Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add system-user resource #188

Merged
merged 10 commits into from
Nov 21, 2022
Merged

Add system-user resource #188

merged 10 commits into from
Nov 21, 2022
+398 −0

Conversation

k-yomo
Copy link
Contributor

@k-yomo k-yomo commented Nov 8, 2022
edited
Loading

Resolves #104

This PR adds elasticstack_elasticsearch_security_system_user resource to manage built-in system user.

@elasticmachine
Copy link

Since this is a community submitted pull request, a Jenkins build has not been kicked off automatically. Can an Elastic organization member please verify the contents of this patch and then kick off a build manually?

@k-yomo k-yomo force-pushed the add-system-user-resource branch from 0c87ba2 to 6cb177c Compare November 14, 2022 07:49
@k-yomo k-yomo force-pushed the add-system-user-resource branch from 6cb177c to 59256e1 Compare November 14, 2022 07:56
@k-yomo k-yomo marked this pull request as ready for review November 14, 2022 08:00
tobio
tobio reviewed Nov 16, 2022
View reviewed changes
Copy link
Member

@tobio tobio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks nice, couple of minor comments. We'd need a changelog entry here as well please.

internal/elasticsearch/security/system_user.go Outdated
Comment on lines 68 to 70
Importer: &schema.ResourceImporter{
StateContext: schema.ImportStatePassthroughContext,
},
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure it ever makes sense to import this resource? A user would never be able to import the password/hash and so it's pretty likely there would be changes to be applied.

Given the 'create' doesn't actually create the user I'd be inclined to just make this not importable. WDYT?

Suggested change
Importer: &schema.ResourceImporter{
StateContext: schema.ImportStatePassthroughContext,
},

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh that's true and making the resource not importable makes sense.
Fixed it!
a641bcd

examples/resources/elasticstack_elasticsearch_security_system_user/resource.tf Outdated
resource "elasticstack_elasticsearch_security_system_user" "kibana_system" {
username = "kibana_system"

// use hashed password: see https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-user.html#security-api-put-user-request-body
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I initially read this comment as if I couldn't set the plaintext password.

Suggested change
// use hashed password: see https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-user.html#security-api-put-user-request-body
// For details on how to generate the hashed password see https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-user.html#security-api-put-user-request-body

@k-yomo k-yomo requested a review from tobio November 21, 2022 08:41
tobio
tobio reviewed Nov 21, 2022
View reviewed changes
Copy link
Member

@tobio tobio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small update to the docs here. Looking great!

docs/resources/elasticsearch_security_system_user.md Outdated Show resolved Hide resolved
templates/resources/elasticsearch_security_system_user.md.tmpl Outdated Show resolved Hide resolved
@k-yomo k-yomo requested a review from tobio November 21, 2022 10:26
@tobio tobio enabled auto-merge (squash) November 21, 2022 10:26
@tobio tobio merged commit 0140c39 into elastic:main Nov 21, 2022
@k-yomo k-yomo deleted the add-system-user-resource branch November 21, 2022 10:29
@Fuco1
Copy link

Fuco1 commented Dec 1, 2022

Can we get a release? Please 😍

@tobio
Copy link
Member

tobio commented Dec 1, 2022

@Fuco1 we'll have a release out in the next 2 weeks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tobio tobio tobio approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add new resource to manage system user passwords
4 participants
@k-yomo @elasticmachine @Fuco1 @tobio