From 3dcfe6d39de37cbf52d1f3671de8800e6cc78a8d Mon Sep 17 00:00:00 2001
From: Toby Brain <toby.brain@elastic.co>
Date: Mon, 16 Oct 2023 11:22:46 +1100
Subject: [PATCH 1/3] Fix schema validation for kibana and fleet configuration

---
 internal/schema/connection.go | 30 ++++++++++++------------------
 provider/plugin_framework.go  |  4 ++--
 2 files changed, 14 insertions(+), 20 deletions(-)

diff --git a/internal/schema/connection.go b/internal/schema/connection.go
index 39b9692de..c77e1a2c8 100644
--- a/internal/schema/connection.go
+++ b/internal/schema/connection.go
@@ -111,12 +111,9 @@ func GetEsFWConnectionBlock(keyName string) fwschema.Block {
 	}
 }
 
-func GetKbFWConnectionBlock(keyName string) fwschema.Block {
-	usernamePath := makePathRef(keyName, "username")
-	passwordPath := makePathRef(keyName, "password")
-
-	usernameValidators := []validator.String{stringvalidator.AlsoRequires(path.MatchRoot(passwordPath))}
-	passwordValidators := []validator.String{stringvalidator.AlsoRequires(path.MatchRoot(usernamePath))}
+func GetKbFWConnectionBlock() fwschema.Block {
+	usernamePath := path.MatchRelative().AtParent().AtName("username")
+	passwordPath := path.MatchRelative().AtParent().AtName("password")
 
 	return fwschema.ListNestedBlock{
 		MarkdownDescription: "Kibana connection configuration block.",
@@ -125,13 +122,13 @@ func GetKbFWConnectionBlock(keyName string) fwschema.Block {
 				"username": fwschema.StringAttribute{
 					MarkdownDescription: "Username to use for API authentication to Kibana.",
 					Optional:            true,
-					Validators:          usernameValidators,
+					Validators:          []validator.String{stringvalidator.AlsoRequires(passwordPath)},
 				},
 				"password": fwschema.StringAttribute{
 					MarkdownDescription: "Password to use for API authentication to Kibana.",
 					Optional:            true,
 					Sensitive:           true,
-					Validators:          passwordValidators,
+					Validators:          []validator.String{stringvalidator.AlsoRequires(usernamePath)},
 				},
 				"endpoints": fwschema.ListAttribute{
 					MarkdownDescription: "A comma-separated list of endpoints where the terraform provider will point to, this must include the http(s) schema and port number.",
@@ -151,12 +148,9 @@ func GetKbFWConnectionBlock(keyName string) fwschema.Block {
 	}
 }
 
-func GetFleetFWConnectionBlock(keyName string) fwschema.Block {
-	usernamePath := makePathRef(keyName, "username")
-	passwordPath := makePathRef(keyName, "password")
-
-	usernameValidators := []validator.String{stringvalidator.AlsoRequires(path.MatchRoot(passwordPath))}
-	passwordValidators := []validator.String{stringvalidator.AlsoRequires(path.MatchRoot(usernamePath))}
+func GetFleetFWConnectionBlock() fwschema.Block {
+	usernamePath := path.MatchRelative().AtParent().AtName("username")
+	passwordPath := path.MatchRelative().AtParent().AtName("password")
 
 	return fwschema.ListNestedBlock{
 		MarkdownDescription: "Fleet connection configuration block.",
@@ -165,21 +159,21 @@ func GetFleetFWConnectionBlock(keyName string) fwschema.Block {
 				"username": fwschema.StringAttribute{
 					MarkdownDescription: "Username to use for API authentication to Fleet.",
 					Optional:            true,
-					Validators:          usernameValidators,
+					Validators:          []validator.String{stringvalidator.AlsoRequires(passwordPath)},
 				},
 				"password": fwschema.StringAttribute{
 					MarkdownDescription: "Password to use for API authentication to Fleet.",
 					Optional:            true,
 					Sensitive:           true,
-					Validators:          passwordValidators,
+					Validators:          []validator.String{stringvalidator.AlsoRequires(usernamePath)},
 				},
 				"api_key": fwschema.StringAttribute{
 					MarkdownDescription: "API Key to use for authentication to Fleet.",
 					Optional:            true,
 					Sensitive:           true,
 					Validators: []validator.String{
-						stringvalidator.ConflictsWith(path.MatchRelative().AtParent().AtName("username")),
-						stringvalidator.ConflictsWith(path.MatchRoot(passwordPath)),
+						stringvalidator.ConflictsWith(usernamePath),
+						stringvalidator.ConflictsWith(passwordPath),
 					},
 				},
 				"endpoint": fwschema.StringAttribute{
diff --git a/provider/plugin_framework.go b/provider/plugin_framework.go
index ad5895141..5175a5256 100644
--- a/provider/plugin_framework.go
+++ b/provider/plugin_framework.go
@@ -33,8 +33,8 @@ func (p *Provider) Schema(ctx context.Context, req fwprovider.SchemaRequest, res
 	res.Schema = fwschema.Schema{
 		Blocks: map[string]fwschema.Block{
 			esKeyName:    schema.GetEsFWConnectionBlock(esKeyName),
-			kbKeyName:    schema.GetKbFWConnectionBlock(kbKeyName),
-			fleetKeyName: schema.GetFleetFWConnectionBlock(fleetKeyName),
+			kbKeyName:    schema.GetKbFWConnectionBlock(),
+			fleetKeyName: schema.GetFleetFWConnectionBlock(),
 		},
 	}
 }

From f5a19c0c0c61e4b935725286b975a3f18b1da728 Mon Sep 17 00:00:00 2001
From: Toby Brain <toby.brain@elastic.co>
Date: Mon, 16 Oct 2023 16:11:06 +1100
Subject: [PATCH 2/3] Acceptance tests

---
 Makefile                  |  2 +-
 provider/provider_test.go | 65 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 66 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index fad095da7..810222dfa 100644
--- a/Makefile
+++ b/Makefile
@@ -13,7 +13,7 @@ ACCTEST_COUNT = 1
 TEST ?= ./...
 SWAGGER_VERSION ?= 8.7
 
-GOVERSION ?= 1.19
+GOVERSION ?= 1.20
 
 STACK_VERSION ?= 8.9.0
 
diff --git a/provider/provider_test.go b/provider/provider_test.go
index 8d081d70d..3d6c5279d 100644
--- a/provider/provider_test.go
+++ b/provider/provider_test.go
@@ -6,6 +6,7 @@ import (
 	"testing"
 
 	"github.com/elastic/terraform-provider-elasticstack/internal/acctest"
+	"github.com/elastic/terraform-provider-elasticstack/internal/clients/config"
 	"github.com/elastic/terraform-provider-elasticstack/internal/elasticsearch/security"
 	"github.com/elastic/terraform-provider-elasticstack/internal/versionutils"
 	"github.com/elastic/terraform-provider-elasticstack/provider"
@@ -36,6 +37,70 @@ func TestElasticsearchAPIKeyConnection(t *testing.T) {
 	})
 }
 
+func TestFleetConfiguration(t *testing.T) {
+	envConfig := config.NewFromEnv("acceptance-testing")
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(t) },
+		ProtoV5ProviderFactories: acctest.Providers,
+		Steps: []resource.TestStep{
+			{
+				Config: testFleetConfiguration(envConfig),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet("data.elasticstack_fleet_enrollment_tokens.test", "tokens.#"),
+				),
+			},
+		},
+	})
+}
+
+func TestKibanaConfiguration(t *testing.T) {
+	envConfig := config.NewFromEnv("acceptance-testing")
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:                 func() { acctest.PreCheck(t) },
+		ProtoV5ProviderFactories: acctest.Providers,
+		Steps: []resource.TestStep{
+			{
+				Config: testKibanaConfiguration(envConfig),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet("elasticstack_kibana_space.acc_test", "name"),
+				),
+			},
+		},
+	})
+}
+
+func testKibanaConfiguration(cfg config.Client) string {
+	return fmt.Sprintf(`
+provider "elasticstack" {
+	elasticsearch {}
+	kibana {
+		endpoints = ["%s"]
+		username  = "%s"
+		password  = "%s"
+	}
+}
+
+resource "elasticstack_kibana_space" "acc_test" {
+	space_id          = "acc_test_space"
+	name              = "Acceptance Test Space"
+}`, cfg.Kibana.Address, cfg.Kibana.Username, cfg.Kibana.Password)
+}
+
+func testFleetConfiguration(cfg config.Client) string {
+	return fmt.Sprintf(`
+provider "elasticstack" {
+	fleet {
+		endpoint = "%s"
+		username = "%s"
+		password = "%s"
+	}
+}
+
+data "elasticstack_fleet_enrollment_tokens" "test" {}`, cfg.Fleet.URL, cfg.Fleet.Username, cfg.Fleet.Password)
+}
+
 func testElasticsearchConnection(apiKeyName string) string {
 	return fmt.Sprintf(`
 provider "elasticstack" {

From baa06d545b66a1b13ee06f8ba410cf359d340642 Mon Sep 17 00:00:00 2001
From: Toby Brain <toby.brain@elastic.co>
Date: Mon, 16 Oct 2023 16:32:07 +1100
Subject: [PATCH 3/3] Only check fleet when it's supported

---
 provider/provider_test.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/provider/provider_test.go b/provider/provider_test.go
index 3d6c5279d..7ab338c8b 100644
--- a/provider/provider_test.go
+++ b/provider/provider_test.go
@@ -10,10 +10,13 @@ import (
 	"github.com/elastic/terraform-provider-elasticstack/internal/elasticsearch/security"
 	"github.com/elastic/terraform-provider-elasticstack/internal/versionutils"
 	"github.com/elastic/terraform-provider-elasticstack/provider"
+	"github.com/hashicorp/go-version"
 	sdkacctest "github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 )
 
+var minVersionForFleet = version.Must(version.NewVersion("8.6.0"))
+
 func TestProvider(t *testing.T) {
 	if err := provider.New("dev").InternalValidate(); err != nil {
 		t.Fatalf("Failed to validate provider: %s", err)
@@ -45,7 +48,8 @@ func TestFleetConfiguration(t *testing.T) {
 		ProtoV5ProviderFactories: acctest.Providers,
 		Steps: []resource.TestStep{
 			{
-				Config: testFleetConfiguration(envConfig),
+				SkipFunc: versionutils.CheckIfVersionIsUnsupported(minVersionForFleet),
+				Config:   testFleetConfiguration(envConfig),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttrSet("data.elasticstack_fleet_enrollment_tokens.test", "tokens.#"),
 				),