security

package
v10.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 12, 2024 License: Apache-2.0 Imports: 48 Imported by: 0

Documentation

Index

Constants

View Source
const (
	PermRead            = "read"
	PermWrite           = "write"
	PermAnnotate        = "annotate"
	PermDelete          = "delete"
	PermManage          = "manage"
	PermManagedXrayMeta = "managedXrayMeta"
	PermDistribute      = "distribute"
)
View Source
const ApiKeyEndpoint = "artifactory/api/security/apiKey"
View Source
const CertificateEndpoint = "artifactory/api/system/security/certificates/"
View Source
const DistributionPublicKeysAPIEndPoint = "artifactory/api/security/keys/trusted"
View Source
const GroupsEndpoint = "artifactory/api/security/groups/"
View Source
const KeypairEndPoint = "artifactory/api/security/keypair/"
View Source
const PasswordExpirationPolicyEndpoint = "artifactory/api/security/configuration/passwordExpirationPolicy"
View Source
const PermissionsEndPoint = "artifactory/api/v2/security/permissions/"
View Source
const UserLockPolicyEndpoint = "artifactory/api/security/userLockPolicy"

Variables

This section is empty.

Functions

func BuildPermissionTargetSchema

func BuildPermissionTargetSchema() map[string]*schema.Schema

func CheckAccessToken

func CheckAccessToken(id string, request *resty.Request) (*resty.Response, error)

func NewCertificateResource

func NewCertificateResource() resource.Resource

func NewDistributionPublicKeyResource

func NewDistributionPublicKeyResource() resource.Resource

func NewGlobalEnvironmentResource

func NewGlobalEnvironmentResource() resource.Resource

func NewGroupResource

func NewGroupResource() resource.Resource

func NewKeyPairResource

func NewKeyPairResource() resource.Resource

func NewPasswordExpirationPolicyResource added in v10.5.0

func NewPasswordExpirationPolicyResource() resource.Resource

func NewScopedTokenResource

func NewScopedTokenResource() resource.Resource

func NewUserLockPolicyResource added in v10.5.0

func NewUserLockPolicyResource() resource.Resource

func PackPermissionTarget

func PackPermissionTarget(permissionTarget *PermissionTargetParams, d *schema.ResourceData) diag.Diagnostics

func PermTargetExists

func PermTargetExists(id string, m interface{}) (bool, error)

func ResourceArtifactoryAccessToken

func ResourceArtifactoryAccessToken() *schema.Resource

func ResourceArtifactoryApiKey

func ResourceArtifactoryApiKey() *schema.Resource

func ResourceArtifactoryPermissionTarget

func ResourceArtifactoryPermissionTarget() *schema.Resource

func ResourceArtifactoryPermissionTargets

func ResourceArtifactoryPermissionTargets() *schema.Resource

func TokenOptsToValues

func TokenOptsToValues(t AccessTokenOptions) (url.Values, error)

func VerifyKeyPair

func VerifyKeyPair(id string, request *resty.Request) (*resty.Response, error)

Types

type AccessTokenErrorResponseAPIModel

type AccessTokenErrorResponseAPIModel struct {
	Code    string `json:"code"`
	Message string `json:"message"`
	Detail  string `json:"detail"`
}

type AccessTokenGetAPIModel

type AccessTokenGetAPIModel struct {
	TokenId     string `json:"token_id"`
	Subject     string `json:"subject"`
	Expiry      int64  `json:"expiry"`
	IssuedAt    int64  `json:"issued_at"`
	Issuer      string `json:"issuer"`
	Description string `json:"description"`
	Refreshable bool   `json:"refreshable"`
}

type AccessTokenOptions

type AccessTokenOptions struct {
	// The grant type used to authenticate the request. In this case, the only value supported is "client_credentials" which is also the default value if this parameter is not specified.
	GrantType string `url:"grant_type,omitempty"` // [Optional, default: "client_credentials"]
	// The user name for which this token is created. If the user does not exist, a transient user is created. Non-admin users can only create tokens for themselves so they must specify their own username.
	// If the user does not exist, the member-of-groups scope token must be provided (e.g. member-of-groups: g1, g2, g3...)
	Username string `url:"username,omitempty"`
	// The scope to assign to the token provided as a space-separated list of scope tokens. Currently there are three possible scope tokens:
	//     - "api:*" - indicates that the token grants access to REST API calls. This is always granted by default whether specified in the call or not.
	//     - member-of-groups:[<group-name>] - indicates the groups that the token is associated with (e.g. member-of-groups: g1, g2, g3...). The token grants access according to the permission targets specified for the groups listed.
	//       Specify "*" for group-name to indicate that the token should provide the same access privileges that are given to the group of which the logged in user is a member.
	//       A non-admin user can only provide a scope that is a subset of the groups to which he belongs
	//     - "jfrt@<instance-id>:admin" - provides admin privileges on the specified Artifactory instance. This is only available for administrators.
	// If omitted and the username specified exists, the token is granted the scope of that user.
	Scope string `url:"scope,omitempty"` // [Optional if the user specified in username exists]
	// The time in seconds for which the token will be valid. To specify a token that never expires, set to zero. Non-admin can only set a value that is equal to or less than the default 3600.
	ExpiresIn int `url:"expires_in"` // [Optional, default: 3600]
	// If true, this token is refreshable and the refresh token can be used to replace it with a new token once it expires.
	Refreshable string `url:"refreshable,omitempty"` // [Optional, default: false]
	// A space-separate list of the other Artifactory instances or services that should accept this token identified by their Artifactory Service IDs as obtained from the Get Service ID endpoint.
	// In case you want the token to be accepted by all Artifactory instances you may use the following audience parameter "audience=jfrt@*".
	Audience string `url:"audience,omitempty"` // [Optional, default: Only the Service ID of the Artifactory instance that created the token]
}

type AccessTokenPostRequestAPIModel

type AccessTokenPostRequestAPIModel struct {
	GrantType             string `json:"grant_type"`
	Username              string `json:"username,omitempty"`
	ProjectKey            string `json:"project_key"`
	Scope                 string `json:"scope,omitempty"`
	ExpiresIn             int64  `json:"expires_in"`
	Refreshable           bool   `json:"refreshable"`
	Description           string `json:"description,omitempty"`
	Audience              string `json:"audience,omitempty"`
	IncludeReferenceToken bool   `json:"include_reference_token"`
}

type AccessTokenPostResponseAPIModel

type AccessTokenPostResponseAPIModel struct {
	TokenId        string `json:"token_id"`
	AccessToken    string `json:"access_token"`
	RefreshToken   string `json:"refresh_token"`
	ExpiresIn      int64  `json:"expires_in"`
	Scope          string `json:"scope"`
	TokenType      string `json:"token_type"`
	ReferenceToken string `json:"reference_token"`
}

type AccessTokenRevokeOptions

type AccessTokenRevokeOptions struct {
	Token string `url:"token,omitempty"`
}

AccessTokenRevokeOptions jfrog client go has no v1 code and moving to v2 would be a lot of work. To remove the dependency, we copy and past it here

type Actions

type Actions struct {
	Users  map[string][]string `json:"users,omitempty"`
	Groups map[string][]string `json:"groups,omitempty"`
}

type ApiKey

type ApiKey struct {
	ApiKey            string `json:"apiKey"`
	BlockCreateApiKey bool   `json:"blockCreateApiKey"` // not used currently. may in future.
}

type ArtifactoryGroupResource

type ArtifactoryGroupResource struct {
	ProviderData util.ProviderMetadata
	TypeName     string
}

func (*ArtifactoryGroupResource) Configure

func (*ArtifactoryGroupResource) Create

func (*ArtifactoryGroupResource) Delete

func (*ArtifactoryGroupResource) ImportState

ImportState imports the resource into the Terraform state.

func (*ArtifactoryGroupResource) Metadata

func (*ArtifactoryGroupResource) Read

func (*ArtifactoryGroupResource) Schema

func (*ArtifactoryGroupResource) Update

type ArtifactoryGroupResourceAPIModel

type ArtifactoryGroupResourceAPIModel struct {
	Name            string   `json:"name"`
	Description     string   `json:"description,omitempty"`
	ExternalId      string   `json:"externalId,omitempty"`
	AutoJoin        bool     `json:"autoJoin"`
	AdminPrivileges bool     `json:"adminPrivileges"`
	Realm           string   `json:"realm"`
	RealmAttributes string   `json:"realmAttributes,omitempty"`
	UsersNames      []string `json:"userNames"`
	WatchManager    bool     `json:"watchManager"`
	PolicyManager   bool     `json:"policyManager"`
	ReportsManager  bool     `json:"reportsManager"`
}

ArtifactoryGroupResourceAPIModel describes the API data model.

type ArtifactoryGroupResourceModel

type ArtifactoryGroupResourceModel struct {
	Id              types.String `tfsdk:"id"`
	Name            types.String `tfsdk:"name"`
	Description     types.String `tfsdk:"description"`
	ExternalId      types.String `tfsdk:"external_id"`
	AutoJoin        types.Bool   `tfsdk:"auto_join"`
	AdminPrivileges types.Bool   `tfsdk:"admin_privileges"`
	Realm           types.String `tfsdk:"realm"`
	RealmAttributes types.String `tfsdk:"realm_attributes"`
	DetachAllUsers  types.Bool   `tfsdk:"detach_all_users"`
	UsersNames      types.Set    `tfsdk:"users_names"`
	WatchManager    types.Bool   `tfsdk:"watch_manager"`
	PolicyManager   types.Bool   `tfsdk:"policy_manager"`
	ReportsManager  types.Bool   `tfsdk:"reports_manager"`
}

ArtifactoryGroupResourceModel describes the Terraform resource data model to match the resource schema.

func (*ArtifactoryGroupResourceModel) ToState

type CertificateAPIModel

type CertificateAPIModel struct {
	Alias       string `json:"certificateAlias"`
	Fingerprint string `json:"fingerprint"`
	IssuedOn    string `json:"issuedOn"`
	IssuedBy    string `json:"issuedBy"`
	IssuedTo    string `json:"issuedTo"`
	ValidUntil  string `json:"validUntil"`
}

CertificateAPIModel describes the API data model.

func FindCertificate

func FindCertificate(alias string, restyRequest *resty.Request) (*CertificateAPIModel, error)

type CertificateResource

type CertificateResource struct {
	ProviderData util.ProviderMetadata
	TypeName     string
}

func (CertificateResource) ConfigValidators

func (r CertificateResource) ConfigValidators(ctx context.Context) []resource.ConfigValidator

func (*CertificateResource) Configure

func (*CertificateResource) Create

func (*CertificateResource) Delete

func (*CertificateResource) ImportState

ImportState imports the resource into the Terraform state.

func (*CertificateResource) Metadata

func (*CertificateResource) Read

func (*CertificateResource) Schema

func (*CertificateResource) Update

type CertificateResourceModel

type CertificateResourceModel struct {
	Alias       types.String `tfsdk:"alias"`
	Content     types.String `tfsdk:"content"`
	File        types.String `tfsdk:"file"`
	Fingerprint types.String `tfsdk:"fingerprint"`
	IssuedBy    types.String `tfsdk:"issued_by"`
	IssuedOn    types.String `tfsdk:"issued_on"`
	IssuedTo    types.String `tfsdk:"issued_to"`
	ValidUntil  types.String `tfsdk:"valid_until"`
}

CertificateResourceModel describes the Terraform resource data model to match the resource schema.

func (*CertificateResourceModel) FromAPIModel

type DistributionPublicKeyAPIModel

type DistributionPublicKeyAPIModel struct {
	KeyId       string `json:"kid,omitempty"`
	Alias       string `json:"alias"`
	Fingerprint string `json:"fingerprint,omitempty"`
	PublicKey   string `json:"key"`
	IssuedOn    string `json:"issued_on,omitempty"`
	IssuedBy    string `json:"issued_by,omitempty"`
	ValidUntil  string `json:"valid_until,omitempty"`
}

DistributionPublicKeyAPIModel describes the API data model.

type DistributionPublicKeyResource

type DistributionPublicKeyResource struct {
	ProviderData util.ProviderMetadata
	TypeName     string
}

func (*DistributionPublicKeyResource) Configure

func (*DistributionPublicKeyResource) Create

func (*DistributionPublicKeyResource) Delete

func (*DistributionPublicKeyResource) ImportState

ImportState imports the resource into the Terraform state.

func (*DistributionPublicKeyResource) Metadata

func (*DistributionPublicKeyResource) Read

func (*DistributionPublicKeyResource) Schema

func (*DistributionPublicKeyResource) Update

type DistributionPublicKeyResourceModel

type DistributionPublicKeyResourceModel struct {
	KeyId       types.String           `tfsdk:"key_id"`
	Alias       types.String           `tfsdk:"alias"`
	Fingerprint types.String           `tfsdk:"fingerprint"`
	PublicKey   TablessSigningKeyValue `tfsdk:"public_key"`
	IssuedOn    types.String           `tfsdk:"issued_on"`
	IssuedBy    types.String           `tfsdk:"issued_by"`
	ValidUntil  types.String           `tfsdk:"valid_until"`
}

DistributionPublicKeyResourceModel describes the Terraform resource data model to match the resource schema.

func (*DistributionPublicKeyResourceModel) FromAPIModel

type DistributionPublicKeysList

type DistributionPublicKeysList struct {
	Keys []DistributionPublicKeyAPIModel `json:"keys"`
}

type GlobalEnvironmentModel

type GlobalEnvironmentModel struct {
	Id   types.String `tfsdk:"id"`
	Name types.String `tfsdk:"name"`
}

GlobalEnvironmentModel describes the Terraform resource data model to match the resource schema.

type GlobalEnvironmentPostRenameRequestAPIModel

type GlobalEnvironmentPostRenameRequestAPIModel struct {
	Name string `json:"new_name"`
}

type GlobalEnvironmentPostRequestAPIModel

type GlobalEnvironmentPostRequestAPIModel struct {
	Name string `json:"name"`
}

type GlobalEnvironmentResource

type GlobalEnvironmentResource struct {
	ProviderData util.ProviderMetadata
	TypeName     string
}

func (*GlobalEnvironmentResource) Configure

func (*GlobalEnvironmentResource) Create

func (*GlobalEnvironmentResource) Delete

func (*GlobalEnvironmentResource) ImportState

ImportState imports the resource into the Terraform state.

func (*GlobalEnvironmentResource) Metadata

func (*GlobalEnvironmentResource) Read

func (*GlobalEnvironmentResource) Schema

func (*GlobalEnvironmentResource) Update

type GlobalEnvironmentsAPIModel

type GlobalEnvironmentsAPIModel []struct {
	Name string `json:"name"`
}

type KeyPairAPIModel

type KeyPairAPIModel struct {
	PairName   string `json:"pairName"`
	PairType   string `json:"pairType"`
	Alias      string `json:"alias"`
	PrivateKey string `json:"privateKey"`
	Passphrase string `json:"passphrase"`
	PublicKey  string `json:"publicKey"`
}

KeyPairAPIModel describes the API data model.

type KeyPairResource

type KeyPairResource struct {
	ProviderData util.ProviderMetadata
	TypeName     string
}

func (*KeyPairResource) Configure

func (*KeyPairResource) Create

func (*KeyPairResource) Delete

func (*KeyPairResource) ImportState

ImportState imports the resource into the Terraform state.

func (*KeyPairResource) Metadata

func (*KeyPairResource) Read

func (*KeyPairResource) Schema

func (*KeyPairResource) Update

type KeyPairResourceModel

type KeyPairResourceModel struct {
	PairName   types.String           `tfsdk:"pair_name"`
	PairType   types.String           `tfsdk:"pair_type"`
	Alias      types.String           `tfsdk:"alias"`
	PrivateKey TablessSigningKeyValue `tfsdk:"private_key"`
	Passphrase types.String           `tfsdk:"passphrase"`
	PublicKey  TablessSigningKeyValue `tfsdk:"public_key"`
}

KeyPairResourceModel describes the Terraform resource data model to match the resource schema.

func (*KeyPairResourceModel) FromAPIModel

func (r *KeyPairResourceModel) FromAPIModel(ctx context.Context, model *KeyPairAPIModel) diag.Diagnostics

type PasswordExpirationPolicyAPIModel added in v10.5.0

type PasswordExpirationPolicyAPIModel struct {
	Enabled        bool  `json:"enabled"`
	PasswordMaxAge int64 `json:"passwordMaxAge"`
	NotifyByEmail  bool  `json:"notifyByEmail"`
}

type PasswordExpirationPolicyResource added in v10.5.0

type PasswordExpirationPolicyResource struct {
	ProviderData util.ProviderMetadata
}

func (*PasswordExpirationPolicyResource) Configure added in v10.5.0

func (*PasswordExpirationPolicyResource) Create added in v10.5.0

func (*PasswordExpirationPolicyResource) Delete added in v10.5.0

func (*PasswordExpirationPolicyResource) ImportState added in v10.5.0

ImportState imports the resource into the Terraform state.

func (*PasswordExpirationPolicyResource) Metadata added in v10.5.0

func (*PasswordExpirationPolicyResource) Read added in v10.5.0

func (*PasswordExpirationPolicyResource) Schema added in v10.5.0

func (*PasswordExpirationPolicyResource) Update added in v10.5.0

type PasswordExpirationPolicyResourceModel added in v10.5.0

type PasswordExpirationPolicyResourceModel struct {
	Name           types.String `tfsdk:"name"`
	Enabled        types.Bool   `tfsdk:"enabled"`
	PasswordMaxAge types.Int64  `tfsdk:"password_max_age"`
	NotifyByEmail  types.Bool   `tfsdk:"notify_by_email"`
}

type PermissionTargetParams

type PermissionTargetParams struct {
	Name          string                   `json:"name"`
	Repo          *PermissionTargetSection `json:"repo,omitempty"`
	Build         *PermissionTargetSection `json:"build,omitempty"`
	ReleaseBundle *PermissionTargetSection `json:"releaseBundle,omitempty"`
}

PermissionTargetParams Copy from https://github.com/jfrog/jfrog-client-go/blob/master/artifactory/services/permissiontarget.go#L116

Using struct pointers to keep the fields null if they are empty. Artifactory evaluates inner struct typed fields if they are not null, which can lead to failures in the request.

type PermissionTargetSection

type PermissionTargetSection struct {
	IncludePatterns []string `json:"include-patterns,omitempty"`
	ExcludePatterns []string `json:"exclude-patterns,omitempty"`
	Repositories    []string `json:"repositories"`
	Actions         *Actions `json:"actions,omitempty"`
}

type ScopedTokenResource

type ScopedTokenResource struct {
	ProviderData util.ProviderMetadata
	TypeName     string
}

func (*ScopedTokenResource) Configure

func (*ScopedTokenResource) Create

func (*ScopedTokenResource) Delete

func (*ScopedTokenResource) ImportState

ImportState imports the resource into the Terraform state.

func (*ScopedTokenResource) Metadata

func (*ScopedTokenResource) Read

func (*ScopedTokenResource) Schema

func (*ScopedTokenResource) Update

type ScopedTokenResourceModel

type ScopedTokenResourceModel struct {
	Id                    types.String `tfsdk:"id"`
	GrantType             types.String `tfsdk:"grant_type"`
	Username              types.String `tfsdk:"username"`
	ProjectKey            types.String `tfsdk:"project_key"`
	Scopes                types.Set    `tfsdk:"scopes"`
	ExpiresIn             types.Int64  `tfsdk:"expires_in"`
	Refreshable           types.Bool   `tfsdk:"refreshable"`
	IncludeReferenceToken types.Bool   `tfsdk:"include_reference_token"`
	Description           types.String `tfsdk:"description"`
	Audiences             types.Set    `tfsdk:"audiences"`
	AccessToken           types.String `tfsdk:"access_token"`
	RefreshToken          types.String `tfsdk:"refresh_token"`
	ReferenceToken        types.String `tfsdk:"reference_token"`
	TokenType             types.String `tfsdk:"token_type"`
	Subject               types.String `tfsdk:"subject"`
	Expiry                types.Int64  `tfsdk:"expiry"`
	IssuedAt              types.Int64  `tfsdk:"issued_at"`
	Issuer                types.String `tfsdk:"issuer"`
}

ScopedTokenResourceModel describes the Terraform resource data model to match the resource schema.

func (*ScopedTokenResourceModel) GetResponseToState

func (r *ScopedTokenResourceModel) GetResponseToState(ctx context.Context, accessToken *AccessTokenGetAPIModel)

func (*ScopedTokenResourceModel) PostResponseToState

func (r *ScopedTokenResourceModel) PostResponseToState(ctx context.Context,
	accessTokenResp *AccessTokenPostResponseAPIModel, accessTokenPostBody *AccessTokenPostRequestAPIModel, getResult *AccessTokenGetAPIModel) diag.Diagnostics

type TablessSigningKeyType

type TablessSigningKeyType struct {
	basetypes.StringType
}

func (TablessSigningKeyType) Equal

func (t TablessSigningKeyType) Equal(o attr.Type) bool

func (TablessSigningKeyType) String

func (t TablessSigningKeyType) String() string

func (TablessSigningKeyType) ValueFromString

func (TablessSigningKeyType) ValueFromTerraform

func (t TablessSigningKeyType) ValueFromTerraform(ctx context.Context, in tftypes.Value) (attr.Value, error)

func (TablessSigningKeyType) ValueType

func (t TablessSigningKeyType) ValueType(ctx context.Context) attr.Value

type TablessSigningKeyValue

type TablessSigningKeyValue struct {
	basetypes.StringValue
}

func (TablessSigningKeyValue) Equal

func (TablessSigningKeyValue) StringSemanticEquals

func (v TablessSigningKeyValue) StringSemanticEquals(ctx context.Context, newValuable basetypes.StringValuable) (bool, diag.Diagnostics)

StringSemanticEquals returns true if the given string value is semantically equal to the current string value. (case-insensitive)

func (TablessSigningKeyValue) Type

type UserLockPolicyAPIModel added in v10.5.0

type UserLockPolicyAPIModel struct {
	Enabled       bool  `json:"enabled"`
	LoginAttempts int64 `json:"loginAttempts"`
}

type UserLockPolicyResource added in v10.5.0

type UserLockPolicyResource struct {
	ProviderData util.ProviderMetadata
}

func (*UserLockPolicyResource) Configure added in v10.5.0

func (*UserLockPolicyResource) Create added in v10.5.0

func (*UserLockPolicyResource) Delete added in v10.5.0

func (*UserLockPolicyResource) ImportState added in v10.5.0

ImportState imports the resource into the Terraform state.

func (*UserLockPolicyResource) Metadata added in v10.5.0

func (*UserLockPolicyResource) Read added in v10.5.0

func (*UserLockPolicyResource) Schema added in v10.5.0

func (*UserLockPolicyResource) Update added in v10.5.0

type UserLockPolicyResourceModel added in v10.5.0

type UserLockPolicyResourceModel struct {
	Name          types.String `tfsdk:"name"`
	Enabled       types.Bool   `tfsdk:"enabled"`
	LoginAttempts types.Int64  `tfsdk:"login_attempts"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL