Merge pull request #928 from jfrog/GH-927-add-password-expire-policy-…

…resource

Add password expire policy and user lock policy resources

CHANGELOG.md

@@ -1,3 +1,11 @@
+## 10.5.0 (Apr 9, 2024)
+
+FEATURES:
+
+* **New Resource:** `artifactory_password_expiration_policy` and `artifactory_user_lock_policy`
+
+Issue: [#927](https://github.com/jfrog/terraform-provider-artifactory/issues/927) PR: [#928](https://github.com/jfrog/terraform-provider-artifactory/pull/928)
+
 ## 10.4.4 (Apr 8, 2024)
 
 BUG FIXES:

docs/resources/password_expiration_policy.md

@@ -0,0 +1,42 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "artifactory_password_expiration_policy Resource - terraform-provider-artifactory"
+subcategory: "Security"
+description: |-
+  Provides an Artifactory Password Expiration Policy resource.
+---
+
+# artifactory_password_expiration_policy (Resource)
+
+Provides an Artifactory Password Expiration Policy resource.
+
+## Example Usage
+
+```terraform
+resource "artifactory_password_expiration_policy" "my-password-expiration-policy" {
+  name = "my-password-expiration-policy"
+  enabled = true
+  password_max_age = 120
+  notify_by_email = true
+}
+```
+
+## Argument reference
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `enabled` (Boolean) Enable Password Expiration Policy. This only applies to internal user passwords.
+- `name` (String) Name of the resource. Only used for importing.
+- `notify_by_email` (Boolean) Send mail notification before password expiration. Users will receive an email notification X days before password will expire. Mail server must be enabled and configured correctly.
+- `password_max_age` (Number) Password expires every N days. The time interval in which users will be obligated to change their password.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import artifactory_password_expiration_policy.my-password-expiration-policy my-password-expiration-policy
+```

docs/resources/user_lock_policy.md

@@ -0,0 +1,40 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "artifactory_user_lock_policy Resource - terraform-provider-artifactory"
+subcategory: "Security"
+description: |-
+  Provides an Artifactory User Lock Policy resource.
+---
+
+# artifactory_user_lock_policy (Resource)
+
+Provides an Artifactory User Lock Policy resource.
+
+## Example Usage
+
+```terraform
+resource "artifactory_user_lock_policy" "my-user-lock-policy" {
+  name = "my-user-lock-policy"
+  enabled = true
+  login_attempts = 10
+}
+```
+
+## Argument reference
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `enabled` (Boolean) Enable User Lock Policy. Lock user after exceeding max failed login attempts.
+- `login_attempts` (Number) Max failed login attempts.
+- `name` (String) Name of the resource. Only used for importing.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import artifactory_user_lock_policy.my-user-lock-policy my-user-lock-policy
+```

examples/resources/artifactory_password_expiration_policy/import.sh

@@ -0,0 +1 @@
+terraform import artifactory_password_expiration_policy.my-password-expiration-policy my-password-expiration-policy

examples/resources/artifactory_password_expiration_policy/resource.tf

@@ -0,0 +1,6 @@
+resource "artifactory_password_expiration_policy" "my-password-expiration-policy" {
+  name = "my-password-expiration-policy"
+  enabled = true
+  password_max_age = 120
+  notify_by_email = true
+}

examples/resources/artifactory_user_lock_policy/import.sh

@@ -0,0 +1 @@
+terraform import artifactory_user_lock_policy.my-user-lock-policy my-user-lock-policy

examples/resources/artifactory_user_lock_policy/resource.tf

@@ -0,0 +1,5 @@
+resource "artifactory_user_lock_policy" "my-user-lock-policy" {
+  name = "my-user-lock-policy"
+  enabled = true
+  login_attempts = 10
+}

go.mod

@@ -17,7 +17,7 @@ require (
 	github.com/hashicorp/terraform-plugin-mux v0.12.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.30.0
 	github.com/hashicorp/terraform-plugin-testing v1.5.1
-	github.com/jfrog/terraform-provider-shared v1.22.1
+	github.com/jfrog/terraform-provider-shared v1.22.4
 	github.com/samber/lo v1.39.0
 	github.com/sethvargo/go-password v0.2.0
 	github.com/stretchr/testify v1.8.4

go.sum

@@ -135,8 +135,8 @@ github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM=
 github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
-github.com/jfrog/terraform-provider-shared v1.22.1 h1:tGety2oaxUiMB4yrpJ9S+770tDxSIlnD4qpL0y9p+z0=
-github.com/jfrog/terraform-provider-shared v1.22.1/go.mod h1:OozwvfahZU4Q9u3kXdpQI3h/Etrs2DXoouQDrpxB1cQ=
+github.com/jfrog/terraform-provider-shared v1.22.4 h1:WjJKEzFPKgfnQVg0GXE+6x64sSqDWXKkZeHEKW/x+sk=
+github.com/jfrog/terraform-provider-shared v1.22.4/go.mod h1:OozwvfahZU4Q9u3kXdpQI3h/Etrs2DXoouQDrpxB1cQ=
 github.com/jhump/protoreflect v1.15.1 h1:HUMERORf3I3ZdX05WaQ6MIpd/NJ434hTp5YiKgfCL6c=
 github.com/jhump/protoreflect v1.15.1/go.mod h1:jD/2GMKKE6OqX8qTjhADU1e6DShO+gavG9e0Q693nKo=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=

pkg/artifactory/provider/framework.go

@@ -19,7 +19,6 @@ import (
 	"github.com/jfrog/terraform-provider-artifactory/v10/pkg/artifactory/resource/user"
 	"github.com/jfrog/terraform-provider-shared/client"
 	"github.com/jfrog/terraform-provider-shared/util"
-	utilfw "github.com/jfrog/terraform-provider-shared/util/fw"
 	validatorfw_string "github.com/jfrog/terraform-provider-shared/validator/fw/string"
 )
 
@@ -135,8 +134,11 @@ func (p *ArtifactoryProvider) Configure(ctx context.Context, req provider.Config
 	}
 
 	if config.CheckLicense.IsNull() || config.CheckLicense.ValueBool() {
-		if licenseDs := utilfw.CheckArtifactoryLicense(restyBase, "Enterprise", "Commercial", "Edge"); licenseDs != nil {
-			resp.Diagnostics.Append(licenseDs...)
+		if err := util.CheckArtifactoryLicense(restyBase, "Enterprise", "Commercial", "Edge"); err != nil {
+			resp.Diagnostics.AddError(
+				"Error checking Artifactory license",
+				err.Error(),
+			)
 			return
 		}
 	}
@@ -178,6 +180,8 @@ func (p *ArtifactoryProvider) Resources(ctx context.Context) []func() resource.R
 		security.NewDistributionPublicKeyResource,
 		security.NewCertificateResource,
 		security.NewKeyPairResource,
+		security.NewPasswordExpirationPolicyResource,
+		security.NewUserLockPolicyResource,
 		configuration.NewLdapSettingResource,
 		configuration.NewLdapGroupSettingResource,
 		configuration.NewBackupResource,

pkg/artifactory/provider/sdkv2.go

@@ -9,7 +9,6 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	"github.com/jfrog/terraform-provider-shared/client"
 	"github.com/jfrog/terraform-provider-shared/util"
-	utilsdk "github.com/jfrog/terraform-provider-shared/util/sdk"
 	"github.com/jfrog/terraform-provider-shared/validator"
 )
 
@@ -95,14 +94,14 @@ func providerConfigure(ctx context.Context, d *schema.ResourceData, terraformVer
 	// Due to migration from SDK v2 to plugin framework, we have to remove defaults from the provider configuration.
 	// https://discuss.hashicorp.com/t/muxing-upgraded-tfsdk-and-framework-provider-with-default-provider-configuration/43945
 	checkLicense := true
-	v, checkLicenseBoolSet := d.GetOkExists("check_license")
+	v, checkLicenseBoolSet := d.GetOk("check_license")
 	if checkLicenseBoolSet {
 		checkLicense = v.(bool)
 	}
 	if checkLicense {
-		licenseErr := utilsdk.CheckArtifactoryLicense(restyBase, "Enterprise", "Commercial", "Edge")
+		licenseErr := util.CheckArtifactoryLicense(restyBase, "Enterprise", "Commercial", "Edge")
 		if licenseErr != nil {
-			return nil, licenseErr
+			return nil, diag.FromErr(err)
 		}
 	}
 

pkg/artifactory/resource/security/resource_artifactory_group.go

@@ -271,17 +271,23 @@ func (r *ArtifactoryGroupResource) Read(ctx context.Context, req resource.ReadRe
 		SetResult(&group).
 		Get(GroupsEndpoint + data.Id.ValueString())
 
-	// Treat HTTP 404 Not Found status as a signal to recreate resource
-	// and return early
 	if err != nil {
-		if response.StatusCode() == http.StatusNotFound {
-			resp.State.RemoveResource(ctx)
-			return
-		}
 		utilfw.UnableToRefreshResourceError(resp, err.Error())
 		return
 	}
 
+	// Treat HTTP 404 Not Found status as a signal to recreate resource
+	// and return early
+	if response.StatusCode() == http.StatusNotFound {
+		resp.State.RemoveResource(ctx)
+		return
+	}
+
+	if response.IsError() {
+		utilfw.UnableToRefreshResourceError(resp, response.String())
+		return
+	}
+
 	// Convert from the API data model to the Terraform data model
 	// and refresh any attribute values.
 	resp.Diagnostics.Append(data.ToState(ctx, group)...)