From e61088f086e14922ae6726efdbc3ddfb79b4c8c6 Mon Sep 17 00:00:00 2001 From: Bartosz Blizniak Date: Fri, 9 Aug 2024 14:04:11 +0100 Subject: [PATCH 1/3] ceng-319-terraform-handle-max-char-limit-for-service-account-resource --- cloudsmith/resource_service.go | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/cloudsmith/resource_service.go b/cloudsmith/resource_service.go index 73543d2..8aefee6 100644 --- a/cloudsmith/resource_service.go +++ b/cloudsmith/resource_service.go @@ -269,10 +269,13 @@ func resourceService() *schema.Resource { Schema: map[string]*schema.Schema{ "description": { - Type: schema.TypeString, - Description: "A description of the service's purpose.", - Optional: true, - ValidateFunc: validation.StringIsNotEmpty, + Type: schema.TypeString, + Description: "A description of the service's purpose.", + Optional: true, + ValidateFunc: validation.All( + validation.StringIsNotEmpty, + validation.StringLenBetween(0, 140), + ), }, "key": { Type: schema.TypeString, @@ -281,10 +284,13 @@ func resourceService() *schema.Resource { Sensitive: true, }, "name": { - Type: schema.TypeString, - Description: "A descriptive name for the service.", - Required: true, - ValidateFunc: validation.StringIsNotEmpty, + Type: schema.TypeString, + Description: "A descriptive name for the service.", + Required: true, + ValidateFunc: validation.All( + validation.StringIsNotEmpty, + validation.StringLenBetween(1, 40), + ), }, "organization": { Type: schema.TypeString, From 9c813fdd75455145ac0c569ebf51056720502c1a Mon Sep 17 00:00:00 2001 From: Bartosz Blizniak Date: Fri, 9 Aug 2024 14:19:56 +0100 Subject: [PATCH 2/3] ceng-317-terraform-handle-upstream-trailing-slash-url --- cloudsmith/resource_repository_upstream.go | 19 +++++++++++++++---- docs/resources/repository.md | 2 ++ docs/resources/repository_upstream.md | 2 +- 3 files changed, 18 insertions(+), 5 deletions(-) diff --git a/cloudsmith/resource_repository_upstream.go b/cloudsmith/resource_repository_upstream.go index 3eb2edb..fd04173 100644 --- a/cloudsmith/resource_repository_upstream.go +++ b/cloudsmith/resource_repository_upstream.go @@ -835,6 +835,14 @@ func resourceRepositoryUpstreamDelete(d *schema.ResourceData, m interface{}) err return nil } +func validateUpstreamUrl(v interface{}, k string) (warnings []string, errors []error) { + valueStr := v.(string) + if len(valueStr) > 0 && valueStr[len(valueStr)-1] == '/' { + errors = append(errors, fmt.Errorf("%q cannot end with a trailing slash", k)) + } + return +} + func resourceRepositoryUpstream() *schema.Resource { return &schema.Resource{ Create: resourceRepositoryUpstreamCreate, @@ -987,10 +995,13 @@ func resourceRepositoryUpstream() *schema.Resource { ValidateFunc: validation.StringInSlice(upstreamTypes, false), }, UpstreamUrl: { - Type: schema.TypeString, - Description: "The URL for this upstream source. This must be a fully qualified URL including any path elements required to reach the root of the repository.", - Required: true, - ValidateFunc: validation.StringIsNotEmpty, + Type: schema.TypeString, + Description: "The URL for this upstream source. This must be a fully qualified URL including any path elements required to reach the root of the repository.", + Required: true, + ValidateFunc: validation.All( + validation.StringIsNotEmpty, + validateUpstreamUrl, + ), }, VerifySsl: { Type: schema.TypeBool, diff --git a/docs/resources/repository.md b/docs/resources/repository.md index b343bb2..05b0635 100644 --- a/docs/resources/repository.md +++ b/docs/resources/repository.md @@ -61,7 +61,9 @@ resource "cloudsmith_repository" "my_repository" { * `us-ohio` - Ohio, United States * `ie-dublin` - Dublin, Ireland * `strict_npm_validation` - (Optional) If set to `true`, npm packages will be validated strictly to ensure the package matches specifcation. You can turn this off if you have packages that are old or otherwise mildly off-spec, but we can't guarantee the packages will work with npm-cli or other tooling correctly. Turn off at your own risk! +* `tag_pre_releases_as_latest` - (Default `false`) If `true`, packages pushed with a pre-release component on that version will be marked with the 'latest' tag. Note that if unchecked, a repository containing ONLY pre-release versions, will have no version marked latest which may cause incompatibility with native tools * `use_debian_labels` - (Optional) If set to `true`, a 'Label' field will be present in Debian-based repositories. It will contain a string that identifies the entitlement token used to authenticate the repository, in the form of 'source=t-'; or 'source=none' if no token was used. You can use this to help with pinning. +* `use_entitlements_privilege` - (Optional) Possible values: `Read`, `Write`, `Admin`. This defines the minimum level of privilege required for a user to see/use entitlement tokens with private repositories. If a user does not have the permission, they will only be able to download packages using other credentials, such as email/password via basic authentication. Use this if you want to force users to only use their user-based token, which is tied to their access (if removed, they can't use it). * `use_default_cargo_upstream` - (Optional) If set to `true`, dependencies of uploaded Cargo crates which do not set an explicit value for \"registry\" will be assumed to be available from crates.io. If unset to `true`, dependencies with unspecified \"registry\" values will be assumed to be available in the registry being uploaded to. Uncheck this if you want to ensure that dependencies are only ever installed from Cloudsmith unless explicitly specified as belong to another registry. * `use_noarch_packages` - (Optional) If set to `true`, noarch packages (if supported) are enabled in installations/configurations. A noarch package is one that is not tied to specific system architecture (like i686). * `use_source_packages` - (Optional) If set to `true`, source packages (if supported) are enabled in installations/configurations. A source package is one that contains source code rather than built binaries. diff --git a/docs/resources/repository_upstream.md b/docs/resources/repository_upstream.md index 745d395..be84c1b 100644 --- a/docs/resources/repository_upstream.md +++ b/docs/resources/repository_upstream.md @@ -202,7 +202,7 @@ The following arguments are supported: | `repository` | Y | string | N/A | The Repository to which the upstream belongs. | | `upstream_distribution` | N | string | N/A | Used only in conjunction with an `upstream_type` of `"deb"` to declare the [distribution](https://wiki.debian.org/DebianRepository/Format#Overview) to fetch from the upstream. | | `upstream_type` | Y | string | `"dart"`
`"deb"`
`"docker"`
`"helm"`
`"maven"`
`"npm"`
`"nuget"`
`"python"`
`"rpm"`
`"ruby"` | The type of Upstream. | -| `upstream_url` | Y | string | N/A | The URL for this upstream source. This must be a fully qualified URL including any path elements required to reach the root of the repository. | +| `upstream_url` | Y | string | N/A | The URL for this upstream source. This must be a fully qualified URL including any path elements required to reach the root of the repository. The URL cannot end with a trailing slash. | | `verify_ssl` | N | bool | N/A | If enabled, SSL certificates are verified when requests are made to this upstream. It's recommended to leave this enabled for all public sources to help mitigate Man-In-The-Middle (MITM) attacks. Please note this only applies to HTTPS upstreams. | ## Import From 2109386b5e7c9e9f3514e2bf89240e31f0ae9232 Mon Sep 17 00:00:00 2001 From: Bartosz Blizniak Date: Fri, 9 Aug 2024 14:34:45 +0100 Subject: [PATCH 3/3] ceng-318-terraform-improve-error-handling-around-upstream-creation --- cloudsmith/resource_repository_upstream.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cloudsmith/resource_repository_upstream.go b/cloudsmith/resource_repository_upstream.go index fd04173..3719ed4 100644 --- a/cloudsmith/resource_repository_upstream.go +++ b/cloudsmith/resource_repository_upstream.go @@ -364,6 +364,10 @@ func resourceRepositoryUpstreamCreate(d *schema.ResourceData, m interface{}) err } if err != nil { + if resp != nil && resp.StatusCode == http.StatusInternalServerError { + // Until we handle this better in API response we have to assume that this is the issue + return fmt.Errorf("this `upstream_url` might be already configured for this repository. %w", err) + } return err }