Manage Artifactory with Terraform
brew tap drewsonne/tap
brew install terraform-provider-artifactory
tf-install-provider artifactory
See details at https://github.com/drewsonne/homebrew-tap/blob/master/terraform-provider-artifactory.rb
provider "artifactory" {
username = "${var.artifactory_username}"
password = "${var.artifactory_password}"
url = "${var.artifactory_url}"
}
-
username
- (Required) Your username used to connect to Artifactory. You can also set this via the environment variable.ARTIFACTORY_USER
-
password
- (Required) Your password or an API key used to connect to Artifactory. You can also set this via the environment variable.ARTIFACTORY_PASSWORD
-
url
- (Required) The url to your Artifactory instance. This will typically be everything in front of the /webapp of your web console login. For instance, Artifactory cloud users will have a url similar tohttps://youraccountname.jfrog.io/youraccountname
. You can also set this via the environment variable.ARTIFACTORY_URL
Provides support for creating groups in Artifactory.
This resource requires Artifactory Pro v2.4.0 or later.
resource "artifact_group" "developers" {
name = "developers"
auto_join = true
}
The following arguments are supported:
name
- (Required) The name of the group.auto_join
- (Optional) Should new user's be automatically added to this group? Defaultfalse
.realm
- (Optional) The name of the realm associated with this group (e.g. ARTIFACTORY, CROWD).realm_attributes
- (Optional) Realm attributes for use by LDAP.
Provides support for setting up local repositories in Artifactory.
# A Sample NPM registry
resource "artifactory_local_repository" "localnpm" {
key = "npm-local"
package_type = "npm"
repository_layout_ref = "npm-default"
property_sets = [ "artifactory" ]
}
# A Docker repository
resource "artifact_local_repository" "docker" {
key = "docker-local"
package_type = "docker"
repository_layout_ref = "simple-default"
docker_api_version = "V2"
property_sets = [ "artifactory" ]
}
The following arguments are supported:
key
- (Required) The key of the repository.package_type
- (Optional) The type of the repository. One of (maven
,gradle
,ivy
,sbt
,nuget
,gems
,npm
,bower
,debian
,composer
,pypi
,docker
,vagrant
,gitlfs
,yum
,conan
, orgeneric
). Default isgeneric
.description
- (Optional) Description of the repository.notes
- (Optional) Notes about the repository.repo_layout_ref
- (Optional) The layout of the repository. The full list of available layouts is available in the Artifactory UI. Defaults tomaven-2-default
.includes_pattern
- (Optional) List of artifact patterns to include when evaluating artifact requests in the form of x/y/*/z/. When used, only artifacts matching one of the include patterns are served. Defaults to**/*
.excludes_pattern
- (Optional) List of artifact patterns to exclude when evaluating artifact requests, in the form of x/y/**/z/*. By default no artifacts are excluded.handle_releases
- (Optional) Defaults totrue
.handle_snapshots
- (Optional) Defaults totrue
.max_unique_snapshots
- (Optional)max_unique_tags
- (Optional)debian_trivial_layout
- (Optional) When set, the repository will use the deprecated trivial layout. Defaults tofalse
.checksum_policy_type
- (Optional) One ofclient-checksums
, orserver-generated-checksums
. Defaults toclient-checksums
.snapshot_version_behavior
- (Optional) One ofunique
,non-unique
, ordeployer
. Defaults tonon-unique
.suppress_pom_consistency_checks
- (Optional) Defaults tofalse
.blacked_out
- (Optional) When set, the repository does not participate in artifact resolution and new artifacts cannot be deployed. Defaults tofalse
.property_sets
- (Optional) List of property sets to apply to the repository.archive_browsing_enabled
- (Optional) When set, you may view content such as HTML or Javadoc files directly from Artifactory. This may not be safe and therefore requires strict content moderation to prevent malicious users from uploading content that may compromise security (e.g., cross-site scripting attacks). Defaults tofalse
.calculate_yum_metadata
- (Optional) Defaults tofalse
.yum_root_depth
- (Optional) Defaults to0
.docker_api_version
- (Optional) Docker API compatibility. Must beV1
orV2
. Defaults toV2
.
Provides support for setting up remote repositories in Artifactory.
A remote repository serves as a caching proxy for a repository managed at a remote URL (which may itself be another Artifactory remote repository).
Artifacts are stored and updated in remote repositories according to various configuration parameters that control the caching and proxying behavior. You can remove artifacts from a remote repository cache but you cannot actually deploy a new artifact into a remote repository.
# Manage your repository
resource "artifactory_remote_repository" "publicnpm" {
key = "registry.npmjs.org"
package_type = "npm"
description = "Proxy public npm registry"
repo_layout_ref = "npm-default"
url = "https://registry.npmjs.org/"
property_sets = [
"artifactory"
]
}
The following arguments are supported:
key
- (Required) The key of the repository.package_type
- (Optional) The type of the repository. One of (maven
,gradle
,ivy
,sbt
,nuget
,gems
,npm
,bower
,debian
,composer
,pypi
,docker
,vagrant
,gitlfs
,yum
,conan
, orgeneric
). Default isgeneric
.repositories
- (Optional) The upstream repositories to pull from.default_deployment_repo
- (Optional) The local repo this repository will push to.description
- (Optional) Description of the repository.notes
- (Optional) Notes about the repository.repo_layout_ref
- (Optional) The layout of the repository. The full list of available layouts is available in the Artifactory UI. Defaults tomaven-2-default
.includes_pattern
- (Optional) List of artifact patterns to include when evaluating artifact requests in the form of x/y/*/z/. When used, only artifacts matching one of the include patterns are served. Defaults to**/*
.excludes_pattern
- (Optional) List of artifact patterns to exclude when evaluating artifact requests, in the form of x/y/**/z/*. By default no artifacts are excluded.handle_releases
- (Optional) Defaults totrue
.handle_snapshots
- (Optional) Defaults totrue
.max_unique_snapshots
- (Optional)suppress_pom_consistency_checks
- (Optional)url
- (Optional) URL of the upstream remote repository.username
- (Optional) The username to use to authenticate to the upstream remote repository.password
- (Optional) The password to use to authenticate to the upstream remote repository.proxy
- (Optional)remote_repo_checksum_policy_type
- (Optional)hard_fail
- (Optional)offline
- (Optional) If set, Artifactory does not try to fetch remote artifacts. Only locally-cached artifacts are retrieved. Defaults tofalse
.blacked_out
- (Optional) When set, the repository does not participate in artifact resolution and new artifacts cannot be deployed. Defaults tofalse
.property_sets
- (Optional) List of property sets to apply to the repository.store_artifacts_locally
- (Optional) When set, the repository should store cached artifacts locally. When not set, artifacts are not stored locally, and direct repository-to-client streaming is used. This can be useful for multi-server setups over a high-speed LAN, with one Artifactory caching certain data on central storage, and streaming it directly to satellite pass-though Artifactory servers. Defaults totrue
.socket_timeout_millis
- (Optional) Network timeout (in ms) to use when establishing a connection and for unanswered requests. Timing out on a network operation is considered a retrieval failure. Defaults to15000
.local_address
- (Optional) The local address to be used when creating connections. Useful for specifying the interface to use on systems with multiple network interfaces.retrieval_cache_period_seconds
- (Optional) This value refers to the number of seconds to cache metadata files before checking for newer versions on remote server. A value of 0 indicates no caching. Defaults to600
.failed_cache_period_seconds
- (Optional) Defaults to0
.missed_cache_period_seconds
- (Optional) The number of seconds to cache artifact retrieval misses (artifact not found).
A value of 0 indicates no caching. Defaults to1800
.unused_artifacts_cleanup_enabled
- (Optional) Defaults tofalse
.unused_artifacts_cleanup_period_hours
- (Optional) The number of hours to wait before an artifact is deemed "unused" and eligible for cleanup from the repository. A value of0
means automatic cleanup of cached artifacts is disabled. Defaults to0
.fetch_jars_eagerly
- (Optional) Defaults tofalse
.fetch_sources_eagerly
- (Optional) Defaults tofalse
.share_configuration
- (Optional) Defaults tofalse
.synchronize_properties
- (Optional) When set, remote artifacts are fetched along with their properties. Defaults tofalse
.allow_any_host_auth
- (Optional) Defaults tofalse
.enable_cookie_management
- (Optional) Enables cookie management if the remote repository uses cookies to manage client state. Defaults tofalse
.bower_registry_url
- (Optional)vcs_type
- (Optional) When present, must beGIT
.vcs_git_provider
- (Optional) Should be one ofGITHUB
,BITBUCKET
,STASH
,ARTIFACTORY
,CUSTOM
. Defaults toGITHUB
.vcs_git_download_url
- (Optional)
Provides support for creating users in Artifactory.
This resource does not allow setting of the user's password.
Instead, a random password is generated for each user. The user should do a forgot my password to reset their password. On updates, the password is set, then immediately expired. This should trigger an email to the user if Artifactory is configured to.
resource "artifact_user" "walter" {
name = "walter.sobchak"
email = "walter.sobchak@sobchaksecurity.com"
is_admin = true
groups = [ "readers", "publishers" ]
}
The following arguments are supported:
name
- (Required) The name of the user.email
- (Required) The user's email address.is_admin
- (Optional) Does this user have admin privileges. Defaultfalse
.is_updatable
- (Optional) Can this user update their profile?. Cannot befalse
when is_admin is set totrue
. Defaulttrue
.groups
- (Optional) An array of groups this user belongs to.realm
- (Computed) The realm the user belongs to.
Provides support for setting up virtual repositories in Artifactory.
Virtual repositories are used to mirror public repositories, while adding push capabilities. Configure a virtual repository to pull from multiple repositories and push to a single local repository.
# Create a virtual repository that mirrors public, and pushes to a local
resource "artifactory_virtual_repository" "gems" {
key = "gems"
package_type = "gem"
description = "Gem Repository"
repositories = [
"org-rubygems-cache",
"gems-local"
]
repo_layout_ref = "simple-default"
default_deployment_repo = "gems-local"
}
The following arguments are supported:
key
- (Required) The key of the repository.package_type
- (Optional) The type of the repository. One of (maven
,gradle
,ivy
,sbt
,nuget
,gems
,npm
,bower
,debian
,composer
,pypi
,docker
,vagrant
,gitlfs
,yum
,conan
, orgeneric
). Default isgeneric
.repositories
- (Optional) The upstream repositories to pull from.default_deployment_repo
- (Optional) The local repo this repository will push to.description
- (Optional) Description of the repository.notes
- (Optional) Notes about the repository.repo_layout_ref
- (Optional) The layout of the repository. The full list of available layouts is available in the Artifactory UI. Defaults tomaven-2-default
.includes_pattern
- (Optional) List of artifact patterns to include when evaluating artifact requests in the form of x/y/*/z/. When used, only artifacts matching one of the include patterns are served. Defaults to**/*
.excludes_pattern
- (Optional) List of artifact patterns to exclude when evaluating artifact requests, in the form of x/y/**/z/*. By default no artifacts are excluded.debian_trivial_layout
- (Optional) When set, the repository will use the deprecated trivial layout. Defaults tofalse
.artifactory_requests_can_retrieve_remote_artifacts
- (Optional) Determines whether artifact requests coming from other instance of Artifactory can be fulfilled by accessing this virtual repository's remote repositories, or by only accessing its caches (default). Defaults tofalse
.key_pair
- (Optional)pom_repository_references_cleanup_policy
- (Optional) Should be one ofdiscard_active_reference
,discard_any_reference
,nothing
.