fixes #453 #452 (#454)

fixes #453 #452 Signed-off-by: flbla <flbla@users.noreply.github.com>
goharbor · Jul 11, 2024 · 09b6bd6 · 09b6bd6
1 parent b845ce5
commit 09b6bd6
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 6 deletions.
diff --git a/provider/resource_labels.go b/provider/resource_labels.go
@@ -15,7 +15,6 @@ func resourceLabel() *schema.Resource {
 			"name": {
 				Type:     schema.TypeString,
 				Required: true,
-				ForceNew: true,
 			},
 			"description": {
 				Type:     schema.TypeString,

diff --git a/provider/resource_project.go b/provider/resource_project.go
@@ -3,6 +3,7 @@ package provider
 import (
 	"encoding/json"
 	"fmt"
+	"strings"
 
 	"github.com/goharbor/terraform-provider-harbor/client"
 	"github.com/goharbor/terraform-provider-harbor/models"
@@ -42,10 +43,6 @@ func resourceProject() *schema.Resource {
 				Optional: true,
 				Default:  -1,
 			},
-			"deployment_security": {
-				Type:     schema.TypeString,
-				Optional: true,
-			},
 			"cve_allowlist": {
 				Type: schema.TypeList,
 				Elem: &schema.Schema{
@@ -68,7 +65,21 @@ func resourceProject() *schema.Resource {
 				Optional: true,
 				Default:  false,
 			},
-		},
+			"deployment_security": {
+				Type:     schema.TypeString,
+				Optional: true,
+				ValidateFunc: func(val interface{}, key string) (warns []string, errs []error) {
+					v := val.(string)
+					allowedValues := []string{"none", "low", "medium", "high", "critical"}
+					for _, av := range allowedValues {
+						if v == av {
+							return
+						}
+					}
+					errs = append(errs, fmt.Errorf("%q must be one of [%s], got %s", key, strings.Join(allowedValues, ", "), v))
+					return
+				},
+			}},
 		Create: resourceProjectCreate,
 		Read:   resourceProjectRead,
 		Update: resourceProjectUpdate,
@@ -140,6 +151,24 @@ func resourceProjectRead(d *schema.ResourceData, m interface{}) error {
 		return err
 	}
 
+	preventVul, err := client.ParseBoolOrDefault(jsonData.Metadata.PreventVul, false)
+	if err != nil {
+		return err
+	}
+	deployment_security := jsonData.Metadata.Severity
+	preventVulUpdate := false
+	if deployment_security == "none" && preventVul {
+		preventVulUpdate = true
+	} else if deployment_security != "none" && !preventVul {
+		preventVulUpdate = true
+	}
+
+	if preventVulUpdate {
+		d.Set("deployment_security", "")
+	} else {
+		d.Set("deployment_security", deployment_security)
+	}
+
 	d.Set("name", jsonData.Name)
 	d.Set("project_id", jsonData.ProjectID)
 	d.Set("registry_id", jsonData.RegistryID)