Git Product home page Git Product logo

terraform-provider-elastic-stack's People

Contributors

stevewritescode avatar

Watchers

avatar

Forkers

bridgecrew-perf4

terraform-provider-elastic-stack's Issues

[SCHEMA]: "elasticstack" provider

The following defines the elasticstack provider schema:

provider 'elasticstack' {
	cloud_id	string
	auth {
		basic {
			username	string
			password	string
		}
		apikey	string
	}
	endpoint {
		elasticsearch	string
		kibana			string
	}
}

Rules:

  • Exactly one of the following must be defined: cloud_id, endpoint.
  • Under auth, exactly one of the following must be defined: basic, apikey

[META]: Initial Scope of Managed Resources

Find below a list of the managed resources targeted for the initial release:

  • Data Management: Index and Component Templates, ILM, Snapshot, etc - #5
  • Ingest Pipelines
  • Painless Scripts
  • Users, Roles, Api Keys and Role Mappings - #3
  • Alerts and Connectors
  • Security Endpoint - #7

[SCHEMA]: "elasticstack_fleet_*" resources

Agent Policy

resource 'elasticstack_fleet_agent_policy' '<name>' {
	description		string
	namespace		string
	agent_monitoring {
		collect_logs	boolean
		collect_metrics boolean
	}
}

Enrollment Key

https://github.com/elastic/kibana/blob/master/x-pack/plugins/fleet/server/routes/enrollment_api_key/index.ts#L53

resource 'elasticstack_fleet_enrollment_key' '<name>' {
	policy_id	string
}

Integration

https://github.com/elastic/kibana/blob/master/x-pack/plugins/fleet/server/routes/package_policy/index.ts#L48

  • Note: Integration resources needs to be defined on a per type basis. The following resource defines the fleet integration resource type namespace 'elasticstack_fleet_integration_*` as well as the generic set of fields
resource elasticstack_fleet_integration_<type>' '<name>' {
	policy_id	string
	description	string
	namespace	string
}
  • Note: For now, we will stick with a couple of integrations: system, 'endpoint_security`

Integration: System

resource 'elasticstack_fleet_integration_system` '<name>' {
	logs {
		auth {
			paths	[]string
		}
		syslog {
			paths	[]string
		}
		windows {
			application	boolean
			security	boolean
			system 		boolean
		}
	}
	metrics {
		cpu {
			period	string
			metrics []string
		}
		diskio {
			period			string
			include_devices []string
		}
		filesystem {
			period			string
			processors []{
				# variable key/value pair - This is the processors chain definition as in a regular Beat, so we should be able to represent this is a JSON then serialize it as YAML string.
			}
		}
		fsstat {
			period			string
			processors []{
				# see filesystem.processors above
			}
		}
		load {
			period	string		
		}
		memory {
			period	string		
		}
		network {
			period	string		
		}
		process {
			period	string
			include_top_n {
				by_cpu		integer
				by_memory	integer
			}
			cmdline_cache		boolean
			cgroup_reporting	boolean
			env_whitelist		string
			include_cpu_ticks	boolean
			processes		[]string
		}
		process_summary {
			period	string		
		}
		socket_summary {
			period	string		
		}
		uptime {
			period	string		
		}
	}
}

Integration: Endpoint Security

resource 'elasticstack_fleet_integration_elastic_endpoint_security' '<name>' {
	protections {
		malware {
			level		string
			notify_user boolean
			custom_user_notification_message	string
		}
		ransomware {
			level		string
			notify_user boolean
			custom_user_notification_message	string
		}
	}
	settings {
		register_as_windows_antivirus	boolean
		event_collection []{
			target_operating_systems   []string
			events 			 		   []string
		}
		extended []{
			key		string
			value 	string
		}
	}
}

Rules:

  • Under (malware|ransomware).level, the following values are supported: detect, prevent
  • Under settings.event_collection.target_operating_systems, the following values are supported: mac, linux, windows
  • Under settings.event_collectio.events, the following values are supported on a per target OS basis:
    • mac, linux and windows:
      • file
      • process
      • network
    • windows:
      • dll_and_driver_load
      • dns
      • registry
      • security

[DISCUSS]: Revisit index template definition for better UX

A few important aspects of data management are buried down in index settings. I propose we review those settings and pull it to the root of the resource definition for better UX.

This is not an exhaustive and there should be more to define:

  • lifecycle_policy: index.lifecycle.name
  • ingest_pipeline { default, final }: index.default_pipeline, index.final_pipeline

[SCHEMA]: "elasticstack_auth_*" resources

The elasticstack_auth_* defines the following:

User

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-user.html

resource 'elasticstack_auth_user' '<name>' {
	metadata {
		# variable key/value pair
	}
	email			string
	full_name 		string
	password 		string
	password_hash 	string
	roles 			[]string 
}

Rules

Role

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-role.html

resource 'elasticstack_auth_role' '<name>' {
	metadata {
		# variable key/pair
	}
	cluster_privileges	[]string
	run_as_privileges	[]string
	index_privileges 	[]{
		indices		[]string
		privileges  []string
		field_privileges {
			granted_fields	[]string
			denied_fields	[]string
		}
		granted_documents_query {
			# variable key/value pair
		}
	}
	kibana_privileges 	[]{
		grant_all	{
			spaces		[]string
		}	
		grant_read	{
			spaces		[]string
		}	
		grant_custom	{
			spaces		[]string
			custom_feature_privileges []{
				features []enum
				grant	   enum
				sub_feature_privileges {
					short_url			 boolean
					store_search_session boolean
				}
			}
		}	
	}
}

Rules

  • Under kibana_privileges, exactly one of the following must be defined: grant_all, grant_read, grant_custom
  • Field kibana_privileges.grant_custom.custom_feature_privileges.features value enum's list: discover, dashboard, canvas, maps, machine-learning, graph, visualize-library, logs, metrics, apm-and-users-experience, uptime, security, dev-tools, advanced-settings, index-pattern-managegement, saved-objects-management, fleet, actions-and-connectors, stack-alerts, stack-monitoring
  • Field kibana_privileges.grant_custom.custom_feature_privileges.grant value enum's list: all, read, none (discuss: should we explicitly add a none or the absence implies none?)
  • Field field kibana_privileges.grant_custom.custom_feature_privileges.short_url is only supported when the feature is one of: discover, dashboard, visualize-library
  • Field kibana_privileges.grant_custom.custom_feature_privileges.store_search_session is only supported when the feature is one of: discover, dashboard

Role Mapping

resource 'elasticstack_auth_role_mapping' '<name>' {
	roles 	[]string
	rules	[]string {
		user_field	enum
		type		enum
		text_value	  string
		number_value  number
		boolean_value boolean
	}
}

Rules:

  • Field rules.user_field value enum's list: username, dn, groups, realm.name
  • Field rules.type value enum's list: text, number, is-null, boolean
  • Under rules, at most one of: text_value, number_value or boolean_value depending if type is text, number or boolean. In case type is is-null then no *_value field can be defined

API Key

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-api-key.html

resource 'elasticstack_auth_apikey' '<name>' {
	expiration	string
	role_descriptors {
		# key/value pair "role_name" -> "role_def" see definition of `Role`
	}
}

[SCHEMA]: "elasticstack_data_*" resources

The elasticstack_data_* defines the following:

Index Template

https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-put-template.html

resource 'elasticstack_data_index_template' '<name>' {
	index_patterns	[]string
	priority		integer
	version			integer
	metadata {
		# variable key/value pair
	}
	composed_of		[]string
    data_stream {
		hidden	     boolean
	}
	template {
		settings {
			# variable key/value pair - Should we force the usage of flat settings?
		}
		aliases {
			# key/value pair "alias_name" -> "alias_def" see https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-aliases.html 
		}
		mappings {
			# see https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-put-mapping.html
		}
	}
}

Component Template

https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-put-template.html#multiple-component-templates

resource 'elasticstack_data_component_template' '<name>' {
	# defines only "template" field from Index Template
}

Index Lifecycle Policy

https://www.elastic.co/guide/en/elasticsearch/reference/current/ilm-put-lifecycle.html

resource 'elasticstack_data_index_lifecycle_policy' '<name>' {
	hot_phase {
        keep_data_forever boolean
		set_read_only	  boolean
		index_priority	integer
		force_merge {
			number_of_segments	integer
		}
		shrink {
			number_of_primary_shards	integer
		}
		rollover {
			max_index_size	string
			max_documents	integer
			max_age			string
		}
		searchable_snapshot {
			repository_name		string
		}
	}
	warm_phase {
		move_data_into_phase_when	string
        keep_data_forever boolean
		set_read_only	  boolean
		index_priority	  integer
		replicas {
			number_of_replicas	integer
        }
		force_merge {
			number_of_segments	integer
		}
		shrink {
			number_of_primary_shards	integer
		}
		data_allocation {
			custom {
				# variable key/value pair
			}
		}
	}
	cold_phase {
		move_data_into_phase_when	string
        keep_data_forever boolean
		set_read_only	  boolean
		index_priority	  integer
		freeze_index	  boolean
		replicas {
			number_of_replicas	integer
        }
		force_merge {
			number_of_segments	integer
		}
		data_allocation {
			custom {
				# variable key/value pair
			}
		}
		searchable_snapshot {
			repository_name		string
		}
	}
}

Snapshot Repository

https://www.elastic.co/guide/en/elasticsearch/reference/current/snapshots-register-repository.html

resource 'elasticstack_data_snapshot_repository' '<name>' {
	type	string
	settings {
		# variable key/value pair
	}
}

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.