README
¶
Terraform provider Nexus
Introduction
Terraform provider to configure Sonatype Nexus using it's API.
Implemented and tested with Sonatype Nexus 3.24.0-02.
Usage
Provider config
provider "nexus" {
insecure = true
password = "admin123"
url = "https://127.0.0.1:8080"
username = "admin"
}
Data Sources
Data nexus_blobstore
data "nexus_blobstore" "default" {
name = "default
}
Data nexus_privileges
Get all privileges matching all optional filters. All parameters are optional. The returned list contains all privileges that match all specified parameters!
data "nexus_privileges" "exmaple" {
domain = "application"
format = "maven2"
repository = "maven-public"
type = "repository-admin"
}
Data nexus_repository
data "nexus_repository" "maven-central" {
name = "maven-central"
}
Data nexus_user
data "nexus_user" "admin" {
userid = "admin"
}
Resources
Resource nexus_blobstore
Blobstore can be imported using
terraform import nexus_blobstore.default default
Use File
resource "nexus_blobstore" "default" {
name = "blobstore-01"
type = "File"
path = "/nexus-data/blobstore-01"
soft_quota {
limit = 1024
type = "spaceRemainingQuota"
}
}
Use S3
resource "nexus_blobstore" "aws" {
name = "blobstore-01"
type = "S3"
bucket_configuration {
bucket {
name = "aws-bucket-name"
region = "us-central-1"
}
bucket_security {
access_key_id = "<your-aws-access-key-id>"
secret_access_key = "<your-aws-secret-access-key>"
}
}
soft_quota {
limit = 1024
type = "spaceRemainingQuota"
}
}
Resource nexus_content_selector
Content selector can be imported using
terraform import nexus_content_selector.docker-public docker-public
resource "nexus_content_selector" "docker-public" {
name = "docker-public"
description = "A content selector matching public docker images."
expression = "path =^ \"/v2/public/\""
}
Resource nexus_privilege
Privilege can be imported using
terraform import nexus_privilege.docker-public-read docker-public-read
Content Selector
resource "nexus_privilege" "docker-public-read" {
name = "docker-public-read"
description = "Read permission on the docker public path."
type = "repository-content-selector"
content_selector = "docker-public"
actions = [
"read"
]
}
Resource nexus_repository
Repository can be imported using
terraform import nexus_repository.maven_central maven-central
APT hosted
resource "nexus_repository" "apt_hosted" {
name = "apt-repo"
format = "apt"
type = "hosted"
apt {
distribution = "bionic"
}
apt_signing {
keypair = "<keypair>"
passphrase = "<passphrase>"
}
storage {
blob_store_name = "default"
strict_content_type_validation = true
write_policy = "ALLOW_ONCE"
}
}
Bower hosted
resource "nexus_repository" "bower_hosted" {
name = "bower-hosted-repo"
format = "bower"
type = "hosted"
bower {
rewrite_package_urls = false
}
storage {
blob_store_name = "default"
strict_content_type_validation = true
write_policy = "ALLOW_ONCE"
}
}
Docker group
resource "nexus_repository" "docker_group" {
name = "docker-group"
format = "docker"
type = "group"
online = true
group {
member_names = ["docker-hub"]
}
docker {
force_basic_auth = true
http_port = 5000
https_port = 5001
v1enabled = false
}
storage {
blob_store_name = "default"
strict_content_type_validation = true
}
}
Docker hosted
resource "nexus_repository" "docker_hosted" {
name = "docker-hosted"
format = "docker"
type = "hosted"
online = true
docker {
http_port = 8082
https_port = 8083
force_basic_auth = true
v1enabled = true
}
storage {
blob_store_name = "default"
strict_content_type_validation = true
write_policy = "ALLOW_ONCE"
}
}
resource "nexus_repository" "docker_hub" {
name = "docker-hub"
type = "proxy"
format = "docker"
docker {
force_basic_auth = true
v1enabled = true
}
docker_proxy {
index_type = "HUB"
}
http_client {
# Optional
authentication {
type = "username"
username = "example"
ntlm_domain = "example"
ntlm_host = "host.example.com"
}
}
negative_cache {
enabled = true
ttl = 1440
}
proxy {
remote_url = "https://registry-1.docker.io"
}
storage {
blob_store_name = "default"
strict_content_type_validation = true
write_policy = "ALLOW"
}
}
NPM hosted
resource "nexus_repository" "npm_hosted" {
name = "npm-hosted-repo"
format = "npm"
type = "hosted"
storage {
blob_store_name = "default"
strict_content_type_validation = true
write_policy = "ALLOW_ONCE"
}
}
Nuget proxy
resource "nexus_repository" "nuget_proxy" {
name = "nuget-proxy-repo"
format = "nuget"
type = "proxy"
online = true
http_client {
auto_block = true
blocked = false
# Optional
authentication {
type = "username"
username = "example"
ntlm_domain = "example"
ntlm_host = "host.example.com"
}
}
negative_cache {
enabled = true
ttl = 1440
}
nuget_proxy {
query_cache_item_max_age = 1440
}
proxy {
remote_url = "https://www.nuget.org/api/v2/"
}
storage {
write_policy = "ALLOW"
}
}
PyPi hosted
resource "nexus_repository" "pypi_hosted" {
name = "pypi-hosted-repo"
format = "pypi"
type = "hosted"
storage {
blob_store_name = "default"
strict_content_type_validation = true
write_policy = "ALLOW_ONCE"
}
}
PyPi proxy
resource "nexus_repository" "pypi_proxy" {
name = "pypi-proxy-repo"
format = "pypi"
type = "proxy"
online = true
http_client {
auto_block = true
blocked = false
# Optional
authentication {
type = "username"
username = "example"
ntlm_domain = "example"
ntlm_host = "host.example.com"
}
}
negative_cache {
enabled = true
ttl = 1440
}
proxy {
remote_url = "https://pypi.org"
}
storage {
write_policy = "ALLOW"
}
}
RAW hosted
resource "nexus_repository" "raw_hosted" {
name = "raw-hosted-repo"
format = "raw"
type = "hosted"
storage {
blob_store_name = "default"
strict_content_type_validation = true
write_policy = "ALLOW_ONCE"
}
}
RAW proxy
resource "nexus_repository" "raw_proxy" {
format = "raw"
name = "raw-proxy-repo"
online = true
type = "proxy"
proxy {
remote_url = "https://nodejs.org/dist/"
}
http_client {
...
}
negative_cache {
enabled = true
ttl = 1440
}
storage {
...
}
}
Resource nexus_role
Role can be imported using
terraform import nexus_role.nx_admin nx-admin
resource "nexus_role" "nx-admin" {
roleid = "nx-admin"
name = "nx-admin"
description = "Administrator role"
privileges = ["nx-all"]
roles = []
}
Resource nexus_user
User can be imported using
terraform import nexus_user.admin admin
resource "nexus_user" "admin" {
userid = "admin"
firstname = "Administrator"
lastname = "User"
email = "nexus@example.com"
password = "admin123"
roles = ["nx-admin"]
status = "active"
}
Resource nexus_script
Script can be imported using
terraform import nexus_script.my_script my-script
resource "nexus_script" "hello_world" {
name = "hello-world"
content = "log.info('Hello, World!')"
}
Build
There is a makefile to build the provider.
make
To build and install provider on macOS into ~/.terraform.d/plugins/darwin_amd64, you can run
make darwin-build-install
In this case provider will be available to use with your terraform codebase (in terraform init stage).
Testing
For testing start a local Docker container using make
make nexus-start
This will start a Docker container and expose port 8081.
Now start the tests
NEXUS_URL="http://127.0.0.1:8081" NEXUS_USERNAME="admin" NEXUS_PASSWORD="admin123" make testacc
or without s3 tests which require additional configuration:
SKIP_S3_TESTS=1 NEXUS_URL="http://127.0.0.1:8081" NEXUS_USERNAME="admin" NEXUS_PASSWORD="admin123" make testacc
NOTE: To test Blobstore type S3 following environment variables must be set, otherwise tests will fail.
AWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEYAWS_DEFAULT_REGIONthe AWS region of the S3 bucket to use, defaults toeu-central-1AWS_BUCKET_NAMEthe name of S3 bucket to use, defaults toterraform-provider-nexus-s3-test
To debug tests
Set env variable TF_LOG=DEBUG to see additional output.
Use printState() function to discover terraform state (and resource props) during test.
Debug configurations are also available for VS Code.
Author
Documentation
¶
There is no documentation for this package.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.