|
| 1 | +# JFrog Artifactory Integration |
| 2 | + |
| 3 | +<div> |
| 4 | + <a href="https://github.com/matifali" style="text-decoration: none; color: inherit;"> |
| 5 | + <span style="vertical-align:middle;">M Atif Ali</span> |
| 6 | + <img src="https://github.com/matifali.png" width="24px" height="24px" style="vertical-align:middle; margin: 0px;"/> |
| 7 | + </a> |
| 8 | +</div> |
| 9 | +January 24, 20204 |
| 10 | + |
| 11 | +--- |
| 12 | + |
| 13 | +Use Coder and JFrog Artifactory together to secure your development environments |
| 14 | +without disturbing your developers' existing workflows. |
| 15 | + |
| 16 | +This guide will demonstrate how to use JFrog Artifactory as a package registry |
| 17 | +within a workspace. |
| 18 | + |
| 19 | +## Requirements |
| 20 | + |
| 21 | +- A JFrog Artifactory instance |
| 22 | +- 1:1 mapping of users in Coder to users in Artifactory by email address or |
| 23 | + username |
| 24 | +- Repositories configured in Artifactory for each package manager you want to |
| 25 | + use |
| 26 | + |
| 27 | +## Provisioner Authentication |
| 28 | + |
| 29 | +The most straight-forward way to authenticate your template with Artifactory is |
| 30 | +by using our official Coder [modules](https://registry.coder.com). We publish |
| 31 | +two type of modules that automate the JFrog Artifactory and Coder integration. |
| 32 | + |
| 33 | +1. JFrog-OAuth |
| 34 | +2. JFrog-Token |
| 35 | + |
| 36 | +### JFrog-OAuth |
| 37 | + |
| 38 | +This module is usable by JFrog self-hosted (on-premises) Artifactory as it |
| 39 | +requires configuring a custom integration. This integration benefits from |
| 40 | +Coder's [external-auth](https://coder.com/docs/v2/latest/admin/external-auth) |
| 41 | +feature and allows each user to authenticate with Artifactory using an OAuth |
| 42 | +flow and issues user-scoped tokens to each user. |
| 43 | + |
| 44 | +To set this up, follow these steps: |
| 45 | + |
| 46 | +1. Modify your Helm chart `values.yaml` for JFrog Artifactory to add, |
| 47 | + |
| 48 | +```yaml |
| 49 | +artifactory: |
| 50 | + enabled: true |
| 51 | + frontend: |
| 52 | + extraEnvironmentVariables: |
| 53 | + - name: JF_FRONTEND_FEATURETOGGLER_ACCESSINTEGRATION |
| 54 | + value: "true" |
| 55 | + access: |
| 56 | + accessConfig: |
| 57 | + integrations-enabled: true |
| 58 | + integration-templates: |
| 59 | + - id: "1" |
| 60 | + name: "CODER" |
| 61 | + redirect-uri: "https://CODER_URL/external-auth/jfrog/callback" |
| 62 | + scope: "applied-permissions/user" |
| 63 | +``` |
| 64 | +
|
| 65 | +> Note Replace `CODER_URL` with your Coder deployment URL, e.g., |
| 66 | +> <coder.example.com> |
| 67 | + |
| 68 | +2. Create a new Application Integration by going to |
| 69 | + <https://JFROG_URL/ui/admin/configuration/integrations/new> and select the |
| 70 | + Application Type as the integration you created in step 1. |
| 71 | + |
| 72 | + |
| 73 | + |
| 74 | +3. Add a new |
| 75 | + [external authentication](https://coder.com/docs/v2/latest/admin/external-auth) |
| 76 | + to Coder by setting these env variables, |
| 77 | + |
| 78 | +```env |
| 79 | +# JFrog Artifactory External Auth |
| 80 | +CODER_EXTERNAL_AUTH_1_ID="jfrog" |
| 81 | +CODER_EXTERNAL_AUTH_1_TYPE="jfrog" |
| 82 | +CODER_EXTERNAL_AUTH_1_CLIENT_ID="YYYYYYYYYYYYYYY" |
| 83 | +CODER_EXTERNAL_AUTH_1_CLIENT_SECRET="XXXXXXXXXXXXXXXXXXX" |
| 84 | +CODER_EXTERNAL_AUTH_1_DISPLAY_NAME="JFrog Artifactory" |
| 85 | +CODER_EXTERNAL_AUTH_1_DISPLAY_ICON="/icon/jfrog.svg" |
| 86 | +CODER_EXTERNAL_AUTH_1_AUTH_URL="https://JFROG_URL/ui/authorization" |
| 87 | +CODER_EXTERNAL_AUTH_1_SCOPES="applied-permissions/user" |
| 88 | +``` |
| 89 | + |
| 90 | +> Note Replace `JFROG_URL` with your JFrog Artifactory base URL, e.g., |
| 91 | +> <example.jfrog.io> |
| 92 | + |
| 93 | +4. Create or edit a Coder template and use the |
| 94 | + [JFrog-OAuth](https://registry.coder.com/modules/jfrog-oauth) module to |
| 95 | + configure the integration. |
| 96 | + |
| 97 | +```hcl |
| 98 | +module "jfrog" { |
| 99 | + source = "registry.coder.com/modules/jfrog-oauth/coder" |
| 100 | + version = "1.0.0" |
| 101 | + agent_id = coder_agent.example.id |
| 102 | + jfrog_url = "https://jfrog.example.com" |
| 103 | + configure_code_server = true # this depends on the code-server |
| 104 | + username_field = "username" # If you are using GitHub to login to both Coder and Artifactory, use username_field = "username" |
| 105 | + package_managers = { |
| 106 | + "npm": "npm", |
| 107 | + "go": "go", |
| 108 | + "pypi": "pypi" |
| 109 | + } |
| 110 | +} |
| 111 | +``` |
| 112 | + |
| 113 | +### JFrog-Token |
| 114 | + |
| 115 | +This module makes use of the |
| 116 | +[Artifactory terraform provider](https://registry.terraform.io/providers/jfrog/artifactory/latest/docs) |
| 117 | +and an admin-scoped token to create user-scoped tokens for each user by matching |
| 118 | +their Coder email or username with Artifactory. This can be used for both SaaS |
| 119 | +and self-hosted(on-premises) Artifactory instances. |
| 120 | + |
| 121 | +To set this up, follow these steps: |
| 122 | + |
| 123 | +1. Get a JFrog access token from your Artifactory instance. The token must be an |
| 124 | + [admin token](https://registry.terraform.io/providers/jfrog/artifactory/latest/docs#access-token) |
| 125 | + with scope `applied-permissions/admin`. |
| 126 | +2. Create or edit a Coder template and use the |
| 127 | + [JFrog-Token](https://registry.coder.com/modules/jfrog-token) module to |
| 128 | + configure the integration and pass the admin token. It is recommended to |
| 129 | + store the token in a sensitive terraform variable to prevent it from being |
| 130 | + displayed in plain text in the terraform state. |
| 131 | + |
| 132 | +```hcl |
| 133 | +variable "artifactory_access_token" { |
| 134 | + type = string |
| 135 | + sensitive = true |
| 136 | +} |
| 137 | +
|
| 138 | +module "jfrog" { |
| 139 | + source = "registry.coder.com/modules/jfrog-token/coder" |
| 140 | + version = "1.0.0" |
| 141 | + agent_id = coder_agent.example.id |
| 142 | + jfrog_url = "https://example.jfrog.io" |
| 143 | + configure_code_server = true # this depends on the code-server |
| 144 | + artifactory_access_token = var.artifactory_access_token |
| 145 | + package_managers = { |
| 146 | + "npm": "npm", |
| 147 | + "go": "go", |
| 148 | + "pypi": "pypi" |
| 149 | + } |
| 150 | +} |
| 151 | +``` |
| 152 | + |
| 153 | +<blockquote class="info"> |
| 154 | +The admin-level access token is used to provision user tokens and is never exposed to |
| 155 | +developers or stored in workspaces. |
| 156 | +</blockquote> |
| 157 | + |
| 158 | +If you do not want to use the official modules, you can check example template |
| 159 | +that uses Docker as the underlying compute |
| 160 | +[here](https://github.com/coder/coder/tree/main/examples/jfrog/docker). The same |
| 161 | +concepts apply to all compute types. |
| 162 | + |
| 163 | +## Offline Deployments |
| 164 | + |
| 165 | +See the [offline deployments](../install/offline.md#coder-modules) section for |
| 166 | +instructions on how to use coder-modules in an offline environment with |
| 167 | +Artifactory. |
| 168 | + |
| 169 | +## More reading |
| 170 | + |
| 171 | +- See the full example template |
| 172 | + [here](https://github.com/coder/coder/tree/main/examples/jfrog/docker). |
| 173 | +- To serve extensions from your own VS Code Marketplace, check out |
| 174 | + [code-marketplace](https://github.com/coder/code-marketplace#artifactory-storage). |
| 175 | +- To store templates in Artifactory, check out our |
| 176 | + [Artifactory modules](../templates/modules.md#artifactory) docs. |
0 commit comments