Validation fails for custom license in `allowed_licenses` for `xray_license_policy`
nbaju1 opened this issue · 2 comments
Describe the bug
A custom license has been added through the portal: Xray Settings -> Compliance Licenses.
Attempting to validate the terraform configuration where this license is added to allowed_licenses of the xray_license_policy resource does not work.
resource "xray_license_policy" "allowed_licenses" {
name = "allowed-licenses"
type = "license"
rule {
name = "allowed-licenses"
priority = 1
criteria {
allowed_licenses = ["custom license"]
allow_unknown = false
}
actions {
custom_severity = "Medium"
block_download {
active = false
unscanned = false
}
}
}
}Error: expected allowed_licenses to be one of ...
Artifactory version: suggested url does not work, getting "Authentication is required"
Xray version: {"xray_version":"3.73.8","xray_revision":"b9b2c47"}
Terraform version: 1.4.2
Requirements for and issue
- A fully functioning terraform snippet that can be copy&pasted (no outside files or ENV vars unless that's part of the issue)
- Your version of Artifactory and Xray (you can
curlArtifactory version at$host/artifactory/api/system/versionand Xray version at
$host/xray/api/v1/system/version - Your version of terraform
Expected behavior
Able to allow usage of a custom license.
Hi @nbaju1! It's a known issue, since we don't have a public API to get a list of licenses from the Artifactory instance, we had to verify the license against the default list of licenses, saved directly in the code beforehand.
The workaround would be to allow users to put free text in that attribute, but the implications are not clear to me. I've reached out to the Xray team and will update you here.
Released in v1.14.0, restrictions are removed from the banned and allowed licenses attributes.