search

jfrog / terraform-provider-xray

Terraform provider to manage JFrog Xray
https://jfrog.com/xray/
Apache License 2.0
151 stars 12 forks source link

Cannot create an Xray security policy rule with "Contains malicious packages" option enabled. #109

Closed mkrejza83 closed 1 year ago

mkrejza83 commented 1 year ago

Describe the bug Cannot create an Xray security policy rule with "Contains malicious packages" option enabled using Terraform. The request returns following error.

400 POST https://artifactory-dev.skoda.vwgroup.com/xray/api/v2/policies
│ {"error":"Found Invalid Policy"}

When we create that rule using JFROG web UI everything works fine. After that we can import that rule to Terraform state and running Terraform apply returns no error. We tried copying the code directly from Terraform state to our script, deleting our policy from JFROG and Terraform state and running Terraform apply but we again ended with the error above.

Requirements for and issue

terraform {
  required_providers {
    artifactory = {
      source  = "registry.terraform.io/jfrog/artifactory"
      version = "6.15.1"
    }
    project = {
      source  = "registry.terraform.io/jfrog/project"
      version = "1.1.7"
    }
    xray = {
      source  = "registry.terraform.io/jfrog/xray"
      version = "1.6.0"
    }
  }
}

variable "artifactory_url" {
  type = string
}
variable "token" {
  type = string
}

provider "xray" {
  url          = var.artifactory_url
  access_token = var.token
}
provider "artifactory" {
  url          = var.artifactory_url
  access_token = var.token
}
provider "project" {
  url          = var.artifactory_url
  access_token = var.token
}

resource "xray_security_policy" "policy" {
  description = "Security-Test"
  name = "Security-Test"
  type = "security"

  rule {
    name     = "malicious"
    priority = 1

    actions {
      block_release_bundle_distribution  = false
      build_failure_grace_period_in_days = 0
      create_ticket_enabled              = false
      fail_build                         = true
      mails                              = []
      notify_deployer                    = false
      notify_watch_recipients            = true
      webhooks                           = []

      block_download {
        active    = false
        unscanned = false
      }
    }

    criteria {
      fix_version_dependant = false
    }
  }
}

Expected behavior Creating Xray security policy with one rule which has the "Contains malicious packages" option enabled.

danielmkn commented 1 year ago

Released in v1.11.0