Merge pull request #234 from jfrog/migrate-repository-config

Migrate 'xray_repository_config' to Plugin Framework

.github/workflows/acceptance-tests.yml

@@ -32,14 +32,18 @@ jobs:
         uses: azure/[email protected]
       - name: Get Artifactory and Xray versions
         id: get_versions
+        env:
+          XRAY_HELM_CHART_VERSION: ${{ vars.XRAY_HELM_CHART_VERSION }}
+          XRAY_VERSION: ${{ vars.XRAY_VERSION }}
         run: |
           helm repo add jfrog https://charts.jfrog.io/
           helm repo update
-          RT_HELM_CHART_VERSION=$(helm search repo | grep "artifactory " | awk '{$1=$1};1' |  cut -f2 -d " ")
-          ARTIFACTORY_VERSION=$(helm search repo | grep "artifactory " | awk '{$1=$1};1' |  cut -f3 -d " ")
+          RT_HELM_CHART_VERSION=$(helm search repo | grep "jfrog/artifactory " | awk '{$1=$1};1' | cut -f2 -d " ")
+          ARTIFACTORY_VERSION=$(helm search repo | grep "jfrog/artifactory " | awk '{$1=$1};1' | cut -f3 -d " ")
           echo "rt_version=$ARTIFACTORY_VERSION" >> "$GITHUB_OUTPUT"
-          XRAY_HELM_CHART_VERSION=$(helm search repo | grep "/xray" | awk '{$1=$1};1' |  cut -f2 -d " ")
-          XRAY_VERSION=$(helm search repo | grep "/xray" | awk '{$1=$1};1' |  cut -f3 -d " ")
+          XRAY_HELM_CHART_VERSION=${XRAY_HELM_CHART_VERSION:=$(helm search repo | grep "jfrog/xray" | awk '{$1=$1};1' | cut -f2 -d " ")}
+          XRAY_VERSION=${XRAY_VERSION:=$(helm search repo | grep "jfrog/xray" | awk '{$1=$1};1' | cut -f3 -d " ")}
+          echo "XRAY_HELM_CHART_VERSION=$XRAY_HELM_CHART_VERSION" >> "$GITHUB_ENV"
           echo "xray_version=$XRAY_VERSION" >> "$GITHUB_OUTPUT"
       - name: Authenticate with Google Cloud
         uses: google-github-actions/auth@v2
@@ -125,6 +129,7 @@ jobs:
         id: install_xray
         run: |
           helm upgrade --install xray jfrog/xray \
+            --version $XRAY_HELM_CHART_VERSION \
             --set postgresql.persistence.size=200Gi \
             --set xray.jfrogUrl=http://artifactory-artifactory-nginx \
             --set xray.masterKey=$MASTER_KEY \

CHANGELOG.md

@@ -1,4 +1,16 @@
-## 2.10.0 (August 8 30, 2024). Tested on Artifactory 7.90.6 and Xray 3.101.5 with Terraform 1.9.4 and OpenTofu 1.8.1
+## 2.11.0 (August 19, 2024). Tested on Artifactory 7.90.8 and Xray 3.101.5 with Terraform 1.9.4 and OpenTofu 1.8.1
+
+IMPROVEMENTS:
+
+* resource/xray_repository_config: Migrate from SDKv2 to Plugin Framework.
+
+BUG FIXES:
+
+* resource/xray_\*\_policy: Fix incorrect value being set from API in `exposures` attributes.
+
+PR: [#234](https://github.com/jfrog/terraform-provider-xray/pull/234)
+
+## 2.10.0 (August 8, 2024). Tested on Artifactory 7.90.6 and Xray 3.101.5 with Terraform 1.9.4 and OpenTofu 1.8.1
 
 IMPROVEMENTS:
 
@@ -22,6 +34,8 @@ BUG FIXES:
 
 ## 2.8.2 (June 21, 2024). Tested on Artifactory 7.84.15 and Xray 3.96.1 with Terraform 1.8.5 and OpenTofu 1.7.2
 
+IMPROVEMENTS:
+
 * resource/xray_custom_issue: Migrate from SDKv2 to Plugin Framework. PR: [#207](https://github.com/jfrog/terraform-provider-xray/pull/207)
 * resource/xray_ignore_rule: Migrate from SDKv2 to Plugin Framework. PR: [#209](https://github.com/jfrog/terraform-provider-xray/pull/209)
 * resource/xray_watch: Migrate from SDKv2 to Plugin Framework. PR: [#210](https://github.com/jfrog/terraform-provider-xray/pull/210)

GNUmakefile

@@ -19,6 +19,8 @@ REGISTRY_HOST=registry.terraform.io
 
 ifeq ($(TERRAFORM_CLI), tofu)
 REGISTRY_HOST=registry.opentofu.org
+TF_ACC_TERRAFORM_PATH="$(which tofu)"
+TF_ACC_PROVIDER_HOST="registry.opentofu.org"
 endif
 
 BUILD_PATH=terraform.d/plugins/${REGISTRY_HOST}/jfrog/${PRODUCT}/${NEXT_VERSION}/${TARGET_ARCH}

docs/resources/repository_config.md

@@ -56,29 +56,25 @@ resource "xray_repository_config" "xray-repo-config" {
 
 ### Optional
 
-- `config` (Block Set, Max: 1) Single repository configuration. Only one of 'config' or 'paths_config' can be set. (see [below for nested schema](#nestedblock--config))
+- `config` (Block Set) Single repository configuration. Only one of 'config' or 'paths_config' can be set. (see [below for nested schema](#nestedblock--config))
 - `jas_enabled` (Boolean) Specified if JFrog Advanced Security is enabled or not. Default to 'false'
-- `paths_config` (Block Set, Max: 1) Enables you to set a more granular retention period. It enables you to scan future artifacts within the specific path, and set a retention period for the historical data of artifacts after they are scanned (see [below for nested schema](#nestedblock--paths_config))
-
-### Read-Only
-
-- `id` (String) The ID of this resource.
+- `paths_config` (Block Set) Enables you to set a more granular retention period. It enables you to scan future artifacts within the specific path, and set a retention period for the historical data of artifacts after they are scanned (see [below for nested schema](#nestedblock--paths_config))
 
 <a id="nestedblock--config"></a>
 ### Nested Schema for `config`
 
 Optional:
 
-- `exposures` (Block Set, Max: 1) Enables Xray to perform scans for multiple categories that cover security issues in your configurations and the usage of open source libraries in your code. Available only to CLOUD (SaaS)/SELF HOSTED for ENTERPRISE X and ENTERPRISE+ with Advanced DevSecOps. Must be set together with `vuln_contextual_analysis`. Supported for Docker, Maven, NPM, PyPi, and Terraform Backend package type. (see [below for nested schema](#nestedblock--config--exposures))
+- `exposures` (Block Set) Enables Xray to perform scans for multiple categories that cover security issues in your configurations and the usage of open source libraries in your code. Available only to CLOUD (SaaS)/SELF HOSTED for ENTERPRISE X and ENTERPRISE+ with Advanced DevSecOps. Must be set together with `vuln_contextual_analysis`. Supported for Docker, Maven, NPM, PyPi, and Terraform Backend package type. (see [below for nested schema](#nestedblock--config--exposures))
 - `retention_in_days` (Number) The artifact will be retained for the number of days you set here, after the artifact is scanned. This will apply to all artifacts in the repository.
 - `vuln_contextual_analysis` (Boolean) Only for SaaS instances, will be available after Xray 3.59. Enables vulnerability contextual analysis. Must be set together with `exposures`. Supported for Docker, OCI, and Maven package types.
 
 <a id="nestedblock--config--exposures"></a>
 ### Nested Schema for `config.exposures`
 
-Required:
+Optional:
 
-- `scanners_category` (Block Set, Min: 1, Max: 1) (see [below for nested schema](#nestedblock--config--exposures--scanners_category))
+- `scanners_category` (Block Set) (see [below for nested schema](#nestedblock--config--exposures--scanners_category))
 
 <a id="nestedblock--config--exposures--scanners_category"></a>
 ### Nested Schema for `config.exposures.scanners_category`
@@ -96,10 +92,10 @@ Optional:
 <a id="nestedblock--paths_config"></a>
 ### Nested Schema for `paths_config`
 
-Required:
+Optional:
 
-- `all_other_artifacts` (Block Set, Min: 1, Max: 1) If you select by pattern, you must define a retention period for all other artifacts in the repository in the All Other Artifacts setting. (see [below for nested schema](#nestedblock--paths_config--all_other_artifacts))
-- `pattern` (Block List, Min: 1) Pattern, applied to the repositories. (see [below for nested schema](#nestedblock--paths_config--pattern))
+- `all_other_artifacts` (Block Set) If you select by pattern, you must define a retention period for all other artifacts in the repository in the All Other Artifacts setting. (see [below for nested schema](#nestedblock--paths_config--all_other_artifacts))
+- `pattern` (Block Set) Pattern, applied to the repositories. (see [below for nested schema](#nestedblock--paths_config--pattern))
 
 <a id="nestedblock--paths_config--all_other_artifacts"></a>
 ### Nested Schema for `paths_config.all_other_artifacts`

go.mod

@@ -12,7 +12,6 @@ require (
 	github.com/hashicorp/terraform-plugin-framework v1.11.0
 	github.com/hashicorp/terraform-plugin-framework-validators v0.13.0
 	github.com/hashicorp/terraform-plugin-go v0.23.0
-	github.com/hashicorp/terraform-plugin-log v0.9.0
 	github.com/hashicorp/terraform-plugin-mux v0.16.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.34.0
 	github.com/hashicorp/terraform-plugin-testing v1.10.0
@@ -55,6 +54,7 @@ require (
 	github.com/hashicorp/logutils v1.0.0 // indirect
 	github.com/hashicorp/terraform-exec v0.21.0 // indirect
 	github.com/hashicorp/terraform-json v0.22.1 // indirect
+	github.com/hashicorp/terraform-plugin-log v0.9.0 // indirect
 	github.com/hashicorp/terraform-registry-address v0.2.3 // indirect
 	github.com/hashicorp/terraform-svchost v0.1.1 // indirect
 	github.com/hashicorp/yamux v0.1.1 // indirect

pkg/xray/provider/framework.go

@@ -189,6 +189,7 @@ func (p *XrayProvider) Resources(ctx context.Context) []func() resource.Resource
 		xray_resource.NewBinaryManagerReleaseBundlesV2Resource,
 		xray_resource.NewCustomIssueResource,
 		xray_resource.NewIgnoreRuleResource,
+		xray_resource.NewRepositoryConfigResource,
 		xray_resource.NewSettingsResource,
 		xray_resource.NewWatchResource,
 		xray_resource.NewWebhookResource,

pkg/xray/provider/sdkv2.go

@@ -58,7 +58,6 @@ func SdkV2() *schema.Provider {
 				"xray_security_policy":          xray.ResourceXraySecurityPolicyV2(),
 				"xray_license_policy":           xray.ResourceXrayLicensePolicyV2(),
 				"xray_operational_risk_policy":  xray.ResourceXrayOperationalRiskPolicy(),
-				"xray_repository_config":        xray.ResourceXrayRepositoryConfig(),
 				"xray_vulnerabilities_report":   xray.ResourceXrayVulnerabilitiesReport(),
 				"xray_licenses_report":          xray.ResourceXrayLicensesReport(),
 				"xray_violations_report":        xray.ResourceXrayViolationsReport(),

pkg/xray/resource/policies.go

@@ -694,9 +694,9 @@ func packExposures(exposures *PolicyExposures) []interface{} {
 	m := map[string]interface{}{
 		"min_severity": *exposures.MinSeverity,
 		"secrets":      *exposures.Secrets,
-		"applications": *exposures.Secrets,
-		"services":     *exposures.Secrets,
-		"iac":          *exposures.Secrets,
+		"applications": *exposures.Applications,
+		"services":     *exposures.Services,
+		"iac":          *exposures.Iac,
 	}
 	return []interface{}{m}
 }

pkg/xray/resource/resource_xray_custom_issue.go

@@ -57,7 +57,9 @@ var validPackageTypes = []string{
 var _ resource.Resource = &CustomIssueResource{}
 
 func NewCustomIssueResource() resource.Resource {
-	return &CustomIssueResource{}
+	return &CustomIssueResource{
+		TypeName: "xray_custom_issue",
+	}
 }
 
 type CustomIssueResource struct {
@@ -66,8 +68,7 @@ type CustomIssueResource struct {
 }
 
 func (r *CustomIssueResource) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) {
-	resp.TypeName = req.ProviderTypeName + "_custom_issue"
-	r.TypeName = resp.TypeName
+	resp.TypeName = r.TypeName
 }
 
 type CustomIssueResourceModel struct {