Creating xray_watch resource with ant_filter and empty "exclude_pattern" results in recreating the reource on every run #241
Assignees
Labels
bug
Something isn't working
Comments
|
@jan-huso If you wish to have an empty patterns, have you tried omitting the attribute completely? |
|
@alexhung yes, but I get an error with terraform, that the attribute is required |
|
@jan-huso Thanks! I'll investigate. |
|
@jan-huso Using the following TF configuration, I am able to create the policy and watch without the terraform {
required_providers {
xray = {
source = "jfrog/xray"
version = "2.11.0"
}
}
}
resource "xray_security_policy" "security" {
name = "test-policy"
description = "Security policy description"
type = "security"
rule {
name = "rule-name-severity"
priority = 1
criteria {
min_severity = "High"
}
actions {
mails = ["[email protected]"]
block_download {
unscanned = true
active = true
}
block_release_bundle_distribution = true
fail_build = true
notify_watch_recipients = true
notify_deployer = true
create_ticket_enabled = false
build_failure_grace_period_in_days = 5
}
}
}
resource "xray_watch" "test-watch" {
name = "test-watch"
active = true
watch_resource {
type = "all-builds"
bin_mgr_id = "default"
ant_filter {
include_patterns = ["**/*.js"]
}
}
assigned_policy {
name = xray_security_policy.security.name
type = "security"
}
watch_recipients = [
"[email protected]",
]
}Running this with Terraform 1.9.5, provider 2.11.0, Xray 3.014.10: alexh@alexh-mac terraform-provider-xray % terraform init --upgrade
Initializing the backend...
Initializing provider plugins...
- Finding jfrog/xray versions matching "2.11.0"...
- Installing jfrog/xray v2.11.0...
- Installed jfrog/xray v2.11.0 (signed by a HashiCorp partner, key ID 2FA4D2A520237FA7)
Partner and community providers are signed by their developers.
If you'd like to know more about provider signing, you can read about it here:
https://www.terraform.io/docs/cli/plugins/signing.html
Terraform has made some changes to the provider dependency selections recorded
in the .terraform.lock.hcl file. Review those changes and commit them to your
version control system if they represent changes you intended to make.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
alexh@alexh-mac terraform-provider-xray % terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# xray_security_policy.security will be created
+ resource "xray_security_policy" "security" {
+ author = (known after apply)
+ created = (known after apply)
+ description = "Security policy description"
+ id = (known after apply)
+ modified = (known after apply)
+ name = "test-policy"
+ type = "security"
+ rule {
+ name = "rule-name-severity"
+ priority = 1
+ actions {
+ block_release_bundle_distribution = true
+ block_release_bundle_promotion = false
+ build_failure_grace_period_in_days = 5
+ create_ticket_enabled = false
+ fail_build = true
+ mails = [
+ "[email protected]",
]
+ notify_deployer = true
+ notify_watch_recipients = true
+ webhooks = []
+ block_download {
+ active = true
+ unscanned = true
}
}
+ criteria {
+ applicable_cves_only = false
+ fix_version_dependant = false
+ malicious_package = false
+ min_severity = "High"
+ package_versions = []
+ vulnerability_ids = []
# (2 unchanged attributes hidden)
}
}
}
# xray_watch.test-watch will be created
+ resource "xray_watch" "test-watch" {
+ active = true
+ name = "test-watch"
+ watch_recipients = [
+ "[email protected]",
]
+ assigned_policy {
+ name = "test-policy"
+ type = "security"
}
+ watch_resource {
+ bin_mgr_id = "default"
+ type = "all-builds"
+ ant_filter {
+ include_patterns = [
+ "**/*.js",
]
}
}
}
Plan: 2 to add, 0 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.
alexh@alexh-mac terraform-provider-xray % terraform apply
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# xray_security_policy.security will be created
+ resource "xray_security_policy" "security" {
+ author = (known after apply)
+ created = (known after apply)
+ description = "Security policy description"
+ id = (known after apply)
+ modified = (known after apply)
+ name = "test-policy"
+ type = "security"
+ rule {
+ name = "rule-name-severity"
+ priority = 1
+ actions {
+ block_release_bundle_distribution = true
+ block_release_bundle_promotion = false
+ build_failure_grace_period_in_days = 5
+ create_ticket_enabled = false
+ fail_build = true
+ mails = [
+ "[email protected]",
]
+ notify_deployer = true
+ notify_watch_recipients = true
+ webhooks = []
+ block_download {
+ active = true
+ unscanned = true
}
}
+ criteria {
+ applicable_cves_only = false
+ fix_version_dependant = false
+ malicious_package = false
+ min_severity = "High"
+ package_versions = []
+ vulnerability_ids = []
# (2 unchanged attributes hidden)
}
}
}
# xray_watch.test-watch will be created
+ resource "xray_watch" "test-watch" {
+ active = true
+ name = "test-watch"
+ watch_recipients = [
+ "[email protected]",
]
+ assigned_policy {
+ name = "test-policy"
+ type = "security"
}
+ watch_resource {
+ bin_mgr_id = "default"
+ type = "all-builds"
+ ant_filter {
+ include_patterns = [
+ "**/*.js",
]
}
}
}
Plan: 2 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
xray_security_policy.security: Creating...
xray_security_policy.security: Creation complete after 0s [id=test-policy]
xray_watch.test-watch: Creating...
xray_watch.test-watch: Creation complete after 0s [name=test-watch]
Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
alexh@alexh-mac terraform-provider-xray % terraform plan
xray_security_policy.security: Refreshing state... [id=test-policy]
xray_watch.test-watch: Refreshing state... [name=test-watch]
No changes. Your infrastructure matches the configuration.
Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed. |
|
@jan-huso I repeated the same configuration but with a |
|
@alexhung thx for the example, I will try to reproduce it on my side :) |
|
@alexhung i tested your code and it worked on my side as well. I did not declare my variable as optional. Thx for the help and sorry for the wrong bug report! :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm creating an xray_watch resource and define an include_pattern in the ant_filter. The exclude_pattern should be empty so I use
[].The resource is created succesfully but on every new run tf wants to recreate the watch_resource because the exclude_pattern is "missing".
Tested on TF 1.9.5 and xray 2.11
TF source code:
TF plan after the resource is already created
The text was updated successfully, but these errors were encountered: