rename jfrog to jfrog-token

2 years ago · 5e3c6b7fd8
parent 9b916191cb
commit 5e3c6b7fd8
7 changed files with 248 additions and 7 deletions
--- a/jfrog-oauth/README.md
+++ b/jfrog-oauth/README.md
@ -5,20 +5,20 @@ icon: ../.icons/jfrog.svg
 maintainer_github: coder
 partner_github: jfrog
 verified: true
-tags: [integration]
+tags: [integration, jfrog]
 ---

 # JFrog

-Install the JF CLI and authenticate package managers with Artifactory using OAuth configured via Coder [`external-auth`](https://docs.coder.com/docs/admin/external-auth/) feature.
+Install the JF CLI and authenticate package managers with Artifactory using OAuth configured via the Coder `external-auth` feature.

 ![JFrog OAuth](../.images/jfrog-oauth.png)

 ```hcl
 module "jfrog" {
-  source = "https://registry.coder.com/modules/jfrog"
+  source = "https://registry.coder.com/modules/jfrog-oauth"
  agent_id = coder_agent.example.id
-  jfrog_url = "https://YYYY.jfrog.io"
+  jfrog_url = "https://jfrog.example.com"
  auth_method = "oauth"
  username_field = "username" # If you are using GitHub to login to both Coder and Artifactory, use username_field = "username"
  package_managers = {
--- a/jfrog-oauth/main.test.ts
+++ b/jfrog-oauth/main.test.ts
@ -6,7 +6,7 @@ import {
  testRequiredVariables,
 } from "../test";

-describe("jfrog", async () => {
+describe("jfrog-oauth", async () => {
  await runTerraformInit(import.meta.dir);

  // Run a fake JFrog server so the provider can initialize
@ -35,7 +35,6 @@ describe("jfrog", async () => {
  testRequiredVariables(import.meta.dir, {
    agent_id: "some-agent-id",
    jfrog_url: "http://" + fakeFrogHost.hostname + ":" + fakeFrogHost.port,
-    artifactory_access_token: "XXXX",
    package_managers: "{}",
  });
 });
--- a/jfrog-oauth/main.tf
+++ b/jfrog-oauth/main.tf
@ -11,7 +11,7 @@ terraform {

 variable "jfrog_url" {
  type        = string
-  description = "JFrog instance URL. e.g. https://YYY.jfrog.io"
+  description = "JFrog instance URL. e.g. https://jfrog.example.com"
 }

 variable "username_field" {
--- a/jfrog-token/README.md
+++ b/jfrog-token/README.md
@ -0,0 +1,56 @@
+---
+display_name: JFrog (Token)
+description: Install the JF CLI and authenticate with Artifactory using Artifactory terraform provider.
+icon: ../.icons/jfrog.svg
+maintainer_github: coder
+partner_github: jfrog
+verified: true
+tags: [integration, jfrog]
+---
+
+# JFrog
+
+Install the JF CLI and authenticate package managers with Artifactory.
+
+```hcl
+module "jfrog" {
+    source = "https://registry.coder.com/modules/jfrog-token"
+    agent_id = coder_agent.example.id
+    jfrog_url = "https://YYYY.jfrog.io"
+    artifactory_access_token = var.artifactory_access_token # An admin access token
+    package_managers = {
+      "npm": "npm-remote",
+      "go": "go-remote",
+      "pypi": "pypi-remote"
+    }
+}
+```
+
+Get a JFrog access token from your Artifactory instance. The token must have admin permissions. It is recommended to store the token in a secret terraform variable.
+
+```hcl
+variable "artifactory_access_token" {
+    type      = string
+    sensitive = true
+}
+```
+
+![JFrog](../.images/jfrog.png)
+
+## Examples
+
+### Configure npm, go, and pypi to use Artifactory local repositories
+
+```hcl
+module "jfrog" {
+    source = "https://registry.coder.com/modules/jfrog-token"
+    agent_id = coder_agent.example.id
+    jfrog_url = "https://YYYY.jfrog.io"
+    artifactory_access_token = var.artifactory_access_token # An admin access token
+    package_managers = {
+      "npm": "npm-local",
+      "go": "go-local",
+      "pypi": "pypi-local"
+    }
+}
+```
--- a/jfrog-token/main.test.ts
+++ b/jfrog-token/main.test.ts
@ -0,0 +1,41 @@
+import { serve } from "bun";
+import { describe } from "bun:test";
+import {
+  createJSONResponse,
+  runTerraformInit,
+  testRequiredVariables,
+} from "../test";
+
+describe("jfrog-token", async () => {
+  await runTerraformInit(import.meta.dir);
+
+  // Run a fake JFrog server so the provider can initialize
+  // correctly. This saves us from having to make remote requests!
+  const fakeFrogHost = serve({
+    fetch: (req) => {
+      const url = new URL(req.url);
+      // See https://jfrog.com/help/r/jfrog-rest-apis/license-information
+      if (url.pathname === "/artifactory/api/system/license")
+        return createJSONResponse({
+          type: "Commercial",
+          licensedTo: "JFrog inc.",
+          validThrough: "May 15, 2036",
+        });
+      if (url.pathname === "/access/api/v1/tokens")
+        return createJSONResponse({
+          token_id: "xxx",
+          access_token: "xxx",
+          scope: "any",
+        });
+      return createJSONResponse({});
+    },
+    port: 0,
+  });
+
+  testRequiredVariables(import.meta.dir, {
+    agent_id: "some-agent-id",
+    jfrog_url: "http://" + fakeFrogHost.hostname + ":" + fakeFrogHost.port,
+    artifactory_access_token: "XXXX",
+    package_managers: "{}",
+  });
+});
--- a/jfrog-token/main.tf
+++ b/jfrog-token/main.tf
@ -0,0 +1,89 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    coder = {
+      source  = "coder/coder"
+      version = ">= 0.12"
+    }
+    artifactory = {
+      source  = "registry.terraform.io/jfrog/artifactory"
+      version = "~> 9.8.0"
+    }
+  }
+}
+
+variable "jfrog_url" {
+  type        = string
+  description = "JFrog instance URL. e.g. https://YYY.jfrog.io"
+}
+
+variable "artifactory_access_token" {
+  type        = string
+  description = "The admin-level access token to use for JFrog."
+}
+
+variable "username_field" {
+  type        = string
+  description = "The field to use for the artifactory username. i.e. Coder username or email."
+  default     = "email"
+  validation {
+    condition     = can(regex("^(email|username)$", var.username_field))
+    error_message = "username_field must be either 'email' or 'username'"
+  }
+}
+
+variable "agent_id" {
+  type        = string
+  description = "The ID of a Coder agent."
+}
+
+variable "package_managers" {
+  type        = map(string)
+  description = <<EOF
+A map of package manager names to their respective artifactory repositories.
+For example:
+    {
+      "npm": "npm-local",
+      "go": "go-local",
+      "pypi": "pypi-local"
+    }
+EOF
+}
+
+locals {
+  # The username field to use for artifactory
+  username = var.username_field == "email" ? data.coder_workspace.me.owner_email : data.coder_workspace.me.owner
+}
+
+# Configure the Artifactory provider
+provider "artifactory" {
+  url          = join("/", [var.jfrog_url, "artifactory"])
+  access_token = var.artifactory_access_token
+}
+
+resource "artifactory_scoped_token" "me" {
+  # This is hacky, but on terraform plan the data source gives empty strings,
+  # which fails validation.
+  username    = length(local.username) > 0 ? local.username : "dummy"
+  scopes      = ["applied-permissions/user"]
+  refreshable = true
+}
+
+data "coder_workspace" "me" {}
+
+resource "coder_script" "jfrog" {
+  agent_id     = var.agent_id
+  display_name = "jfrog"
+  icon         = "/icon/jfrog.svg"
+  script = templatefile("${path.module}/run.sh", {
+    JFROG_URL : var.jfrog_url,
+    JFROG_HOST : replace(var.jfrog_url, "https://", ""),
+    ARTIFACTORY_USERNAME : data.coder_workspace.me.owner_email,
+    ARTIFACTORY_ACCESS_TOKEN : artifactory_scoped_token.me.access_token,
+    REPOSITORY_NPM : lookup(var.package_managers, "npm", ""),
+    REPOSITORY_GO : lookup(var.package_managers, "go", ""),
+    REPOSITORY_PYPI : lookup(var.package_managers, "pypi", ""),
+  })
+  run_on_start = true
+}
--- a/jfrog-token/run.sh
+++ b/jfrog-token/run.sh
@ -0,0 +1,56 @@
+#!/usr/bin/env bash
+
+BOLD='\033[0;1m'
+
+# check if JFrog CLI is already installed
+if command -v jf >/dev/null 2>&1; then
+  echo "✅ JFrog CLI is already installed, skipping installation."
+else
+  echo "📦 Installing JFrog CLI..."
+  # Install the JFrog CLI.
+  curl -fL https://install-cli.jfrog.io | sudo sh
+  sudo chmod 755 /usr/local/bin/jf
+fi
+
+# The jf CLI checks $CI when determining whether to use interactive
+# flows.
+export CI=true
+# Authenticate with the JFrog CLI.
+jf c rm 0 || true
+echo "${ARTIFACTORY_ACCESS_TOKEN}" | jf c add --access-token-stdin --url "${JFROG_URL}" 0
+
+# Configure the `npm` CLI to use the Artifactory "npm" repository.
+if [ -z "${REPOSITORY_NPM}" ]; then
+  echo "🤔 REPOSITORY_NPM is not set, skipping npm configuration."
+else
+  echo "📦 Configuring npm..."
+  jf npmc --global --repo-resolve "${JFROG_URL}/artifactory/api/npm/${REPOSITORY_NPM}"
+  cat <<EOF >~/.npmrc
+email = ${ARTIFACTORY_USERNAME}
+registry = ${JFROG_URL}/artifactory/api/npm/${REPOSITORY_NPM}
+EOF
+  jf rt curl /api/npm/auth >>~/.npmrc
+fi
+
+# Configure the `pip` to use the Artifactory "python" repository.
+if [ -z "${REPOSITORY_PYPI}" ]; then
+  echo "🤔 REPOSITORY_PYPI is not set, skipping pip configuration."
+else
+  echo "🐍 Configuring pip..."
+  jf pipc --global --repo-resolve ${JFROG_URL}/artifactory/api/pypi/${REPOSITORY_PYPI}
+  mkdir -p ~/.pip
+  cat <<EOF >~/.pip/pip.conf
+[global]
+index-url = https://${ARTIFACTORY_USERNAME}:${ARTIFACTORY_ACCESS_TOKEN}@${JFROG_HOST}/artifactory/api/pypi/${REPOSITORY_PYPI}/simple
+EOF
+fi
+
+# Set GOPROXY to use the Artifactory "go" repository.
+if [ -z "${REPOSITORY_GO}" ]; then
+  echo "🤔 REPOSITORY_GO is not set, skipping go configuration."
+else
+  echo "🐹 Configuring go..."
+  jf go-config --global --repo-resolve ${JFROG_URL}/artifactory/api/go/${REPOSITORY_GO}
+  export GOPROXY="https://${ARTIFACTORY_USERNAME}:${ARTIFACTORY_ACCESS_TOKEN}@${JFROG_HOST}/artifactory/api/go/${REPOSITORY_GO}"
+fi
+echo "🥳 Configuration complete!"