fix(jfrog-token)!: add attributes to fine control the token behaviour (#100)

2023-11-15 16:03:43 +03:00
parent 73ef0dc7d0
commit 8e3f48ce5c
2 changed files with 28 additions and 8 deletions
--- a/jfrog-token/README.md
+++ b/jfrog-token/README.md
@@ -16,8 +16,8 @@ Install the JF CLI and authenticate package managers with Artifactory using Arti
 module "jfrog" {
    source = "https://registry.coder.com/modules/jfrog-token"
    agent_id = coder_agent.example.id
-    jfrog_url = "https://YYYY.jfrog.io"
-    artifactory_access_token = var.artifactory_access_token # An admin access token
+    jfrog_url = "https://XXXX.jfrog.io"
+    artifactory_access_token = var.artifactory_access_token
    package_managers = {
      "npm": "npm",
      "go": "go",
@@ -26,7 +26,7 @@ module "jfrog" {
 }
 ```

-Get a JFrog access token from your Artifactory instance. The token must have admin permissions. It is recommended to store the token in a secret terraform variable.
+Get a JFrog access token from your Artifactory instance. The token must be an [admin token](https://registry.terraform.io/providers/jfrog/artifactory/latest/docs#access-token). It is recommended to store the token in a secret terraform variable.

 ```hcl
 variable "artifactory_access_token" {
--- a/jfrog-token/main.tf
+++ b/jfrog-token/main.tf
@@ -23,10 +23,28 @@ variable "artifactory_access_token" {
  description = "The admin-level access token to use for JFrog."
 }

+variable "check_license" {
+  type        = bool
+  description = "Toggle for pre-flight checking of Artifactory license. Default to `true`."
+  default     = true
+}
+
+variable "refreshable" {
+  type        = bool
+  description = "Is this token refreshable? Default is `false`."
+  default     = false
+}
+
+variable "expires_in" {
+  type        = number
+  description = "The amount of time, in seconds, it would take for the token to expire."
+  default     = null
+}
+
 variable "username_field" {
  type        = string
-  description = "The field to use for the artifactory username. i.e. Coder username or email."
-  default     = "email"
+  description = "The field to use for the artifactory username. Default `username`."
+  default     = "username"
  validation {
    condition     = can(regex("^(email|username)$", var.username_field))
    error_message = "username_field must be either 'email' or 'username'"
@@ -58,8 +76,9 @@ locals {

 # Configure the Artifactory provider
 provider "artifactory" {
-  url          = join("/", [var.jfrog_url, "artifactory"])
-  access_token = var.artifactory_access_token
+  url           = join("/", [var.jfrog_url, "artifactory"])
+  access_token  = var.artifactory_access_token
+  check_license = var.check_license
 }

 resource "artifactory_scoped_token" "me" {
@@ -67,7 +86,8 @@ resource "artifactory_scoped_token" "me" {
  # which fails validation.
  username    = length(local.username) > 0 ? local.username : "dummy"
  scopes      = ["applied-permissions/user"]
-  refreshable = true
+  refreshable = var.refreshable
+  expires_in  = var.expires_in
 }

 data "coder_workspace" "me" {}