Merge remote-tracking branch 'upstream/main'

docs/resources/anomaly_detection.md

@@ -0,0 +1,82 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "opensearch_anomaly_detection Resource - terraform-provider-opensearch"
+subcategory: ""
+description: |-
+  Provides an OpenSearch anonaly detection. Please refer to the OpenSearch anomaly detection documentation for details.
+---
+
+# opensearch_anomaly_detection (Resource)
+
+Provides an OpenSearch anonaly detection. Please refer to the OpenSearch anomaly detection documentation for details.
+
+## Example Usage
+
+```terraform
+resource "opensearch_anomaly_detection" "foo" {
+  body = <<EOF
+{
+  "name": "foo",
+  "description": "Test detector",
+  "time_field": "@timestamp",
+  "indices": [
+    "security-auditlog*"
+  ],
+  "feature_attributes": [
+    {
+      "feature_name": "test",
+      "feature_enabled": true,
+      "aggregation_query": {
+        "test": {
+          "value_count": {
+            "field": "audit_category.keyword"
+          }
+        }
+      }
+    }
+  ],
+  "filter_query": {
+    "bool": {
+      "filter": [
+        {
+          "range": {
+            "value": {
+              "gt": 1
+            }
+          }
+        }
+      ],
+      "adjust_pure_negative": true,
+      "boost": 1
+    }
+  },
+  "detection_interval": {
+    "period": {
+      "interval": 1,
+      "unit": "Minutes"
+    }
+  },
+  "window_delay": {
+    "period": {
+      "interval": 1,
+      "unit": "Minutes"
+    }
+  },
+  "result_index" : "opensearch-ad-plugin-result-test"
+}
+EOF
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `body` (String) The anomaly detection document
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+

examples/resources/opensearch_anomaly_detection/resource.tf

@@ -0,0 +1,53 @@
+resource "opensearch_anomaly_detection" "foo" {
+  body = <<EOF
+{
+  "name": "foo",
+  "description": "Test detector",
+  "time_field": "@timestamp",
+  "indices": [
+    "security-auditlog*"
+  ],
+  "feature_attributes": [
+    {
+      "feature_name": "test",
+      "feature_enabled": true,
+      "aggregation_query": {
+        "test": {
+          "value_count": {
+            "field": "audit_category.keyword"
+          }
+        }
+      }
+    }
+  ],
+  "filter_query": {
+    "bool": {
+      "filter": [
+        {
+          "range": {
+            "value": {
+              "gt": 1
+            }
+          }
+        }
+      ],
+      "adjust_pure_negative": true,
+      "boost": 1
+    }
+  },
+  "detection_interval": {
+    "period": {
+      "interval": 1,
+      "unit": "Minutes"
+    }
+  },
+  "window_delay": {
+    "period": {
+      "interval": 1,
+      "unit": "Minutes"
+    }
+  },
+  "result_index" : "opensearch-ad-plugin-result-test"
+}
+EOF
+}

go.mod

@@ -3,7 +3,7 @@ module github.com/opensearch-project/terraform-provider-opensearch
 go 1.14
 
 require (
-	github.com/aws/aws-sdk-go v1.44.333
+	github.com/aws/aws-sdk-go v1.45.24
 	github.com/deoxxa/aws_signing_client v0.0.0-20161109131055-c20ee106809e
 	github.com/hashicorp/go-hclog v1.5.0
 	github.com/hashicorp/go-version v1.6.0

go.sum

@@ -63,8 +63,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/aws/aws-sdk-go v1.15.78/go.mod h1:E3/ieXAlvM0XWO57iftYVDLLvQ824smPP3ATZkfNZeM=
 github.com/aws/aws-sdk-go v1.43.21/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
-github.com/aws/aws-sdk-go v1.44.333 h1:X0j5TGXtHLZzDB/uRcGKLG77ERFtxYQtXefs+Apf2PU=
-github.com/aws/aws-sdk-go v1.44.333/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
+github.com/aws/aws-sdk-go v1.45.24 h1:TZx/CizkmCQn8Rtsb11iLYutEQVGK5PK9wAhwouELBo=
+github.com/aws/aws-sdk-go v1.45.24/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ00z/TKoufEY6K/a0k6AhaJrQKdFe6OfVXsa4=

provider/diff_suppress_funcs.go

@@ -142,3 +142,23 @@ func diffSuppressPolicy(k, old, new string, d *schema.ResourceData) bool {
 
 	return reflect.DeepEqual(oo, no)
 }
+
+func diffSuppressAnomalyDetection(k, old, new string, d *schema.ResourceData) bool {
+	var oo, no interface{}
+	if err := json.Unmarshal([]byte(old), &oo); err != nil {
+		return false
+	}
+	if err := json.Unmarshal([]byte(new), &no); err != nil {
+		return false
+	}
+
+	if om, ok := oo.(map[string]interface{}); ok {
+		normalizeAnomalyDetection(om)
+	}
+
+	if nm, ok := no.(map[string]interface{}); ok {
+		normalizeAnomalyDetection(nm)
+	}
+
+	return reflect.DeepEqual(oo, no)
+}

provider/provider.go

@@ -242,6 +242,7 @@ func Provider() *schema.Provider {
 			"opensearch_script":                    resourceOpensearchScript(),
 			"opensearch_snapshot_repository":       resourceOpensearchSnapshotRepository(),
 			"opensearch_channel_configuration":     resourceOpenSearchChannelConfiguration(),
+			"opensearch_anomaly_detection":         resourceOpenSearchAnomalyDetection(),
 		},
 
 		DataSourcesMap: map[string]*schema.Resource{
@@ -402,11 +403,9 @@ func getClient(conf *ProviderConf) (*elastic7.Client, error) {
 	return client, nil
 }
 
-func assumeRoleCredentials(region, roleARN, roleExternalID, profile string) *awscredentials.Credentials {
-	sessOpts := awsSessionOptions(region)
-	if profile == "" {
-		sessOpts.Profile = "default"
-	} else {
+func assumeRoleCredentials(region, roleARN, roleExternalID, profile string, endpoint string) *awscredentials.Credentials {
+	sessOpts := awsSessionOptions(region, endpoint)
+	if profile != "" {
 		sessOpts.Profile = profile
 	}
 
@@ -424,7 +423,7 @@ func assumeRoleCredentials(region, roleARN, roleExternalID, profile string) *aws
 	return awscredentials.NewChainCredentials([]awscredentials.Provider{assumeRoleProvider})
 }
 
-func awsSessionOptions(region string) awssession.Options {
+func awsSessionOptions(region string, endpoint string) awssession.Options {
 	return awssession.Options{
 		Config: aws.Config{
 			Region:   aws.String(region),
@@ -439,13 +438,14 @@ func awsSessionOptions(region string) awssession.Options {
 			// it fail with Credential error
 			// https://github.com/aws/aws-sdk-go/issues/2914
 			HTTPClient: &http.Client{Timeout: 10 * time.Second},
+			Endpoint:   aws.String(endpoint),
 		},
 		SharedConfigState: awssession.SharedConfigEnable,
 	}
 }
 
-func awsSession(region string, conf *ProviderConf) *awssession.Session {
-	sessOpts := awsSessionOptions(region)
+func awsSession(region string, conf *ProviderConf, endpoint string) *awssession.Session {
+	sessOpts := awsSessionOptions(region, endpoint)
 
 	// 1. access keys take priority
 	// 2. next is an assume role configuration
@@ -459,7 +459,7 @@ func awsSession(region string, conf *ProviderConf) *awssession.Session {
 		if conf.awsAssumeRoleExternalID == "" {
 			conf.awsAssumeRoleExternalID = ""
 		}
-		sessOpts.Config.Credentials = assumeRoleCredentials(region, conf.awsAssumeRoleArn, conf.awsAssumeRoleExternalID, conf.awsProfile)
+		sessOpts.Config.Credentials = assumeRoleCredentials(region, conf.awsAssumeRoleArn, conf.awsAssumeRoleExternalID, conf.awsProfile, endpoint)
 	} else if conf.awsProfile != "" {
 		sessOpts.Profile = conf.awsProfile
 	}
@@ -480,7 +480,7 @@ func awsSession(region string, conf *ProviderConf) *awssession.Session {
 }
 
 func awsHttpClient(region string, conf *ProviderConf, headers map[string]string) (*http.Client, error) {
-	session := awsSession(region, conf)
+	session := awsSession(region, conf, "")
 	// Call Get() to ensure concurrency safe retrieval of credentials. Since the
 	// client is created in many go routines, this synchronizes it.
 	_, err := session.Config.Credentials.Get()