What is the new ‘artifactory-build-info’ repository and how do I configure permissions to it?

Adi Vizgan
2019-04-22 07:20

Subject

This knowledge base article will explain a little about the new 'artifactory-build-info' repository and how to configure permissions to it, via UI and REST.
 

Description

The default artifactory-build-info repository was introduced in Artifactory version 6.6 and replaced the old mechanism to store ‘build-info’ files as blobs in the Artifactory database. This 'artifactory-build-info' repository stores all build info files uploaded to Artifactory by the different CI server plugins, including: the Artifactory Jenkins Plugin, JFrog CLI, and directly through the Build Upload REST API or Artifactory UI. Build information is available using the REST API and the Builds page in the Artifactory UI.

This new repository introduced a new set of user/group permissions that define access to the ‘build-info’ files. These are equivalent to managing permissions on repositories with include/exclude patterns on 'build-info' JSON paths, in the 'build-info' repository. Permissions can be automated using the "Create or Replace Permission Target" REST API call, which now consumes the V2 JSON with a new section for 'build-info' permissions.

For example, the following cURL and 'build-info-permission.json' define a new permission target called "java-developers", for a build called "test-maven":

cURL command:
curl -uadmin:password -XPUT "http://localhost:8081/artifactory/api/v2/security/permissions/java-developers"  -H "Content-type: application/json" -T build-info-permission.json

build-info-permission.json:
{
 "name": "java-developers",
 "repo": {
     "include-patterns": ["**"] (default),
     "exclude-patterns": [""] (default),
     "repositories": ["generic-local"],
     "actions": {
         "users" : {
           "test1": ["read","write","manage"],
           "test2" : ["write","annotate", "read"]
         },
         "groups" : {
           "group1" : ["manage","read","annotate"],
           "readers" : ["read"]
         }
   }
 },
"build": {
     "include-patterns": ["test-maven/**"] (default),
     "exclude-patterns": [""] (default),
     "repositories": ["artifactory-build-info"] (default, can't be changed),
     "actions": {
         "users" : {
           "test1": ["read","manage"],
           "test2" : ["write"]
         },
         "groups" : {
           "group1" : ["manage","read","write","annotate","delete"],
           "readers" : ["read"]
         }
   }
 }
}

Note: When upgrading Artifactory to version 6.6 and above, a migration process will start to move all the 'build-info' files from the database to the new 'artifactory-build-info' repository. You can control the migration process through the use of a few system properties that can be added to the ‘artifactory.system.properties’ file located in $ARTIFACTORY_HOME/etc.