Support JFrog Apps Config file

jfrog · Sep 11, 2023 · cc86532 · cc86532
1 parent cc6d3e1
commit cc86532
Show file tree

Hide file tree

Showing 29 changed files with 1,252 additions and 5 deletions.
diff --git a/go.mod b/go.mod
@@ -63,6 +63,7 @@ require (
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/jedib0t/go-pretty/v6 v6.4.7 // indirect
+	github.com/jfrog/jfrog-apps-config v1.0.1 // indirect
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
 	github.com/klauspost/compress v1.16.0 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.3 // indirect
@@ -104,7 +105,7 @@ require (
 	github.com/subosito/gotenv v1.4.2 // indirect
 	github.com/ulikunitz/xz v0.5.9 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
-	github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect
+	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
 	github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 // indirect
@@ -125,7 +126,7 @@ require (
 
 // replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go v1.8.9-0.20230828134416-f0db33dd9344
 
-// replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20230907095444-fd00f19be95d
+replace github.com/jfrog/jfrog-cli-core/v2 => github.com/yahavi/jfrog-cli-core/v2 v2.0.0-20230911151741-846b653d85ef
 
 // replace github.com/jfrog/gofrog => github.com/jfrog/gofrog v1.2.6-0.20230418122323-2bf299dd6d27
 

diff --git a/go.sum b/go.sum
@@ -239,8 +239,8 @@ github.com/jfrog/build-info-go v1.9.10 h1:uXnDLVxpqxoAMpXcki00QaBB+M2BoGMMpHODPk
 github.com/jfrog/build-info-go v1.9.10/go.mod h1:ujJ8XQZMdT2tMkLSMJNyDd1pCY+duwHdjV+9or9FLIg=
 github.com/jfrog/gofrog v1.3.0 h1:o4zgsBZE4QyDbz2M7D4K6fXPTBJht+8lE87mS9bw7Gk=
 github.com/jfrog/gofrog v1.3.0/go.mod h1:IFMc+V/yf7rA5WZ74CSbXe+Lgf0iApEQLxRZVzKRUR0=
-github.com/jfrog/jfrog-cli-core/v2 v2.41.5 h1:+hQs69dXhNrDIDsBlEPcmLgywfkzyKrIsCZtBW486PU=
-github.com/jfrog/jfrog-cli-core/v2 v2.41.5/go.mod h1:HCMfdtCy2B81EF8YiQlsfbG3CsLk/VeqoWGNYoSUz8Q=
+github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYLipdsOFMY=
+github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w=
 github.com/jfrog/jfrog-client-go v1.32.1 h1:RQmuPSLsF5222vZJzwkgHSZMMJF83ExS7SwIvh4P+H8=
 github.com/jfrog/jfrog-client-go v1.32.1/go.mod h1:362+oa7uTTYurzBs1L0dmUTlLo7uhpAU/pwM5Zb9clg=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
@@ -398,8 +398,9 @@ github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+
 github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
 github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
 github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
-github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
+github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
+github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
 github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
@@ -408,6 +409,8 @@ github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 h1:nIPpBwaJSVYIxUFsDv3M8ofm
 github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMxjDjgmT5uz5wzYJKVo23qUhYTos=
 github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 h1:QldyIu/L63oPpyvQmHgvgickp1Yw510KJOqX7H24mg8=
 github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778/go.mod h1:2MuV+tbUrU1zIOPMxZ5EncGwgmMJsa+9ucAQZXxsObs=
+github.com/yahavi/jfrog-cli-core/v2 v2.0.0-20230911151741-846b653d85ef h1:/Y7F87wLIXWwryq7leienRC+c1o45clmpXN62WEfzTM=
+github.com/yahavi/jfrog-cli-core/v2 v2.0.0-20230911151741-846b653d85ef/go.mod h1:wr4JbcD23UAihZwYvZpP5A3F2NvInK2efsTKIuA41jg=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=

diff --git a/testdata/xray/jas-config/.jfrog/jfrog-apps-config.yml b/testdata/xray/jas-config/.jfrog/jfrog-apps-config.yml
@@ -0,0 +1,11 @@
+version: "1.0"
+
+modules:
+  - source_root: "."
+    scanners:
+      secrets:
+        exclude_patterns:
+          - "**/*secret_generic*/**"
+      iac:
+        exclude_patterns:
+          - "**/*gcp*/**"
diff --git a/testdata/xray/jas-config/iac/azure/vpc/module.tf b/testdata/xray/jas-config/iac/azure/vpc/module.tf
@@ -0,0 +1,116 @@
+
+#Azure Generic vNet Module
+resource "azurerm_resource_group" "network" {
+  count    = var.module_enabled ? 1 : 0
+  name     = var.short_region != " " ? var.short_region : "${var.deploy_name}-${var.region}"
+  location = var.region
+
+  tags = {
+    environment = var.environment
+  }
+}
+
+resource "azurerm_virtual_network" "vnet" {
+  count               = var.module_enabled ? 1 : 0
+  name                = "${var.deploy_name}-${var.region}"
+  location            = var.region
+  address_space       = [var.vpc_cidr]
+  resource_group_name = azurerm_resource_group.network[0].name
+
+  tags = {
+    environment = var.environment
+    costcenter  = "${var.deploy_name}-${var.region}"
+  }
+}
+
+resource "azurerm_subnet" "subnet" {
+  count                = var.module_enabled ? length(var.subnet_names) : 0
+  name                 = var.subnet_names[count.index]
+  virtual_network_name = azurerm_virtual_network.vnet[0].name
+  resource_group_name  = azurerm_resource_group.network[0].name
+  address_prefixes     = [var.subnet_prefixes[count.index]]
+#  service_endpoints = [
+#    "Microsoft.KeyVault"
+#  ]
+
+  dynamic "delegation"{
+    for_each =var.subnet_names[count.index] == "flexible-dbs" ? ["exec"] : []
+    content { 
+      name = "dlg-Microsoft.DBforPostgreSQL-flexibleServers"
+      service_delegation {
+        name = "Microsoft.DBforPostgreSQL/flexibleServers"
+         actions = [
+        "Microsoft.Network/virtualNetworks/subnets/join/action"
+      ]
+    }
+  }
+  }
+
+  enforce_private_link_endpoint_network_policies = var.subnet_names[count.index] == "data"
+  enforce_private_link_service_network_policies = var.subnet_names[count.index] == "private" && var.enforce_pl_svc_net_private
+  lifecycle {
+    ignore_changes = [
+      service_endpoints,
+      delegation[0].name
+    ]
+  }
+}
+
+
+resource "azurerm_private_dns_zone" "postgres_private_dns" {
+  count               = var.module_enabled ? 1 : 0
+  name                = "privatelink.postgres.database.azure.com"
+  resource_group_name = azurerm_resource_group.network[0].name
+}
+
+resource "random_string" "postgres_private_dns_net_link_name" {
+  count   = var.module_enabled ? 1 : 0
+  length  = 8
+  special = false
+  number  = false
+  upper   = false
+}
+
+resource "azurerm_private_dns_zone_virtual_network_link" "postgres_private_dns_net_link" {
+  count                 = var.module_enabled ? 1 : 0
+  name                  = random_string.postgres_private_dns_net_link_name[0].result
+  resource_group_name   = azurerm_resource_group.network[0].name
+  private_dns_zone_name = azurerm_private_dns_zone.postgres_private_dns[0].name
+  virtual_network_id    = azurerm_virtual_network.vnet[0].id
+}
+
+//resource "azurerm_network_security_group" "nsg" {
+//  count               = "${var.module_enabled ? length(var.subnet_names) : 0}"
+//  name                = "${var.subnet_names[count.index]}-sg"
+//  location            = "${var.region}"
+//  resource_group_name = "${var.deploy_name}-${var.region}"
+//}
+//
+//resource "azurerm_subnet_network_security_group_association" "nsg" {
+//  count                     = "${var.module_enabled ? length(var.subnet_names) : 0}"
+//  subnet_id                 = "${element(azurerm_subnet.subnet.*.id, count.index)}"
+//  network_security_group_id = "${element(azurerm_network_security_group.nsg.*.id, count.index)}"
+//}
+//resource "azurerm_subnet_route_table_association" "nat" {
+//  count          = "${var.module_enabled ? length(var.nat_subnets) : 0}"
+//  subnet_id      = "${element(azurerm_subnet.subnet.*.id, count.index + 1)}"
+//  route_table_id = "${azurerm_route_table.nattable.id}"
+//}
+# UDR
+//resource "azurerm_route_table" "nattable" {
+//  count               = "${var.module_enabled}"
+//  name                 = "${var.deploy_name}-${var.region}"
+//  location             = "${var.region}"
+//  resource_group_name  = "${azurerm_resource_group.network.name}"
+//
+//  route {
+//    name           = "all-traffic-via-nat"
+//    address_prefix = "0.0.0.0/0"
+//    next_hop_type  = "VirtualAppliance"
+//    next_hop_in_ip_address = "${var.natgw_private_ip}"
+//  }
+//
+//  tags = {
+//    environment = "${var.environment}"
+//  }
+//}
diff --git a/testdata/xray/jas-config/iac/azure/vpc/outputs.tf b/testdata/xray/jas-config/iac/azure/vpc/outputs.tf
@@ -0,0 +1,79 @@
+##################################################################################
+# OUTPUT
+##################################################################################
+
+output "resource_group_id" {
+  value = azurerm_resource_group.network[0].id
+}
+
+output "resource_group_name" {
+  value = azurerm_resource_group.network[0].name
+}
+
+output "vnet_id" {
+  value = element(concat(azurerm_virtual_network.vnet.*.id, [""]), 0)
+}
+
+output "vnet_location" {
+  value = element(concat(azurerm_virtual_network.vnet.*.location, [""]), 0)
+}
+
+output "vnet_name" {
+  value = element(concat(azurerm_virtual_network.vnet.*.name, [""]), 0)
+}
+
+output "private_dns_id" {
+  value = element(
+    concat(azurerm_private_dns_zone.postgres_private_dns.*.id, [""]),
+    0,
+  )
+}
+
+output "private_dns_name" {
+  value = element(
+    concat(azurerm_private_dns_zone.postgres_private_dns.*.name, [""]),
+    0,
+  )
+}
+
+//output "vnet_subnets" {
+//  value       = "${azurerm_subnet.subnet.*.id}"
+//}
+
+### subnets ids ###
+output "public_subnet" {
+  value = element(concat(azurerm_subnet.subnet.*.id, [""]), 0)
+}
+
+output "private_subnet" {
+  value = element(concat(azurerm_subnet.subnet.*.id, [""]), 1)
+}
+output "flexible_subnet" {
+ value = element(concat(azurerm_subnet.subnet.*.id, [""]), 4)
+}
+output "data_subnet" {
+  value = element(concat(azurerm_subnet.subnet.*.id, [""]), 2)
+}
+
+output "mgmt_subnet" {
+  value = element(concat(azurerm_subnet.subnet.*.id, [""]), 3)
+}
+
+### subnets names ###
+output "public_subnet_name" {
+  value = element(concat(azurerm_subnet.subnet.*.name, [""]), 0)
+}
+
+output "private_subnet_name" {
+  value = element(concat(azurerm_subnet.subnet.*.name, [""]), 1)
+}
+
+output "data_subnet_name" {
+  value = element(concat(azurerm_subnet.subnet.*.name, [""]), 2)
+}
+
+output "mgmt_subnet_name" {
+  value = element(concat(azurerm_subnet.subnet.*.name, [""]), 3)
+}
+
+
diff --git a/testdata/xray/jas-config/iac/azure/vpc/variables.tf b/testdata/xray/jas-config/iac/azure/vpc/variables.tf
@@ -0,0 +1,39 @@
+variable "module_enabled" {
+  default = true
+}
+
+variable "region" {
+}
+
+variable "deploy_name" {
+}
+
+variable "vpc_cidr" {
+}
+
+variable "short_region" {
+  default = " "
+}
+
+variable "subnet_prefixes" {
+  type = list(string)
+}
+
+variable "ssh_source_ranges" {
+  type = list(string)
+}
+
+variable "environment" {
+}
+
+variable "subnet_names" {
+  type = list(string)
+}
+
+variable "enforce_pl_svc_net_private" {
+  default = false
+}
+//variable "natgw_private_ip" {}
+//variable "nat_subnets" {
+//  type = "list"
+//}
diff --git a/testdata/xray/jas-config/iac/azure/vpc/versions.tf b/testdata/xray/jas-config/iac/azure/vpc/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+  required_version = ">= 0.12"
+}
diff --git a/testdata/xray/jas-config/iac/azure/vpc_pp/module.tf b/testdata/xray/jas-config/iac/azure/vpc_pp/module.tf
@@ -0,0 +1,34 @@
+
+#Azure Generic vNet Module
+resource "azurerm_resource_group" "network" {
+  count    = var.module_enabled ? 1 : 0
+  name     = var.short_region != " " ? var.short_region : "${var.deploy_name}-${var.region}"
+  location = var.region
+
+  tags = {
+    environment = var.environment
+  }
+}
+
+resource "azurerm_virtual_network" "vnet" {
+  count               = var.module_enabled ? 1 : 0
+  name                = "${var.deploy_name}-${var.region}"
+  location            = var.region
+  address_space       = [var.vpc_cidr]
+  resource_group_name = azurerm_resource_group.network[0].name
+
+  tags = {
+    environment = var.environment
+    costcenter  = "${var.deploy_name}-${var.region}"
+  }
+}
+
+resource "azurerm_subnet" "subnet" {
+  count                = var.module_enabled ? length(var.subnet_names) : 0
+  name                 = var.subnet_names[count.index]
+  virtual_network_name = azurerm_virtual_network.vnet[0].name
+  resource_group_name  = azurerm_resource_group.network[0].name
+  address_prefixes     = [var.subnet_prefixes[count.index]]
+  enforce_private_link_endpoint_network_policies = var.subnet_names[count.index] == "private" && var.enforce_private_subnet
+
+}