xray_license_policy stuck

[Osazz]

Describe the bug
xray_license_policy resource is getting stuck infinitely when trying to import or plan a resource with plenty allowed_licenses . Currently have 2000+ allowed_licenses.

Requirements for and issue

• A fully functioning terraform snippet that can be copy&pasted (no outside files or ENV vars unless that's part of the issue)

• Your version of Artifactory and Xray (you can curl Artifactory version at $host/artifactory/api/system/version and Xray version at
  $host/xray/api/v1/system/version

• Your version of terraform

• Artifactory Version : "7.99.2"

• Xray Version: "3.106.7"

• Terraform version: 1.9.8
  Code snippet

resource "xray_license_policy" "allowed_licenses" {
  name        = "test-license-policy"
  description = "License policy, allow certain licenses"
  type        = "license"

  rule {
    name     = "License_rule"
    priority = 1

    criteria {
      allowed_licenses         = [<LONG LIST OF license currentlly have 2000+> ]
      allow_unknown            = false
      multi_license_permissive = true
    }

    actions {
      block_release_bundle_distribution = false,
      create_ticket_enabled             = false,
      custom_severity                   = "Low",
      fail_build                        = false,
      mails                             = null,
      notify_deployer                   = false,
      notify_watch_recipients           = true,
      webhooks                          = null,
      block_download {
        unscanned = true
        active    = true
      }

    }
  }
}

DEBUG LOG

2024-10-31T13:07:48.033-0300 [WARN]  unexpected data: registry.terraform.io/jfrog/xray:
[DEBUG] provider.terraform-provider-xray_v2.13.0: Value switched to prior value due to semantic equality logic: @module=sdk.framework tf_req_id=7f342b2c-749d-f42e-8f5a-7710cd2d923c tf_resource_type=xray_license_policy @caller=github.com/hashicorp/[email protected]/internal/fwschemadata/value_semantic_equality.go:91 tf_attribute_path=name tf_provider_addr=registry.terraform.io/jfrog/xray tf_rpc=ReadResource timestamp=2024-10-31T13:07:48.226-0300

Expected behavior

• When you try to import existing License Policy with that much allowed license list, Import should work
• When you try to create new one and you run plan, it should also work.

Additional context
When I have few allowed license in the list (tested 15), it work as expected. was able to import and run plan

[alexhung]

@Osazz Thanks for the report. May I ask you to share more of your debug log with me? You can email me at alexh at jfrog.com.

[Osazz]

@alexhung Hello Alex, any progress on this ?

[alexhung]

@Osazz I haven't had time to investigate yet. But my plan is to look into this tomorrow.

[alexhung]

@Osazz FYI, I can reproduce your issue and thus far I don't have answer. I've created this thread on Terraform Community forum and we shall see if anyone has any answer. If not, I'll reach out to my Terraform contact at HashiCorp to seek help.

[Osazz]

Thank you @alexhung

[alexhung]

@Osazz See hashicorp/terraform#32940

[alexhung]

@Osazz Per suggestion in the HashiCorp Community thread, I experimented with switching allowed_licenses attribute from TypeSet to TypeLIst. This difference is that TypeSet enforces uniqueness and ordering is not important, whereas with TypeList items can be duplicated and ordering is important (i.e. same list of items in different order will cause state drift).

Using the list of licenses you provided in email, the result is encouraging. Results in parenthesis are my original test.

From cli start to plan: ~2 min (vs 7 min)
Execution (plan to API request): ~2.5 min (vs never finish)
Refresh (API response to cli completion): ~2.5 min

Total elapsed time is ~7 min which is way better.

Another possible approach is to add another attribute (says allowed_licenses_json) which is a string with all the licenses in JSON format. This will be used with the API request without and checks or validations, and should be super fast. This will allow users with small set of licenses to continue using allowed_licenses attribute while this new attribute is available for users with large set. The trade off is validation and possible duplications, or error from API.