Skip to content

Commit

Permalink
Merge pull request #224 from jfrog/GH-213-fix-ignore-rule-build-filte…
Browse files Browse the repository at this point in the history
…r-with-project

Fix project ignore rule with build filter
  • Loading branch information
alexhung authored Jul 29, 2024
2 parents 5d75c2e + 849f032 commit ea889f5
Show file tree
Hide file tree
Showing 3 changed files with 128 additions and 15 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,10 @@ IMPROVEMENTS:

* resource/xray_security_policy: Add `applicable_cves_only` attribute to support JFrog Advanced Security feature. PR: [#223](https://github.com/jfrog/terraform-provider-xray/pull/223) Issue: [#221](https://github.com/jfrog/terraform-provider-xray/issues/221)

BUG FIXES:

* resource/xray_ignore_rule: Fix error when creating project specific ignore rule with build filter. PR: [#224](https://github.com/jfrog/terraform-provider-xray/pull/224) Issue: [#213](https://github.com/jfrog/terraform-provider-xray/issues/213)

## 2.8.2 (June 21, 2024). Tested on Artifactory 7.84.15 and Xray 3.96.1 with Terraform 1.8.5 and OpenTofu 1.7.2

* resource/xray_custom_issue: Migrate from SDKv2 to Plugin Framework. PR: [#207](https://github.com/jfrog/terraform-provider-xray/pull/207)
Expand Down
81 changes: 68 additions & 13 deletions pkg/xray/resource/resource_xray_ignore_rule.go
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,19 @@ func unpackFilterNameVersion(elem attr.Value, _ int) IgnoreFilterNameVersionAPIM
}
}

func unpackFilterNameVersionProject(projectKey string) func(elem attr.Value, _ int) IgnoreFilterNameVersionProjectAPIModel {
return func(elem attr.Value, _ int) IgnoreFilterNameVersionProjectAPIModel {
attrs := elem.(types.Object).Attributes()
return IgnoreFilterNameVersionProjectAPIModel{
IgnoreFilterNameVersionAPIModel: IgnoreFilterNameVersionAPIModel{
Name: attrs["name"].(types.String).ValueString(),
Version: attrs["version"].(types.String).ValueString(),
},
Project: projectKey,
}
}
}

func unpackFilterNameVersionPath(elem attr.Value, _ int) IgnoreFilterNameVersionPathAPIModel {
attrs := elem.(types.Object).Attributes()
return IgnoreFilterNameVersionPathAPIModel{
Expand Down Expand Up @@ -139,7 +152,7 @@ func (m IgnoreRuleResourceModel) toAPIModel(ctx context.Context, apiModel *Ignor

builds := lo.Map(
m.Builds.Elements(),
unpackFilterNameVersion,
unpackFilterNameVersionProject(m.ProjectKey.ValueString()),
)

components := lo.Map(
Expand Down Expand Up @@ -235,6 +248,43 @@ func packNameVersion(models []IgnoreFilterNameVersionAPIModel) (basetypes.SetVal
return nameVersionSet, diags
}

func packNameVersionProject(models []IgnoreFilterNameVersionProjectAPIModel) (basetypes.SetValue, diag.Diagnostics) {
diags := diag.Diagnostics{}

nameVersions := lo.Map(
models,
func(property IgnoreFilterNameVersionProjectAPIModel, _ int) attr.Value {
nameVersionMap := map[string]attr.Value{
"name": types.StringNull(),
"version": types.StringNull(),
}

if property.Name != "" {
nameVersionMap["name"] = types.StringValue(property.Name)
}

if property.Version != "" {
nameVersionMap["version"] = types.StringValue(property.Version)
}

return types.ObjectValueMust(
nameVersionResourceModelAttributeTypes,
nameVersionMap,
)
},
)

nameVersionSet, d := types.SetValue(
nameVersionSetResourceModelAttributeTypes,
nameVersions,
)
if d != nil {
diags.Append(d...)
}

return nameVersionSet, diags
}

func packNameVersionPath(models []IgnoreFilterNameVersionPathAPIModel) (basetypes.SetValue, diag.Diagnostics) {
diags := diag.Diagnostics{}

Expand Down Expand Up @@ -351,7 +401,7 @@ func (m *IgnoreRuleResourceModel) fromAPIModel(ctx context.Context, apiModel Ign
}
m.ReleaseBundles = releaseBundles

builds, d := packNameVersion(apiModel.IgnoreFilters.Builds)
builds, d := packNameVersionProject(apiModel.IgnoreFilters.Builds)
if d != nil {
diags.Append(d...)
}
Expand Down Expand Up @@ -383,24 +433,29 @@ type IgnoreRuleAPIModel struct {
}

type IgnoreFiltersAPIModel struct {
Vulnerabilities []string `json:"vulnerabilities,omitempty"`
Licenses []string `json:"licenses,omitempty"`
CVEs []string `json:"cves,omitempty"`
Policies []string `json:"policies,omitempty"`
Watches []string `json:"watches,omitempty"`
DockerLayers []string `json:"docker-layers,omitempty"`
OperationalRisks []string `json:"operational_risk,omitempty"`
ReleaseBundles []IgnoreFilterNameVersionAPIModel `json:"release_bundles,omitempty"`
Builds []IgnoreFilterNameVersionAPIModel `json:"builds,omitempty"`
Components []IgnoreFilterNameVersionAPIModel `json:"components,omitempty"`
Artifacts []IgnoreFilterNameVersionPathAPIModel `json:"artifacts,omitempty"`
Vulnerabilities []string `json:"vulnerabilities,omitempty"`
Licenses []string `json:"licenses,omitempty"`
CVEs []string `json:"cves,omitempty"`
Policies []string `json:"policies,omitempty"`
Watches []string `json:"watches,omitempty"`
DockerLayers []string `json:"docker-layers,omitempty"`
OperationalRisks []string `json:"operational_risk,omitempty"`
ReleaseBundles []IgnoreFilterNameVersionAPIModel `json:"release_bundles,omitempty"`
Builds []IgnoreFilterNameVersionProjectAPIModel `json:"builds,omitempty"`
Components []IgnoreFilterNameVersionAPIModel `json:"components,omitempty"`
Artifacts []IgnoreFilterNameVersionPathAPIModel `json:"artifacts,omitempty"`
}

type IgnoreFilterNameVersionAPIModel struct {
Name string `json:"name"`
Version string `json:"version,omitempty"`
}

type IgnoreFilterNameVersionProjectAPIModel struct {
IgnoreFilterNameVersionAPIModel
Project string `json:"project,omitempty"`
}

type IgnoreFilterNameVersionPathAPIModel struct {
IgnoreFilterNameVersionAPIModel
Path string `json:"path,omitempty"`
Expand Down
58 changes: 56 additions & 2 deletions pkg/xray/resource/resource_xray_ignore_rule_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -702,8 +702,6 @@ func TestAccIgnoreRule_invalid_artifact_path(t *testing.T) {
}

func TestAccIgnoreRule_with_project_key(t *testing.T) {
t.Skipf("skip for now as we haven't found a combo for ignore rule that works for projectKey query param")

_, fqrn, name := testutil.MkNames("ignore-rule-", "xray_ignore_rule")
expirationDate := time.Now().Add(time.Hour * 48)
projectKey := fmt.Sprintf("testproj%d", testutil.RandomInt())
Expand All @@ -725,6 +723,8 @@ func TestAccIgnoreRule_with_project_key(t *testing.T) {
expiration_date = "{{ .expirationDate }}"
project_key = project.{{ .projectKey }}.key
licenses = ["unknown"]
docker_layers = [
"2ae0e4835a9a6e22e35dd0fcce7d7354999476b7dad8698d2d7a77c80bfc647b",
"a8db0e25d5916e70023114bb2d2497cd85327486bd6e0dc2092b349a1ab3a0a0"
Expand Down Expand Up @@ -755,6 +755,60 @@ func TestAccIgnoreRule_with_project_key(t *testing.T) {
})
}

func TestAccIgnoreRule_build_with_project_key(t *testing.T) {
_, fqrn, name := testutil.MkNames("ignore-rule-", "xray_ignore_rule")
expirationDate := time.Now().Add(time.Hour * 48)
projectKey := fmt.Sprintf("testproj%d", testutil.RandomInt())

config := util.ExecuteTemplate(
"TestAccIgnoreRule",
`resource "project" "{{ .projectKey }}" {
key = "{{ .projectKey }}"
display_name = "{{ .projectKey }}"
admin_privileges {
manage_members = true
manage_resources = true
index_resources = true
}
}
resource "xray_ignore_rule" "{{ .name }}" {
notes = "fake notes"
expiration_date = "{{ .expirationDate }}"
project_key = project.{{ .projectKey }}.key
licenses = ["unknown"]
build {
name = "fake-name"
version = "fake-version"
}
}`,
map[string]interface{}{
"name": name,
"expirationDate": expirationDate.Format("2006-01-02"),
"projectKey": projectKey,
},
)

resource.Test(t, resource.TestCase{
PreCheck: func() { acctest.PreCheck(t) },
ProtoV6ProviderFactories: acctest.ProtoV6ProviderFactories,
ExternalProviders: map[string]resource.ExternalProvider{
"project": {
Source: "jfrog/project",
},
},
CheckDestroy: acctest.VerifyDeleted(fqrn, "", testCheckIgnoreRule),
Steps: []resource.TestStep{
{
Config: config,
Check: resource.TestCheckResourceAttr(fqrn, "project_key", projectKey),
},
},
})
}

// testCheckIgnoreRule fetches the supposingly deleted ignore rule and verify it has been deleted
// Xray applies soft delete to ignore rule and adds 'deleted_by' and 'deleted_at'
// fields to the payload after a rule is deleted
Expand Down

0 comments on commit ea889f5

Please sign in to comment.