publicWagsHome/modules
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

fix(jfrog-token)!: add attributes to fine control the token behaviour (#100)

Browse Source
This commit is contained in:
Muhammad Atif Ali
2023-11-15 16:03:43 +03:00
committed by GitHub
parent 73ef0dc7d0
commit 8e3f48ce5c
2 changed files with 28 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
jfrog-token/README.md
View File

@@ -16,8 +16,8 @@ Install the JF CLI and authenticate package managers with Artifactory using Arti
module "jfrog" { module "jfrog" {
source = "https://registry.coder.com/modules/jfrog-token" source = "https://registry.coder.com/modules/jfrog-token"
agent_id = coder_agent.example.id agent_id = coder_agent.example.id
jfrog_url = "https://YYYY.jfrog.io" jfrog_url = "https://XXXX.jfrog.io"
artifactory_access_token = var.artifactory_access_token # An admin access token artifactory_access_token = var.artifactory_access_token
package_managers = { package_managers = {
"npm": "npm", "npm": "npm",
"go": "go", "go": "go",
@@ -26,7 +26,7 @@ module "jfrog" {
} }
``` ```
Get a JFrog access token from your Artifactory instance. The token must have admin permissions. It is recommended to store the token in a secret terraform variable. Get a JFrog access token from your Artifactory instance. The token must be an [admin token](https://registry.terraform.io/providers/jfrog/artifactory/latest/docs#access-token). It is recommended to store the token in a secret terraform variable.
```hcl ```hcl
variable "artifactory_access_token" { variable "artifactory_access_token" {

30
jfrog-token/main.tf
View File

@@ -23,10 +23,28 @@ variable "artifactory_access_token" {
description = "The admin-level access token to use for JFrog." description = "The admin-level access token to use for JFrog."
} }
variable "check_license" {
type = bool
description = "Toggle for pre-flight checking of Artifactory license. Default to `true`."
default = true
}
variable "refreshable" {
type = bool
description = "Is this token refreshable? Default is `false`."
default = false
}
variable "expires_in" {
type = number
description = "The amount of time, in seconds, it would take for the token to expire."
default = null
}
variable "username_field" { variable "username_field" {
type = string type = string
description = "The field to use for the artifactory username. i.e. Coder username or email." description = "The field to use for the artifactory username. Default `username`."
default = "email" default = "username"
validation { validation {
condition = can(regex("^(email|username)$", var.username_field)) condition = can(regex("^(email|username)$", var.username_field))
error_message = "username_field must be either 'email' or 'username'" error_message = "username_field must be either 'email' or 'username'"
@@ -58,8 +76,9 @@ locals {
# Configure the Artifactory provider # Configure the Artifactory provider
provider "artifactory" { provider "artifactory" {
url = join("/", [var.jfrog_url, "artifactory"]) url = join("/", [var.jfrog_url, "artifactory"])
access_token = var.artifactory_access_token access_token = var.artifactory_access_token
check_license = var.check_license
} }
resource "artifactory_scoped_token" "me" { resource "artifactory_scoped_token" "me" {
@@ -67,7 +86,8 @@ resource "artifactory_scoped_token" "me" {
# which fails validation. # which fails validation.
username = length(local.username) > 0 ? local.username : "dummy" username = length(local.username) > 0 ? local.username : "dummy"
scopes = ["applied-permissions/user"] scopes = ["applied-permissions/user"]
refreshable = true refreshable = var.refreshable
expires_in = var.expires_in
} }
data "coder_workspace" "me" {} data "coder_workspace" "me" {}