elastic · tobio · Oct 24, 2023 · Sep 27, 2023 · Sep 27, 2023 · Oct 6, 2023
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,4 +1,5 @@
 ## [Unreleased]
+- Add support for Kibana security role ([#435](https://github.com/elastic/terraform-provider-elasticstack/pull/435))
 
 ### Added
 - Introduce `elasticstack_kibana_import_saved_objects` resource as an additive only way to manage Kibana saved objects ([#343](https://github.com/elastic/terraform-provider-elasticstack/pull/343)).

diff --git a/docs/data-sources/kibana_security_role.md b/docs/data-sources/kibana_security_role.md
@@ -0,0 +1,88 @@
+---
+subcategory: "Kibana"
+layout: ""
+page_title: "Elasticstack: elasticstack_kibana_security_role Data Source"
+description: |-
+  Retrieve a specific Kibana role. See https://www.elastic.co/guide/en/kibana/master/role-management-specific-api-get.html
+---
+
+# Data Source: elasticstack_kibana_security_role
+
+Use this data source to get information about an existing Kibana role. 
+
+## Example Usage
+
+```terraform
+provider "elasticstack" {
+  elasticsearch {}
+  kibana {}
+}
+
+data "elasticstack_kibana_security_role" "example" {
+  name = "sample_role"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) The name for the role.
+
+### Optional
+
+- `metadata` (String) Optional meta-data.
+
+### Read-Only
+
+- `elasticsearch` (Set of Object) Elasticsearch cluster and index privileges. (see [below for nested schema](#nestedatt--elasticsearch))
+- `id` (String) The ID of this resource.
+- `kibana` (Set of Object) The list of objects that specify the Kibana privileges for the role. (see [below for nested schema](#nestedatt--kibana))
+
+<a id="nestedatt--elasticsearch"></a>
+### Nested Schema for `elasticsearch`
+
+Read-Only:
+
+- `cluster` (Set of String)
+- `indices` (Set of Object) (see [below for nested schema](#nestedobjatt--elasticsearch--indices))
+- `run_as` (Set of String)
+
+<a id="nestedobjatt--elasticsearch--indices"></a>
+### Nested Schema for `elasticsearch.indices`
+
+Read-Only:
+
+- `field_security` (List of Object) (see [below for nested schema](#nestedobjatt--elasticsearch--indices--field_security))
+- `names` (Set of String)
+- `privileges` (Set of String)
+- `query` (String)
+
+<a id="nestedobjatt--elasticsearch--indices--field_security"></a>
+### Nested Schema for `elasticsearch.indices.field_security`
+
+Read-Only:
+
+- `except` (Set of String)
+- `grant` (Set of String)
+
+
+
+
+<a id="nestedatt--kibana"></a>
+### Nested Schema for `kibana`
+
+Read-Only:
+
+- `base` (Set of String)
+- `feature` (Set of Object) (see [below for nested schema](#nestedobjatt--kibana--feature))
+- `spaces` (Set of String)
+
+<a id="nestedobjatt--kibana--feature"></a>
+### Nested Schema for `kibana.feature`
+
+Read-Only:
+
+- `name` (String)
+- `privileges` (Set of String)
diff --git a/docs/resources/kibana_security_role.md b/docs/resources/kibana_security_role.md
@@ -0,0 +1,145 @@
+---
+subcategory: "Kibana"
+layout: ""
+page_title: "Elasticstack: elasticstack_kibana_security_role Resource"
+description: |-
+  Creates or updates a Kibana role.
+---
+
+# Resource: elasticstack_kibana_security_role
+
+Creates or updates a Kibana role. See https://www.elastic.co/guide/en/kibana/master/role-management-api-put.html
+
+## Example Usage
+
+```terraform
+provider "elasticstack" {
+  elasticsearch {}
+  kibana {}
+}
+
+resource "elasticstack_kibana_role" "example" {
+  name = "sample_role"
+  elasticsearch {
+    cluster = ["create_snapshot"]
+    indices {
+      field_security {
+        grant  = ["test"]
+        except = []
+      }
+      names      = ["test"]
+      privileges = ["create", "read", "write"]
+    }
+  }
+  kibana {
+    base   = ["all"]
+    spaces = ["default"]
+  }
+  kibana {
+    feature {
+      name       = "actions"
+      privileges = ["read"]
+    }
+    feature {
+      name       = "discover"
+      privileges = ["minimal_read", "url_create", "store_search_session"]
+    }
+    feature {
+      name       = "observabilityCases"
+      privileges = ["minimal_read", "cases_delete"]
+    }
+    feature {
+      name       = "osquery"
+      privileges = ["minimal_read", "live_queries_all", "run_saved_queries", "saved_queries_read", "packs_all"]
+    }
+    feature {
+      name       = "rulesSettings"
+      privileges = ["minimal_read", "readFlappingSettings"]
+    }
+    feature {
+      name       = "securitySolutionCases"
+      privileges = ["minimal_read", "cases_delete"]
+    }
+
+    spaces = ["Default"]
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `elasticsearch` (Block Set, Min: 1, Max: 1) Elasticsearch cluster and index privileges. (see [below for nested schema](#nestedblock--elasticsearch))
+- `name` (String) The name for the role.
+
+### Optional
+
+- `kibana` (Block Set) The list of objects that specify the Kibana privileges for the role. (see [below for nested schema](#nestedblock--kibana))
+- `metadata` (String) Optional meta-data.
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+<a id="nestedblock--elasticsearch"></a>
+### Nested Schema for `elasticsearch`
+
+Optional:
+
+- `cluster` (Set of String) List of the cluster privileges.
+- `indices` (Block Set) A list of indices permissions entries. (see [below for nested schema](#nestedblock--elasticsearch--indices))
+- `run_as` (Set of String) A list of usernames the owners of this role can impersonate.
+
+<a id="nestedblock--elasticsearch--indices"></a>
+### Nested Schema for `elasticsearch.indices`
+
+Required:
+
+- `names` (Set of String) A list of indices (or index name patterns) to which the permissions in this entry apply.
+- `privileges` (Set of String) The index level privileges that the owners of the role have on the specified indices.
+
+Optional:
+
+- `field_security` (Block List, Max: 1) The document fields that the owners of the role have read access to. (see [below for nested schema](#nestedblock--elasticsearch--indices--field_security))
+- `query` (String) A search query that defines the documents the owners of the role have read access to.
+
+<a id="nestedblock--elasticsearch--indices--field_security"></a>
+### Nested Schema for `elasticsearch.indices.field_security`
+
+Optional:
+
+- `except` (Set of String) List of the fields to which the grants will not be applied.
+- `grant` (Set of String) List of the fields to grant the access to.
+
+
+
+
+<a id="nestedblock--kibana"></a>
+### Nested Schema for `kibana`
+
+Required:
+
+- `spaces` (Set of String) The spaces to apply the privileges to. To grant access to all spaces, set to ["*"], or omit the value.
+
+Optional:
+
+- `base` (Set of String) A base privilege. When specified, the base must be ["all"] or ["read"].
+- `feature` (Block Set) List of privileges for specific features. When the feature privileges are specified, you are unable to use the "base" section. (see [below for nested schema](#nestedblock--kibana--feature))
+
+<a id="nestedblock--kibana--feature"></a>
+### Nested Schema for `kibana.feature`
+
+Required:
+
+- `name` (String) Feature name.
+- `privileges` (Set of String) Feature privileges.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import elasticstack_kibana_security_role.example_role <role name>
+```
diff --git a/examples/data-sources/elasticstack_kibana_security_role/data-source.tf b/examples/data-sources/elasticstack_kibana_security_role/data-source.tf
@@ -0,0 +1,9 @@
+
+provider "elasticstack" {
+  elasticsearch {}
+  kibana {}
+}
+
+data "elasticstack_kibana_security_role" "example" {
+  name = "sample_role"
+}
diff --git a/examples/resources/elasticstack_kibana_security_role/import.sh b/examples/resources/elasticstack_kibana_security_role/import.sh
@@ -0,0 +1 @@
+terraform import elasticstack_kibana_security_role.example_role <role name>
diff --git a/examples/resources/elasticstack_kibana_security_role/resource.tf b/examples/resources/elasticstack_kibana_security_role/resource.tf
@@ -0,0 +1,52 @@
+
+provider "elasticstack" {
+  elasticsearch {}
+  kibana {}
+}
+
+resource "elasticstack_kibana_role" "example" {
+  name = "sample_role"
+  elasticsearch {
+    cluster = ["create_snapshot"]
+    indices {
+      field_security {
+        grant  = ["test"]
+        except = []
+      }
+      names      = ["test"]
+      privileges = ["create", "read", "write"]
+    }
+  }
+  kibana {
+    base   = ["all"]
+    spaces = ["default"]
+  }
+  kibana {
+    feature {
+      name       = "actions"
+      privileges = ["read"]
+    }
+    feature {
+      name       = "discover"
+      privileges = ["minimal_read", "url_create", "store_search_session"]
+    }
+    feature {
+      name       = "observabilityCases"
+      privileges = ["minimal_read", "cases_delete"]
+    }
+    feature {
+      name       = "osquery"
+      privileges = ["minimal_read", "live_queries_all", "run_saved_queries", "saved_queries_read", "packs_all"]
+    }
+    feature {
+      name       = "rulesSettings"
+      privileges = ["minimal_read", "readFlappingSettings"]
+    }
+    feature {
+      name       = "securitySolutionCases"
+      privileges = ["minimal_read", "cases_delete"]
+    }
+
+    spaces = ["Default"]
+  }
+}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		terraform import elasticstack_kibana_security_role.example_role <role name>