Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Documentation at https://registry.terraform.io/providers/jfrog/xray/latest/docs/resources/ignore_rule#nested-schema-for-release_bundle has incorrect API example #285

Closed
brianwjfrog opened this issue Dec 2, 2024 · 3 comments · Fixed by #286
Assignees
Labels
bug Something isn't working

Comments

@brianwjfrog
Copy link

brianwjfrog commented Dec 2, 2024

Describe the bug
https://registry.terraform.io/providers/jfrog/xray/latest/docs/resources/ignore_rule#nested-schema-for-release_bundle has incorrect example api call for ignore rule.

resource "xray_ignore_rule" "ignore-rule-5649816" {
  notes           = "notes"
  cves            = ["fake-cves", "cves-1"]
  expiration_date = "2023-10-25"
}

resource "xray_ignore_rule" "ignore-rule-2195938" {
  notes           = "notes"
  expiration_date = "2023-10-19"
  vulnerabilities = ["any"]

  build {
    name    = "name"
    version = "version"
  }
}

resource "xray_ignore_rule" "ignore-rule-2590577" {
  notes           = "notes"
  expiration_date = "2023-10-19"
  vulnerabilities = ["any"]

  component {
    name    = "name"
    version = "version"
  }
}

resource "xray_ignore_rule" "ignore-111" {
  notes            = "fake notes"
  expiration_date  = "2024-01-02"
  vulnerabilities  = ["any"]

  artifact {
    name    = "fake-name"
    version = "fake-version"
    path    = "invalid-path/"
  }
}

should be replaces with api call example from https://jfrog.com/help/r/xray-rest-apis/create-ignore-rule

Requirements for and issue
This is a documentation issue as api call in https://registry.terraform.io/providers/jfrog/xray/latest/docs/resources/ignore_rule#nested-schema-for-release_bundle has incorrect sytnax.
Need to be update with https://jfrog.com/help/r/xray-rest-apis/create-ignore-rule

Expected behavior
Documentation at https://registry.terraform.io/providers/jfrog/xray/latest/docs/resources/ignore_rule#nested-schema-for-release_bundle need to be updated with correct example api.

Additional context
Add any other context about the problem here.

@brianwjfrog brianwjfrog added the bug Something isn't working label Dec 2, 2024
@alexhung
Copy link
Member

alexhung commented Dec 2, 2024

@brianwjfrog Thanks for the report.

I'm curious as to which part of the release_bundle attribute is incorrect?

Example for ignore rule with release_bundle:

resource "xray_ignore_rule" "ignore-release-bundle" {
  notes            = "fake notes"
  expiration_date  = "2024-01-02"
  vulnerabilities  = ["any"]

  release_bundle {
    name    = "fake-name"
    version = "fake-version"
  }
}

This matches the API documentation:

Image

If you are referring to the difference in singular for TF attribute and plural for API field, this is because Terraform convention suggests singular form for attribute block. When you need to specify multiple blocks, the configuration looks like this:

resource "xray_ignore_rule" "ignore-release-bundle" {
  notes            = "fake notes"
  expiration_date  = "2024-01-02"
  vulnerabilities  = ["any"]

  release_bundle {
    name    = "fake-name-1"
    version = "fake-version"
  }

  release_bundle {
    name    = "fake-name-2"
    version = "fake-version"
  }
}

Plural form is only used for attribute in list form. Here's a hypothetical example:

resource "xray_ignore_rule" "ignore-release-bundle" {
  notes            = "fake notes"
  expiration_date  = "2024-01-02"
  vulnerabilities  = ["any"]

  release_bundles = [
    {
      name    = "fake-name-1"
      version = "fake-version"
    },
    {
      name    = "fake-name-2"
      version = "fake-version"
    }
  ]
}

This form is not currently supported.

@alexhung alexhung added the question Further information is requested label Dec 2, 2024
@brianwjfrog
Copy link
Author

brianwjfrog commented Dec 3, 2024

Sorry want to clarify. The customer is now stating the following on the issue.

It isn't linked to an attribute but to the complete request sent.

The API of Artifactory expects a request with data content:

{
    "notes": "ignore any violation for 'tstRB' release-bundle",
    "ignore_filters": {
        "vulnerabilities":[
            "any"
        ],
        "licenses":[
            "any"
        ],
        "release-bundles":[
            {
                "name":"tstRB"
            }
        ]
    }
}

But Terraform will send something like:

{
    "notes": "ignore any violation for 'tstRB' release-bundle",
    "ignore_filters": {
        "vulnerabilities":[
            "any"
        ],
        "licenses":[
            "any"
        ],
        "release_bundles":[
            {
                "name":"tstRB"
            }
        ]
    }
}

The issue is the _ on the request and not - on release_bundles (This means that ignore rules for release bundle didn't have be testing on a jfrog)

@alexhung
Copy link
Member

alexhung commented Dec 3, 2024

@brianwjfrog Ah I see. Thanks for pointing that out!

@alexhung alexhung removed the question Further information is requested label Dec 3, 2024
alexhung added a commit that referenced this issue Dec 5, 2024
…-name-for-ignore-rule

Fix incorrect request field name for ignore rule
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants