search

jfrog / terraform-provider-xray

Terraform provider to manage JFrog Xray
https://jfrog.com/xray/
Apache License 2.0
149 stars 12 forks source link

Error 400 when adding remote repository to xray_watch #53

Closed fmalykh closed 2 years ago

fmalykh commented 2 years ago

Hi Team,

I'm getting 400 error when creating an xray_watch resource which includes remote repositories.

Here is a watch created manually through the GUI:

{
    "general_data": {
      "id": "bac6529a90896cba473f2000",
      "name": "local-and-remote-repos-TF",
      "active": true
    },
    "project_resources": {
      "resources": [
        {
          "type": "repository",
          "name": "pypi-local",
          "bin_mgr_id": "default",
          "repo_type": "local"
        },
        {
          "type": "repository",
          "name": "pypi-remote",
          "bin_mgr_id": "default",
          "repo_type": "remote"
        }
      ]
    },
    "assigned_policies": [
      {
        "name": "Remote-and-Local-Repos-Policy-Manual",
        "type": "security"
      }
    ]
}

Now I successfully create the following xray_watch which contains local repository only:

resource "xray_watch" "remote_and_local_repo" {
  name   = "local-and-remote-repos-TF"
  active = true

  watch_resource {
    type = "repository"
    name = "pypi-local"
  }
  assigned_policy {
    name = xray_security_policy.xray_remote_and_local_repo.name
    type = "security"
  }
}

terraform apply --target xray_watch.remote_and_local_repo
xray_security_policy.xray_remote_and_local_repo: Refreshing state... [id=Remote-and-Local-Repos-Policy-TF]

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # xray_watch.remote_and_local_repo will be created
  + resource "xray_watch" "remote_and_local_repo" {
      + active = true
      + id     = (known after apply)
      + name   = "local-and-remote-repos-TF"

      + assigned_policy {
          + name = "Remote-and-Local-Repos-Policy-TF"
          + type = "security"
        }

      + watch_resource {
          + bin_mgr_id = "default"
          + name       = "pypi-local"
          + type       = "repository"
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Warning: Resource targeting is in effect
xray_watch.remote_and_local_repo: Creating...
xray_watch.remote_and_local_repo: Creation complete after 1s [id=local-and-remote-repos-TF]

Then I try to add a remote repository:

resource "xray_watch" "remote_and_local_repo" {
  name   = "local-and-remote-repos-TF"
  active = true

  watch_resource {
    type = "repository"
    name = "pypi-local"
  }
  watch_resource {
    type = "repository"
    name = "pypi-remote"
  }  
  assigned_policy {
    name = xray_security_policy.xray_remote_and_local_repo.name
    type = "security"
  }
}

terraform apply --target xray_watch.remote_and_local_repo
xray_security_policy.xray_remote_and_local_repo: Refreshing state... [id=Remote-and-Local-Repos-Policy-TF]
xray_watch.remote_and_local_repo: Refreshing state... [id=local-and-remote-repos-TF]

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # xray_watch.remote_and_local_repo will be updated in-place
  ~ resource "xray_watch" "remote_and_local_repo" {
        id     = "local-and-remote-repos-TF"
        name   = "local-and-remote-repos-TF"
        # (1 unchanged attribute hidden)

      + watch_resource {
          + bin_mgr_id = "default"
          + name       = "pypi-remote"
          + type       = "repository"
        }
        # (2 unchanged blocks hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Warning: Resource targeting is in effect

xray_watch.remote_and_local_repo: Modifying... [id=local-and-remote-repos-TF]
Error:
400 PUT https://artifactory.px.tools/xray/api/v2/watches/local-and-remote-repos-TF
{"error":"Watch is not valid"}

  on xray_watch.tf line 1, in resource "xray_watch" "remote_and_local_repo":
   1: resource "xray_watch" "remote_and_local_repo" {

Below are software versions:

Terraform v0.14.5
+ provider registry.terraform.io/jfrog/artifactory v6.7.2
+ provider registry.terraform.io/jfrog/xray v1.1.4

{"xray_version":"3.45.2","xray_revision":"6261583"}

artifactory:   "version" : "7.35.2",  "revision" : "73502900",
chb0github commented 2 years ago

Thanks for the details. We'll have a look. Although, it might actually be an issue with xray.

alexhung commented 2 years ago

Looks like we are missing repo_type = "remote" in the JSON payload.

I was able to create a watch for remote repo using this payload:

{
    "general_data": {
        "name": "test-remote-repo-2",
        "description": "This is a new watch created using API V2",
        "active": true
    },
    "project_resources": {
        "resources": [
            {
                "type": "repository",
                "name": "npm-remote",
                "bin_mgr_id": "default",
                "repo_type": "remote"
            }
        ]
    },
    "assigned_policies": [
        {
            "name": "Alex-OpRisk",
            "type": "operational_risk"
        }
    ]
 }
}

But our code doesn't currently set repo_type.

chb0github commented 2 years ago

We could handle this for them - fetch the type and add it here. It would make it slower but would eliminate an issue.

Alternatively, force the user to decide and if there is an error, give a hint?

Wait.. this field only applies if it's a repo type - otherwise no point.