elastic · tobio · Aug 26, 2024 · Aug 21, 2024 · Aug 21, 2024 · Aug 21, 2024
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,7 @@
 - Add the `alert_delay` field to the Create Rule API ([#715](https://github.com/elastic/terraform-provider-elasticstack/pull/715))
 - Add support for data_stream `lifecycle` template settings ([#724](https://github.com/elastic/terraform-provider-elasticstack/pull/724))
 - Fix a provider panic when `elasticstack_kibana_action_connector` reads a non-existant connector ([#729](https://github.com/elastic/terraform-provider-elasticstack/pull/729))
+- Add support for `remote_indicies` to `elasticstack_elasticsearch_security_role` & `elasticstack_kibana_security_role` (#723)[https://github.com/elastic/terraform-provider-elasticstack/pull/723]
 
 ## [0.11.6] - 2024-08-20
 

diff --git a/docs/data-sources/elasticsearch_security_role.md b/docs/data-sources/elasticsearch_security_role.md
@@ -46,6 +46,7 @@ output "role" {
 - `id` (String) Internal identifier of the resource
 - `indices` (Set of Object) A list of indices permissions entries. (see [below for nested schema](#nestedatt--indices))
 - `metadata` (String) Optional meta-data.
+- `remote_indices` (Set of Object) A list of remote indices permissions entries. Remote indices are effective for remote clusters configured with the API key based model. They have no effect for remote clusters configured with the certificate based model. (see [below for nested schema](#nestedatt--remote_indices))
 
 <a id="nestedblock--elasticsearch_connection"></a>
 ### Nested Schema for `elasticsearch_connection`
@@ -95,3 +96,24 @@ Read-Only:
 
 - `except` (Set of String)
 - `grant` (Set of String)
+
+
+
+<a id="nestedatt--remote_indices"></a>
+### Nested Schema for `remote_indices`
+
+Read-Only:
+
+- `clusters` (Set of String)
+- `field_security` (List of Object) (see [below for nested schema](#nestedobjatt--remote_indices--field_security))
+- `names` (Set of String)
+- `privileges` (Set of String)
+- `query` (String)
+
+<a id="nestedobjatt--remote_indices--field_security"></a>
+### Nested Schema for `remote_indices.field_security`
+
+Read-Only:
+
+- `except` (Set of String)
+- `grant` (Set of String)
diff --git a/docs/data-sources/kibana_security_role.md b/docs/data-sources/kibana_security_role.md
@@ -47,6 +47,7 @@ Read-Only:
 
 - `cluster` (Set of String)
 - `indices` (Set of Object) (see [below for nested schema](#nestedobjatt--elasticsearch--indices))
+- `remote_indices` (Set of Object) (see [below for nested schema](#nestedobjatt--elasticsearch--remote_indices))
 - `run_as` (Set of String)
 
 <a id="nestedobjatt--elasticsearch--indices"></a>
@@ -69,6 +70,27 @@ Read-Only:
 
 
 
+<a id="nestedobjatt--elasticsearch--remote_indices"></a>
+### Nested Schema for `elasticsearch.remote_indices`
+
+Read-Only:
+
+- `clusters` (Set of String)
+- `field_security` (List of Object) (see [below for nested schema](#nestedobjatt--elasticsearch--remote_indices--field_security))
+- `names` (Set of String)
+- `privileges` (Set of String)
+- `query` (String)
+
+<a id="nestedobjatt--elasticsearch--remote_indices--field_security"></a>
+### Nested Schema for `elasticsearch.remote_indices.field_security`
+
+Read-Only:
+
+- `except` (Set of String)
+- `grant` (Set of String)
+
+
+
 
 <a id="nestedatt--kibana"></a>
 ### Nested Schema for `kibana`

diff --git a/docs/resources/elasticsearch_security_role.md b/docs/resources/elasticsearch_security_role.md
@@ -59,6 +59,7 @@ output "role" {
 - `global` (String) An object defining global privileges.
 - `indices` (Block Set) A list of indices permissions entries. (see [below for nested schema](#nestedblock--indices))
 - `metadata` (String) Optional meta-data.
+- `remote_indices` (Block Set) A list of remote indices permissions entries. Remote indices are effective for remote clusters configured with the API key based model. They have no effect for remote clusters configured with the certificate based model. (see [below for nested schema](#nestedblock--remote_indices))
 - `run_as` (Set of String) A list of users that the owners of this role can impersonate.
 
 ### Read-Only
@@ -117,6 +118,30 @@ Optional:
 - `except` (Set of String) List of the fields to which the grants will not be applied.
 - `grant` (Set of String) List of the fields to grant the access to.
 
+
+
+<a id="nestedblock--remote_indices"></a>
+### Nested Schema for `remote_indices`
+
+Required:
+
+- `clusters` (Set of String) A list of cluster aliases to which the permissions in this entry apply.
+- `names` (Set of String) A list of indices (or index name patterns) to which the permissions in this entry apply.
+- `privileges` (Set of String) The index level privileges that the owners of the role have on the specified indices.
+
+Optional:
+
+- `field_security` (Block List, Max: 1) The document fields that the owners of the role have read access to. (see [below for nested schema](#nestedblock--remote_indices--field_security))
+- `query` (String) A search query that defines the documents the owners of the role have read access to.
+
+<a id="nestedblock--remote_indices--field_security"></a>
+### Nested Schema for `remote_indices.field_security`
+
+Optional:
+
+- `except` (Set of String) List of the fields to which the grants will not be applied.
+- `grant` (Set of String) List of the fields to grant the access to.
+
 ## Import
 
 Import is supported using the following syntax:

diff --git a/docs/resources/kibana_security_role.md b/docs/resources/kibana_security_role.md
@@ -32,6 +32,15 @@ resource "elasticstack_kibana_security_role" "example" {
       names      = ["test"]
       privileges = ["create", "read", "write"]
     }
+    remote_indices {
+      field_security {
+        grant  = ["test"]
+        except = []
+      }
+      names      = ["test"]
+      clusters   = ["test-cluster"]
+      privileges = ["create", "read", "write"]
+    }
   }
   kibana {
     base   = ["all"]
@@ -60,6 +69,15 @@ resource "elasticstack_kibana_security_role" "example" {
       names      = ["test"]
       privileges = ["create", "read", "write"]
     }
+    remote_indices {
+      field_security {
+        grant  = ["test"]
+        except = []
+      }
+      names      = ["test"]
+      clusters   = ["test-cluster"]
+      privileges = ["create", "read", "write"]
+    }
   }
   kibana {
     feature {
@@ -116,6 +134,7 @@ Optional:
 
 - `cluster` (Set of String) List of the cluster privileges.
 - `indices` (Block Set) A list of indices permissions entries. (see [below for nested schema](#nestedblock--elasticsearch--indices))
+- `remote_indices` (Block Set) A list of remote indices permissions entries. Remote indices are effective for remote clusters configured with the API key based model. They have no effect for remote clusters configured with the certificate based model. (see [below for nested schema](#nestedblock--elasticsearch--remote_indices))
 - `run_as` (Set of String) A list of usernames the owners of this role can impersonate.
 
 <a id="nestedblock--elasticsearch--indices"></a>
@@ -141,6 +160,30 @@ Optional:
 
 
 
+<a id="nestedblock--elasticsearch--remote_indices"></a>
+### Nested Schema for `elasticsearch.remote_indices`
+
+Required:
+
+- `clusters` (Set of String) A list of cluster aliases to which the permissions in this entry apply.
+- `names` (Set of String) A list of indices (or index name patterns) to which the permissions in this entry apply.
+- `privileges` (Set of String) The index level privileges that the owners of the role have on the specified indices.
+
+Optional:
+
+- `field_security` (Block List, Max: 1) The document fields that the owners of the role have read access to. (see [below for nested schema](#nestedblock--elasticsearch--remote_indices--field_security))
+- `query` (String) A search query that defines the documents the owners of the role have read access to.
+
+<a id="nestedblock--elasticsearch--remote_indices--field_security"></a>
+### Nested Schema for `elasticsearch.remote_indices.field_security`
+
+Optional:
+
+- `except` (Set of String) List of the fields to which the grants will not be applied.
+- `grant` (Set of String) List of the fields to grant the access to.
+
+
+
 
 <a id="nestedblock--kibana"></a>
 ### Nested Schema for `kibana`

diff --git a/examples/resources/elasticstack_kibana_security_role/resource-with-base.tf b/examples/resources/elasticstack_kibana_security_role/resource-with-base.tf
@@ -16,6 +16,15 @@ resource "elasticstack_kibana_security_role" "example" {
       names      = ["test"]
       privileges = ["create", "read", "write"]
     }
+    remote_indices {
+      field_security {
+        grant  = ["test"]
+        except = []
+      }
+      names      = ["test"]
+      clusters   = ["test-cluster"]
+      privileges = ["create", "read", "write"]
+    }
   }
   kibana {
     base   = ["all"]

diff --git a/examples/resources/elasticstack_kibana_security_role/resource-with-feature.tf b/examples/resources/elasticstack_kibana_security_role/resource-with-feature.tf
@@ -16,6 +16,15 @@ resource "elasticstack_kibana_security_role" "example" {
       names      = ["test"]
       privileges = ["create", "read", "write"]
     }
+    remote_indices {
+      field_security {
+        grant  = ["test"]
+        except = []
+      }
+      names      = ["test"]
+      clusters   = ["test-cluster"]
+      privileges = ["create", "read", "write"]
+    }
   }
   kibana {
     feature {