xray_ignore_rule doesnt have an update resource function, causes error

[gschaffer-cxn]

Describe the bug
We wanted to change and xray ignore rule to edit the component being edited. The change is very basic just remove the component version

Requirements for and issue
Perform a basic update on a resource

     -  component_name  = "gav://org.yaml:snakeyaml:1.33"
    +  component_name  = "gav://org.yaml:snakeyaml

  # xray_ignore_rule.compontent["IR44"] will be updated in-place
  ~ resource "xray_ignore_rule" "compontent" {
        id         = "doesnt matter"
        # (6 unchanged attributes hidden)
      - component {
          - name = "gav://org.yaml:snakeyaml:1.33" -> null
        }
      + component {
          + name = "gav://org.yaml:snakeyaml"
        }
    }

Expected behavior
Terraform updates the resource

Additional context
Terraform produces an error like this

│ Error: doesn't support update
│ 
│   with xray_ignore_rule.compontent["IR44"],
│   on ignore_rules.tf line 1, in resource "xray_ignore_rule" "compontent":
│    1: resource "xray_ignore_rule" "compontent" {
│ 
╵

My quick investigation produces that ignore_rule doesnt have an update function specified, so if my understanding is correct it causes the error.

terraform-provider-xray/pkg/xray/resource_xray_ignore_rule.go

Line 549 in bc0277c

return &schema.Resource{

The error message is generated when terraform tries to call the update function of that schema https://github.com/hashicorp/terraform/blob/main/internal/legacy/helper/schema/resource.go#L314

[alexhung]

@gschaffer-cxn This is because the Xray API for Ignore Rules do not support update.

I will need to mark the name attribute with ForceNew: true so that when it is changed, Terraform will know to delete the original resource and create a new one.

[gschaffer-cxn]

@alexhung figured its something like this. I was able to use null resource and lfecycle rules to set up a parameterzed ForceNew like behavior, but hope this gets implemented soon.

resource "null_resource" "ignore_rule_trigger" {
  for_each = local.xray_component_ignore_rules
  # Changes to any input variable would require a retrigger
  triggers = {
    notes = each.value.notes
    # trigger requires everything to be string
    cves = join(",", each.value.vulnerabilities)
    component_name = each.value.component_name
  }
}

resource "xray_ignore_rule" "compontent" {
  for_each = local.xray_component_ignore_rules
  # note can be max 255 characters, trimming
  notes           = substr("${each.key}-${each.value.notes}", 0, 255)
  cves = each.value.vulnerabilities
  component {
    name = each.value.component_name
  }


  lifecycle {
    replace_triggered_by = [null_resource.ignore_rule_trigger[each.key]]
  }
}

This causes the null resource to count as trigger for replacement, and replace_triggered_by can act on this. Not the prettiest workaround but its better than manual tainting.

[alexhung]

@gschaffer-cxn I've released a new version which should trigger Terraform to re-create the resource if name, version, etc. is changed.