Terraform Module for Making Artifactory Groups and Permission Targets for JFrog Artifactory
This Terraform module manages resources in JFrog Artifactory, specifically groups and permission targets.
Here's a brief overview of what each resource does:
-
artifactory_group
: This resource creates and manages a group in Artifactory. A group is a collection of users that share the same permissions. The properties of the group, such as its name, description, and admin privileges, can be configured using the defined variables. -
artifactory_permission_target
: This resource creates and manages a permission target in Artifactory. A permission target defines the permissions that a group or user has on certain repositories. The permissions and the repositories that the permission target applies to can be configured using the defined variables.
In summary, this module allows you to manage user groups and their permissions in Artifactory in a declarative way using Terraform.
Example CICD with BitBucket
and Codefresh
:
This Terraform module is designed to manage resources in JFrog Artifactory, specifically groups and permission targets.
artifactory_group
: This resource is used to create and manage a group in Artifactory. A group is a collection of users that share the same permissions. The properties of the group, such as its name, description, and admin privileges, can be configured using the defined variables.artifactory_permission_target
: This resource is used to create and manage a permission target in Artifactory. A permission target defines the permissions that a group or user has on certain repositories. The permissions and the repositories that the permission target applies to can be configured using the defined variables.
The module uses a number of variables to allow for configuration. These include:
name
: The name of the group.description
: The description of the group.admin_privileges
: Whether the group has admin privileges.auto_join
: Whether new users are automatically added to the group.policy_manager
: Whether the group is a policy manager.realm
: The realm of the group.realm_attributes
: The realm attributes of the group.reports_manager
: Whether the group is a reports manager.watch_manager
: Whether the group is a watch manager.repositories
: The repositories that the permission target applies to.permissions
: The permissions granted to the group on the repositories.
The following includes some examples on how you can use this module.
Here's a minimal usage example of your Terraform module. This example assumes that you have defined your module in a directory named artifactory_module
.
module "artifactory" {
source = "./artifactory_module"
name = "MY_GROUP"
}
In this minimal example, we're using the module to create a group named "MY_GROUP"
. All other parameters will use their default values as defined in the module.
Here's a basic usage example of your Terraform module. This example assumes that you have defined your module in a directory named artifactory_module.
module "artifactory" {
source = "git::https://github.com/Richard-Barrett/terraform-artifactory-groups.git?ref=0.8.0"
name = "MY_GROUP"
description = "This is my group"
admin_privileges = true
auto_join = false
policy_manager = false
realm = "internal"
realm_attributes = ""
reports_manager = false
watch_manager = false
users_names = ["user1", "user2"]
repositories = ["my-repo"]
permissions = ["read", "write"]
}
In this example, we're using the module to create a group named "MY_GROUP" with admin privileges. The group includes two users, "user1" and "user2". The group has "read" and "write" permissions on a repository named "my-repo".
Here's an advanced usage example of your Terraform module. This example assumes that you have defined your module in a directory named artifactory_module
.
module "artifactory" {
source = "git::https://github.com/Richard-Barrett/terraform-artifactory-groups.git?ref=0.8.0"
name = "MY_GROUP"
description = "This is my group"
admin_privileges = true
auto_join = true
policy_manager = true
realm = "ldap"
realm_attributes = "ldap-server=ldap://my-ldap-server"
reports_manager = true
watch_manager = true
users_names = ["user1", "user2", "user3", "user4", "user5"]
repositories = ["my-repo1", "my-repo2", "my-repo3"]
permissions = ["read", "write", "annotate", "delete", "manage", "deploy", "cache", "indexed"]
}
In this advanced example, we're using the module to create a group named "MY_GROUP" with admin privileges. The group includes five users. The group has multiple permissions on three repositories. The group is also configured to auto join new users, act as a policy manager, reports manager, and watch manager. The group's realm is set to "ldap" with a specific LDAP server.
Terraform Version
: Ensure you are using a compatible version of Terraform. This module may use features that are only available in certain versions of Terraform.Artifactory Version
: This module is designed to work with JFrog Artifactory. Make sure you are using a version of Artifactory that supports all the features used in this module.Permissions
: Ensure that you have the necessary permissions in Artifactory to create and manage groups and permission targets.Variable Values
: Be careful when setting the values of the variables. Incorrect values can lead to errors or unintended behavior. For example, setting admin_privileges to true will give the group admin privileges, which might not be desirable in all cases.Case Sensitivity
: The name of the group is always converted to uppercase. Keep this in mind when creating groups.Idempotency
: Terraform is designed to be idempotent, meaning you can run the same configuration multiple times and get the same result. However, if you manually modify the resources created by Terraform, it can lead to inconsistencies.State Management
: Terraform keeps track of the resources it manages in a state file. It's important to properly manage this state file to avoid losing track of your resources. Consider using remote state storage for better collaboration and disaster recovery.Security
: Be careful not to expose sensitive information in your Terraform code or in the console output. Consider using Terraform's sensitive variables feature to protect sensitive data.Module Updates
: If the module is updated, you will need to runterraform get -update
to fetch the latest version. Be aware that updates can sometimes introduce breaking changes.
This Terraform module manages resources in JFrog Artifactory, specifically groups and permission targets.
Name | Version |
---|---|
terraform | >= 1.5.6 |
artifactory | 10.7.6 |
Name | Version |
---|---|
artifactory | 10.7.6 |
No modules.
Name | Type |
---|---|
artifactory_group.this | resource |
artifactory_permission_target.my_permission_target | resource |
Name | Description | Type | Default | Required |
---|---|---|---|---|
admin_privileges | Whether the group has admin privileges | bool |
false |
no |
auto_join | Whether new users are automatically added to the group | bool |
true |
no |
external_id | The external ID of the group | string |
"auto" |
no |
name | The name of the group | string |
n/a | yes |
permissions | The permissions granted to the group on the repositories | list(string) |
[ |
no |
policy_manager | Whether the group is a policy manager | bool |
false |
no |
realm | The realm of the group | string |
"internal" |
no |
realm_attributes | The realm attributes of the group | string |
"auto" |
no |
reports_manager | Whether the group is a reports manager | bool |
false |
no |
repositories | The repositories that the permission target applies to | list(string) |
[ |
no |
users_names | The names of the users in the group | list(string) |
[] |
no |
watch_manager | Whether the group is a watch manager | bool |
false |
no |
No outputs.