Terraform-provider-nexus: Doesn't seem to be possible to get/extract a list of privileges for Repository created.
Hi guys,
This is an enhancement request.
After Repository creation, Nexus creates privileges for this repository.
Further, in work it might happen that more privileges need to be added/attached to this or that role.
And it's impossible right now to get a list of privileges for the specific repository.
Use-case: needed a role that has privileges from multiple Repositories.
It would be awesome to have this kind of feature. ;)
Regards,
Taras.
fog1985
All 16 comments
Hi @fog1985 ,
would it help to provide a data source for privileges? It could return, based on a filter like domain, repository or name, all privileges matching the filter. You could than use the returned list to do some other stuff with it.
resource "nexus_repository" "demo" {
type = "hosted"
format = "maven2"
name = "demo"
...
}
data "nexus_privileges" "demo" {
repository = nexus_repository.demo.name
}
Nosmoht
on 4 Jun 2020
Hi @Nosmoht ,
Yeap. It would work like a charm.
fog1985
on 4 Jun 2020
@Nosmoht ,
It would be nice to have the possibility of multiple filters or nested results. Cuz in the repository there are multiple types of privileges. Hence it would be nice to get let's say privileges of type repository-view which are applied for this repository.
fog1985
on 4 Jun 2020
Nosmoht
on 5 Jun 2020
Documentation
Cool. Thank you @Nosmoht
fog1985
on 5 Jun 2020
@fog1985 Please let me know if it works and if we can close the issue.
Nosmoht
on 5 Jun 2020
Hey @Nosmoht ,
I am sure it works. Don't have a chance to put a new release and test it right away.
Or please leave it for a few days and I will try my best to test it out early next week.
fog1985
on 5 Jun 2020
Hi @Nosmoht ,
I have just tried to use it. And a bit confused with the way of how to declare all the needed stuff.
Here what I have:
data "nexus_privileges" "apt-proxy-read" {
format = "apt"
repository = "apt-proxy"
type = "repository-view"
privileges {
actions = ["read"]
}
}
Was referring at this code:
https://github.com/datadrivers/terraform-provider-nexus/blob/master/nexus/data_source_privileges.go
It indeed seems to have privileges section.
But not sure what is the difference between format for example in a root declaration and format inside of the privileges.
Nevertheless, I get as follow:
Error: "privileges": this field cannot be set
on roles.tf line 1, in data "nexus_privileges" "apt-proxy-read":
1: data "nexus_privileges" "apt-proxy-read" {
If I put actions into the root still fails that actions are not expected here.
fog1985
on 16 Jun 2020
Hi @fog1985 ,
the data resource is used to get the list of privileges for the specified repository format and type. So please remove the privileges from your declaration and you should get a list of all privileges of repository apt-proxy as return value.
Nosmoht
on 18 Jun 2020
Hi @Nosmoht ,
Thanks. I have managed to read all the privileges' names as follow:
data "nexus_privileges" "apt-proxy-read" {
format = "apt"
repository = "apt-proxy"
type = "repository-view"
}
output "privileges" {
value = data.nexus_privileges.apt-proxy-read.privileges.*.name
}
Is there a way to get a privilege for example which's action stands for READ or WRITE?
Or just a list of all privileges?
Also not clear about this parameter in data source block:
type = "repository-view"
Should it be the format of the repository or format of the privileges?
If it's a format of the privileges then it doesn't work as expected. Cuz with repository-view I got the full list of all the privileges including those aimed for write/edit etc.
It would be nice to have a short example on how to filter out the output of data source to some READ, WRITE, or other filters for privileges.
fog1985
on 18 Jun 2020
I believe the only thing we could do is to add a name filter like name = ".*-read". So we could use a regexp on the privilege name to get only privileges matching the regexp. Would that help you?
Nosmoht
on 18 Jun 2020
I think yes. That would work.
I also tried to use Terrafomr's filter facility. As described here:
https://www.terraform.io/docs/providers/oci/guides/filters.html
Doesn't work either.
data "nexus_privileges" "apt-proxy-read" {
format = "apt"
repository = "apt-proxy"
type = "repository-view"
filter {
name = "actions"
values = ["READ"]
}
}
Result:
Error: Unsupported block type
on roles.tf line 6, in data "nexus_privileges" "apt-proxy-read":
6: filter {
Blocks of type "filter" are not expected here.
So name would work if possible.
fog1985
on 18 Jun 2020
As an interim solution, I have just come up with this one:
value = [for x in data.nexus_privileges.apt-proxy-read.privileges: x.name if contains(x["actions"], "READ")]
Which returns READ privilege. :)
fog1985
on 18 Jun 2020
For those who might be looking for the same:
output "privileges_apt_proxy_all_read" {
value = [for x in data.nexus_privileges.apt-proxy-read.privileges: x.name if can(regex("ALL|READ", join("",x.actions)))]
}
output "privileges_apt_proxy_browse" {
value = [for x in data.nexus_privileges.apt-proxy-read.privileges: x.name if can(regex("BROWSE", join("",x.actions)))]
}
output "privileges_multiple_repos_example" {
value = concat([for x in data.nexus_privileges.apt-proxy-read.privileges: x.name if can(regex("ALL|READ", join("",x.actions)))], [for x in data.nexus_privileges.apt-proxy-read.privileges: x.name if can(regex("BROWSE", join("",x.actions)))])
}
In this way, we can get nice filtering based on actions with the usage of RegExp.
Or even combine privileges from different repositories and data sources with the usage of Terraform's concat function.
fog1985
on 18 Jun 2020
Hi @fog1985,
can we close the issue and create a new feature request for the privilege filter?
Nosmoht
on 4 Jul 2020
Hi @fog1985,
can we close the issue and create a new feature request for the privilege filter?
Hi @Nosmoht ,
Sure.
Thank you.
fog1985
on 4 Jul 2020
Related issues
5obol
·
8Comments
Skaronator
·
5Comments
Skaronator
·
3Comments
fog1985
·
8Comments
marek-budyn
·
5Comments