Add resource for kibana synthetics monitors: http and tcp

.github/workflows/test.yml

@@ -60,10 +60,12 @@ jobs:
         image: docker.elastic.co/elasticsearch/elasticsearch:${{ matrix.version }}
         env:
           discovery.type: single-node
-          xpack.license.self_generated.type: trial
           xpack.security.enabled: true
           xpack.security.authc.api_key.enabled: true
+          xpack.security.authc.token.enabled: true
+          xpack.security.http.ssl.enabled: false
           xpack.watcher.enabled: true
+          xpack.license.self_generated.type: trial
           repositories.url.allowed_urls: https://example.com/*
           path.repo: /tmp
           ELASTIC_PASSWORD: ${{ env.ELASTIC_PASSWORD }}
@@ -78,9 +80,10 @@ jobs:
           ELASTICSEARCH_USERNAME: ${{ env.KIBANA_SYSTEM_USERNAME }}
           ELASTICSEARCH_PASSWORD: ${{ env.KIBANA_SYSTEM_PASSWORD }}
           XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY: a7a6311933d3503b89bc2dbc36572c33a6c10925682e591bffcab6911c06786d
-          xpack.fleet.enabled: true
+#          LOGGING_ROOT_LEVEL: debug
         ports:
           - 5601:5601
+        options: --health-cmd="curl http://localhost:5601/api/status" --health-interval=10s --health-timeout=5s --health-retries=10
 
     timeout-minutes: 15
     strategy:
@@ -135,6 +138,12 @@ jobs:
           ELASTICSEARCH_USERNAME: "elastic"
           ELASTICSEARCH_PASSWORD: ${{ env.ELASTIC_PASSWORD }}
 
+      - id: force-install-synthetics
+        name: Force install synthetics
+        if: matrix.version == '8.14.3' || matrix.version == '8.15.0'
+        run: |-
+          for i in {1..5}; do curl -s -H "Authorization: ApiKey ${{ steps.get-api-key.outputs.apikey }}" --header "Content-Type: application/json" --header "kbn-xsrf: true" --request POST --data '{ "force": true }' http://localhost:5601/api/fleet/epm/packages/synthetics/1.2.2 && break || sleep 15; done
+
       - name: TF acceptance tests
         timeout-minutes: 10
         run: make testacc

CHANGELOG.md

@@ -1,4 +1,5 @@
 ## [Unreleased]
+- Add support for Kibana synthetics http and tcp monitors ([#699](https://github.com/elastic/terraform-provider-elasticstack/pull/699))
 
 - Add `elasticstack_kibana_spaces` data source ([#682](https://github.com/elastic/terraform-provider-elasticstack/pull/682))
 

Makefile

@@ -132,7 +132,7 @@ docker-kibana: docker-network docker-elasticsearch set-kibana-password ## Start
 		-e ELASTICSEARCH_USERNAME=$(KIBANA_SYSTEM_USERNAME) \
 		-e ELASTICSEARCH_PASSWORD=$(KIBANA_SYSTEM_PASSWORD) \
 		-e XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY=a7a6311933d3503b89bc2dbc36572c33a6c10925682e591bffcab6911c06786d \
-		-e "logging.root.level=debug" \
+		-e LOGGING_ROOT_LEVEL=debug \
 		--name $(KIBANA_NAME) \
 		--network $(ELASTICSEARCH_NETWORK) \
 		docker.elastic.co/kibana/kibana:$(STACK_VERSION); \
@@ -157,7 +157,7 @@ docker-kibana-with-tls: docker-network docker-elasticsearch set-kibana-password
 		-e SERVER_SSL_CERTIFICATE=/certs/localhost+1.pem \
 		-e SERVER_SSL_KEY=/certs/localhost+1-key.pem \
 		-e SERVER_SSL_ENABLED=true \
-		-e "logging.root.level=debug" \
+		-e LOGGING_ROOT_LEVEL=debug \
 		--name $(KIBANA_NAME) \
 		--network $(ELASTICSEARCH_NETWORK) \
 		docker.elastic.co/kibana/kibana:$(STACK_VERSION); \

docs/resources/kibana_synthetics_monitor.md

@@ -0,0 +1,160 @@
+---
+subcategory: "Kibana"
+layout: ""
+page_title: "Elasticstack: elasticstack_kibana_synthetics_monitor Resource"
+description: |-
+  Creates or updates a Kibana synthetics monitor.
+---
+
+# Resource: elasticstack_kibana_synthetics_monitor
+
+Creates or updates a Kibana synthetics monitor.
+See [API docs](https://www.elastic.co/guide/en/kibana/current/add-monitor-api.html)
+
+## Supported monitor types
+ * `http`
+ * `tcp`
+
+**NOTE:** Due-to nature of partial update API, reset values to defaults is not supported.
+In case you would like to reset an optional monitor value, please set it explicitly or delete and create new monitor.
+
+
+## Example Usage
+
+```terraform
+provider "elasticstack" {
+  kibana {}
+}
+
+resource "elasticstack_kibana_synthetics_monitor" "my_monitor" {
+  name      = "Example http monitor"
+  space_id  = "default"
+  schedule  = 10
+  locations = ["us_west"]
+  enabled   = false
+  tags      = ["tag"]
+  alert = {
+    status = {
+      enabled = true
+    }
+    tls = {
+      enabled = false
+    }
+  }
+  service_name = "example apm service"
+  timeout      = 30
+  http = {
+    url                     = "http://localhost:8080"
+    ssl_verification_mode   = "full"
+    ssl_supported_protocols = ["TLSv1.2"]
+    max_redirects           = "10"
+    mode                    = "all"
+    ipv4                    = true
+    ipv6                    = true
+  }
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) The monitor’s name.
+
+### Optional
+
+- `alert` (Attributes) Alert configuration. Default: `{ status: { enabled: true }, tls: { enabled: true } }`. (see [below for nested schema](#nestedatt--alert))
+- `enabled` (Boolean) Whether the monitor is enabled. Default: `true`
+- `http` (Attributes) HTTP Monitor specific fields (see [below for nested schema](#nestedatt--http))
+- `locations` (List of String) Where to deploy the monitor. Monitors can be deployed in multiple locations so that you can detect differences in availability and response times across those locations.
+- `params` (String) Monitor parameters. Raw JSON object, use `jsonencode` function to represent JSON
+- `private_locations` (List of String) These Private Locations refer to locations hosted and managed by you, whereas locations are hosted by Elastic. You can specify a Private Location using the location’s name.
+- `retest_on_failure` (Boolean) Enable or disable retesting when a monitor fails. By default, monitors are automatically retested if the monitor goes from "up" to "down". If the result of the retest is also "down", an error will be created, and if configured, an alert sent. Then the monitor will resume running according to the defined schedule. Using retest_on_failure can reduce noise related to transient problems. Default: `true`.
+- `schedule` (Number) The monitor’s schedule in minutes. Supported values are 1, 3, 5, 10, 15, 30, 60, 120 and 240.
+- `service_name` (String) The APM service name.
+- `space_id` (String) The namespace field should be lowercase and not contain spaces. The namespace must not include any of the following characters: *, \, /, ?, ", <, >, |, whitespace, ,, #, :, or -. Default: `default`
+- `tags` (List of String) An array of tags.
+- `tcp` (Attributes) TCP Monitor specific fields (see [below for nested schema](#nestedatt--tcp))
+- `timeout` (Number) The monitor timeout in seconds, monitor will fail if it doesn’t complete within this time. Default: `16`
+
+### Read-Only
+
+- `id` (String) Generated identifier for the monitor
+
+<a id="nestedatt--alert"></a>
+### Nested Schema for `alert`
+
+Optional:
+
+- `status` (Attributes) (see [below for nested schema](#nestedatt--alert--status))
+- `tls` (Attributes) (see [below for nested schema](#nestedatt--alert--tls))
+
+<a id="nestedatt--alert--status"></a>
+### Nested Schema for `alert.status`
+
+Optional:
+
+- `enabled` (Boolean)
+
+
+<a id="nestedatt--alert--tls"></a>
+### Nested Schema for `alert.tls`
+
+Optional:
+
+- `enabled` (Boolean)
+
+
+
+<a id="nestedatt--http"></a>
+### Nested Schema for `http`
+
+Required:
+
+- `url` (String) URL to monitor.
+
+Optional:
+
+- `check` (String) The check request settings.. Raw JSON object, use `jsonencode` function to represent JSON
+- `ipv4` (Boolean) Whether to ping using the ipv4 protocol.
+- `ipv6` (Boolean) Whether to ping using the ipv6 protocol.
+- `max_redirects` (Number) The maximum number of redirects to follow. Default: `0`
+- `mode` (String) The mode of the monitor. Can be "all" or "any". If you’re using a DNS-load balancer and want to ping every IP address for the specified hostname, you should use all.
+- `password` (String) The password for authenticating with the server. The credentials are passed with the request.
+- `proxy_header` (String) Additional headers to send to proxies during CONNECT requests.. Raw JSON object, use `jsonencode` function to represent JSON
+- `proxy_url` (String) The URL of the proxy to use for this monitor.
+- `response` (String) Controls the indexing of the HTTP response body contents to the `http.response.body.contents` field.. Raw JSON object, use `jsonencode` function to represent JSON
+- `ssl_supported_protocols` (List of String) List of allowed SSL/TLS versions.
+- `ssl_verification_mode` (String) Controls the verification of server certificates.
+- `username` (String) The username for authenticating with the server. The credentials are passed with the request.
+
+
+<a id="nestedatt--tcp"></a>
+### Nested Schema for `tcp`
+
+Required:
+
+- `host` (String) The host to monitor; it can be an IP address or a hostname. The host can include the port using a colon (e.g., "example.com:9200").
+
+Optional:
+
+- `check_receive` (String) The expected answer.
+- `check_send` (String) An optional payload string to send to the remote host.
+- `proxy_url` (String) The URL of the SOCKS5 proxy to use when connecting to the server. The value must be a URL with a scheme of `socks5://`. If the SOCKS5 proxy server requires client authentication, then a username and password can be embedded in the URL. When using a proxy, hostnames are resolved on the proxy server instead of on the client. You can change this behavior by setting the `proxy_use_local_resolver` option.
+- `proxy_use_local_resolver` (Boolean) A Boolean value that determines whether hostnames are resolved locally instead of being resolved on the proxy server. The default value is false, which means that name resolution occurs on the proxy server.
+- `ssl_supported_protocols` (List of String) List of allowed SSL/TLS versions.
+- `ssl_verification_mode` (String) Controls the verification of server certificates.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import elasticstack_kibana_synthetics_monitor.my_monitor <space id>/<monitor_id>
+```
+
+**NOTE:** Not all monitor fields are supported during the import due-to API limitation.
+Full field support could be implemented after this [kibana issue](https://github.com/elastic/kibana/issues/189906) is resolved.
+
+Currently not supported fields during the import:  `params`, `retest_on_failure`, `http.proxy_header`, `http.username`, `http.password`, `http.check`, `http.response`, `tcp.check_send`, `tcp.check_receive`

docs/resources/kibana_synthetics_private_location.md

@@ -72,5 +72,5 @@ Required:
 Import is supported using the following syntax:
 
 ```shell
-terraform import elasticstack_kibana_synthetics_private_location.my_location <private_location_id>
+terraform import elasticstack_kibana_synthetics_private_location.my_location <space id>/<private_location_id>
 ```

examples/resources/elasticstack_kibana_synthetics_monitor/import.sh

@@ -0,0 +1 @@
+terraform import elasticstack_kibana_synthetics_monitor.my_monitor <space id>/<monitor_id>

examples/resources/elasticstack_kibana_synthetics_monitor/resource.tf

@@ -0,0 +1,31 @@
+provider "elasticstack" {
+  kibana {}
+}
+
+resource "elasticstack_kibana_synthetics_monitor" "my_monitor" {
+  name      = "Example http monitor"
+  space_id  = "default"
+  schedule  = 10
+  locations = ["us_west"]
+  enabled   = false
+  tags      = ["tag"]
+  alert = {
+    status = {
+      enabled = true
+    }
+    tls = {
+      enabled = false
+    }
+  }
+  service_name = "example apm service"
+  timeout      = 30
+  http = {
+    url                     = "http://localhost:8080"
+    ssl_verification_mode   = "full"
+    ssl_supported_protocols = ["TLSv1.2"]
+    max_redirects           = "10"
+    mode                    = "all"
+    ipv4                    = true
+    ipv6                    = true
+  }
+}

examples/resources/elasticstack_kibana_synthetics_private_location/import.sh

@@ -1 +1 @@
-terraform import elasticstack_kibana_synthetics_private_location.my_location <private_location_id>
+terraform import elasticstack_kibana_synthetics_private_location.my_location <space id>/<private_location_id>

go.mod

@@ -49,6 +49,7 @@ require (
 	github.com/hashicorp/logutils v1.0.0 // indirect
 	github.com/hashicorp/terraform-exec v0.21.0 // indirect
 	github.com/hashicorp/terraform-json v0.22.1 // indirect
+	github.com/hashicorp/terraform-plugin-framework-jsontypes v0.1.0 // indirect
 	github.com/hashicorp/terraform-registry-address v0.2.3 // indirect
 	github.com/hashicorp/terraform-svchost v0.1.1 // indirect
 	github.com/hashicorp/yamux v0.1.1 // indirect

go.sum

@@ -90,6 +90,8 @@ github.com/hashicorp/terraform-json v0.22.1 h1:xft84GZR0QzjPVWs4lRUwvTcPnegqlyS7
 github.com/hashicorp/terraform-json v0.22.1/go.mod h1:JbWSQCLFSXFFhg42T7l9iJwdGXBYV8fmmD6o/ML4p3A=
 github.com/hashicorp/terraform-plugin-framework v1.10.0 h1:xXhICE2Fns1RYZxEQebwkB2+kXouLC932Li9qelozrc=
 github.com/hashicorp/terraform-plugin-framework v1.10.0/go.mod h1:qBXLDn69kM97NNVi/MQ9qgd1uWWsVftGSnygYG1tImM=
+github.com/hashicorp/terraform-plugin-framework-jsontypes v0.1.0 h1:b8vZYB/SkXJT4YPbT3trzE6oJ7dPyMy68+9dEDKsJjE=
+github.com/hashicorp/terraform-plugin-framework-jsontypes v0.1.0/go.mod h1:tP9BC3icoXBz72evMS5UTFvi98CiKhPdXF6yLs1wS8A=
 github.com/hashicorp/terraform-plugin-framework-validators v0.13.0 h1:bxZfGo9DIUoLLtHMElsu+zwqI4IsMZQBRRy4iLzZJ8E=
 github.com/hashicorp/terraform-plugin-framework-validators v0.13.0/go.mod h1:wGeI02gEhj9nPANU62F2jCaHjXulejm/X+af4PdZaNo=
 github.com/hashicorp/terraform-plugin-go v0.23.0 h1:AALVuU1gD1kPb48aPQUjug9Ir/125t+AAurhqphJ2Co=