search

jfrog / terraform-provider-xray

Terraform provider to manage JFrog Xray
https://jfrog.com/xray/
Apache License 2.0
149 stars 12 forks source link

xray_repository_config fails after JAS trial #159

Closed Brian-Plantenberg-BBY closed 8 months ago

Brian-Plantenberg-BBY commented 8 months ago

Describe the bug

Recently we trialed JFrog Advanced Security and enabled vulnerability scans using the UI. The trial is over and we tried to modify the retention period using Terraform. We originally struggled to update the config using the UI but fixed it with the following:

curl -u USERNAME -H 'Content-Type: application/json' -d '{"repo_name":"my-local-repo","repo_config":{"retention_in_days":90}}' -X PUT "https://artifactory_url/xray/api/v1/repos_config"

Now trying to modify the configuration is met with the following error:

Error: 
400 PUT https://artifactory_URL/xray/api/v1/repos_config
{"error":"Request payload is invalid as vuln contextual analysis config was not expected"}

  with module.container.xray_repository_config.xray-local-repo-config,
  on ../modules/repositories/container/xray.tf line 10, in resource "xray_repository_config" "xray-local-repo-config":
  10: resource "xray_repository_config" "xray-local-repo-config" {

Requirements for and issue

resource "artifactory_local_docker_v2_repository" "container-local" {
  key                  = "my-local-repo
  project_environments = []
  xray_index           = true
}

resource "xray_repository_config" "xray-local-repo-config" {
  repo_name = 'my-local-repo'

  config {
    retention_in_days = 90
  }
}

Artifactory Version: 7.71.11 Xray Version: 3.86.10 Terraform Version: 1.3.3 Artifactory Provider Version: 10.1.1 Terraform Provider Version: 2.1.0

Expected behavior

Config resource should be created with the configured retention settings

Additional context

Have tried removing the existing config via UI to see if it could be "created properly" via Terraform. Also worked with jfrog support to get the UI configs working again via the API which seems to work still.

alexhung commented 8 months ago

@Brian-Plantenberg-BBY Thanks for the report. Can you share the output of terraform plan?

Brian-Plantenberg-BBY commented 8 months ago

@Brian-Plantenberg-BBY Thanks for the report. Can you share the output of terraform plan?

  # module.container.xray_repository_config.xray-local-repo-config will be created
+   resource "xray_repository_config" "xray-local-repo-config" {
+       id        = (known after apply)
+       repo_name = "my-local-repo"

+       config {
+           retention_in_days = 90
        }
    }
alexhung commented 8 months ago

@Brian-Plantenberg-BBY Thanks! I'll schedule this in our plan.

alexhung commented 8 months ago

@Brian-Plantenberg-BBY BTW, you may want to use Terraform reference to ensure the dependency tree between Xray repo_config resource and Artifactory repo is correct, e.g.:

resource "artifactory_local_docker_v2_repository" "container-local" {
  key                  = "my-local-repo
  project_environments = []
  xray_index           = true
}

resource "xray_repository_config" "xray-local-repo-config" {
  repo_name = artifactory_local_docker_v2_repository.container-local.key # reference instead of plain text

  config {
    retention_in_days = 90
  }
}
Brian-Plantenberg-BBY commented 8 months ago

@Brian-Plantenberg-BBY BTW, you may want to use Terraform reference to ensure the dependency tree between Xray repo_config resource and Artifactory repo is correct, e.g.:

resource "artifactory_local_docker_v2_repository" "container-local" {
  key                  = "my-local-repo
  project_environments = []
  xray_index           = true
}

resource "xray_repository_config" "xray-local-repo-config" {
  repo_name = artifactory_local_docker_v2_repository.container-local.key # reference instead of plain text

  config {
    retention_in_days = 90
  }
}

We are, for some reason I set it to plain text in my sample TF when I was cleaning it up for the ticket

alexhung commented 8 months ago

@Brian-Plantenberg-BBY I have not been able to reproduce this issue yet. Here's the TF config I'm using:

terraform {
  required_providers {
    xray = {
      source  = "registry.terraform.io/jfrog/xray"
      version = "2.1.1"
    }
  }
}

provider "xray" {
}

resource "xray_repository_config" "xray-repo-config-pattern" {
  repo_name = "alexh-npm-local"

  config {
    retention_in_days = 90
  }
}

alexh-npm-local is an existing repo with Xray Indexing set to 'On'.

Then I run terraform plan and terraform apply and got no errors.

alexh@alexh-mac terraform-provider-xray % terraform plan

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # xray_repository_config.xray-repo-config-pattern will be created
  + resource "xray_repository_config" "xray-repo-config-pattern" {
      + id        = (known after apply)
      + repo_name = "alexh-npm-local"

      + config {
          + retention_in_days = 90
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.
alexh@alexh-mac terraform-provider-xray % terraform apply

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # xray_repository_config.xray-repo-config-pattern will be created
  + resource "xray_repository_config" "xray-repo-config-pattern" {
      + id        = (known after apply)
      + repo_name = "alexh-npm-local"

      + config {
          + retention_in_days = 90
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

xray_repository_config.xray-repo-config-pattern: Creating...
xray_repository_config.xray-repo-config-pattern: Creation complete after 0s [id=alexh-npm-local]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
alexh@alexh-mac terraform-provider-xray % terraform --version
Terraform v1.6.5
on darwin_amd64
+ provider registry.terraform.io/hashicorp/random v3.6.0
+ provider registry.terraform.io/jfrog/xray v2.1.1

Your version of Terraform is out of date! The latest version
is 1.7.0. You can update by downloading from https://www.terraform.io/downloads.html

(You can ignore the the Xray provider version being off. Our local test script automatically increment the patch version when building a new binary)

alexhung commented 8 months ago

@Brian-Plantenberg-BBY Never mind 😄 I found the issue. The fix is more complex than first glance, and I'm taking time off tomorrow so this won't be fixed until February.

Brian-Plantenberg-BBY commented 8 months ago

No worries, I can always enable via the API for all of our repos for now as a temporary workaround

alexhung commented 8 months ago

@Brian-Plantenberg-BBY I've released a new version with new attribute jas_enabled to control the provider interaction with Xray API depending on if JAS is enabled or not. Please try it out and let me know how it works out.

Brian-Plantenberg-BBY commented 8 months ago

@alexhung confirmed working, thank you much!