Skip to content

Commit

Permalink
Fix attribute validation
Browse files Browse the repository at this point in the history
Switch to non-case sensitive validations

Update security policy package type to match Xray API
  • Loading branch information
alexhung committed Oct 2, 2024
1 parent 50b26fb commit ed124af
Show file tree
Hide file tree
Showing 9 changed files with 53 additions and 43 deletions.
38 changes: 18 additions & 20 deletions pkg/xray/resource/policies.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,26 +29,24 @@ const (
)

var validPackageTypesSupportedXraySecPolicies = []string{
"alpine",
"bower",
"cargo",
"composer",
"conan",
"conda",
"cran",
"debian",
"docker",
"generic",
"go",
"huggingface",
"maven",
"npm",
"nuget",
"oci",
"pypi",
"rpm",
"rubygems",
"terraformbe",
"Alpine",
"Cargo",
"Composer",
"Conan",
"Conda",
"Cran",
"Debian",
"Docker",
"Generic",
"Go",
"HuggingFace",
"Maven",
"Npm",
"NuGet",
"Oci",
"Pypi",
"Rpm",
"Rubygems",
}

type PolicyResource struct {
Expand Down
2 changes: 1 addition & 1 deletion pkg/xray/resource/resource_xray_license_policy.go
Original file line number Diff line number Diff line change
Expand Up @@ -266,7 +266,7 @@ var licensePolicyActionsAttrs = lo.Assign(
Computed: true,
Default: stringdefault.StaticString("High"),
Validators: []validator.String{
stringvalidator.OneOfCaseInsensitive("Critical", "High", "Medium", "Low"),
stringvalidator.OneOf("Critical", "High", "Medium", "Low"),
},
Description: "The severity of violation to be triggered if the `criteria` are met.",
},
Expand Down
8 changes: 4 additions & 4 deletions pkg/xray/resource/resource_xray_operational_risk_policy.go
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ var opRiskPolicyCriteriaAttrs = map[string]schema.Attribute{
"op_risk_min_risk": schema.StringAttribute{
Optional: true,
Validators: []validator.String{
stringvalidator.OneOfCaseInsensitive("High", "Medium", "Low"),
stringvalidator.OneOf("High", "Medium", "Low"),
stringvalidator.ConflictsWith(
path.MatchRelative().AtParent().AtName("op_risk_custom"),
),
Expand Down Expand Up @@ -138,11 +138,11 @@ var opRiskPolicyCriteriaBlocks = map[string]schema.Block{
"risk": schema.StringAttribute{
Optional: true,
Computed: true,
Default: stringdefault.StaticString("low"),
Default: stringdefault.StaticString("Low"),
Validators: []validator.String{
stringvalidator.OneOfCaseInsensitive("high", "medium", "low"),
stringvalidator.OneOf("High", "Medium", "Low"),
},
Description: "Risk severity: low, medium, high",
Description: "Risk severity: Low, Medium, High",
},
},
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -283,7 +283,7 @@ func TestAccOperationalRiskPolicy_customCriteria(t *testing.T) {
testData["op_risk_custom_release_cadence_per_year_less_than"] = testutil.RandSelect("1", "2", "3", "4", "5").(string)
testData["op_risk_custom_commits_less_than"] = testutil.RandSelect("10", "25", "50", "100").(string)
testData["op_risk_custom_committers_less_than"] = testutil.RandSelect("1", "2", "3", "4", "5").(string)
testData["op_risk_custom_risk"] = testutil.RandSelect("high", "medium", "low").(string)
testData["op_risk_custom_risk"] = testutil.RandSelect("High", "Medium", "Low").(string)

const opertionalRiskPolicyCustomUnset = `resource "xray_operational_risk_policy" "{{ .resource_name }}" {
name = "{{ .policy_name }}"
Expand Down Expand Up @@ -394,7 +394,7 @@ func TestAccOperationalRiskPolicy_customCriteria_migration(t *testing.T) {
testData["policy_name"] = fmt.Sprintf("terraform-operational-risk-policy-%d", testutil.RandomInt())
testData["op_risk_custom_use_and_condition"] = "true"
testData["op_risk_custom_is_eol"] = "false"
testData["op_risk_custom_risk"] = testutil.RandSelect("high", "medium", "low").(string)
testData["op_risk_custom_risk"] = testutil.RandSelect("High", "Medium", "Low").(string)
delete(testData, "block_release_bundle_promotion")

resource.Test(t, resource.TestCase{
Expand Down
13 changes: 9 additions & 4 deletions pkg/xray/resource/resource_xray_repository_config_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -255,8 +255,8 @@ func TestAccRepositoryConfig_JasDisabled_exposures_set(t *testing.T) {

func TestAccRepositoryConfig_RepoConfig_Create_VulnContextualAnalysis(t *testing.T) {
jasDisabled := os.Getenv("JFROG_JAS_DISABLED")
if strings.ToLower(jasDisabled) == "true" {
t.Skipf("Env var JFROG_JAS_DISABLED is set to 'true'")
if strings.ToLower(jasDisabled) != "false" {
t.Skipf("Env var JFROG_JAS_DISABLED is not set to 'false'")
}

testCase := []struct {
Expand Down Expand Up @@ -331,8 +331,8 @@ func testAccRepositoryConfigRepoConfigCreate_VulnContextualAnalysis(packageType,

func TestAccRepositoryConfig_RepoConfigCreate_exposure(t *testing.T) {
jasDisabled := os.Getenv("JFROG_JAS_DISABLED")
if strings.ToLower(jasDisabled) == "true" {
t.Skipf("Env var JFROG_JAS_DISABLED is set to 'true'")
if strings.ToLower(jasDisabled) != "false" {
t.Skipf("Env var JFROG_JAS_DISABLED is not set to 'false'")
}

testCase := []struct {
Expand Down Expand Up @@ -566,6 +566,11 @@ func TestAccRepositoryConfig_Missing_RetentionInDays(t *testing.T) {
}

func TestAccRepositoryConfig_RepoPathsUpdate(t *testing.T) {
jasDisabled := os.Getenv("JFROG_JAS_DISABLED")
if strings.ToLower(jasDisabled) == "true" {
t.Skipf("Env var JFROG_JAS_DISABLED is set to 'true'")
}

_, fqrn, resourceName := testutil.MkNames("xray-repo-config-", "xray_repository_config")
_, _, repoName := testutil.MkNames("generic-local", "artifactory_local_generic_repository")

Expand Down
17 changes: 12 additions & 5 deletions pkg/xray/resource/resource_xray_security_policy.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ import (
"github.com/hashicorp/terraform-plugin-framework/schema/validator"
"github.com/hashicorp/terraform-plugin-framework/types"
"github.com/jfrog/terraform-provider-shared/util"
"github.com/samber/lo"
)

var _ resource.Resource = &SecurityPolicyResource{}
Expand Down Expand Up @@ -145,10 +146,16 @@ func (r *SecurityPolicyResource) fromCriteriaAPIModel(ctx context.Context, crite

exposuresList := types.ListNull(exposuresElementType)
if criteraAPIModel.Exposures != nil {
var minSeverity *string
if criteraAPIModel.Exposures.MinSeverity != nil {
s := lo.Capitalize(*criteraAPIModel.Exposures.MinSeverity)
minSeverity = &s
}

exposures, d := types.ObjectValue(
exposuresAttrType,
map[string]attr.Value{
"min_severity": types.StringPointerValue(criteraAPIModel.Exposures.MinSeverity),
"min_severity": types.StringPointerValue(minSeverity),
"secrets": types.BoolPointerValue(criteraAPIModel.Exposures.Secrets),
"applications": types.BoolPointerValue(criteraAPIModel.Exposures.Applications),
"services": types.BoolPointerValue(criteraAPIModel.Exposures.Services),
Expand Down Expand Up @@ -310,9 +317,9 @@ var securityPolicyCriteriaBlocks = map[string]schema.Block{
"min_severity": schema.StringAttribute{
Optional: true,
Computed: true,
Default: stringdefault.StaticString("All Severities"),
Default: stringdefault.StaticString("All severities"),
Validators: []validator.String{
stringvalidator.OneOfCaseInsensitive("All Severities", "Critical", "High", "Medium", "Low"),
stringvalidator.OneOf("All severities", "Critical", "High", "Medium", "Low"),
},
MarkdownDescription: "The minimum security vulnerability severity that will be impacted by the policy. Valid values: `All Severities`, `Critical`, `High`, `Medium`, `Low`",
},
Expand Down Expand Up @@ -365,7 +372,7 @@ var securityPolicyCriteriaAttrs = map[string]schema.Attribute{
"min_severity": schema.StringAttribute{
Optional: true,
Validators: []validator.String{
stringvalidator.OneOfCaseInsensitive("All Severities", "Critical", "High", "Medium", "Low"),
stringvalidator.OneOf("All severities", "Critical", "High", "Medium", "Low"),
stringvalidator.ConflictsWith(
path.MatchRelative().AtParent().AtName("cvss_range"),
),
Expand Down Expand Up @@ -438,7 +445,7 @@ var securityPolicyCriteriaAttrs = map[string]schema.Attribute{
"package_type": schema.StringAttribute{
Optional: true,
Validators: []validator.String{
stringvalidator.OneOfCaseInsensitive(validPackageTypesSupportedXraySecPolicies...),
stringvalidator.OneOf(validPackageTypesSupportedXraySecPolicies...),
stringvalidator.AlsoRequires(
path.MatchRelative().AtParent().AtName("package_name"),
),
Expand Down
2 changes: 1 addition & 1 deletion pkg/xray/resource/resource_xray_security_policy_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -859,7 +859,7 @@ func TestAccSecurityPolicy_exposures(t *testing.T) {
testData["resource_name"] = resourceName
testData["policy_name"] = fmt.Sprintf("terraform-security-policy-6-%d", testutil.RandomInt())
testData["rule_name"] = fmt.Sprintf("test-security-rule-6-%d", testutil.RandomInt())
testData["exposures_min_severity"] = "high"
testData["exposures_min_severity"] = "High"
testData["exposures_secrets"] = "true"
testData["exposures_applications"] = "true"
testData["exposures_services"] = "true"
Expand Down
2 changes: 1 addition & 1 deletion pkg/xray/resource/resource_xray_violations_report.go
Original file line number Diff line number Diff line change
Expand Up @@ -155,7 +155,7 @@ var violationsFiltersAttrs = map[string]schema.Attribute{
Optional: true,
Validators: []validator.String{
stringvalidator.LengthAtLeast(1),
stringvalidator.OneOfCaseInsensitive("security", "license", "operational_risk"),
stringvalidator.OneOf("security", "license", "operational_risk"),
},
Description: "Violation type.",
},
Expand Down
10 changes: 5 additions & 5 deletions pkg/xray/resource/resource_xray_watch.go
Original file line number Diff line number Diff line change
Expand Up @@ -575,7 +575,7 @@ func (r *WatchResource) Schema(ctx context.Context, req resource.SchemaRequest,
"type": schema.StringAttribute{
Required: true,
Validators: []validator.String{
stringvalidator.OneOfCaseInsensitive(supportedResourceTypes...),
stringvalidator.OneOf(supportedResourceTypes...),
},
Description: fmt.Sprintf("Type of resource to be watched. Options: %s.", strings.Join(supportedResourceTypes, ", ")),
},
Expand All @@ -592,7 +592,7 @@ func (r *WatchResource) Schema(ctx context.Context, req resource.SchemaRequest,
"repo_type": schema.StringAttribute{
Optional: true,
Validators: []validator.String{
stringvalidator.OneOfCaseInsensitive("local", "remote"),
stringvalidator.OneOf("local", "remote"),
},
Description: "Type of repository. Only applicable when `type` is `repository`. Options: `local` or `remote`.",
},
Expand All @@ -604,7 +604,7 @@ func (r *WatchResource) Schema(ctx context.Context, req resource.SchemaRequest,
"type": schema.StringAttribute{
Required: true,
Validators: []validator.String{
stringvalidator.OneOfCaseInsensitive("regex", "path-regex", "package-type", "mime-type"),
stringvalidator.OneOf("regex", "path-regex", "package-type", "mime-type"),
},
Description: "The type of filter, such as `regex`, `path-regex`, `package-type`, or `mime-type`",
},
Expand Down Expand Up @@ -668,7 +668,7 @@ func (r *WatchResource) Schema(ctx context.Context, req resource.SchemaRequest,
"type": schema.StringAttribute{
Required: true,
Validators: []validator.String{
stringvalidator.OneOfCaseInsensitive("property"),
stringvalidator.OneOf("property"),
},
Description: "The type of filter. Currently only support `property`",
},
Expand Down Expand Up @@ -706,7 +706,7 @@ func (r *WatchResource) Schema(ctx context.Context, req resource.SchemaRequest,
"type": schema.StringAttribute{
Required: true,
Validators: []validator.String{
stringvalidator.OneOfCaseInsensitive("security", "license", "operational_risk"),
stringvalidator.OneOf("security", "license", "operational_risk"),
},

Description: "The type of the policy - security, license or operational risk",
Expand Down

0 comments on commit ed124af

Please sign in to comment.