Replicate Artifactory Configuration with Terraform Provider Plugin

It takes a large team to manage enterprise DevOps, and it can take a large team of binary repository managers, too. It’s vital to get all team members going the same way, and quickly.

A growing developer organization will have many instances of Artifactory to help them scale, on multiple nodes for high availability and multi-site repository replication. Configuring them all precisely, with the same set of repositories, users, and permissions, can’t be done effectively one at a time.

Now, with the Artifactory Provider plugin for Terraform, you can use your infrastructure management tool to configure your entire set of Artifactory instances. You can consistently replicate Artifactory server configuration through automation from day 1 of installation and beyond.

 

Terraform is the infrastructure as code tool from HashiCorp that enables building, changing, and managing infrastructure in a safe, repeatable way. Using a configuration language called HashiCorp Configuration Language (HCL), operators and infrastructure teams can manage environments through human-readable, automated deployments.

The Artifactory Provider for Terraform is a free plugin that extends HCL to be able to command an Artifactory instance. It enables infrastructure managers to configure Artifactory repositories, permissions, and more through Terraform scripts.

Once able to automate configuration of Artifactory, it’s fast and easy to replicate those configurations reliably across several instances of Artifactory, or several hundred.

Artifactory Terraform Provider

Using the Artifactory Provider

You must enable the plugin in your Terraform script by adding the following snippet to your .tf file. The required_providers declaration will automatically load the plugin from the Terraform registry.

terraform {
  required_providers {
    artifactory = {
      source = "jfrog/artifactory"
      version = "2.2.4"
    }
  }
}
 
variable "artifactory_url" {
  description = "The base URL of the Artifactory deployment"
  type        = string
}
variable "artifactory_username" {
  description = "The username for the Artifactory administrator"
  type        = string
}
variable "artifactory_password" {
  description = "The password for the Artifactory administrator"
  type        = string
}
 
provider "artifactory" {
 # Configuration options
  url = "${var.artifactory_url}"
  username = "${var.artifactory_username}"
  password = "${var.artifactory_password}"
}

 

Note that for best security practice, you should never include secrets (such as the Artifactory username and password) in your plaintext Terraform file. In the above example, we rely on Terraform environment variables to contain our secrets as well as the base URL for our Artifactory deployment. You can learn about other methods in this guide to managing secrets for Terraform.

The example shows how to access Artifactory using basic auth. If you prefer, you can authorize by access_token or api_key .

Configure Artifactory Repositories

To configure a local repository using the Artifactory Terraform provider, you will need to add a resource section to your Terraform script:

# Create a new repository
resource "artifactory_local_repository" "pypi-libs" {
  key             = "terraform-pypi-libs"
  package_type    = "pypi"
  repo_layout_ref = "simple-default"
  description     = "A pypi repository for python packages"
}

 

In our example above, we create a new PyPi local repository called terraform-pypi-libs using the simple default repository layout settings.

You can also configure remote repositories and virtual repositories using other Artifactory Provider resource types.

Configure Artifactory Users, Groups, and Permissions

You can add resources to your Terraform script to configure the set of users and groups that can access Artifactory repositories with specific permissions.

For example, you might script to create a set of users for the team of front-end developers that can access the repositories you create.

# Create a new Artifactory group for the team
resource "artifactory_group" "fe-group" {
  name             = "fe-dev"
  description      = "Front End Development Team"
  admin_privileges = false
}
 
# Create new Artifactory users for the team
resource "artifactory_user" "fe-user-lead" {
  name     = "aliyahm"
  email    = "aliyahm@mycompany.com"
  groups   = ["logged-in-users", "readers", “fe-dev”]
  password = ${var.artifactory_default_pw}
}
resource "artifactory_user" "fe-user-dev1" {
  name     = "sanjayr"
  email    = "sanjayr@mycompany.com"
  groups   = ["logged-in-users", "readers", “fe-dev”]
  password = ${var.artifactory_default_pw}
}
resource "artifactory_user" "fe-user-dev2" {
  name     = "ericb"
  email    = "ericb@mycompany.com"
  groups   = ["logged-in-users", "readers", “fe-dev”]
  password = ${var.artifactory_default_pw}
}
 
# Create a new Artifactory permission target called fe-perm
resource "artifactory_permission_target" "fe-perm" {
  name = "fe-perm"
 
  repo {
    includes_pattern = ["foo/**"]
    excludes_pattern = ["bar/**"]
    repositories     = ["terraform-pypi-libs"]
 
    actions {
      users {
        name        = "markz"
        permissions = ["read", "write"]
      }
 
      groups {
        name        = “fe-dev”
        permissions = ["read", "write"]
      }
    }
  }
}

 

Additional Resource Options

In addition to managing repositories and credentials, the Artifactory Terraform Provider supports the following:

Replication Configuration

You can create and manage Artifactory repository replications through the provider. Facilities are available for multi-site replication configuration, or for single Artifactory replication.

Certificates

An Artifactory certificate resource can be used to create and manage Artifactory certificates for client authentication against remote repositories.

Data Sources

Data sources enable data to be fetched or computed for use elsewhere in Terraform configuration. The Artifactory Provider makes available data sources for Artifactory repository files and for metadata of files stored in Artifactory repositories.

Running Terraform

Once your Terraform script is completed, you can run it with Terraform.

For our example that uses basic auth, you would need to set the environment variables with your credential secrets:

$ export TF_VAR_artifactory_url=https://artifactory.mycompany.com/artifactory
$ export TF_VAR_artifactory_username=
$ export TF_VAR_artifactory_password=

 

Then you need to run the Terraform init command to deploy the configuration file and initialize the directory:

$ terraform init

Once properly set up, you can apply Terraform to configure Artifactory:

$ terraform apply

Learn More

With the Artifactory Provider, you’re able to include your binary repository management in your automated infrastructure configuration, in conformance with all features such as Terraform state management.

To explore more, you can browse the Artifactory Provider documentation.

And you can also watch the JFrog/Hashicorp webinar, where experts from both companies walk you through best practices for helping to enhance your team’s artifact experiences. 

Together, HashiCorp and JFrog can enable you to automate your application infrastructure end-to-end.