From ed124affcd10ca75d789b061fc7ec66dbbe1a0df Mon Sep 17 00:00:00 2001 From: Alex Hung Date: Wed, 2 Oct 2024 14:35:58 -0700 Subject: [PATCH 1/3] Fix attribute validation Switch to non-case sensitive validations Update security policy package type to match Xray API --- pkg/xray/resource/policies.go | 38 +++++++++---------- .../resource/resource_xray_license_policy.go | 2 +- .../resource_xray_operational_risk_policy.go | 8 ++-- ...ource_xray_operational_risk_policy_test.go | 4 +- .../resource_xray_repository_config_test.go | 13 +++++-- .../resource/resource_xray_security_policy.go | 17 ++++++--- .../resource_xray_security_policy_test.go | 2 +- .../resource_xray_violations_report.go | 2 +- pkg/xray/resource/resource_xray_watch.go | 10 ++--- 9 files changed, 53 insertions(+), 43 deletions(-) diff --git a/pkg/xray/resource/policies.go b/pkg/xray/resource/policies.go index f0bbb5a3..86518c59 100644 --- a/pkg/xray/resource/policies.go +++ b/pkg/xray/resource/policies.go @@ -29,26 +29,24 @@ const ( ) var validPackageTypesSupportedXraySecPolicies = []string{ - "alpine", - "bower", - "cargo", - "composer", - "conan", - "conda", - "cran", - "debian", - "docker", - "generic", - "go", - "huggingface", - "maven", - "npm", - "nuget", - "oci", - "pypi", - "rpm", - "rubygems", - "terraformbe", + "Alpine", + "Cargo", + "Composer", + "Conan", + "Conda", + "Cran", + "Debian", + "Docker", + "Generic", + "Go", + "HuggingFace", + "Maven", + "Npm", + "NuGet", + "Oci", + "Pypi", + "Rpm", + "Rubygems", } type PolicyResource struct { diff --git a/pkg/xray/resource/resource_xray_license_policy.go b/pkg/xray/resource/resource_xray_license_policy.go index 850a0163..8db2923f 100644 --- a/pkg/xray/resource/resource_xray_license_policy.go +++ b/pkg/xray/resource/resource_xray_license_policy.go @@ -266,7 +266,7 @@ var licensePolicyActionsAttrs = lo.Assign( Computed: true, Default: stringdefault.StaticString("High"), Validators: []validator.String{ - stringvalidator.OneOfCaseInsensitive("Critical", "High", "Medium", "Low"), + stringvalidator.OneOf("Critical", "High", "Medium", "Low"), }, Description: "The severity of violation to be triggered if the `criteria` are met.", }, diff --git a/pkg/xray/resource/resource_xray_operational_risk_policy.go b/pkg/xray/resource/resource_xray_operational_risk_policy.go index b37d1b04..dfd056c7 100644 --- a/pkg/xray/resource/resource_xray_operational_risk_policy.go +++ b/pkg/xray/resource/resource_xray_operational_risk_policy.go @@ -77,7 +77,7 @@ var opRiskPolicyCriteriaAttrs = map[string]schema.Attribute{ "op_risk_min_risk": schema.StringAttribute{ Optional: true, Validators: []validator.String{ - stringvalidator.OneOfCaseInsensitive("High", "Medium", "Low"), + stringvalidator.OneOf("High", "Medium", "Low"), stringvalidator.ConflictsWith( path.MatchRelative().AtParent().AtName("op_risk_custom"), ), @@ -138,11 +138,11 @@ var opRiskPolicyCriteriaBlocks = map[string]schema.Block{ "risk": schema.StringAttribute{ Optional: true, Computed: true, - Default: stringdefault.StaticString("low"), + Default: stringdefault.StaticString("Low"), Validators: []validator.String{ - stringvalidator.OneOfCaseInsensitive("high", "medium", "low"), + stringvalidator.OneOf("High", "Medium", "Low"), }, - Description: "Risk severity: low, medium, high", + Description: "Risk severity: Low, Medium, High", }, }, }, diff --git a/pkg/xray/resource/resource_xray_operational_risk_policy_test.go b/pkg/xray/resource/resource_xray_operational_risk_policy_test.go index c69112bb..832b9a12 100644 --- a/pkg/xray/resource/resource_xray_operational_risk_policy_test.go +++ b/pkg/xray/resource/resource_xray_operational_risk_policy_test.go @@ -283,7 +283,7 @@ func TestAccOperationalRiskPolicy_customCriteria(t *testing.T) { testData["op_risk_custom_release_cadence_per_year_less_than"] = testutil.RandSelect("1", "2", "3", "4", "5").(string) testData["op_risk_custom_commits_less_than"] = testutil.RandSelect("10", "25", "50", "100").(string) testData["op_risk_custom_committers_less_than"] = testutil.RandSelect("1", "2", "3", "4", "5").(string) - testData["op_risk_custom_risk"] = testutil.RandSelect("high", "medium", "low").(string) + testData["op_risk_custom_risk"] = testutil.RandSelect("High", "Medium", "Low").(string) const opertionalRiskPolicyCustomUnset = `resource "xray_operational_risk_policy" "{{ .resource_name }}" { name = "{{ .policy_name }}" @@ -394,7 +394,7 @@ func TestAccOperationalRiskPolicy_customCriteria_migration(t *testing.T) { testData["policy_name"] = fmt.Sprintf("terraform-operational-risk-policy-%d", testutil.RandomInt()) testData["op_risk_custom_use_and_condition"] = "true" testData["op_risk_custom_is_eol"] = "false" - testData["op_risk_custom_risk"] = testutil.RandSelect("high", "medium", "low").(string) + testData["op_risk_custom_risk"] = testutil.RandSelect("High", "Medium", "Low").(string) delete(testData, "block_release_bundle_promotion") resource.Test(t, resource.TestCase{ diff --git a/pkg/xray/resource/resource_xray_repository_config_test.go b/pkg/xray/resource/resource_xray_repository_config_test.go index c673fd13..3e51135a 100644 --- a/pkg/xray/resource/resource_xray_repository_config_test.go +++ b/pkg/xray/resource/resource_xray_repository_config_test.go @@ -255,8 +255,8 @@ func TestAccRepositoryConfig_JasDisabled_exposures_set(t *testing.T) { func TestAccRepositoryConfig_RepoConfig_Create_VulnContextualAnalysis(t *testing.T) { jasDisabled := os.Getenv("JFROG_JAS_DISABLED") - if strings.ToLower(jasDisabled) == "true" { - t.Skipf("Env var JFROG_JAS_DISABLED is set to 'true'") + if strings.ToLower(jasDisabled) != "false" { + t.Skipf("Env var JFROG_JAS_DISABLED is not set to 'false'") } testCase := []struct { @@ -331,8 +331,8 @@ func testAccRepositoryConfigRepoConfigCreate_VulnContextualAnalysis(packageType, func TestAccRepositoryConfig_RepoConfigCreate_exposure(t *testing.T) { jasDisabled := os.Getenv("JFROG_JAS_DISABLED") - if strings.ToLower(jasDisabled) == "true" { - t.Skipf("Env var JFROG_JAS_DISABLED is set to 'true'") + if strings.ToLower(jasDisabled) != "false" { + t.Skipf("Env var JFROG_JAS_DISABLED is not set to 'false'") } testCase := []struct { @@ -566,6 +566,11 @@ func TestAccRepositoryConfig_Missing_RetentionInDays(t *testing.T) { } func TestAccRepositoryConfig_RepoPathsUpdate(t *testing.T) { + jasDisabled := os.Getenv("JFROG_JAS_DISABLED") + if strings.ToLower(jasDisabled) == "true" { + t.Skipf("Env var JFROG_JAS_DISABLED is set to 'true'") + } + _, fqrn, resourceName := testutil.MkNames("xray-repo-config-", "xray_repository_config") _, _, repoName := testutil.MkNames("generic-local", "artifactory_local_generic_repository") diff --git a/pkg/xray/resource/resource_xray_security_policy.go b/pkg/xray/resource/resource_xray_security_policy.go index f4b880ea..ec4820e9 100644 --- a/pkg/xray/resource/resource_xray_security_policy.go +++ b/pkg/xray/resource/resource_xray_security_policy.go @@ -19,6 +19,7 @@ import ( "github.com/hashicorp/terraform-plugin-framework/schema/validator" "github.com/hashicorp/terraform-plugin-framework/types" "github.com/jfrog/terraform-provider-shared/util" + "github.com/samber/lo" ) var _ resource.Resource = &SecurityPolicyResource{} @@ -145,10 +146,16 @@ func (r *SecurityPolicyResource) fromCriteriaAPIModel(ctx context.Context, crite exposuresList := types.ListNull(exposuresElementType) if criteraAPIModel.Exposures != nil { + var minSeverity *string + if criteraAPIModel.Exposures.MinSeverity != nil { + s := lo.Capitalize(*criteraAPIModel.Exposures.MinSeverity) + minSeverity = &s + } + exposures, d := types.ObjectValue( exposuresAttrType, map[string]attr.Value{ - "min_severity": types.StringPointerValue(criteraAPIModel.Exposures.MinSeverity), + "min_severity": types.StringPointerValue(minSeverity), "secrets": types.BoolPointerValue(criteraAPIModel.Exposures.Secrets), "applications": types.BoolPointerValue(criteraAPIModel.Exposures.Applications), "services": types.BoolPointerValue(criteraAPIModel.Exposures.Services), @@ -310,9 +317,9 @@ var securityPolicyCriteriaBlocks = map[string]schema.Block{ "min_severity": schema.StringAttribute{ Optional: true, Computed: true, - Default: stringdefault.StaticString("All Severities"), + Default: stringdefault.StaticString("All severities"), Validators: []validator.String{ - stringvalidator.OneOfCaseInsensitive("All Severities", "Critical", "High", "Medium", "Low"), + stringvalidator.OneOf("All severities", "Critical", "High", "Medium", "Low"), }, MarkdownDescription: "The minimum security vulnerability severity that will be impacted by the policy. Valid values: `All Severities`, `Critical`, `High`, `Medium`, `Low`", }, @@ -365,7 +372,7 @@ var securityPolicyCriteriaAttrs = map[string]schema.Attribute{ "min_severity": schema.StringAttribute{ Optional: true, Validators: []validator.String{ - stringvalidator.OneOfCaseInsensitive("All Severities", "Critical", "High", "Medium", "Low"), + stringvalidator.OneOf("All severities", "Critical", "High", "Medium", "Low"), stringvalidator.ConflictsWith( path.MatchRelative().AtParent().AtName("cvss_range"), ), @@ -438,7 +445,7 @@ var securityPolicyCriteriaAttrs = map[string]schema.Attribute{ "package_type": schema.StringAttribute{ Optional: true, Validators: []validator.String{ - stringvalidator.OneOfCaseInsensitive(validPackageTypesSupportedXraySecPolicies...), + stringvalidator.OneOf(validPackageTypesSupportedXraySecPolicies...), stringvalidator.AlsoRequires( path.MatchRelative().AtParent().AtName("package_name"), ), diff --git a/pkg/xray/resource/resource_xray_security_policy_test.go b/pkg/xray/resource/resource_xray_security_policy_test.go index 6b322982..a42515c6 100644 --- a/pkg/xray/resource/resource_xray_security_policy_test.go +++ b/pkg/xray/resource/resource_xray_security_policy_test.go @@ -859,7 +859,7 @@ func TestAccSecurityPolicy_exposures(t *testing.T) { testData["resource_name"] = resourceName testData["policy_name"] = fmt.Sprintf("terraform-security-policy-6-%d", testutil.RandomInt()) testData["rule_name"] = fmt.Sprintf("test-security-rule-6-%d", testutil.RandomInt()) - testData["exposures_min_severity"] = "high" + testData["exposures_min_severity"] = "High" testData["exposures_secrets"] = "true" testData["exposures_applications"] = "true" testData["exposures_services"] = "true" diff --git a/pkg/xray/resource/resource_xray_violations_report.go b/pkg/xray/resource/resource_xray_violations_report.go index 03d40952..1bc9a1fd 100644 --- a/pkg/xray/resource/resource_xray_violations_report.go +++ b/pkg/xray/resource/resource_xray_violations_report.go @@ -155,7 +155,7 @@ var violationsFiltersAttrs = map[string]schema.Attribute{ Optional: true, Validators: []validator.String{ stringvalidator.LengthAtLeast(1), - stringvalidator.OneOfCaseInsensitive("security", "license", "operational_risk"), + stringvalidator.OneOf("security", "license", "operational_risk"), }, Description: "Violation type.", }, diff --git a/pkg/xray/resource/resource_xray_watch.go b/pkg/xray/resource/resource_xray_watch.go index bde12416..5ab0e73b 100644 --- a/pkg/xray/resource/resource_xray_watch.go +++ b/pkg/xray/resource/resource_xray_watch.go @@ -575,7 +575,7 @@ func (r *WatchResource) Schema(ctx context.Context, req resource.SchemaRequest, "type": schema.StringAttribute{ Required: true, Validators: []validator.String{ - stringvalidator.OneOfCaseInsensitive(supportedResourceTypes...), + stringvalidator.OneOf(supportedResourceTypes...), }, Description: fmt.Sprintf("Type of resource to be watched. Options: %s.", strings.Join(supportedResourceTypes, ", ")), }, @@ -592,7 +592,7 @@ func (r *WatchResource) Schema(ctx context.Context, req resource.SchemaRequest, "repo_type": schema.StringAttribute{ Optional: true, Validators: []validator.String{ - stringvalidator.OneOfCaseInsensitive("local", "remote"), + stringvalidator.OneOf("local", "remote"), }, Description: "Type of repository. Only applicable when `type` is `repository`. Options: `local` or `remote`.", }, @@ -604,7 +604,7 @@ func (r *WatchResource) Schema(ctx context.Context, req resource.SchemaRequest, "type": schema.StringAttribute{ Required: true, Validators: []validator.String{ - stringvalidator.OneOfCaseInsensitive("regex", "path-regex", "package-type", "mime-type"), + stringvalidator.OneOf("regex", "path-regex", "package-type", "mime-type"), }, Description: "The type of filter, such as `regex`, `path-regex`, `package-type`, or `mime-type`", }, @@ -668,7 +668,7 @@ func (r *WatchResource) Schema(ctx context.Context, req resource.SchemaRequest, "type": schema.StringAttribute{ Required: true, Validators: []validator.String{ - stringvalidator.OneOfCaseInsensitive("property"), + stringvalidator.OneOf("property"), }, Description: "The type of filter. Currently only support `property`", }, @@ -706,7 +706,7 @@ func (r *WatchResource) Schema(ctx context.Context, req resource.SchemaRequest, "type": schema.StringAttribute{ Required: true, Validators: []validator.String{ - stringvalidator.OneOfCaseInsensitive("security", "license", "operational_risk"), + stringvalidator.OneOf("security", "license", "operational_risk"), }, Description: "The type of the policy - security, license or operational risk", From a5bd74bc2f215c691b9d438ef1f74ec74c29ee3d Mon Sep 17 00:00:00 2001 From: Alex Hung Date: Wed, 2 Oct 2024 14:37:27 -0700 Subject: [PATCH 2/3] Update CHANGELOG --- CHANGELOG.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2b41ee99..8005f3db 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,14 @@ +## 2.12.0 (October 4, 2024) + +BUG FIXES: + +* resource/xray_license_policy: Fix case insensitive attribute validations for `actions.custom_severity`. +* resource/xray_operational_risk_policy: Fix case insensitive attribute validations for `criteria.op_risk_min_risk`, `criteria.op_risk_custom.risk`. +* resource/xray_security_policy: Fix case insensitive attribute validations for `criteria.min_severity`, `criteria.exposures.min_severity`, and `criteria.package_type`. +* resource/xray_violations_report: Fix case insensitive attribute validations for `filter.type`. + +PR: [#254](https://github.com/jfrog/terraform-provider-xray/pull/254) Issue: [#253](https://github.com/jfrog/terraform-provider-xray/issues/253) + ## 2.11.2 (September 23, 2024). Tested on Artifactory 7.90.10 and Xray 3.104.11 with Terraform 1.9.6 and OpenTofu 1.8.2 BUG FIXES: From 20b4f26ed9bb23bc2279391f6dd079ae990d3fa3 Mon Sep 17 00:00:00 2001 From: JFrog CI Date: Wed, 2 Oct 2024 22:13:45 +0000 Subject: [PATCH 3/3] JFrog Pipelines - Add Artifactory version to CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8005f3db..7f3bb721 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -## 2.12.0 (October 4, 2024) +## 2.12.0 (October 4, 2024). Tested on Artifactory 7.90.13 and Xray 3.104.15 with Terraform 1.9.7 and OpenTofu 1.8.2 BUG FIXES: