Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

harbor_project not detecting changes to some deployment security settings #453

Closed
BlueIce opened this issue Jul 10, 2024 · 3 comments · Fixed by #454
Closed

harbor_project not detecting changes to some deployment security settings #453

BlueIce opened this issue Jul 10, 2024 · 3 comments · Fixed by #454

Comments

@BlueIce
Copy link

BlueIce commented Jul 10, 2024
edited
Loading

Describe the bug

I have a Harbor project which is created via terraform:

resource "harbor_project" "main" {
  name                   = "xxx"
  public                 = false
  vulnerability_scanning = true
  enable_content_trust   = false
  deployment_security    = "high"
  storage_quota          = 20
  force_destroy          = true
}

When the checkbox Prevent vulnerable images from running or the corresponding severity drop-down is changed via UI, the provider does not notice the changes when doing a terraform plan.

To Reproduce

  1. Create a project (see above)
  2. In the Harbor UI go to project configuration. Under "Deployment security" section: Change the severity to Medium, uncheck Prevent vulnerable images from running and the save
  3. Do a terraform plan => Terraform reports no changes detected

Expected behavior

In step 3 from above: Terraform reports changes for the two attributes

Additional context

If you now go on and also change another property (for example uncheck Automatically scan images on push) and again do a terraform plan, only this change will be detected:

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
Terraform will perform the following actions:
  # module.XXXXX_harbor_project.harbor_project.main will be updated in-place
  ~ resource "harbor_project" "main" {
        id                          = "/projects/XXX"
        name                        = "XXXXX"
      ~ vulnerability_scanning      = false -> true
        # (9 unchanged attributes hidden)
    }
Plan: 0 to add, 1 to change, 0 to destroy.

But if you do now a terraform apply, all three properties will be restored.

  • Provider Version 3.10.12
  • Terraform Version 1.5.7
  • Harbor Version 2.11.0
@BlueIce
Copy link
Author

BlueIce commented Jul 10, 2024

I did some digging through the code.
It seems the two attributes are not propagated, when the project is read: https://github.com/goharbor/terraform-provider-harbor/blob/v3.10.12/provider/resource_project.go#L106-L158

flbla added a commit that referenced this issue Jul 11, 2024
@flbla
fixes #453 #452
749daa3
@flbla flbla mentioned this issue Jul 11, 2024
Merged
flbla added a commit that referenced this issue Jul 11, 2024
@flbla
fixes #453 #452
1094f96 
Signed-off-by: flbla <[email protected]>
@flbla
Copy link
Contributor

flbla commented Jul 11, 2024

hi @BlueIce ,
Thank you for the bug report
This will be fixed in the next version

flbla added a commit that referenced this issue Jul 11, 2024
@flbla
fixes #453 #452 (#454)
09b6bd6 
fixes #453 #452

Signed-off-by: flbla <[email protected]>
@BlueIce
Copy link
Author

BlueIce commented Jul 12, 2024

Thanks for looking into this so fast. 😃

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fixes #453 #452 goharbor/terraform-provider-harbor
2 participants
@BlueIce @flbla