Keystore credentials are not enabled in the first start

[kuisathaverat]

Readiness Checklist

• I am running the latest version
• I checked the documentation and found no answer
• I checked to make sure that this issue has not already been filed
• I am reporting the issue to the correct repository (for multi-repository projects)

Expected Behavior

After apply the terraform plan the deployment should be able to use the credentials in the keystore

Current Behavior

The GCP credentials created to store external snapshots in a GCS are unavailable after applying the plan. It is necessary to make a manual restart of Elasticsearch to make the credentials available.

## Terraform definition

data "ec_stack" "latest" {
  version_regex = "latest"
  region        = "us-east-1"
}

# Create an Elastic Cloud deployment
resource "ec_deployment" "example_keystore" {
  region                 = "us-east-1"
  version                = data.ec_stack.latest.version
  deployment_template_id = "aws-io-optimized-v2"

  elasticsearch = {
    hot = {
      autoscaling = {}
    }
  }
}

# Create the keystore secret entry
resource "ec_deployment_elasticsearch_keystore" "gcs_credential" {
  deployment_id = ec_deployment.example_keystore.id
  setting_name  = "gcs.client.custom.credentials_file"
  value         = file("service-account-key.json")
  as_file       = true
}

Steps to Reproduce

1. apply the plan
2. create a snapshot repository using the credentials to store snapshots in GCS bucket

PUT _snapshot/my_repository
{
  "type": "gcs",
  "settings": {
    "client": "custom",
    "bucket": "name-of-gcs-bucket",
    "compress": true
  }
}

4. verify the snapshot repository

POST /_snapshot/my_repository/_verify

"Unknown client name [custom]. Existing client configs: default,elastic-internal-268285"

Context

It requires a manual action after running the automation.

Possible Solution

Your Environment

• Version used: 0.9.0
• Running against Elastic Cloud SaaS or Elastic Cloud Enterprise and version: Elastic Cloud SaaS
• Environment name and version (e.g. Go 1.9):
• Server type and version:
• Operating System and version:
• Link to your project:

[tobio]

This will be fixed if you move the keystore items into the deployment itself

Something like:

data "ec_stack" "latest" {
  version_regex = "latest"
  region        = "us-east-1"
}

# Create an Elastic Cloud deployment
resource "ec_deployment" "example_keystore" {
  region                 = "us-east-1"
  version                = data.ec_stack.latest.version
  deployment_template_id = "aws-io-optimized-v2"

  elasticsearch = {
    hot = {
      autoscaling = {}
    }

    keystore_contents = {
      "gcs.client.custom.credentials_file" = {
        value         = file("service-account-key.json")
        as_file       = true
      }
    }
  }
}

[tobio]

Duplicates #433