Update CLA assistant, add full HCL example (RT + Xray) (#21)

* Update CLA assistant

* Removed old link to CLA assistant

* Add comprehensive example HCL with RT and Xray providers to the README.md

* GH issue #22, use singular form in the license API call to support both SaaS and On-Prem instances.

.github/workflows/cla.yml

@@ -1,5 +1,6 @@
 name: "CLA Assistant"
 on:
+  # issue_comment triggers this action on each comment on issues and pull requests
   issue_comment:
     types: [created]
   pull_request_target:
@@ -9,18 +10,24 @@ jobs:
   CLAssistant:
     runs-on: ubuntu-latest
     steps:
+      - uses: actions-ecosystem/action-regex-match@v2
+        id: sign-or-recheck
+        with:
+          text: ${{ github.event.comment.body }}
+          regex: '\s*(I have read the CLA Document and I hereby sign the CLA)|(recheckcla)\s*'
+
       - name: "CLA Assistant"
-        if: (github.event.comment.body == 'recheckcla' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
+        if: ${{ steps.sign-or-recheck.outputs.match != '' || github.event_name == 'pull_request_target' }}
         # Alpha Release
-        uses: cla-assistant/github-action@v2.0.1-alpha
+        uses: cla-assistant/github-action@v2.1.1-beta
         env:
           # Generated and maintained by github
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           # JFrog organization secret
           PERSONAL_ACCESS_TOKEN : ${{ secrets.CLA_SIGN_TOKEN }}
         with:
           path-to-signatures: 'signed_clas.json'
-          path-to-cla-document: 'https://jfrog.com/cla/'
+          path-to-document: 'https://jfrog.com/cla/'
           remote-organization-name: 'jfrog'
           remote-repository-name: 'jfrog-signed-clas'
           # branch should not be protected

README.md

@@ -9,6 +9,299 @@ To use this provider in your Terraform module, follow the documentation [here](h
 
 [Xray API Documentation](https://www.jfrog.com/confluence/display/JFROG/Xray+REST+API)
 
+## Quick Start
+
+Create a new Terraform file with `xray` resource (and `artifactory` resource as well):
+
+<details><summary>HCL Example</summary>
+
+```terraform
+# Required for Terraform 0.13 and up (https://www.terraform.io/upgrade-guides/0-13.html)
+terraform {
+  required_providers {
+    artifactory = {
+      source  = "registry.terraform.io/jfrog/artifactory"
+      version = "2.6.24"
+    }
+    xray = {
+      source  = "registry.terraform.io/jfrog/xray"
+      version = "0.0.1"
+    }
+  }
+}
+provider "artifactory" {
+  // supply ARTIFACTORY_USERNAME, ARTIFACTORY_PASSWORD and ARTIFACTORY_URL as env vars
+}
+
+provider "xray" {
+// Also user can supply the following env vars:
+// JFROG_URL or XRAY_URL
+// XRAY_ACCESS_TOKEN or JFROG_ACCESS_TOKEN
+}
+
+resource "random_id" "randid" {
+  byte_length = 2
+}
+
+resource "artifactory_user" "user1" {
+  name     = "user1"
+  email    = "[email protected]"
+  groups   = ["readers"]
+  password = "Passw0rd!"
+}
+
+resource "artifactory_local_docker_v2_repository" "docker-local" {
+  key             = "docker-local"
+  description     = "hello docker-local"
+  tag_retention   = 3
+  max_unique_tags = 5
+  xray_index = true # must be set to true to be able to assign the watch to the repo
+}
+
+resource "artifactory_local_gradle_repository" "local-gradle-repo" {
+  key                             = "local-gradle-repo-basic"
+  checksum_policy_type            = "client-checksums"
+  snapshot_version_behavior       = "unique"
+  max_unique_snapshots            = 10
+  handle_releases                 = true
+  handle_snapshots                = true
+  suppress_pom_consistency_checks = true
+  xray_index = true # must be set to true to be able to assign the watch to the repo
+}
+
+resource "xray_security_policy" "security1" {
+  name        = "test-security-policy-severity-${random_id.randid.dec}"
+  description = "Security policy description"
+  type        = "security"
+
+  rule {
+    name     = "rule-name-severity"
+    priority = 1
+
+    criteria {
+      min_severity = "High"
+    }
+
+    actions {
+      webhooks = []
+      mails    = ["[email protected]"]
+      block_release_bundle_distribution  = true
+      fail_build                         = true
+      notify_watch_recipients            = true
+      notify_deployer                    = true
+      create_ticket_enabled              = false // set to true only if Jira integration is enabled
+      build_failure_grace_period_in_days = 5     // use only if fail_build is enabled
+
+      block_download {
+        unscanned = true
+        active    = true
+      }
+    }
+  }
+}
+
+resource "xray_security_policy" "security2" {
+  name        = "test-security-policy-cvss-${random_id.randid.dec}"
+  description = "Security policy description"
+  type        = "security"
+
+  rule {
+    name     = "rule-name-cvss"
+    priority = 1
+
+    criteria {
+
+      cvss_range {
+        from = 1.5
+        to   = 5.3
+      }
+    }
+
+    actions {
+      webhooks = []
+      mails    = ["[email protected]"]
+      block_release_bundle_distribution  = true
+      fail_build                         = true
+      notify_watch_recipients            = true
+      notify_deployer                    = true
+      create_ticket_enabled              = false // set to true only if Jira integration is enabled
+      build_failure_grace_period_in_days = 5     // use only if fail_build is enabled
+
+      block_download {
+        unscanned = true
+        active    = true
+      }
+    }
+  }
+}
+
+resource "xray_license_policy" "license1" {
+  name        = "test-license-policy-allowed-${random_id.randid.dec}"
+  description = "License policy, allow certain licenses"
+  type        = "license"
+
+  rule {
+    name     = "License_rule"
+    priority = 1
+
+    criteria {
+      allowed_licenses         = ["Apache-1.0", "Apache-2.0"]
+      allow_unknown            = false
+      multi_license_permissive = true
+    }
+
+    actions {
+      webhooks = []
+      mails    = ["[email protected]"]
+      block_release_bundle_distribution  = false
+      fail_build                         = true
+      notify_watch_recipients            = true
+      notify_deployer                    = true
+      create_ticket_enabled              = false // set to true only if Jira integration is enabled
+      custom_severity                    = "High"
+      build_failure_grace_period_in_days = 5 // use only if fail_build is enabled
+
+      block_download {
+        unscanned = true
+        active    = true
+      }
+    }
+  }
+}
+
+resource "xray_license_policy" "license2" {
+  name        = "test-license-policy-banned-${random_id.randid.dec}"
+  description = "License policy, block certain licenses"
+  type        = "license"
+
+  rule {
+    name     = "License_rule"
+    priority = 1
+
+    criteria {
+      banned_licenses          = ["Apache-1.1", "APAFML"]
+      allow_unknown            = false
+      multi_license_permissive = false
+    }
+
+    actions {
+      webhooks = []
+      mails    = ["[email protected]"]
+      block_release_bundle_distribution  = false
+      fail_build                         = true
+      notify_watch_recipients            = true
+      notify_deployer                    = true
+      create_ticket_enabled              = false // set to true only if Jira integration is enabled
+      custom_severity                    = "Medium"
+      build_failure_grace_period_in_days = 5 // use only if fail_build is enabled
+
+      block_download {
+        unscanned = true
+        active    = true
+      }
+    }
+  }
+}
+
+resource "xray_watch" "all-repos" {
+  name        = "all-repos-watch-${random_id.randid.dec}"
+  description = "Watch for all repositories, matching the filter"
+  active      = true
+
+  watch_resource {
+    type = "all-repos"
+
+    filter {
+      type  = "regex"
+      value = ".*"
+    }
+  }
+
+  assigned_policy {
+    name = xray_security_policy.security1.name
+    type = "security"
+  }
+
+  assigned_policy {
+    name = xray_license_policy.license1.name
+    type = "license"
+  }
+  watch_recipients = ["[email protected]", "[email protected]"]
+}
+
+resource "xray_watch" "repository" {
+  name        = "repository-watch-${random_id.randid.dec}"
+  description = "Watch a single repo or a list of repositories"
+  active      = true
+
+  watch_resource {
+    type       = "repository"
+    bin_mgr_id = "default"
+    name       = artifactory_local_docker_v2_repository.docker-local.key
+
+    filter {
+      type  = "regex"
+      value = ".*"
+    }
+  }
+
+  watch_resource {
+    type       = "repository"
+    bin_mgr_id = "default"
+    name       = artifactory_local_gradle_repository.local-gradle-repo.key
+
+    filter {
+      type  = "package-type"
+      value = "Docker"
+    }
+  }
+
+  assigned_policy {
+    name = xray_security_policy.security1.name
+    type = "security"
+  }
+
+  assigned_policy {
+    name = xray_license_policy.license1.name
+    type = "license"
+  }
+
+  watch_recipients = ["[email protected]", "[email protected]"]
+}
+
+resource "xray_watch" "build" {
+  name        = "build-watch-${random_id.randid.dec}"
+  description = "Watch a single build or a list of builds"
+  active      = true
+
+  watch_resource {
+    type       = "build"
+    bin_mgr_id = "default"
+    name       = "your-build-name"
+  }
+
+  watch_resource {
+    type       = "build"
+    bin_mgr_id = "default"
+    name       = "your-other-build-name"
+  }
+
+  assigned_policy {
+    name = xray_security_policy.security1.name
+    type = "security"
+  }
+  assigned_policy {
+    name = xray_license_policy.license1.name
+    type = "license"
+  }
+
+  watch_recipients = ["[email protected]", "[email protected]"]
+}
+```
+
+
+</details>
+
 
 ## Release notes for v0.0.1
 Xray provider was separated from Artifactory provider. The most notable differences in the new Xray provider: 
@@ -101,8 +394,6 @@ entitled to contribute the code/documentation/translation to the project
 and is willing to have it used in distributions and derivative works
 (or is willing to transfer ownership).
 
-[Sign the CLA](https://cla-assistant.io/jfrog/terraform-provider-xray)
-
 ## License
 Copyright (c) 2021 JFrog.
 

pkg/xray/provider.go

@@ -155,7 +155,7 @@ func checkArtifactoryLicense(client *resty.Client) error {
 	}
 
 	license := License{}
-	_, err := client.R().SetResult(&license).Get("/artifactory/api/system/licenses/")
+	_, err := client.R().SetResult(&license).Get("/artifactory/api/system/license/")
 	if err != nil {
 		return err
 	}