The New artifactory-build-info Repository and How to Configure Permissions to It

Adi Vizgan
2023-01-22 11:11

The default artifactory-build-info repository was introduced in Artifactory version 6.6. It replaced the old mechanism for storing build-info files as blobs in the Artifactory database. The artifactory-build-info repository stores all build info files uploaded to Artifactory by the different CI server plugins, including the Artifactory Jenkins Plugin and JFrog CLI, or directly through the Build Upload REST API or Artifactory UI. Build information is available using the REST API and the Builds page in the Artifactory UI.

The artifactory-build-info repository introduced a new set of user/group permissions that define access to the build-info files. These are equivalent to managing permissions on repositories with include/exclude patterns on build-info JSON paths in the build-info repository. Permissions can be automated using the Create or Replace Permission Target REST API call, which now uses the V2 JSON format, which contains a new section for build-info permissions.

For example, the following cURL and build-info-permission.json define a new permission target called java-developers, for a build called test-maven:

cURL command:

curl -uadmin:password -XPUT "http://localhost:8081/artifactory/api/v2/security/permissions/java-developers" -H "Content-type: application/json" -T build-info-permission.json

build-info-permission.json:

{
"name": "java-developers",
"repo": {
"include-patterns": ["**"] (default),
"exclude-patterns": [""] (default),
"repositories": ["generic-local"],
"actions": {
"users" : {
"test1": ["read","write","manage"],
"test2" : ["write","annotate", "read"]
},
"groups" : {
"group1" : ["manage","read","annotate"],
"readers" : ["read"]
}
}
},
"build": {
"include-patterns": ["test-maven/**"] (default),
"exclude-patterns": [""] (default),
"repositories": ["artifactory-build-info"] (default, can't be changed),
"actions": {
"users" : {
"test1": ["read","manage"],
"test2" : ["write"]
},
"groups" : {
"group1" : ["manage","read","write","annotate","delete"],
"readers" : ["read"]
}
}
}
}

NOTE: When upgrading Artifactory to version 6.6 or above, a migration process will start to move all of your build-info files from the database to the new artifactory-build-info repository. You can control the migration process through the use of a few system properties, which can be added to the artifactory.system.properties file located in $ARTIFACTORY_HOME/etc.​​​​​​​