add jfrog integration module (#50)

* add jfrog integration module * update RAEDME * cleanup * fixup! * cleanup * fix * fix * fixup! * fixup * use owner_email * fix script * add screenshot * update docs * fix permission * fix install script permission * add tests * fix typo * use new config for npm * Fix JFrog test * add example to use * trim https:// * cleanup! * update README * all test pass * fix README.md * fmt --------- Co-authored-by: Kyle Carberry <kyle@carberry.com>
2 years ago · 83a4e40a6d
parent 7dd00e0a75
commit 83a4e40a6d
7 changed files with 205 additions and 3 deletions
--- a/.images/jfrog.png
+++ b/.images/jfrog.png
--- a/.sample/main.tf
+++ b/.sample/main.tf
@ -61,7 +61,7 @@ resource "coder_script" "MODULE_NAME" {
    LOG_PATH : var.log_path,
  })
  run_on_start = true
-  run_on_stopt = false
+  run_on_stop  = false
 }
 resource "coder_app" "MODULE_NAME" {
--- a/jfrog/README.md
+++ b/jfrog/README.md
@ -10,4 +10,35 @@ tags: [integration]
 # JFrog
-TODO
+Install the JF CLI and authenticate package managers with Artifactory.
 ![JFrog](../.images/jfrog.png)
 ## Examples
 ### Configure npm, go, and pypi to use Artifactory
 ```hcl
 module "jfrog" {
    source = "https://registry.coder.com/modules/jfrog"
    agent_id = coder_agent.example.id
    jfrog_url = "https://YYYY.jfrog.io"
    artifactory_access_token = var.artifactory_access_token # An admin access token
    package_managers = {
      "npm": "npm-local",
      "go": "go-local",
      "pypi": "pypi-local"
    }
 }
 ```
 ## Authentication
 Get a JFrog access token from your Artifactory instance. The token must have admin permissions. It is recommended to store the token in a secret terraform variable.
 ```hcl
 variable "artifactory_access_token" {
    type      = string
    sensitive = true
 }
 ```
--- a/jfrog/main.test.ts
+++ b/jfrog/main.test.ts
@ -0,0 +1,41 @@
 import { serve } from "bun";
 import { describe } from "bun:test";
 import {
  createJSONResponse,
  runTerraformInit,
  testRequiredVariables,
 } from "../test";
 describe("jfrog", async () => {
  await runTerraformInit(import.meta.dir);
  // Run a fake JFrog server so the provider can initialize
  // correctly. This saves us from having to make remote requests!
  const fakeFrogHost = serve({
    fetch: (req) => {
      const url = new URL(req.url);
      // See https://jfrog.com/help/r/jfrog-rest-apis/license-information
      if (url.pathname === "/artifactory/api/system/license")
        return createJSONResponse({
          type: "Commercial",
          licensedTo: "JFrog inc.",
          validThrough: "May 15, 2036",
        });
      if (url.pathname === "/access/api/v1/tokens")
        return createJSONResponse({
          token_id: "xxx",
          access_token: "xxx",
          scope: "any",
        });
      return createJSONResponse({});
    },
    port: 0,
  });
  testRequiredVariables(import.meta.dir, {
    agent_id: "some-agent-id",
    jfrog_url: "http://" + fakeFrogHost.hostname + ":" + fakeFrogHost.port,
    artifactory_access_token: "XXXX",
    package_managers: "{}",
  });
 });
--- a/jfrog/main.tf
+++ b/jfrog/main.tf
@ -0,0 +1,71 @@
 terraform {
  required_version = ">= 1.0"
  required_providers {
    coder = {
      source  = "coder/coder"
      version = ">= 0.12"
    }
    artifactory = {
      source  = "registry.terraform.io/jfrog/artifactory"
      version = "~> 8.4.0"
    }
  }
 }
 variable "jfrog_url" {
  type        = string
  description = "JFrog instance URL. e.g. https://YYY.jfrog.io"
 }
 variable "artifactory_access_token" {
  type        = string
  description = "The admin-level access token to use for JFrog."
 }
 # Configure the Artifactory provider
 provider "artifactory" {
  url          = join("/", [var.jfrog_url, "artifactory"])
  access_token = var.artifactory_access_token
 }
 resource "artifactory_scoped_token" "me" {
  # This is hacky, but on terraform plan the data source gives empty strings,
  # which fails validation.
  username = length(data.coder_workspace.me.owner_email) > 0 ? data.coder_workspace.me.owner_email : "plan"
 }
 variable "agent_id" {
  type        = string
  description = "The ID of a Coder agent."
 }
 variable "package_managers" {
  type        = map(string)
  description = <<EOF
 A map of package manager names to their respective artifactory repositories.
 For example:
    {
      "npm": "npm-local",
      "go": "go-local",
      "pypi": "pypi-local"
    }
 EOF
 }
 data "coder_workspace" "me" {}
 resource "coder_script" "jfrog" {
  agent_id     = var.agent_id
  display_name = "jfrog"
  icon         = "/icon/jfrog.svg"
  script = templatefile("${path.module}/run.sh", {
    JFROG_URL : var.jfrog_url,
    JFROG_HOST : replace(var.jfrog_url, "https://", ""),
    ARTIFACTORY_USERNAME : data.coder_workspace.me.owner_email,
    ARTIFACTORY_ACCESS_TOKEN : artifactory_scoped_token.me.access_token,
    REPOSITORY_NPM : lookup(var.package_managers, "npm", ""),
    REPOSITORY_GO : lookup(var.package_managers, "go", ""),
    REPOSITORY_PYPI : lookup(var.package_managers, "pypi", ""),
  })
  run_on_start = true
 }
--- a/jfrog/run.sh
+++ b/jfrog/run.sh
@ -0,0 +1,49 @@
 #!/usr/bin/env sh
 BOLD='\033[0;1m'
 echo "$${BOLD}Installing JFrog CLI..."
 # Install the JFrog CLI.
 curl -fL https://install-cli.jfrog.io | sudo sh
 sudo chmod 755 /usr/local/bin/jf
 # The jf CLI checks $CI when determining whether to use interactive
 # flows.
 export CI=true
 # Authenticate with the JFrog CLI.
 jf c rm 0 || true
 echo "${ARTIFACTORY_ACCESS_TOKEN}" | jf c add --access-token-stdin --url "${JFROG_URL}" 0
 # Configure the `npm` CLI to use the Artifactory "npm" repository.
 if [ -z "${REPOSITORY_NPM}" ]; then
  echo "🤔 REPOSITORY_NPM is not set, skipping npm configuration."
 else
  echo "📦 Configuring npm..."
  jf npmc --global --repo-resolve "${JFROG_URL}/artifactory/api/npm/${REPOSITORY_NPM}"
  cat << EOF > ~/.npmrc
 email = ${ARTIFACTORY_USERNAME}
 registry = ${JFROG_URL}/artifactory/api/npm/${REPOSITORY_NPM}
 EOF
  jf rt curl /api/npm/auth >> ~/.npmrc
 fi
 # Configure the `pip` to use the Artifactory "python" repository.
 if [ -z "${REPOSITORY_PYPI}" ]; then
  echo "🤔 REPOSITORY_PYPI is not set, skipping pip configuration."
 else
  echo "🐍 Configuring pip..."
  mkdir -p ~/.pip
  cat << EOF > ~/.pip/pip.conf
 [global]
 index-url = https://${ARTIFACTORY_USERNAME}:${ARTIFACTORY_ACCESS_TOKEN}@${JFROG_HOST}/artifactory/api/pypi/${REPOSITORY_PYPI}/simple
 EOF
 fi
 # Set GOPROXY to use the Artifactory "go" repository.
 if [ -z "${REPOSITORY_GO}" ]; then
  echo "🤔 REPOSITORY_GO is not set, skipping go configuration."
 else
  echo "🐹 Configuring go..."
  export GOPROXY="https://${ARTIFACTORY_USERNAME}:${ARTIFACTORY_ACCESS_TOKEN}@${JFROG_HOST}/artifactory/api/go/${REPOSITORY_GO}"
 fi
 echo "🥳 Configuration complete!"
--- a/test.ts
+++ b/test.ts
@ -153,7 +153,7 @@ export const testRequiredVariables = (
        await runTerraformApply(dir, localVars);
      } catch (ex) {
        expect(ex.message).toContain(
-          `input variable \"${varName}\" is not set, and has no default`,
+          `input variable \"${varName}\" is not set`,
        );
        return;
      }
@ -180,6 +180,7 @@ export const runTerraformApply = async (
      "-input=false",
      "-auto-approve",
      "-state",
      "-no-color",
      stateFile,
    ],
    {
@ -210,3 +211,12 @@ export const runTerraformInit = async (dir: string) => {
    throw new Error(text);
  }
 };
 export const createJSONResponse = (obj: object, statusCode = 200): Response => {
  return new Response(JSON.stringify(obj), {
    headers: {
      "Content-Type": "application/json",
    },
    status: statusCode,
  })
 }