Support configuring reports

[asvoboda]

Currently, the xray tf provider does not support configuring reports. The API [1] supports creating various types of reports with many options. Ideally, support should exist in this provider for the following set of distinct report types

• [ ] vulnerabilities
• [ ] licenses
• [ ] violations
• [ ] operational risks

[1] https://www.jfrog.com/confluence/display/JFROG/Xray+REST+API#XrayRESTAPI-REPORTS

[chb0github]

Ok, well, let me knock the ball back into your court.

Our documentation isn't the best, and after looking at it I am pondering if it can meet the terraform lifecycle; meaning I'd have to research it's feasibility.

But, before I go that far, how about you propose some hcl that

• Creates a report
• Reads a report
• updates a report
• deletes a report

[asvoboda]

For the purpose of a TF example, I would suggest encoding most of the existing API parameters (I know there are a lot.. so I'll ignore some of them).

resource "xray_vulnerability_report" "vuln" {
  name        = "test-vuln-report-1"

  resources {
    repository {
      name = "repo1"
    }
    repository {
      name         = "repo2"
      include_path = "org/name/**"
    }
    build {
      name         = "build1"
      include_path = "foo/bar/**"
    }
  }

  filters {
    vulnerable_component = "*vulnerable:component*"
    impacted_artifact    = "some://impacted*artifact"
    has_remediation      = false
    cve                  =  "CVE-1234-1234"
  }
}

I believe reports are immutable (at least, according to the api docs), so modifying any attribute would trigger a destroy and recreate. Perhaps this is the root of your question?

I don't really mind what the exact terraform looks like and I would defer some of the questions like "should the report type exist as a different resource, or a param to a generic reports resource?" to you and the maintainers.

[danielmkn]

@asvoboda, @jamestoyer, it's released in v1.9.0, thanks for the ticket!