Response, error) {
 
 	return t.next.RoundTrip(req)
 }
+
+// BuildSpaceAwarePath constructs an API path with space awareness.
+// If spaceID is empty or "default", returns the basePath unchanged.
+// Otherwise, prepends "/s/{spaceID}" to the basePath.
+func BuildSpaceAwarePath(spaceID, basePath string) string {
+	if spaceID != "" && spaceID != "default" {
+		return fmt.Sprintf("/s/%s%s", spaceID, basePath)
+	}
+	return basePath
+}
+
+func SpaceAwarePathRequestEditor(spaceID string) func(ctx context.Context, req *http.Request) error {
+	return func(ctx context.Context, req *http.Request) error {
+		req.URL.Path = BuildSpaceAwarePath(spaceID, req.URL.Path)
+		return nil
+	}
+}

internal/clients/kibana_oapi/prebuilt_rules.go

@@ -0,0 +1,40 @@
+package kibana_oapi
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/elastic/terraform-provider-elasticstack/generated/kbapi"
+	"github.com/elastic/terraform-provider-elasticstack/internal/diagutil"
+	"github.com/hashicorp/terraform-plugin-framework/diag"
+)
+
+// GetPrebuiltRulesStatus retrieves the status of prebuilt rules and timelines for a given space.
+func GetPrebuiltRulesStatus(ctx context.Context, client *Client, spaceID string) (*kbapi.ReadPrebuiltRulesAndTimelinesStatusResponse, diag.Diagnostics) {
+	resp, err := client.API.ReadPrebuiltRulesAndTimelinesStatusWithResponse(ctx, SpaceAwarePathRequestEditor(spaceID))
+
+	if err != nil {
+		return nil, diagutil.FrameworkDiagFromError(err)
+	}
+
+	if resp.StatusCode() != 200 {
+		return nil, diagutil.FrameworkDiagFromError(fmt.Errorf("failed to get prebuilt rules status: %s", resp.Status()))
+	}
+
+	return resp, nil
+}
+
+// InstallPrebuiltRules installs or updates prebuilt rules and timelines for a given space.
+func InstallPrebuiltRules(ctx context.Context, client *Client, spaceID string) diag.Diagnostics {
+	resp, err := client.API.InstallPrebuiltRulesAndTimelinesWithResponse(ctx, SpaceAwarePathRequestEditor(spaceID))
+
+	if err != nil {
+		return diagutil.FrameworkDiagFromError(err)
+	}
+
+	if resp.StatusCode() != 200 {
+		return diagutil.CheckHttpErrorFromFW(resp.HTTPResponse, "failed to install prebuilt rules")
+	}
+
+	return nil
+}

internal/kibana/prebuilt_rules/acc_test.go

@@ -0,0 +1,127 @@
+package prebuilt_rules_test
+
+import (
+	"encoding/json"
+	"testing"
+
+	"github.com/elastic/terraform-provider-elasticstack/generated/kbapi"
+	"github.com/elastic/terraform-provider-elasticstack/internal/acctest"
+	"github.com/elastic/terraform-provider-elasticstack/internal/clients"
+	"github.com/elastic/terraform-provider-elasticstack/internal/clients/kibana_oapi"
+	"github.com/elastic/terraform-provider-elasticstack/internal/versionutils"
+	"github.com/google/uuid"
+	"github.com/hashicorp/go-version"
+	"github.com/hashicorp/terraform-plugin-testing/config"
+	sdkacctest "github.com/hashicorp/terraform-plugin-testing/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-plugin-testing/knownvalue"
+	"github.com/hashicorp/terraform-plugin-testing/plancheck"
+	"github.com/hashicorp/terraform-plugin-testing/tfjsonpath"
+	"github.com/stretchr/testify/require"
+)
+
+var minVersionPrebuiltRules = version.Must(version.NewVersion("8.0.0"))
+
+func TestAccResourcePrebuiltRules(t *testing.T) {
+	testAccResourcePrebuiltRules(t, "default")
+}
+
+func TestAccResourcePrebuiltRulesInSpace(t *testing.T) {
+	spaceID := "security_rules" + sdkacctest.RandStringFromCharSet(4, sdkacctest.CharSetAlphaNum)
+	testAccResourcePrebuiltRules(t, spaceID)
+}
+
+func testAccResourcePrebuiltRules(t *testing.T, spaceID string) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(t) },
+		ProtoV6ProviderFactories: acctest.Providers,
+		Steps: []resource.TestStep{
+			{
+				SkipFunc:        versionutils.CheckIfVersionIsUnsupported(minVersionPrebuiltRules),
+				ConfigDirectory: acctest.NamedTestCaseDirectory("create"),
+				ConfigVariables: config.Variables{
+					"space_id": config.StringVariable(spaceID),
+				},
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("elasticstack_kibana_install_prebuilt_rules.test", "space_id", spaceID),
+					resource.TestCheckResourceAttrSet("elasticstack_kibana_install_prebuilt_rules.test", "rules_installed"),
+					resource.TestCheckResourceAttrSet("elasticstack_kibana_install_prebuilt_rules.test", "rules_not_installed"),
+					resource.TestCheckResourceAttrSet("elasticstack_kibana_install_prebuilt_rules.test", "rules_not_updated"),
+					resource.TestCheckResourceAttrSet("elasticstack_kibana_install_prebuilt_rules.test", "timelines_installed"),
+					resource.TestCheckResourceAttrSet("elasticstack_kibana_install_prebuilt_rules.test", "timelines_not_installed"),
+					resource.TestCheckResourceAttrSet("elasticstack_kibana_install_prebuilt_rules.test", "timelines_not_updated"),
+				),
+			},
+			{
+				SkipFunc:        versionutils.CheckIfVersionIsUnsupported(minVersionPrebuiltRules),
+				ConfigDirectory: acctest.NamedTestCaseDirectory("create"),
+				ConfigVariables: config.Variables{
+					"space_id": config.StringVariable(spaceID),
+				},
+				PlanOnly:           true,
+				ExpectNonEmptyPlan: true,
+				PreConfig: func() {
+					deleteSingleDetectionRule(t, spaceID)
+				},
+			},
+			{
+				SkipFunc:        versionutils.CheckIfVersionIsUnsupported(minVersionPrebuiltRules),
+				ConfigDirectory: acctest.NamedTestCaseDirectory("create"),
+				ConfigVariables: config.Variables{
+					"space_id": config.StringVariable(spaceID),
+				},
+				ConfigPlanChecks: resource.ConfigPlanChecks{
+					PreApply: []plancheck.PlanCheck{
+						plancheck.ExpectNonEmptyPlan(),
+						plancheck.ExpectKnownValue("elasticstack_kibana_install_prebuilt_rules.test", tfjsonpath.New("rules_not_installed"), knownvalue.Int64Exact(0)),
+					},
+				},
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("elasticstack_kibana_install_prebuilt_rules.test", "space_id", spaceID),
+					resource.TestCheckResourceAttrSet("elasticstack_kibana_install_prebuilt_rules.test", "rules_installed"),
+					resource.TestCheckResourceAttrSet("elasticstack_kibana_install_prebuilt_rules.test", "rules_not_installed"),
+					resource.TestCheckResourceAttrSet("elasticstack_kibana_install_prebuilt_rules.test", "rules_not_updated"),
+					resource.TestCheckResourceAttrSet("elasticstack_kibana_install_prebuilt_rules.test", "timelines_installed"),
+					resource.TestCheckResourceAttrSet("elasticstack_kibana_install_prebuilt_rules.test", "timelines_not_installed"),
+					resource.TestCheckResourceAttrSet("elasticstack_kibana_install_prebuilt_rules.test", "timelines_not_updated"),
+				),
+			},
+		},
+	})
+}
+
+func deleteSingleDetectionRule(t *testing.T, spaceID string) {
+	unsupported, err := versionutils.CheckIfVersionIsUnsupported(minVersionPrebuiltRules)()
+	require.NoError(t, err)
+
+	if unsupported {
+		return
+	}
+
+	client, err := clients.NewAcceptanceTestingClient()
+	require.NoError(t, err)
+
+	oapiClient, err := client.GetKibanaOapiClient()
+	require.NoError(t, err)
+
+	resp, err := oapiClient.API.FindRulesWithResponse(t.Context(), &kbapi.FindRulesParams{}, kibana_oapi.SpaceAwarePathRequestEditor(spaceID))
+	require.NoError(t, err)
+	require.Equal(t, 200, resp.StatusCode())
+
+	ruleBytes, err := resp.JSON200.Data[0].MarshalJSON()
+	require.NoError(t, err)
+
+	var ruleMap map[string]interface{}
+	err = json.Unmarshal(ruleBytes, &ruleMap)
+	require.NoError(t, err)
+
+	id, ok := ruleMap["id"].(string)
+	require.True(t, ok, "rule ID not found or not a string")
+
+	idUUID, err := uuid.Parse(id)
+	require.NoError(t, err)
+
+	deleteResp, err := oapiClient.API.DeleteRuleWithResponse(t.Context(), spaceID, &kbapi.DeleteRuleParams{Id: &idUUID})
+	require.NoError(t, err)
+	require.Equal(t, 200, deleteResp.StatusCode())
+}

internal/kibana/prebuilt_rules/create.go

@@ -0,0 +1,11 @@
+package prebuilt_rules
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-framework/resource"
+)
+
+func (r *PrebuiltRuleResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) {
+	resp.Diagnostics.Append(r.upsert(ctx, req.Plan, &resp.State)...)
+}

internal/kibana/prebuilt_rules/delete.go

@@ -0,0 +1,12 @@
+package prebuilt_rules
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-framework/resource"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+)
+
+func (r *PrebuiltRuleResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) {
+	tflog.Info(ctx, "Delete isn't supported for elasticstack_kibana_install_prebuilt_rules")
+}

internal/kibana/prebuilt_rules/models.go

@@ -0,0 +1,26 @@
+package prebuilt_rules
+
+import (
+	"github.com/elastic/terraform-provider-elasticstack/generated/kbapi"
+	"github.com/hashicorp/terraform-plugin-framework/types"
+)
+
+type prebuiltRuleModel struct {
+	ID                    types.String `tfsdk:"id"`
+	SpaceID               types.String `tfsdk:"space_id"`
+	RulesInstalled        types.Int64  `tfsdk:"rules_installed"`
+	RulesNotInstalled     types.Int64  `tfsdk:"rules_not_installed"`
+	RulesNotUpdated       types.Int64  `tfsdk:"rules_not_updated"`
+	TimelinesInstalled    types.Int64  `tfsdk:"timelines_installed"`
+	TimelinesNotInstalled types.Int64  `tfsdk:"timelines_not_installed"`
+	TimelinesNotUpdated   types.Int64  `tfsdk:"timelines_not_updated"`
+}
+
+func (model *prebuiltRuleModel) populateFromStatus(status *kbapi.ReadPrebuiltRulesAndTimelinesStatusResponse) {
+	model.RulesInstalled = types.Int64Value(int64(status.JSON200.RulesInstalled))
+	model.RulesNotInstalled = types.Int64Value(int64(status.JSON200.RulesNotInstalled))
+	model.RulesNotUpdated = types.Int64Value(int64(status.JSON200.RulesNotUpdated))
+	model.TimelinesInstalled = types.Int64Value(int64(status.JSON200.TimelinesInstalled))
+	model.TimelinesNotInstalled = types.Int64Value(int64(status.JSON200.TimelinesNotInstalled))
+	model.TimelinesNotUpdated = types.Int64Value(int64(status.JSON200.TimelinesNotUpdated))
+}

internal/kibana/prebuilt_rules/read.go

@@ -0,0 +1,50 @@
+package prebuilt_rules
+
+import (
+	"context"
+
+	"github.com/elastic/terraform-provider-elasticstack/internal/clients/kibana_oapi"
+	"github.com/elastic/terraform-provider-elasticstack/internal/diagutil"
+	"github.com/hashicorp/go-version"
+	"github.com/hashicorp/terraform-plugin-framework/resource"
+)
+
+func (r *PrebuiltRuleResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) {
+	var model prebuiltRuleModel
+
+	resp.Diagnostics.Append(req.State.Get(ctx, &model)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	serverVersion, sdkDiags := r.client.ServerVersion(ctx)
+	resp.Diagnostics.Append(diagutil.FrameworkDiagsFromSDK(sdkDiags)...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	minVersion := version.Must(version.NewVersion("8.0.0"))
+	if serverVersion.LessThan(minVersion) {
+		resp.Diagnostics.AddError("Unsupported server version", "Prebuilt rules are not supported until Elastic Stack v8.0.0. Upgrade the target server to use this resource")
+		return
+	}
+
+	client, err := r.client.GetKibanaOapiClient()
+	if err != nil {
+		resp.Diagnostics.AddError(err.Error(), "")
+		return
+	}
+
+	spaceID := model.ID.ValueString()
+
+	// Get current status
+	status, statusDiags := kibana_oapi.GetPrebuiltRulesStatus(ctx, client, spaceID)
+	resp.Diagnostics.Append(statusDiags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	model.populateFromStatus(status)
+
+	resp.Diagnostics.Append(resp.State.Set(ctx, model)...)
+}