How to allow Anonymous access to the specific Artifacts/Images in the Repository:

ARTIFACTORY: How to allow Anonymous access to the specific Artifacts/Images in the Repository

AuthorFullName__c
Sanjay C
articleNumber
000006087
ft:sourceType
Salesforce
FirstPublishedDate
2024-05-01T09:24:38Z
lastModifiedDate
2024-08-12
VersionNumber
5

To allow anonymous access to specific Artifacts/Images in the Repository, We use Artifactory Permission Targets to define unique permissions and allow access only to specific artifacts/images in the repository by using “Include Pattern”. Please find below the detailed steps in order to allow Anonymous access to the specific Artifacts/Images in the Repository:

Firstly, we have to “Allow Anonymous Access” to Artifactory to activate the anonymous user access to Artifactory. For Artifactory versions before 7.90.x (Classic UI navigation), navigate to Administration -> User Management -> Settings and For Artifactory versions starting from 7.90.x (New Platform UI navigation), navigate to Administration -> Platform Security -> General, and then enable the checkbox for ‘Allow Anonymous Access’. Attached below screenshot for reference.

Classic UI navigation:

User-added image

New Platform UI navigation:

User-added image


Note: This will enable Anonymous access on all Artifactory repositories. However, we will be controlling it using the permission targets.

Once after activating Anonymous access, we have to remove all default permissions defined in Artifactory to the User “Anonymous”.

To do, Navigate to Administration -> User Management -> Permissions. Then Edit the “Anything” and “Any Remote” permission targets to remove existing permission for user “Anonymous”. Attached below screenshot for reference.

Classic UI navigation:

User-added image

User-added image

New Platform UI navigation:

User-added image

User-added image


3.  After removing default permissions, We need to create a New Permission target to set access to the specific Artifact/Image in the Repository to which you want to grant your anonymous user access. In the following example, we have a docker local repository(test-docker-local) and have few images(busybox, nginx) deployed in it. Now assume that we want to allow anonymous access only to busybox images.


User-added image


4. In order to achieve this, I have created a permissions named as ‘allowAnonymousAccessToSpecificArtifacts’ and then under ‘Resources’ I have added ‘test-docker-local’ repository to the ‘allowAnonymousAccessToSpecificArtifacts’ permissions. Then, I have removed the default(**) include pattern and added ‘busybox/**’ include pattern in the repositories resources. This will allow access only to Busybox image which is present in the test-docker-local repository.

User-added image


5.  Then I have added the ‘Anonymous’ user with ‘read’ to ‘allowAnonymousAccessToSpecificArtifacts’ permissions under the Users tab.

User-added image


Once after defining the permissions for a specific image, I performed a test by pulling the images(busybox & Nginx) present in ‘test-docker-local’ repository using an anonymous user. Below is the result of each test.

Test 1: Downloading ‘busybox’ image using anonymous user

User-added image

Test 2: Downloading ‘nginx’ image using anonymous user

User-added image

In the Test 1, we were able to successfully pull the ‘busybox’ image from ‘test-docker-local’ repository anonymously but from the same ‘test-docker-local’ repository on Test 2, the nginx was failed to pull due to permission issue which is because we only set ‘busybox’ in the ‘include pattern’ for anonymous user.