Hi guys,
This is an enhancement request.
After Repository creation, Nexus creates privileges for this repository.
Further, in work it might happen that more privileges need to be added/attached to this or that role.
And it's impossible right now to get a list of privileges for the specific repository.
Use-case: needed a role that has privileges from multiple Repositories.
It would be awesome to have this kind of feature. ;)
Regards,
Taras.
Hi @fog1985 ,
would it help to provide a data source for privileges? It could return, based on a filter like domain
, repository
or name
, all privileges matching the filter. You could than use the returned list to do some other stuff with it.
resource "nexus_repository" "demo" {
type = "hosted"
format = "maven2"
name = "demo"
...
}
data "nexus_privileges" "demo" {
repository = nexus_repository.demo.name
}
Hi @Nosmoht ,
Yeap. It would work like a charm.
@Nosmoht ,
It would be nice to have the possibility of multiple filters or nested results. Cuz in the repository there are multiple types of privileges. Hence it would be nice to get let's say privileges of type repository-view
which are applied for this
repository.
Documentation
Cool. Thank you @Nosmoht
@fog1985 Please let me know if it works and if we can close the issue.
Hey @Nosmoht ,
I am sure it works. Don't have a chance to put a new release and test it right away.
Or please leave it for a few days and I will try my best to test it out early next week.
Hi @Nosmoht ,
I have just tried to use it. And a bit confused with the way of how to declare all the needed stuff.
Here what I have:
data "nexus_privileges" "apt-proxy-read" {
format = "apt"
repository = "apt-proxy"
type = "repository-view"
privileges {
actions = ["read"]
}
}
Was referring at this code:
https://github.com/datadrivers/terraform-provider-nexus/blob/master/nexus/data_source_privileges.go
It indeed seems to have privileges
section.
But not sure what is the difference between format
for example in a root declaration and format
inside of the privileges.
Nevertheless, I get as follow:
Error: "privileges": this field cannot be set
on roles.tf line 1, in data "nexus_privileges" "apt-proxy-read":
1: data "nexus_privileges" "apt-proxy-read" {
If I put actions
into the root still fails that actions are not expected here
.
Hi @fog1985 ,
the data resource is used to get the list of privileges for the specified repository format
and type
. So please remove the privileges
from your declaration and you should get a list of all privileges of repository apt-proxy
as return value.
Hi @Nosmoht ,
Thanks. I have managed to read all the privileges' names as follow:
data "nexus_privileges" "apt-proxy-read" {
format = "apt"
repository = "apt-proxy"
type = "repository-view"
}
output "privileges" {
value = data.nexus_privileges.apt-proxy-read.privileges.*.name
}
Is there a way to get a privilege for example which's action stands for READ
or WRITE
?
Or just a list of all privileges?
Also not clear about this parameter in data source block:
type = "repository-view"
Should it be the format of the repository or format of the privileges?
If it's a format of the privileges then it doesn't work as expected. Cuz with repository-view
I got the full list of all the privileges including those aimed for write/edit etc.
It would be nice to have a short example on how to filter out the output of data source to some READ, WRITE, or other filters for privileges.
I believe the only thing we could do is to add a name filter like name = ".*-read"
. So we could use a regexp on the privilege name to get only privileges matching the regexp. Would that help you?
I think yes. That would work.
I also tried to use Terrafomr's filter
facility. As described here:
https://www.terraform.io/docs/providers/oci/guides/filters.html
Doesn't work either.
data "nexus_privileges" "apt-proxy-read" {
format = "apt"
repository = "apt-proxy"
type = "repository-view"
filter {
name = "actions"
values = ["READ"]
}
}
Result:
Error: Unsupported block type
on roles.tf line 6, in data "nexus_privileges" "apt-proxy-read":
6: filter {
Blocks of type "filter" are not expected here.
So name
would work if possible.
As an interim solution, I have just come up with this one:
value = [for x in data.nexus_privileges.apt-proxy-read.privileges: x.name if contains(x["actions"], "READ")]
Which returns READ
privilege. :)
For those who might be looking for the same:
output "privileges_apt_proxy_all_read" {
value = [for x in data.nexus_privileges.apt-proxy-read.privileges: x.name if can(regex("ALL|READ", join("",x.actions)))]
}
output "privileges_apt_proxy_browse" {
value = [for x in data.nexus_privileges.apt-proxy-read.privileges: x.name if can(regex("BROWSE", join("",x.actions)))]
}
output "privileges_multiple_repos_example" {
value = concat([for x in data.nexus_privileges.apt-proxy-read.privileges: x.name if can(regex("ALL|READ", join("",x.actions)))], [for x in data.nexus_privileges.apt-proxy-read.privileges: x.name if can(regex("BROWSE", join("",x.actions)))])
}
In this way, we can get nice filtering based on actions
with the usage of RegExp
.
Or even combine privileges from different repositories and data sources with the usage of Terraform's concat
function.
Hi @fog1985,
can we close the issue and create a new feature request for the privilege filter?
Hi @fog1985,
can we close the issue and create a new feature request for the privilege filter?
Hi @Nosmoht ,
Sure.
Thank you.