Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to assign access token to a group or specific permissions? #88

Open
sheldonhull opened this issue Jul 30, 2020 · 1 comment
Open

How to assign access token to a group or specific permissions? #88

sheldonhull opened this issue Jul 30, 2020 · 1 comment

Comments

@sheldonhull
Copy link

I've looked through the issues and documentation and a bit confused.

When I created an access token through the rest api in the past, I had to assign it to a group to ensure the permissions were associated with the access token.

Right now, I have created the api token using the documented example:

resource "artifactory_api_key" "ci" {}

However, when trying to assign this token into a group, I'm not clear how to do this from the provider documentation.

When doing via POST request, you can see I had to designate member-of-groups for the access token to be generated.

    $invokeRestMethodSplat = @{
        Method  = 'POST'
        Body    =
        @{  
            "username"     = $UserName #this is access token name, anything can be used
            "scope"        = "member-of-groups:$GroupName"
            'Content-Type' = 'application/x-www-form-urlencoded'
            'expires_in'   = 0                                  # Used to set as non-expiring
            'refreshable'  = $true # allow access tokens to be refreshed and leave user the same
        }
        Headers = @{ Authorization = "Basic $encodedCredentials" }
        Uri     = "https://$ACCOUNTNAME.jfrog.io/$ACCOUNTNAME/api/security/token"
    }
    $response = Invoke-RestMethod @invokeRestMethodSplat

What I'd thought I'd see would be something like

resource "artifactory_api_key" "ci" {
      groups = [ resource.group.id ] 
}

If you have any examples on how to do this, or an issue I missed that answered this please let me know. I plan on looking at the provider code more, but figured I'd make this visible so if it's an easy fix others might benefit, or if I contribute a PR with something I can link it to this anyway.

Appreciate the great work on this project as it solves a big need in making Jfrog more manageable.
@sheldonhull
Copy link
Author

I think I've found the answer. This hasn't been implemented.
I found that the go-artifactory library does support this, but it hasn't been implemented into the provider.

https://github.com/atlassian/go-artifactory/blob/6111b34bd09a5f74a3fb36a2a882687693c984a8/artifactory/v1/security.go#L904-L919

// Creates an access token
// Since: 5.0.0
// Security: Requires a valid user
func (s *SecurityService) CreateToken(ctx context.Context, opts *AccessTokenOptions) (*AccessToken, *http.Response, error) {
	path := "/api/security/token"
	req, err := s.client.NewURLEncodedRequest("POST", path, opts)
	if err != nil {
		return nil, nil, err
	}
	req.Header.Set("Accept", client.MediaTypeJson)

	token := new(AccessToken)
	resp, err := s.client.Do(ctx, req, token)
	return token, resp, err
}

This shows the creation for an access token is there, and it's the exact same api endpoint from my powershell invoke-webrequest.
Looks like this needs to be added to provider for me to leverage.
I'll take a look at what that might entail and if I make some progress I'll post an update.
Haven't done a provider contribution yet so I need to familiarize myself with it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sheldonhull