Feature: Support xRay Watches about jfrog-client-go HOT 7 OPEN

@josh-barker,

The build scanning is performed by Xray, but the build scanning API is exposed by Artifactory. Artifactory mainly serves as proxy to Xray. This helps the JFrog build agents which already have tight integrations with Artifactory, to include build scanning as part of the CI/CD process.

Other REST APIs exposed by Xray should probably be warped using the jfrog-client-go library, using a new Xray service manager. So yes - let's use the same design and API structure we have for Artifactory and Distribution also for Xray. As for others helping with the design, let's see if we need more eyes on this. I think I can support you for now.

from jfrog-client-go.

@josh-barker-coles,
We plan to release this early next week, but we may be able to release this one even sooner.

from jfrog-client-go.

Really like this idea @josh-barker.
Would you like to help and contribute this code to the library? If so, feel free to share with us the suggested code design.

from jfrog-client-go.

Hi @eyalbe4,

I've started work on this.
At a high level, I'll be making 4 methods.

• Get
• Create
• Update
• Delete

However, I have 2 questions.

1. How can I authenticate using an API Token to https://<server>.jfrog.io/xray/api/v2/watches? As far as I can tell, I can only authenticate with a username/password. If that's a limitation, can you please raise a ticket to have this added?

2. The sdk is designed around supporting the /artifactory service collection. For example, -rt.url defaults to http://localhost:8081/artifactory
   However, the xray watches belongs under a separate endpoint - /xray. How should the repo be structured to support this?

One option would be to remove the /artifactory from the end of the url, and add it internally based on the service area. However, that would also be a breaking change

References:

• API Rest Changes

from jfrog-client-go.

Apologies for my delayed answer @josh-barker!
I'll try to be more responsive to help you with this important initiative.

1. Xray 3.x does supports authentication using Access Tokens. You can create a token from the JFrog Platform UI. You cam't however use the same token for both Artifactory and Xray. Sharing the same token between multiple services is planned to be supported in the future though. As for using the token through the REST API, you can look at how this is done for Artifactory in the jfrog-client-go code. This should be the same for Xray. Please let me know if you run into issues with this.

2. The jfrog-client-go code already supports JFrog Distribution, which like Xray, is a different service, You can look how the API looks like here and implement the Xray APIs the same way.

When developing the new Xray APIs, I suggest we try to be consistent with the existing Artifactory and Distribution APIs.

Thanks

from jfrog-client-go.

Hi @eyalbe4,

Ah, okay.
Originally, I was planning to extend the existing terraform provider to support an artifactory_watches resource, as artifactory and xray are tightly integrated. I also was under the impression the authentication methods were consistent across both services, so the way I was thinking about it was that someone could use any of the 3 auth methods, and configure artifactory repos and xray watches, etc.
Is there someone else we can include on this discussion to help with the design?

In terms of implementing the xray watch functionality, I saw that xray scan already exists under artficatory/services/xrayscan.go, so I've started creating the functionality alongside that.

Are you recommending that the xray watch functionality should belong under an xray directory, mirroring what we have in the distribution directory?

Cheers

from jfrog-client-go.

Hey @eyalbe4 , just wondering when the next release will be created?

Then we can close this issue! 😃

from jfrog-client-go.