search

jfrog / terraform-provider-xray

Terraform provider to manage JFrog Xray
https://jfrog.com/xray/
Apache License 2.0
146 stars 12 forks source link

Creating project specific ignore rule with build filter fails #213

Open jonathanwehner opened 4 days ago

jonathanwehner commented 4 days ago

Describe the bug When creating an ignore rule with a project_key, if a build filter is included in the ignore rule, the project key is not applied to that filter, which creates an error within Xray. If the build filter does not include a project key, Xray treats it as a global build filter, which is not allowed for a project specific ignore rule. This mismatch causes the following error in Xray:

ignore rule validation error: failed validating source filter
--- at /go/src/jfrog.com/xray/xray/backend/backend/alert/entities/ignore_rule/services/ignore_filter_service/ignore_filters.go:158 (ignoreFiltersService.validateFilter) ---
--- at /go/src/jfrog.com/xray/xray/backend/backend/alert/entities/ignore_rule/services/ignore_filter_service/ignore_filters.go:169 (ignoreFiltersService.validateSourceFilter) ---
Caused by: build ignore filter with no project is allowed only for global ignore rule without project filters

Requirements for an issue

terraform {
  required_providers {
    xray = {
        source = "jfrog/xray"
        version = "2.8.2"
    }
  }
}

provider "xray" {
  url = "<frog-url>"
  access_token = "<token>"
}

resource "xray_ignore_rule" "ignore-rule-2195936" {
  notes           = "notes"
  project_key = "cov"
  expiration_date = "2024-10-19"
  cves = ["any"]
  vulnerabilities = ["any"]

  build {
    name    = "my-test-build"
    version = "1"
  }
}

Expected behavior I can create project specific ignore rules with build filters.

alexhung commented 4 days ago

@jonathanwehner Thanks for the report. I think this is a bug in the Xray API. I'll try to reproduce and open an internal bug report.

jonathanwehner commented 4 days ago

@alexhung When using the API outside of TF, The following body successfully creates an ignore rule:

{
    "notes": "ignore rule test",
    "expires_at": "2024-10-19T12:29:59-06:00",
    "ignore_filters": {
        "licenses": [
            "unknown"
        ],
        "builds": [
            {
                "name": "my-test-build",
                "version": "1",
                "project": "cov"
            }
        ]
    }
}

Omitting the project key in the build filter causes the same error experienced with the TF ignore rule creation.