[Bug] elasticstack_kibana_action_connector resource of type `.webhook` does not respect ca related settings

[breml]

Describe the bug

According to https://www.elastic.co/docs/api/doc/kibana/v8/operation/operation-put-actions-connector-id#operation-put-actions-connector-id-body-application-json-webhook_config-config-object, elasticstack_kibana_action_connector resources of type .webhook support adding certificate authority.

The attributes config.authType, config.ca and config.verificationMode are not properly handled by the Terraform provider. Changes are not applied nor checked correctly during plan.

To Reproduce
Steps to reproduce the behavior:

1. TF configuration used

resource "elasticstack_kibana_action_connector" "example" {
  name = "example"
  config = jsonencode({
    "hasAuth"  = true
    "authType" = "webhook-authentication-basic"
    "ca"       = filebase64("cacert.ca")
    "headers" = {
      "Content-type" = "application/json"
    }
    "method"           = "post"
    "url"              = "https://some.url.com/"
    "verificationMode" = "full"
  })
  secrets = jsonencode({
    user     = "username"
    password = "password"
  })
  connector_type_id = ".webhook"
}

2. TF operations to execute terraform apply followed by terraform plan

Expected behavior
The execution of terraform plan after terraform apply should not show any changes.
The settings for authType, ca and verificationMode should be persisted in .kibana_alerting_cases* index in Elasticsearch.

Versions (please complete the following information):

• OS: Linux
• Terraform Version: v1.10.0
• Provider version: v0.11.15
• Elasticsearch Version: 8.17.5

Additional context

If the same change is done through Kibana (creation of the webhook connector), the settings are present when the connector is re-opened in Kibana as well as in the .kibana_alerting_cases*.

[heespi]

@tiamliu ... this is one of the bugs called out during our RO Weekly ystd, being considered for short term 9.2 fix.

[breml]

This issue got fixed "accidentaly" by @tobio with PR #1260. I was able to compile the provider from current main branch and tested it against my deployment successfully (only change remaining was, that the certificate needs to be base64 encoded using filebase64(...) instead of file(...)).

Now, the only thing, that is missing to make me happy is a release (tag), such that the provider becomes available through the terraform registry. Do you see any chance for a release in the next days? (cc: @heespi , @tiamliu)

[tobio]

@breml thanks for looking into this issue, it sounds like there's maybe some doc improvements as well around base64 encoding?

In terms of a release, there are a couple of other PRs we're planning on getting merged first, but I'd expect a release in the next 2 weeks.

[breml]

@tobio You are welcome. A release in the next 2 weeks sounds very good to me. We are working towards the migration of our on premise Elastic stack deployment to the Elastic Cloud offering and this bug in Terraform was really annoying for us.

Adding something about the base64 encoding of the certificates would definitively not hurt. In general, the API documentation about the different connectors is very sparse in both, the documentation of the Terraform provider as well as the Kibana API documentation. I basically reverse engineered it from creating the connector manually and then query the API with curl.