Skip to content

Terraform Module for Making Artifactory Groups and Permission Targets for JFrog Artifactory

License

Notifications You must be signed in to change notification settings

Richard-Barrett/terraform-artifactory-groups

Repository files navigation

terraform-artifactory-groups

CodeQL IaC Terraform Validate TFLint Trivy Scan

Terraform Module for Making Artifactory Groups and Permission Targets for JFrog Artifactory

This Terraform module manages resources in JFrog Artifactory, specifically groups and permission targets.

Here's a brief overview of what each resource does:

  1. artifactory_group: This resource creates and manages a group in Artifactory. A group is a collection of users that share the same permissions. The properties of the group, such as its name, description, and admin privileges, can be configured using the defined variables.

  2. artifactory_permission_target: This resource creates and manages a permission target in Artifactory. A permission target defines the permissions that a group or user has on certain repositories. The permissions and the repositories that the permission target applies to can be configured using the defined variables.

In summary, this module allows you to manage user groups and their permissions in Artifactory in a declarative way using Terraform.

Example CICD with BitBucket and Codefresh:

Image

Notes

This Terraform module is designed to manage resources in JFrog Artifactory, specifically groups and permission targets.

Resources

  1. artifactory_group: This resource is used to create and manage a group in Artifactory. A group is a collection of users that share the same permissions. The properties of the group, such as its name, description, and admin privileges, can be configured using the defined variables.
  2. artifactory_permission_target: This resource is used to create and manage a permission target in Artifactory. A permission target defines the permissions that a group or user has on certain repositories. The permissions and the repositories that the permission target applies to can be configured using the defined variables.

Variables

The module uses a number of variables to allow for configuration. These include:

  • name: The name of the group.
  • description: The description of the group.
  • admin_privileges: Whether the group has admin privileges.
  • auto_join: Whether new users are automatically added to the group.
  • policy_manager: Whether the group is a policy manager.
  • realm: The realm of the group.
  • realm_attributes: The realm attributes of the group.
  • reports_manager: Whether the group is a reports manager.
  • watch_manager: Whether the group is a watch manager.
  • repositories: The repositories that the permission target applies to.
  • permissions: The permissions granted to the group on the repositories.

Usage

The following includes some examples on how you can use this module.

Minimal Usage

Here's a minimal usage example of your Terraform module. This example assumes that you have defined your module in a directory named artifactory_module.

module "artifactory" {
  source = "./artifactory_module"

  name = "MY_GROUP"
}

In this minimal example, we're using the module to create a group named "MY_GROUP". All other parameters will use their default values as defined in the module.

Basic Usage

Here's a basic usage example of your Terraform module. This example assumes that you have defined your module in a directory named artifactory_module.

module "artifactory" {
  source = "git::https://github.com/Richard-Barrett/terraform-artifactory-groups.git?ref=0.8.0"

  name             = "MY_GROUP"
  description      = "This is my group"
  admin_privileges = true
  auto_join        = false
  policy_manager   = false
  realm            = "internal"
  realm_attributes = ""
  reports_manager  = false
  watch_manager    = false
  users_names      = ["user1", "user2"]
  repositories     = ["my-repo"]
  permissions      = ["read", "write"]
}

In this example, we're using the module to create a group named "MY_GROUP" with admin privileges. The group includes two users, "user1" and "user2". The group has "read" and "write" permissions on a repository named "my-repo".

Advanced Usage with All Inputs Plus Options

Here's an advanced usage example of your Terraform module. This example assumes that you have defined your module in a directory named artifactory_module.

module "artifactory" {
  source = "git::https://github.com/Richard-Barrett/terraform-artifactory-groups.git?ref=0.8.0"

  name             = "MY_GROUP"
  description      = "This is my group"
  admin_privileges = true
  auto_join        = true
  policy_manager   = true
  realm            = "ldap"
  realm_attributes = "ldap-server=ldap://my-ldap-server"
  reports_manager  = true
  watch_manager    = true
  users_names      = ["user1", "user2", "user3", "user4", "user5"]
  repositories     = ["my-repo1", "my-repo2", "my-repo3"]
  permissions      = ["read", "write", "annotate", "delete", "manage", "deploy", "cache", "indexed"]
}

In this advanced example, we're using the module to create a group named "MY_GROUP" with admin privileges. The group includes five users. The group has multiple permissions on three repositories. The group is also configured to auto join new users, act as a policy manager, reports manager, and watch manager. The group's realm is set to "ldap" with a specific LDAP server.

Considerations

  1. Terraform Version: Ensure you are using a compatible version of Terraform. This module may use features that are only available in certain versions of Terraform.
  2. Artifactory Version: This module is designed to work with JFrog Artifactory. Make sure you are using a version of Artifactory that supports all the features used in this module.
  3. Permissions: Ensure that you have the necessary permissions in Artifactory to create and manage groups and permission targets.
  4. Variable Values: Be careful when setting the values of the variables. Incorrect values can lead to errors or unintended behavior. For example, setting admin_privileges to true will give the group admin privileges, which might not be desirable in all cases.
  5. Case Sensitivity: The name of the group is always converted to uppercase. Keep this in mind when creating groups.
  6. Idempotency: Terraform is designed to be idempotent, meaning you can run the same configuration multiple times and get the same result. However, if you manually modify the resources created by Terraform, it can lead to inconsistencies.
  7. State Management: Terraform keeps track of the resources it manages in a state file. It's important to properly manage this state file to avoid losing track of your resources. Consider using remote state storage for better collaboration and disaster recovery.
  8. Security: Be careful not to expose sensitive information in your Terraform code or in the console output. Consider using Terraform's sensitive variables feature to protect sensitive data.
  9. Module Updates: If the module is updated, you will need to run terraform get -update to fetch the latest version. Be aware that updates can sometimes introduce breaking changes.

Overview

This Terraform module manages resources in JFrog Artifactory, specifically groups and permission targets.

Inputs

Requirements

Name Version
terraform >= 1.5.6
artifactory 10.7.6

Providers

Name Version
artifactory 10.7.6

Modules

No modules.

Resources

Name Type
artifactory_group.this resource
artifactory_permission_target.my_permission_target resource

Inputs

Name Description Type Default Required
admin_privileges Whether the group has admin privileges bool false no
auto_join Whether new users are automatically added to the group bool true no
external_id The external ID of the group string "auto" no
name The name of the group string n/a yes
permissions The permissions granted to the group on the repositories list(string)
[
"read",
"write"
]
no
policy_manager Whether the group is a policy manager bool false no
realm The realm of the group string "internal" no
realm_attributes The realm attributes of the group string "auto" no
reports_manager Whether the group is a reports manager bool false no
repositories The repositories that the permission target applies to list(string)
[
"ANY"
]
no
users_names The names of the users in the group list(string) [] no
watch_manager Whether the group is a watch manager bool false no

Outputs

No outputs.

About

Terraform Module for Making Artifactory Groups and Permission Targets for JFrog Artifactory

Resources

License

Stars

Watchers

Forks

Packages

No packages published