Merge pull request #277 from jfrog/GH-273-fix-unable-to-create-repo-c…

…onfig Add missing package type support to xray_repository_config
jfrog · Nov 19, 2024 · ad3e203 · ad3e203
2 parents 3b3a0ab + f64959c
commit ad3e203
Show file tree

Hide file tree

Showing 3 changed files with 129 additions and 34 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,7 @@ BUG FIXES:
 
 * resource/xray_license_policy: Switch `allowed_licenses` and `banned_licenses` attribute type from `TypeSet` to `TypeList` to resolve performance issue with large number of licenses. Add validation to ensure `allowed_licenses` and `banned_licenses` attributes cannot be set at the same time. Issue: [#262](https://github.com/jfrog/terraform-provider-xray/issues/262) and [#271](https://github.com/jfrog/terraform-provider-xray/issues/271) PR: [#274](https://github.com/jfrog/terraform-provider-xray/issues/274)
 * resource/xray_security_policy: Fix validation not allowing `malicious_package` set to `false` when `min_severity` is set. Issue: [#272](https://github.com/jfrog/terraform-provider-xray/issues/272) PR: [#276](https://github.com/jfrog/terraform-provider-xray/issues/276)
+* resource/xray_repository_config: Add missing package types (`nuget` and `oci`) support for `exposure`. Add `cocoapods` package type support for scanning. Issue: [#273](https://github.com/jfrog/terraform-provider-xray/issues/273) PR: [#277](https://github.com/jfrog/terraform-provider-xray/issues/277)
 
 ## 2.13.2 (November 11, 2024). Tested on Artifactory 7.98.8 and Xray 3.104.18 with Terraform 1.9.8 and OpenTofu 1.8.5
 

diff --git a/pkg/xray/resource/resource_xray_repository_config.go b/pkg/xray/resource/resource_xray_repository_config.go
@@ -73,13 +73,13 @@ func (m RepoConfigResourceModel) toAPIModel(_ context.Context, xrayVersion, pack
 						exp := ExposuresAPIModel{}
 
 						switch packageType {
-						case "docker":
+						case "docker", "oci":
 							exp.ScannersCategory = map[string]bool{
 								"services_scan":     scannerCategoryAttrs["services"].(types.Bool).ValueBool(),
 								"secrets_scan":      scannerCategoryAttrs["secrets"].(types.Bool).ValueBool(),
 								"applications_scan": scannerCategoryAttrs["applications"].(types.Bool).ValueBool(),
 							}
-						case "maven":
+						case "maven", "nuget":
 							exp.ScannersCategory = map[string]bool{
 								"secrets_scan": scannerCategoryAttrs["secrets"].(types.Bool).ValueBool(),
 							}
@@ -217,20 +217,36 @@ var pathsConfigSetResourceModelElementTypes types.ObjectType = types.ObjectType{
 var exposuresPackageTypes = func(xrayVersion string) []string {
 	packageTypes := []string{"docker", "terraformbackend"}
 
+	if ok, err := util.CheckVersion(xrayVersion, "3.59.4"); err == nil && ok {
+		packageTypes = append(packageTypes, "oci")
+	}
+
 	if ok, err := util.CheckVersion(xrayVersion, "3.78.9"); err == nil && ok {
 		packageTypes = append(packageTypes, "maven", "npm", "pypi")
 	}
 
+	if ok, err := util.CheckVersion(xrayVersion, "3.101.5"); err == nil && ok {
+		packageTypes = append(packageTypes, "cocoapods")
+	}
+
 	if ok, err := util.CheckVersion(xrayVersion, "3.102.3"); err == nil && ok {
 		packageTypes = append(packageTypes, "generic")
 	}
 
+	if ok, err := util.CheckVersion(xrayVersion, "3.106.4"); err == nil && ok {
+		packageTypes = append(packageTypes, "nuget")
+	}
+
 	return packageTypes
 }
 
 var vulnContextualAnalysisPackageTypes = func(xrayVersion string) []string {
 	packageTypes := []string{"docker"}
 
+	if ok, err := util.CheckVersion(xrayVersion, "3.59.4"); err == nil && ok {
+		packageTypes = append(packageTypes, "oci")
+	}
+
 	if ok, err := util.CheckVersion(xrayVersion, "3.77.4"); err == nil && ok {
 		packageTypes = append(packageTypes, "maven")
 	}
@@ -268,11 +284,11 @@ func (m *RepoConfigResourceModel) fromAPIModel(_ context.Context, xrayVersion, p
 				}
 
 				switch packageType {
-				case "docker":
+				case "docker", "oci":
 					scannersCategoryAttrValues["services"] = types.BoolValue(apiModel.RepoConfig.Exposures.ScannersCategory["services_scan"])
 					scannersCategoryAttrValues["secrets"] = types.BoolValue(apiModel.RepoConfig.Exposures.ScannersCategory["secrets_scan"])
 					scannersCategoryAttrValues["applications"] = types.BoolValue(apiModel.RepoConfig.Exposures.ScannersCategory["applications_scan"])
-				case "maven":
+				case "maven", "nuget":
 					scannersCategoryAttrValues["secrets"] = types.BoolValue(apiModel.RepoConfig.Exposures.ScannersCategory["secrets_scan"])
 				case "npm", "pypi":
 					scannersCategoryAttrValues["secrets"] = types.BoolValue(apiModel.RepoConfig.Exposures.ScannersCategory["secrets_scan"])

diff --git a/pkg/xray/resource/resource_xray_repository_config_test.go b/pkg/xray/resource/resource_xray_repository_config_test.go
@@ -117,49 +117,60 @@ func TestAccRepositoryConfig_JasDisabled(t *testing.T) {
 		t.Skipf("Env var JFROG_JAS_DISABLED is not set to 'true'")
 	}
 
-	_, fqrn, resourceName := testutil.MkNames("xray-repo-config-", "xray_repository_config")
-	_, _, repoName := testutil.MkNames("local-generic-", "artifactory_local_generic_repository")
+	packageTypes := []string{"generic", "cocoapods"}
 
-	var testData = map[string]string{
-		"resource_name":     resourceName,
-		"repo_name":         repoName,
-		"retention_in_days": "90",
+	for _, packageType := range packageTypes {
+		t.Run(packageType, testAccRepositoryConfig(packageType))
 	}
-	config := util.ExecuteTemplate(
-		fqrn,
-		`resource "artifactory_local_generic_repository" "{{ .repo_name }}" {
+}
+
+func testAccRepositoryConfig(packageType string) func(t *testing.T) {
+	return func(t *testing.T) {
+		_, fqrn, resourceName := testutil.MkNames("xray-repo-config-", "xray_repository_config")
+		_, _, repoName := testutil.MkNames(fmt.Sprintf("local-%s", packageType), fmt.Sprintf("artifactory_local_%s_repository", packageType))
+
+		var testData = map[string]string{
+			"package_type":      packageType,
+			"resource_name":     resourceName,
+			"repo_name":         repoName,
+			"retention_in_days": "90",
+		}
+		config := util.ExecuteTemplate(
+			fqrn,
+			`resource "artifactory_local_{{ .package_type }}_repository" "{{ .repo_name }}" {
 			key        = "{{ .repo_name }}"
 			xray_index = true
 		}
 
 		resource "xray_repository_config" "{{ .resource_name }}" {
-			repo_name   = artifactory_local_generic_repository.{{ .repo_name }}.key
+			repo_name   = artifactory_local_{{ .package_type }}_repository.{{ .repo_name }}.key
 			jas_enabled = false
 
 			config {
 				retention_in_days = {{ .retention_in_days }}
 			}
 		}`,
-		testData,
-	)
+			testData,
+		)
 
-	resource.Test(t, resource.TestCase{
-		ProtoV6ProviderFactories: acctest.ProtoV6ProviderFactories,
-		ExternalProviders: map[string]resource.ExternalProvider{
-			"artifactory": {
-				Source: "jfrog/artifactory",
+		resource.Test(t, resource.TestCase{
+			ProtoV6ProviderFactories: acctest.ProtoV6ProviderFactories,
+			ExternalProviders: map[string]resource.ExternalProvider{
+				"artifactory": {
+					Source: "jfrog/artifactory",
+				},
 			},
-		},
-		Steps: []resource.TestStep{
-			{
-				Config: config,
-				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr(fqrn, "repo_name", testData["repo_name"]),
-					resource.TestCheckResourceAttr(fqrn, "config.0.retention_in_days", testData["retention_in_days"]),
-				),
+			Steps: []resource.TestStep{
+				{
+					Config: config,
+					Check: resource.ComposeTestCheckFunc(
+						resource.TestCheckResourceAttr(fqrn, "repo_name", testData["repo_name"]),
+						resource.TestCheckResourceAttr(fqrn, "config.0.retention_in_days", testData["retention_in_days"]),
+					),
+				},
 			},
-		},
-	})
+		})
+	}
 }
 
 // TestAccRepositoryConfig_JasDisabled_vulnContextualAnalysis_set needs to be run against a JPD that does not have JAS enabled
@@ -390,6 +401,29 @@ func TestAccRepositoryConfig_RepoConfigCreate_exposure(t *testing.T) {
 				)
 			},
 		},
+		{
+			"nuget",
+			TestDataRepoConfigNugetTemplate,
+			"3.106.4",
+			func(fqrn string, testData map[string]string) resource.TestCheckFunc {
+				return resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(fqrn, "config.0.exposures.0.scanners_category.0.secrets", testData["secrets_scan"]),
+				)
+			},
+		},
+		{
+			"oci",
+			TestDataRepoConfigOCITemplate,
+			"3.59.4",
+			func(fqrn string, testData map[string]string) resource.TestCheckFunc {
+				return resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(fqrn, "jas_enabled", "true"),
+					resource.TestCheckResourceAttr(fqrn, "config.0.exposures.0.scanners_category.0.services", testData["services_scan"]),
+					resource.TestCheckResourceAttr(fqrn, "config.0.exposures.0.scanners_category.0.secrets", testData["secrets_scan"]),
+					resource.TestCheckResourceAttr(fqrn, "config.0.exposures.0.scanners_category.0.applications", testData["applications_scan"]),
+				)
+			},
+		},
 		{
 			"pypi",
 			TestDataRepoConfigNpmPyPiTemplate,
@@ -420,7 +454,7 @@ func TestAccRepositoryConfig_RepoConfigCreate_no_exposure(t *testing.T) {
 		t.Skipf("Env var JFROG_JAS_DISABLED is set to 'true'")
 	}
 
-	packageTypes := []string{"alpine", "bower", "composer", "conan", "conda", "debian", "gems", "go", "gradle", "ivy", "nuget", "rpm", "sbt"}
+	packageTypes := []string{"alpine", "bower", "composer", "conan", "conda", "debian", "gems", "go", "gradle", "ivy", "rpm", "sbt"}
 	template := `
 	resource "artifactory_local_{{ .package_type }}_repository" "{{ .repo_name }}" {
 		key        = "{{ .repo_name }}"
@@ -484,8 +518,7 @@ func testAccRepositoryConfigRepoConfigCreate(packageType, template, validVersion
 			ProtoV6ProviderFactories: acctest.ProtoV6ProviderFactories,
 			ExternalProviders: map[string]resource.ExternalProvider{
 				"artifactory": {
-					Source:            "jfrog/artifactory",
-					VersionConstraint: "10.1.2",
+					Source: "jfrog/artifactory",
 				},
 			},
 			Steps: []resource.TestStep{
@@ -738,6 +771,51 @@ resource "xray_repository_config" "{{ .resource_name }}" {
   }
 }`
 
+const TestDataRepoConfigNugetTemplate = `
+resource "artifactory_local_nuget_repository" "{{ .repo_name }}" {
+	key        = "{{ .repo_name }}"
+	xray_index = true
+}
+
+resource "xray_repository_config" "{{ .resource_name }}" {
+  repo_name = artifactory_local_nuget_repository.{{ .repo_name }}.key
+  jas_enabled = true
+
+  config {
+    retention_in_days        = {{ .retention_in_days }}
+
+	exposures {
+      scanners_category {
+        secrets = true
+      }
+	}
+  }
+}`
+
+const TestDataRepoConfigOCITemplate = `
+resource "artifactory_local_oci_repository" "{{ .repo_name }}" {
+	key        = "{{ .repo_name }}"
+	xray_index = true
+}
+
+resource "xray_repository_config" "{{ .resource_name }}" {
+  repo_name   = artifactory_local_oci_repository.{{ .repo_name }}.key
+  jas_enabled = true
+
+  config {
+    retention_in_days        = {{ .retention_in_days }}
+	vuln_contextual_analysis = {{ .vuln_contextual_analysis }}
+
+	exposures {
+      scanners_category {
+        services     = true
+        secrets      = true
+        applications = true
+      }
+	}
+  }
+}`
+
 const TestDataRepoConfigInvalidExposuresTemplate = `
 resource "artifactory_local_docker_v2_repository" "{{ .repo_name }}" {
 	key        = "{{ .repo_name }}"