Skip to content

Commit

Permalink
Merge pull request #231 from jfrog/add-block-release-bundle-actions-t…
Browse files Browse the repository at this point in the history
…o-policy

Add block release bundle promotion attribute to policy
  • Loading branch information
alexhung authored Aug 9, 2024
2 parents 3360d07 + f682cf7 commit 9906a48
Show file tree
Hide file tree
Showing 11 changed files with 73 additions and 25 deletions.
11 changes: 4 additions & 7 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,13 +1,10 @@
## 2.9.1 (August 7 30, 2024). Tested on Artifactory 7.90.6 and Xray 3.101.5 with Terraform 1.9.4 and OpenTofu 1.8.1
## 2.10.0 (August 8 30, 2024). Tested on Artifactory 7.90.6 and Xray 3.101.5 with Terraform 1.9.4 and OpenTofu 1.8.1

IMPROVEMENTS:

* resource/xray_binary_manager_release_bundles_v2: Add `indexed_release_bundle_v2` attribute validation to prevent the use of Ant-style pattern.
* resource/xray_binary_manager_build: Add `indexed_builds` attribute validation to prevent the use of Ant-style pattern.

PR: [#227](https://github.com/jfrog/terraform-provider-xray/pull/227)

Issue: [#226](https://github.com/jfrog/terraform-provider-xray/issues/226)
* resource/xray_binary_manager_release_bundles_v2: Add `indexed_release_bundle_v2` attribute validation to prevent the use of Ant-style pattern. PR: [#227](https://github.com/jfrog/terraform-provider-xray/pull/227) Issue: [#226](https://github.com/jfrog/terraform-provider-xray/issues/226)
* resource/xray_binary_manager_build: Add `indexed_builds` attribute validation to prevent the use of Ant-style pattern. PR: [#227](https://github.com/jfrog/terraform-provider-xray/pull/227) Issue: [#226](https://github.com/jfrog/terraform-provider-xray/issues/226)
* resource/xray_\*\_policy: Add `block_release_bundle_promotion` attribut to support Release Bundle promotion blocking for policy. PR: [#231](https://github.com/jfrog/terraform-provider-xray/pull/231)

## 2.9.0 (July 30, 2024). Tested on Artifactory 7.90.5 and Xray 3.101.5 with Terraform 1.9.3 and OpenTofu 1.8.0

Expand Down
2 changes: 2 additions & 0 deletions docs/resources/license_policy.md
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ resource "xray_license_policy" "allowed_licenses" {
webhooks = []
mails = ["[email protected]"]
block_release_bundle_distribution = false
block_release_bundle_promotion = false
fail_build = true
notify_watch_recipients = true
notify_deployer = true
Expand Down Expand Up @@ -130,6 +131,7 @@ Required:
Optional:

- `block_release_bundle_distribution` (Boolean) Blocks Release Bundle distribution to Edge nodes if a violation is found. Default value is `false`.
- `block_release_bundle_promotion` (Boolean) Blocks Release Bundle promotion if a violation is found. Default value is `false`.
- `build_failure_grace_period_in_days` (Number) Allow grace period for certain number of days. All violations will be ignored during this time. To be used only if `fail_build` is enabled.
- `create_ticket_enabled` (Boolean) Create Jira Ticket for this Policy Violation. Requires configured Jira integration. Default value is `false`.
- `custom_severity` (String) The severity of violation to be triggered if the `criteria` are met.
Expand Down
2 changes: 2 additions & 0 deletions docs/resources/operational_risk_policy.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ resource "xray_operational_risk_policy" "min_risk" {
webhooks = []
mails = ["[email protected]"]
block_release_bundle_distribution = false
block_release_bundle_promotion = false
fail_build = true
notify_watch_recipients = true
notify_deployer = true
Expand Down Expand Up @@ -126,6 +127,7 @@ Required:
Optional:

- `block_release_bundle_distribution` (Boolean) Blocks Release Bundle distribution to Edge nodes if a violation is found. Default value is `false`.
- `block_release_bundle_promotion` (Boolean) Blocks Release Bundle promotion if a violation is found. Default value is `false`.
- `build_failure_grace_period_in_days` (Number) Allow grace period for certain number of days. All violations will be ignored during this time. To be used only if `fail_build` is enabled.
- `create_ticket_enabled` (Boolean) Create Jira Ticket for this Policy Violation. Requires configured Jira integration. Default value is `false`.
- `fail_build` (Boolean) Whether or not the related CI build should be marked as failed if a violation is triggered. This option is only available when the policy is applied to an `xray_watch` resource with a `type` of `builds`. Default value is `false`.
Expand Down
2 changes: 2 additions & 0 deletions docs/resources/security_policy.md
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ resource "xray_security_policy" "min_severity" {
webhooks = []
mails = ["[email protected]"]
block_release_bundle_distribution = true
block_release_bundle_promotion = true
fail_build = true
notify_watch_recipients = true
notify_deployer = true
Expand Down Expand Up @@ -160,6 +161,7 @@ Required:
Optional:

- `block_release_bundle_distribution` (Boolean) Blocks Release Bundle distribution to Edge nodes if a violation is found. Default value is `false`.
- `block_release_bundle_promotion` (Boolean) Blocks Release Bundle promotion if a violation is found. Default value is `false`.
- `build_failure_grace_period_in_days` (Number) Allow grace period for certain number of days. All violations will be ignored during this time. To be used only if `fail_build` is enabled.
- `create_ticket_enabled` (Boolean) Create Jira Ticket for this Policy Violation. Requires configured Jira integration. Default value is `false`.
- `fail_build` (Boolean) Whether or not the related CI build should be marked as failed if a violation is triggered. This option is only available when the policy is applied to an `xray_watch` resource with a `type` of `builds`. Default value is `false`.
Expand Down
1 change: 1 addition & 0 deletions examples/resources/xray_license_policy/resource.tf
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ resource "xray_license_policy" "allowed_licenses" {
webhooks = []
mails = ["[email protected]"]
block_release_bundle_distribution = false
block_release_bundle_promotion = false
fail_build = true
notify_watch_recipients = true
notify_deployer = true
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ resource "xray_operational_risk_policy" "min_risk" {
webhooks = []
mails = ["[email protected]"]
block_release_bundle_distribution = false
block_release_bundle_promotion = false
fail_build = true
notify_watch_recipients = true
notify_deployer = true
Expand Down
1 change: 1 addition & 0 deletions examples/resources/xray_security_policy/resource.tf
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ resource "xray_security_policy" "min_severity" {
webhooks = []
mails = ["[email protected]"]
block_release_bundle_distribution = true
block_release_bundle_promotion = true
fail_build = true
notify_watch_recipients = true
notify_deployer = true
Expand Down
38 changes: 23 additions & 15 deletions pkg/xray/resource/policies.go
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,12 @@ var commonActionsSchema = map[string]*schema.Schema{
Default: false,
Description: "Blocks Release Bundle distribution to Edge nodes if a violation is found. Default value is `false`.",
},
"block_release_bundle_promotion": {
Type: schema.TypeBool,
Optional: true,
Default: false,
Description: "Blocks Release Bundle promotion if a violation is found. Default value is `false`.",
},
"fail_build": {
Type: schema.TypeBool,
Optional: true,
Expand Down Expand Up @@ -254,15 +260,16 @@ type BlockDownloadSettings struct {
}

type PolicyRuleActions struct {
Webhooks []string `json:"webhooks,omitempty"`
Mails []string `json:"mails,omitempty"`
FailBuild bool `json:"fail_build"`
BlockDownload BlockDownloadSettings `json:"block_download"`
BlockReleaseBundle bool `json:"block_release_bundle_distribution"`
NotifyWatchRecipients bool `json:"notify_watch_recipients"`
NotifyDeployer bool `json:"notify_deployer"`
CreateJiraTicketEnabled bool `json:"create_ticket_enabled"`
FailureGracePeriodDays int `json:"build_failure_grace_period_in_days,omitempty"`
Webhooks []string `json:"webhooks,omitempty"`
Mails []string `json:"mails,omitempty"`
FailBuild bool `json:"fail_build"`
BlockDownload BlockDownloadSettings `json:"block_download"`
BlockReleaseBundleDistribution bool `json:"block_release_bundle_distribution"`
BlockReleaseBundlePromotion bool `json:"block_release_bundle_promotion"`
NotifyWatchRecipients bool `json:"notify_watch_recipients"`
NotifyDeployer bool `json:"notify_deployer"`
CreateJiraTicketEnabled bool `json:"create_ticket_enabled"`
FailureGracePeriodDays int `json:"build_failure_grace_period_in_days,omitempty"`
// License Actions
CustomSeverity string `json:"custom_severity,omitempty"`
}
Expand Down Expand Up @@ -541,16 +548,16 @@ func unpackActions(l *schema.Set) PolicyRuleActions {
// rule.0.actions.0.block_download.0.unscanned: "false" => ""
}
}

if v, ok := m["block_release_bundle_distribution"]; ok {
actions.BlockReleaseBundle = v.(bool)
actions.BlockReleaseBundleDistribution = v.(bool)
}
if v, ok := m["block_release_bundle_promotion"]; ok {
actions.BlockReleaseBundlePromotion = v.(bool)
}

if v, ok := m["notify_watch_recipients"]; ok {
actions.NotifyWatchRecipients = v.(bool)
}
if v, ok := m["block_release_bundle_distribution"]; ok {
actions.BlockReleaseBundle = v.(bool)
}
if v, ok := m["notify_deployer"]; ok {
actions.NotifyDeployer = v.(bool)
}
Expand Down Expand Up @@ -700,7 +707,8 @@ func packActions(actions PolicyRuleActions, license bool) []interface{} {
"webhooks": actions.Webhooks,
"mails": actions.Mails,
"fail_build": actions.FailBuild,
"block_release_bundle_distribution": actions.BlockReleaseBundle,
"block_release_bundle_distribution": actions.BlockReleaseBundleDistribution,
"block_release_bundle_promotion": actions.BlockReleaseBundlePromotion,
"notify_watch_recipients": actions.NotifyWatchRecipients,
"notify_deployer": actions.NotifyDeployer,
"create_ticket_enabled": actions.CreateJiraTicketEnabled,
Expand Down
4 changes: 4 additions & 0 deletions pkg/xray/resource/resource_xray_license_policy_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ var testDataLicense = map[string]string{
"allow_unknown": "true",
"multi_license_permissive": "false",
"block_release_bundle_distribution": "true",
"block_release_bundle_promotion": "true",
"fail_build": "true",
"notify_watch_recipients": "true",
"notify_deployer": "true",
Expand Down Expand Up @@ -118,6 +119,7 @@ func TestAccLicensePolicy_withProjectKey(t *testing.T) {
active = {{ .block_active }}
}
block_release_bundle_distribution = {{ .block_release_bundle_distribution }}
block_release_bundle_promotion = {{ .block_release_bundle_promotion }}
fail_build = {{ .fail_build }}
notify_watch_recipients = {{ .notify_watch_recipients }}
notify_deployer = {{ .notify_deployer }}
Expand Down Expand Up @@ -375,6 +377,7 @@ func verifyLicensePolicy(fqrn string, testData map[string]string, allowedOrBanne
resource.TestCheckResourceAttr(fqrn, "rule.0.actions.0.mails.0", testData["mails_0"]),
resource.TestCheckResourceAttr(fqrn, "rule.0.actions.0.mails.1", testData["mails_1"]),
resource.TestCheckResourceAttr(fqrn, "rule.0.actions.0.block_release_bundle_distribution", testData["block_release_bundle_distribution"]),
resource.TestCheckResourceAttr(fqrn, "rule.0.actions.0.block_release_bundle_promotion", testData["block_release_bundle_promotion"]),
resource.TestCheckResourceAttr(fqrn, "rule.0.actions.0.fail_build", testData["fail_build"]),
resource.TestCheckResourceAttr(fqrn, "rule.0.actions.0.notify_watch_recipients", testData["notify_watch_recipients"]),
resource.TestCheckResourceAttr(fqrn, "rule.0.actions.0.notify_deployer", testData["notify_deployer"]),
Expand Down Expand Up @@ -406,6 +409,7 @@ const licensePolicyTemplate = `resource "xray_license_policy" "{{ .resource_name
active = {{ .block_active }}
}
block_release_bundle_distribution = {{ .block_release_bundle_distribution }}
block_release_bundle_promotion = {{ .block_release_bundle_promotion }}
fail_build = {{ .fail_build }}
notify_watch_recipients = {{ .notify_watch_recipients }}
notify_deployer = {{ .notify_deployer }}
Expand Down
20 changes: 17 additions & 3 deletions pkg/xray/resource/resource_xray_operational_risk_policy_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ var testDataOperationalRisk = map[string]string{
"rule_name": "test-operational-risk-rule",
"min_severity": "Medium",
"block_release_bundle_distribution": "true",
"block_release_bundle_promotion": "true",
"fail_build": "true",
"notify_watch_recipients": "true",
"notify_deployer": "true",
Expand Down Expand Up @@ -47,6 +48,7 @@ func TestAccOperationalRiskPolicy_withProjectKey(t *testing.T) {
}
actions {
block_release_bundle_distribution = {{ .block_release_bundle_distribution }}
block_release_bundle_promotion = {{ .block_release_bundle_promotion }}
fail_build = {{ .fail_build }}
notify_watch_recipients = {{ .notify_watch_recipients }}
notify_deployer = {{ .notify_deployer }}
Expand Down Expand Up @@ -119,6 +121,7 @@ func TestAccOperationalRiskPolicy_minRiskCriteria(t *testing.T) {
}
actions {
block_release_bundle_distribution = {{ .block_release_bundle_distribution }}
block_release_bundle_promotion = {{ .block_release_bundle_promotion }}
fail_build = {{ .fail_build }}
notify_watch_recipients = {{ .notify_watch_recipients }}
notify_deployer = {{ .notify_deployer }}
Expand Down Expand Up @@ -182,6 +185,7 @@ func TestAccOperationalRiskPolicy_customCriteria(t *testing.T) {
}
actions {
block_release_bundle_distribution = {{ .block_release_bundle_distribution }}
block_release_bundle_promotion = {{ .block_release_bundle_promotion }}
fail_build = {{ .fail_build }}
notify_watch_recipients = {{ .notify_watch_recipients }}
notify_deployer = {{ .notify_deployer }}
Expand Down Expand Up @@ -223,6 +227,7 @@ func TestAccOperationalRiskPolicy_customCriteria(t *testing.T) {
}
actions {
block_release_bundle_distribution = {{ .block_release_bundle_distribution }}
block_release_bundle_promotion = {{ .block_release_bundle_promotion }}
fail_build = {{ .fail_build }}
notify_watch_recipients = {{ .notify_watch_recipients }}
notify_deployer = {{ .notify_deployer }}
Expand Down Expand Up @@ -316,6 +321,7 @@ func TestAccOperationalRiskPolicy_customCriteria_migration(t *testing.T) {
testData["op_risk_custom_use_and_condition"] = "true"
testData["op_risk_custom_is_eol"] = "false"
testData["op_risk_custom_risk"] = testutil.RandSelect("high", "medium", "low").(string)
delete(testData, "block_release_bundle_promotion")

resource.Test(t, resource.TestCase{
PreCheck: func() { acctest.PreCheck(t) },
Expand All @@ -330,7 +336,6 @@ func TestAccOperationalRiskPolicy_customCriteria_migration(t *testing.T) {
},
Config: util.ExecuteTemplate(fqrn, opertionalRiskPolicyCustom, testData),
Check: resource.ComposeTestCheckFunc(
verifyOpertionalRiskPolicy(fqrn, testData),
resource.TestCheckResourceAttr(fqrn, "rule.0.criteria.0.op_risk_custom.0.use_and_condition", testData["op_risk_custom_use_and_condition"]),
resource.TestCheckResourceAttr(fqrn, "rule.0.criteria.0.op_risk_custom.0.is_eol", testData["op_risk_custom_is_eol"]),
resource.TestCheckResourceAttr(fqrn, "rule.0.criteria.0.op_risk_custom.0.release_date_greater_than_months", "6"),
Expand All @@ -345,7 +350,6 @@ func TestAccOperationalRiskPolicy_customCriteria_migration(t *testing.T) {
ProtoV6ProviderFactories: acctest.ProtoV6MuxProviderFactories,
Config: util.ExecuteTemplate(fqrn, opertionalRiskPolicyCustom, testData),
Check: resource.ComposeTestCheckFunc(
verifyOpertionalRiskPolicy(fqrn, testData),
resource.TestCheckResourceAttr(fqrn, "rule.0.criteria.0.op_risk_custom.0.use_and_condition", testData["op_risk_custom_use_and_condition"]),
resource.TestCheckResourceAttr(fqrn, "rule.0.criteria.0.op_risk_custom.0.is_eol", testData["op_risk_custom_is_eol"]),
resource.TestCheckNoResourceAttr(fqrn, "rule.0.criteria.0.op_risk_custom.0.release_date_greater_than_months"),
Expand All @@ -361,7 +365,7 @@ func TestAccOperationalRiskPolicy_customCriteria_migration(t *testing.T) {
}

func verifyOpertionalRiskPolicy(fqrn string, testData map[string]string) resource.TestCheckFunc {
return resource.ComposeTestCheckFunc(
checkFunc := resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr(fqrn, "name", testData["policy_name"]),
resource.TestCheckResourceAttr(fqrn, "description", testData["policy_description"]),
resource.TestCheckResourceAttr(fqrn, "rule.0.name", testData["rule_name"]),
Expand All @@ -374,6 +378,15 @@ func verifyOpertionalRiskPolicy(fqrn string, testData map[string]string) resourc
resource.TestCheckResourceAttr(fqrn, "rule.0.actions.0.block_download.0.active", testData["block_active"]),
resource.TestCheckResourceAttr(fqrn, "rule.0.actions.0.block_download.0.unscanned", testData["block_unscanned"]),
)

if _, ok := testData["block_release_bundle_promotion"]; ok {
checkFunc = resource.ComposeTestCheckFunc(
checkFunc,
resource.TestCheckResourceAttr(fqrn, "rule.0.actions.0.block_release_bundle_promotion", testData["block_release_bundle_promotion"]),
)
}

return checkFunc
}

func TestAccOperationalRiskPolicy_criteriaValidation(t *testing.T) {
Expand All @@ -400,6 +413,7 @@ func TestAccOperationalRiskPolicy_criteriaValidation(t *testing.T) {
}
actions {
block_release_bundle_distribution = {{ .block_release_bundle_distribution }}
block_release_bundle_promotion = {{ .block_release_bundle_promotion }}
fail_build = {{ .fail_build }}
notify_watch_recipients = {{ .notify_watch_recipients }}
notify_deployer = {{ .notify_deployer }}
Expand Down
Loading

0 comments on commit 9906a48

Please sign in to comment.