Fix attribute validation

Switch to non-case sensitive validations Update security policy package type to match Xray API
jfrog · Oct 2, 2024 · ed124af · ed124af
1 parent 50b26fb
commit ed124af
Show file tree

Hide file tree

Showing 9 changed files with 53 additions and 43 deletions.
diff --git a/pkg/xray/resource/policies.go b/pkg/xray/resource/policies.go
@@ -29,26 +29,24 @@ const (
 )
 
 var validPackageTypesSupportedXraySecPolicies = []string{
-	"alpine",
-	"bower",
-	"cargo",
-	"composer",
-	"conan",
-	"conda",
-	"cran",
-	"debian",
-	"docker",
-	"generic",
-	"go",
-	"huggingface",
-	"maven",
-	"npm",
-	"nuget",
-	"oci",
-	"pypi",
-	"rpm",
-	"rubygems",
-	"terraformbe",
+	"Alpine",
+	"Cargo",
+	"Composer",
+	"Conan",
+	"Conda",
+	"Cran",
+	"Debian",
+	"Docker",
+	"Generic",
+	"Go",
+	"HuggingFace",
+	"Maven",
+	"Npm",
+	"NuGet",
+	"Oci",
+	"Pypi",
+	"Rpm",
+	"Rubygems",
 }
 
 type PolicyResource struct {

diff --git a/pkg/xray/resource/resource_xray_license_policy.go b/pkg/xray/resource/resource_xray_license_policy.go
@@ -266,7 +266,7 @@ var licensePolicyActionsAttrs = lo.Assign(
 			Computed: true,
 			Default:  stringdefault.StaticString("High"),
 			Validators: []validator.String{
-				stringvalidator.OneOfCaseInsensitive("Critical", "High", "Medium", "Low"),
+				stringvalidator.OneOf("Critical", "High", "Medium", "Low"),
 			},
 			Description: "The severity of violation to be triggered if the `criteria` are met.",
 		},

diff --git a/pkg/xray/resource/resource_xray_operational_risk_policy.go b/pkg/xray/resource/resource_xray_operational_risk_policy.go
@@ -77,7 +77,7 @@ var opRiskPolicyCriteriaAttrs = map[string]schema.Attribute{
 	"op_risk_min_risk": schema.StringAttribute{
 		Optional: true,
 		Validators: []validator.String{
-			stringvalidator.OneOfCaseInsensitive("High", "Medium", "Low"),
+			stringvalidator.OneOf("High", "Medium", "Low"),
 			stringvalidator.ConflictsWith(
 				path.MatchRelative().AtParent().AtName("op_risk_custom"),
 			),
@@ -138,11 +138,11 @@ var opRiskPolicyCriteriaBlocks = map[string]schema.Block{
 				"risk": schema.StringAttribute{
 					Optional: true,
 					Computed: true,
-					Default:  stringdefault.StaticString("low"),
+					Default:  stringdefault.StaticString("Low"),
 					Validators: []validator.String{
-						stringvalidator.OneOfCaseInsensitive("high", "medium", "low"),
+						stringvalidator.OneOf("High", "Medium", "Low"),
 					},
-					Description: "Risk severity: low, medium, high",
+					Description: "Risk severity: Low, Medium, High",
 				},
 			},
 		},

diff --git a/pkg/xray/resource/resource_xray_operational_risk_policy_test.go b/pkg/xray/resource/resource_xray_operational_risk_policy_test.go
@@ -283,7 +283,7 @@ func TestAccOperationalRiskPolicy_customCriteria(t *testing.T) {
 	testData["op_risk_custom_release_cadence_per_year_less_than"] = testutil.RandSelect("1", "2", "3", "4", "5").(string)
 	testData["op_risk_custom_commits_less_than"] = testutil.RandSelect("10", "25", "50", "100").(string)
 	testData["op_risk_custom_committers_less_than"] = testutil.RandSelect("1", "2", "3", "4", "5").(string)
-	testData["op_risk_custom_risk"] = testutil.RandSelect("high", "medium", "low").(string)
+	testData["op_risk_custom_risk"] = testutil.RandSelect("High", "Medium", "Low").(string)
 
 	const opertionalRiskPolicyCustomUnset = `resource "xray_operational_risk_policy" "{{ .resource_name }}" {
 		name = "{{ .policy_name }}"
@@ -394,7 +394,7 @@ func TestAccOperationalRiskPolicy_customCriteria_migration(t *testing.T) {
 	testData["policy_name"] = fmt.Sprintf("terraform-operational-risk-policy-%d", testutil.RandomInt())
 	testData["op_risk_custom_use_and_condition"] = "true"
 	testData["op_risk_custom_is_eol"] = "false"
-	testData["op_risk_custom_risk"] = testutil.RandSelect("high", "medium", "low").(string)
+	testData["op_risk_custom_risk"] = testutil.RandSelect("High", "Medium", "Low").(string)
 	delete(testData, "block_release_bundle_promotion")
 
 	resource.Test(t, resource.TestCase{

diff --git a/pkg/xray/resource/resource_xray_repository_config_test.go b/pkg/xray/resource/resource_xray_repository_config_test.go
@@ -255,8 +255,8 @@ func TestAccRepositoryConfig_JasDisabled_exposures_set(t *testing.T) {
 
 func TestAccRepositoryConfig_RepoConfig_Create_VulnContextualAnalysis(t *testing.T) {
 	jasDisabled := os.Getenv("JFROG_JAS_DISABLED")
-	if strings.ToLower(jasDisabled) == "true" {
-		t.Skipf("Env var JFROG_JAS_DISABLED is set to 'true'")
+	if strings.ToLower(jasDisabled) != "false" {
+		t.Skipf("Env var JFROG_JAS_DISABLED is not set to 'false'")
 	}
 
 	testCase := []struct {
@@ -331,8 +331,8 @@ func testAccRepositoryConfigRepoConfigCreate_VulnContextualAnalysis(packageType,
 
 func TestAccRepositoryConfig_RepoConfigCreate_exposure(t *testing.T) {
 	jasDisabled := os.Getenv("JFROG_JAS_DISABLED")
-	if strings.ToLower(jasDisabled) == "true" {
-		t.Skipf("Env var JFROG_JAS_DISABLED is set to 'true'")
+	if strings.ToLower(jasDisabled) != "false" {
+		t.Skipf("Env var JFROG_JAS_DISABLED is not set to 'false'")
 	}
 
 	testCase := []struct {
@@ -566,6 +566,11 @@ func TestAccRepositoryConfig_Missing_RetentionInDays(t *testing.T) {
 }
 
 func TestAccRepositoryConfig_RepoPathsUpdate(t *testing.T) {
+	jasDisabled := os.Getenv("JFROG_JAS_DISABLED")
+	if strings.ToLower(jasDisabled) == "true" {
+		t.Skipf("Env var JFROG_JAS_DISABLED is set to 'true'")
+	}
+
 	_, fqrn, resourceName := testutil.MkNames("xray-repo-config-", "xray_repository_config")
 	_, _, repoName := testutil.MkNames("generic-local", "artifactory_local_generic_repository")
 

diff --git a/pkg/xray/resource/resource_xray_security_policy.go b/pkg/xray/resource/resource_xray_security_policy.go
@@ -19,6 +19,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
 	"github.com/hashicorp/terraform-plugin-framework/types"
 	"github.com/jfrog/terraform-provider-shared/util"
+	"github.com/samber/lo"
 )
 
 var _ resource.Resource = &SecurityPolicyResource{}
@@ -145,10 +146,16 @@ func (r *SecurityPolicyResource) fromCriteriaAPIModel(ctx context.Context, crite
 
 		exposuresList := types.ListNull(exposuresElementType)
 		if criteraAPIModel.Exposures != nil {
+			var minSeverity *string
+			if criteraAPIModel.Exposures.MinSeverity != nil {
+				s := lo.Capitalize(*criteraAPIModel.Exposures.MinSeverity)
+				minSeverity = &s
+			}
+
 			exposures, d := types.ObjectValue(
 				exposuresAttrType,
 				map[string]attr.Value{
-					"min_severity": types.StringPointerValue(criteraAPIModel.Exposures.MinSeverity),
+					"min_severity": types.StringPointerValue(minSeverity),
 					"secrets":      types.BoolPointerValue(criteraAPIModel.Exposures.Secrets),
 					"applications": types.BoolPointerValue(criteraAPIModel.Exposures.Applications),
 					"services":     types.BoolPointerValue(criteraAPIModel.Exposures.Services),
@@ -310,9 +317,9 @@ var securityPolicyCriteriaBlocks = map[string]schema.Block{
 				"min_severity": schema.StringAttribute{
 					Optional: true,
 					Computed: true,
-					Default:  stringdefault.StaticString("All Severities"),
+					Default:  stringdefault.StaticString("All severities"),
 					Validators: []validator.String{
-						stringvalidator.OneOfCaseInsensitive("All Severities", "Critical", "High", "Medium", "Low"),
+						stringvalidator.OneOf("All severities", "Critical", "High", "Medium", "Low"),
 					},
 					MarkdownDescription: "The minimum security vulnerability severity that will be impacted by the policy. Valid values: `All Severities`, `Critical`, `High`, `Medium`, `Low`",
 				},
@@ -365,7 +372,7 @@ var securityPolicyCriteriaAttrs = map[string]schema.Attribute{
 	"min_severity": schema.StringAttribute{
 		Optional: true,
 		Validators: []validator.String{
-			stringvalidator.OneOfCaseInsensitive("All Severities", "Critical", "High", "Medium", "Low"),
+			stringvalidator.OneOf("All severities", "Critical", "High", "Medium", "Low"),
 			stringvalidator.ConflictsWith(
 				path.MatchRelative().AtParent().AtName("cvss_range"),
 			),
@@ -438,7 +445,7 @@ var securityPolicyCriteriaAttrs = map[string]schema.Attribute{
 	"package_type": schema.StringAttribute{
 		Optional: true,
 		Validators: []validator.String{
-			stringvalidator.OneOfCaseInsensitive(validPackageTypesSupportedXraySecPolicies...),
+			stringvalidator.OneOf(validPackageTypesSupportedXraySecPolicies...),
 			stringvalidator.AlsoRequires(
 				path.MatchRelative().AtParent().AtName("package_name"),
 			),

diff --git a/pkg/xray/resource/resource_xray_security_policy_test.go b/pkg/xray/resource/resource_xray_security_policy_test.go
@@ -859,7 +859,7 @@ func TestAccSecurityPolicy_exposures(t *testing.T) {
 	testData["resource_name"] = resourceName
 	testData["policy_name"] = fmt.Sprintf("terraform-security-policy-6-%d", testutil.RandomInt())
 	testData["rule_name"] = fmt.Sprintf("test-security-rule-6-%d", testutil.RandomInt())
-	testData["exposures_min_severity"] = "high"
+	testData["exposures_min_severity"] = "High"
 	testData["exposures_secrets"] = "true"
 	testData["exposures_applications"] = "true"
 	testData["exposures_services"] = "true"

diff --git a/pkg/xray/resource/resource_xray_violations_report.go b/pkg/xray/resource/resource_xray_violations_report.go
@@ -155,7 +155,7 @@ var violationsFiltersAttrs = map[string]schema.Attribute{
 		Optional: true,
 		Validators: []validator.String{
 			stringvalidator.LengthAtLeast(1),
-			stringvalidator.OneOfCaseInsensitive("security", "license", "operational_risk"),
+			stringvalidator.OneOf("security", "license", "operational_risk"),
 		},
 		Description: "Violation type.",
 	},

diff --git a/pkg/xray/resource/resource_xray_watch.go b/pkg/xray/resource/resource_xray_watch.go
@@ -575,7 +575,7 @@ func (r *WatchResource) Schema(ctx context.Context, req resource.SchemaRequest,
 						"type": schema.StringAttribute{
 							Required: true,
 							Validators: []validator.String{
-								stringvalidator.OneOfCaseInsensitive(supportedResourceTypes...),
+								stringvalidator.OneOf(supportedResourceTypes...),
 							},
 							Description: fmt.Sprintf("Type of resource to be watched. Options: %s.", strings.Join(supportedResourceTypes, ", ")),
 						},
@@ -592,7 +592,7 @@ func (r *WatchResource) Schema(ctx context.Context, req resource.SchemaRequest,
 						"repo_type": schema.StringAttribute{
 							Optional: true,
 							Validators: []validator.String{
-								stringvalidator.OneOfCaseInsensitive("local", "remote"),
+								stringvalidator.OneOf("local", "remote"),
 							},
 							Description: "Type of repository. Only applicable when `type` is `repository`. Options: `local` or `remote`.",
 						},
@@ -604,7 +604,7 @@ func (r *WatchResource) Schema(ctx context.Context, req resource.SchemaRequest,
 									"type": schema.StringAttribute{
 										Required: true,
 										Validators: []validator.String{
-											stringvalidator.OneOfCaseInsensitive("regex", "path-regex", "package-type", "mime-type"),
+											stringvalidator.OneOf("regex", "path-regex", "package-type", "mime-type"),
 										},
 										Description: "The type of filter, such as `regex`, `path-regex`, `package-type`, or `mime-type`",
 									},
@@ -668,7 +668,7 @@ func (r *WatchResource) Schema(ctx context.Context, req resource.SchemaRequest,
 									"type": schema.StringAttribute{
 										Required: true,
 										Validators: []validator.String{
-											stringvalidator.OneOfCaseInsensitive("property"),
+											stringvalidator.OneOf("property"),
 										},
 										Description: "The type of filter. Currently only support `property`",
 									},
@@ -706,7 +706,7 @@ func (r *WatchResource) Schema(ctx context.Context, req resource.SchemaRequest,
 						"type": schema.StringAttribute{
 							Required: true,
 							Validators: []validator.String{
-								stringvalidator.OneOfCaseInsensitive("security", "license", "operational_risk"),
+								stringvalidator.OneOf("security", "license", "operational_risk"),
 							},
 
 							Description: "The type of the policy - security, license or operational risk",