Merge pull request #235 from jfrog/update-repository-config-schema

Update `xray_repository_config` schema to work with API changes

.github/workflows/acceptance-tests.yml

@@ -173,8 +173,6 @@ jobs:
         with:
           install-only: true
       - name: Execute acceptance tests
-        env:
-          JFROG_JAS_DISABLED: true
         run: make acceptance -e TARGET_ARCH=linux_amd64
       - name: Install provider
         run: |

CHANGELOG.md

@@ -1,14 +1,18 @@
-## 2.11.0 (August 19, 2024). Tested on Artifactory 7.90.8 and Xray 3.101.5 with Terraform 1.9.4 and OpenTofu 1.8.1
+## 2.11.0 (August 27, 2024). Tested on Artifactory 7.90.8 and Xray 3.102.5 with Terraform 1.9.5 and OpenTofu 1.8.1
 
 IMPROVEMENTS:
 
-* resource/xray_repository_config: Migrate from SDKv2 to Plugin Framework.
+* resource/xray_repository_config: Migrate from SDKv2 to Plugin Framework. PR: [#234](https://github.com/jfrog/terraform-provider-xray/pull/234)
+* resource/xray_repository_config: Updated schema and validation to work with Xray version 3.102.3. PR: [#235](https://github.com/jfrog/terraform-provider-xray/pull/235)
+* resource/xray_workers_count: Updated schema to work with Xray version 3.102.3. PR: [#235](https://github.com/jfrog/terraform-provider-xray/pull/235)
 
 BUG FIXES:
 
-* resource/xray_\*\_policy: Fix incorrect value being set from API in `exposures` attributes.
+* resource/xray_\*\_policy: Fix incorrect value being set from API in `exposures` attributes. PR: [#234](https://github.com/jfrog/terraform-provider-xray/pull/234)
 
-PR: [#234](https://github.com/jfrog/terraform-provider-xray/pull/234)
+NOTES:
+
+* provider: `check_license` attribute is deprecated and provider no longer checks Artifactory license during initialization. It will be removed in the next major version release.
 
 ## 2.10.0 (August 8, 2024). Tested on Artifactory 7.90.6 and Xray 3.101.5 with Terraform 1.9.4 and OpenTofu 1.8.1
 

docs/index.md

@@ -14,26 +14,6 @@ Xray API documentation can be found [here](https://www.jfrog.com/confluence/disp
 
 Links to documentation for specific resources can be found in the table of contents to the left.
 
-This provider requires access to Artifactory and Xray APIs, which are only available in the _licensed_ pro and enterprise editions.
-You can determine which license you have by accessing the following URL
-`${host}/artifactory/api/system/licenses/`
-
-You can either access it via api, or web browser - it does require admin level credentials, but it's one of the few APIs that will work without a license (side node: you can also install your license here with a `POST`)
-
-```bash
-curl -sL ${host}/projects/api/system/licenses/ | jq .
-{
-  "type" : "Enterprise Plus Trial",
-  "validThrough" : "Jan 29, 2022",
-  "licensedTo" : "JFrog Ltd"
-}
-```
-
-The following 3 license types (`jq .type`) do **NOT** support APIs:
-- Community Edition for C/C++
-- JCR Edition
-- OSS
-
 ## Terraform CLI version support
 
 Current version support [Terraform Protocol v6](https://developer.hashicorp.com/terraform/plugin/terraform-plugin-protocol#protocol-version-6) which mean Terraform CLI version 1.0 and later. 
@@ -511,7 +491,7 @@ During the provider start up, if it finds env var `TFC_WORKLOAD_IDENTITY_TOKEN`
 
 Follow [confgure an OIDC integration](https://jfrog.com/help/r/jfrog-platform-administration-documentation/configure-an-oidc-integration). Enter a name for the provider, e.g. `terraform-cloud`. Use `https://app.terraform.io` for "Provider URL". Choose your own value for "Audience", e.g. `jfrog-terraform-cloud`.
 
-Then [configure an identity mapping](https://jfrog.com/help/r/jfrog-platform-administration-documentation/configure-identity-mappings) with an empty "Claims JSON" (`{}`), and select the "Token scope", "User", and "Service" as desired.
+Then [configure an identity mapping](https://jfrog.com/help/r/jfrog-platform-administration-documentation/configure-identity-mappings) with appropriate "Claims JSON" (e.g. `aud`, `sub` at minimum. See [Terraform Workload Identity - Configuring Trust with your Cloud Platform](https://developer.hashicorp.com/terraform/cloud-docs/workspaces/dynamic-provider-credentials/workload-identity-tokens#configuring-trust-with-your-cloud-platform)), and select the "Token scope", "User", and "Service" as desired.
 
 #### Set environment variable in your Terraform Workspace
 
@@ -554,6 +534,6 @@ provider "xray" {
 ### Optional
 
 - `access_token` (String, Sensitive) This is a bearer token that can be given to you by your admin under `Identity and Access`
-- `check_license` (Boolean) Toggle for pre-flight checking of Artifactory Pro and Enterprise license. Default to `true`.
+- `check_license` (Boolean, Deprecated) Toggle for pre-flight checking of Artifactory Pro and Enterprise license. Default to `true`.
 - `oidc_provider_name` (String) OIDC provider name. See [Configure an OIDC Integration](https://jfrog.com/help/r/jfrog-platform-administration-documentation/configure-an-oidc-integration) for more details.
 - `url` (String) URL of Xray. This can also be sourced from the `XRAY_URL` or `JFROG_URL` environment variable. Default to 'http://localhost:8081' if not set.

docs/resources/repository_config.md

@@ -52,11 +52,11 @@ resource "xray_repository_config" "xray-repo-config" {
 
 ### Required
 
-- `repo_name` (String) Repository name.
+- `repo_name` (String) The name of the repository to update configurations for.
 
 ### Optional
 
-- `config` (Block Set) Single repository configuration. Only one of 'config' or 'paths_config' can be set. (see [below for nested schema](#nestedblock--config))
+- `config` (Block Set) Single repository configuration. (see [below for nested schema](#nestedblock--config))
 - `jas_enabled` (Boolean) Specified if JFrog Advanced Security is enabled or not. Default to 'false'
 - `paths_config` (Block Set) Enables you to set a more granular retention period. It enables you to scan future artifacts within the specific path, and set a retention period for the historical data of artifacts after they are scanned (see [below for nested schema](#nestedblock--paths_config))
 
@@ -65,16 +65,16 @@ resource "xray_repository_config" "xray-repo-config" {
 
 Optional:
 
-- `exposures` (Block Set) Enables Xray to perform scans for multiple categories that cover security issues in your configurations and the usage of open source libraries in your code. Available only to CLOUD (SaaS)/SELF HOSTED for ENTERPRISE X and ENTERPRISE+ with Advanced DevSecOps. Must be set together with `vuln_contextual_analysis`. Supported for Docker, Maven, NPM, PyPi, and Terraform Backend package type. (see [below for nested schema](#nestedblock--config--exposures))
-- `retention_in_days` (Number) The artifact will be retained for the number of days you set here, after the artifact is scanned. This will apply to all artifacts in the repository.
-- `vuln_contextual_analysis` (Boolean) Only for SaaS instances, will be available after Xray 3.59. Enables vulnerability contextual analysis. Must be set together with `exposures`. Supported for Docker, OCI, and Maven package types.
+- `exposures` (Block Set) Enables Xray to perform scans for multiple categories that cover security issues in your configurations and the usage of open source libraries in your code. Available only to CLOUD (SaaS)/SELF HOSTED for ENTERPRISE X and ENTERPRISE+ with Advanced DevSecOps. Must be set for Docker, Maven, NPM, PyPi, and Terraform Backend package type. (see [below for nested schema](#nestedblock--config--exposures))
+- `retention_in_days` (Number) The artifact will be retained for the number of days you set here, after the artifact is scanned. This will apply to all artifacts in the repository. Can be omitted when `paths_config` is set.
+- `vuln_contextual_analysis` (Boolean) Enables or disables vulnerability contextual analysis. Only for SaaS instances, will be available after Xray 3.59. Must be set for Docker, OCI, and Maven package types.
 
 <a id="nestedblock--config--exposures"></a>
 ### Nested Schema for `config.exposures`
 
 Optional:
 
-- `scanners_category` (Block Set) (see [below for nested schema](#nestedblock--config--exposures--scanners_category))
+- `scanners_category` (Block Set) Exposures' scanners categories configurations. (see [below for nested schema](#nestedblock--config--exposures--scanners_category))
 
 <a id="nestedblock--config--exposures--scanners_category"></a>
 ### Nested Schema for `config.exposures.scanners_category`
@@ -111,11 +111,11 @@ Optional:
 
 Required:
 
-- `include` (String) Include pattern.
+- `include` (String) Paths pattern to include in the set specific configuration.
 
 Optional:
 
-- `exclude` (String) Exclude pattern.
+- `exclude` (String) Paths pattern to exclude from the set specific configuration.
 - `index_new_artifacts` (Boolean) If checked, Xray will scan newly added artifacts in the path. Note that existing artifacts will not be scanned. If the folder contains existing artifacts that have been scanned, and you do not want to index new artifacts in that folder, you can choose not to index that folder.
 - `retention_in_days` (Number) The artifact will be retained for the number of days you set here, after the artifact is scanned. This will apply to all artifacts in the repository.
 

pkg/xray/provider/framework.go

@@ -64,8 +64,9 @@ func (p *XrayProvider) Schema(ctx context.Context, req provider.SchemaRequest, r
 				Description: "OIDC provider name. See [Configure an OIDC Integration](https://jfrog.com/help/r/jfrog-platform-administration-documentation/configure-an-oidc-integration) for more details.",
 			},
 			"check_license": schema.BoolAttribute{
-				Optional:    true,
-				Description: "Toggle for pre-flight checking of Artifactory Pro and Enterprise license. Default to `true`.",
+				Optional:           true,
+				Description:        "Toggle for pre-flight checking of Artifactory Pro and Enterprise license. Default to `true`.",
+				DeprecationMessage: "Remove this attribute from your provider configuration as it is no longer used and the attribute will be removed in the next major version of the provider.",
 			},
 		},
 	}
@@ -146,16 +147,6 @@ func (p *XrayProvider) Configure(ctx context.Context, req provider.ConfigureRequ
 		)
 	}
 
-	if config.CheckLicense.IsNull() || config.CheckLicense.ValueBool() {
-		if licenseDs := util.CheckArtifactoryLicense(restyClient, "Enterprise", "Commercial", "Edge"); licenseDs != nil {
-			resp.Diagnostics.AddError(
-				"Error checking license",
-				licenseDs.Error(),
-			)
-			return
-		}
-	}
-
 	version, err := util.GetXrayVersion(restyClient)
 	if err != nil {
 		resp.Diagnostics.AddError(

pkg/xray/provider/sdkv2.go

@@ -14,7 +14,6 @@ import (
 	xray "github.com/jfrog/terraform-provider-xray/pkg/xray/resource"
 )
 
-// Version for some reason isn't getting updated by the linker
 var Version = "0.0.1"
 var productId = "terraform-provider-xray/" + Version
 
@@ -35,7 +34,6 @@ func SdkV2() *schema.Provider {
 				Optional:    true,
 				Sensitive:   true,
 				DefaultFunc: schema.MultiEnvDefaultFunc([]string{"XRAY_ACCESS_TOKEN", "JFROG_ACCESS_TOKEN"}, ""),
-				// ValidateDiagFunc: validator.StringIsNotEmpty,
 				Description: "This is a bearer token that can be given to you by your admin under `Identity and Access`",
 			},
 			"oidc_provider_name": {
@@ -49,6 +47,7 @@ func SdkV2() *schema.Provider {
 				Optional:    true,
 				Default:     true,
 				Description: "Toggle for pre-flight checking of Artifactory Pro and Enterprise license. Default to `true`.",
+				Deprecated:  "Remove this attribute from your provider configuration as it is no longer used and the attribute will be removed in the next major version of the provider.",
 			},
 		},
 
@@ -107,18 +106,17 @@ func providerConfigure(ctx context.Context, d *schema.ResourceData, terraformVer
 		accessToken = v.(string)
 	}
 
+	if accessToken == "" {
+		return nil, diag.Errorf("While configuring the provider, the Access Token was not found in " +
+			"the JFROG_ACCESS_TOKEN/XRAY_ACCESS_TOKEN environment variable, or provider " +
+			"configuration block access_token attribute, or from Terraform Cloud Workload Identity token.")
+	}
+
 	restyClient, err = client.AddAuth(restyClient, "", accessToken)
 	if err != nil {
 		return nil, diag.FromErr(err)
 	}
 
-	if checkLicense := d.Get("check_license").(bool); checkLicense {
-		licenseErr := util.CheckArtifactoryLicense(restyClient, "Enterprise", "Commercial")
-		if licenseErr != nil {
-			return nil, diag.FromErr(licenseErr)
-		}
-	}
-
 	xrayVersion, err := util.GetXrayVersion(restyClient)
 	if err != nil {
 		return nil, diag.FromErr(err)