fix(jfrog-token)!: add attributes to fine control the token behaviour (coder#100)

matifali · web-flow · commit 8e3f48ce5ca4 · 2023-11-15T16:03:43.000+03:00
diff --git a/jfrog-token/README.md b/jfrog-token/README.md
@@ -16,8 +16,8 @@ Install the JF CLI and authenticate package managers with Artifactory using Arti
 module "jfrog" {
     source = "https://registry.coder.com/modules/jfrog-token"
     agent_id = coder_agent.example.id
-    jfrog_url = "https://YYYY.jfrog.io"
-    artifactory_access_token = var.artifactory_access_token # An admin access token
+    jfrog_url = "https://XXXX.jfrog.io"
+    artifactory_access_token = var.artifactory_access_token
     package_managers = {
       "npm": "npm",
       "go": "go",
@@ -26,7 +26,7 @@ module "jfrog" {
 }
 ```
 
-Get a JFrog access token from your Artifactory instance. The token must have admin permissions. It is recommended to store the token in a secret terraform variable.
+Get a JFrog access token from your Artifactory instance. The token must be an [admin token](https://registry.terraform.io/providers/jfrog/artifactory/latest/docs#access-token). It is recommended to store the token in a secret terraform variable.
 
 ```hcl
 variable "artifactory_access_token" {
diff --git a/jfrog-token/main.tf b/jfrog-token/main.tf
@@ -23,10 +23,28 @@ variable "artifactory_access_token" {
   description = "The admin-level access token to use for JFrog."
 }
 
+variable "check_license" {
+  type        = bool
+  description = "Toggle for pre-flight checking of Artifactory license. Default to `true`."
+  default     = true
+}
+
+variable "refreshable" {
+  type        = bool
+  description = "Is this token refreshable? Default is `false`."
+  default     = false
+}
+
+variable "expires_in" {
+  type        = number
+  description = "The amount of time, in seconds, it would take for the token to expire."
+  default     = null
+}
+
 variable "username_field" {
   type        = string
-  description = "The field to use for the artifactory username. i.e. Coder username or email."
-  default     = "email"
+  description = "The field to use for the artifactory username. Default `username`."
+  default     = "username"
   validation {
     condition     = can(regex("^(email|username)$", var.username_field))
     error_message = "username_field must be either 'email' or 'username'"
@@ -58,16 +76,18 @@ locals {
 
 # Configure the Artifactory provider
 provider "artifactory" {
-  url          = join("/", [var.jfrog_url, "artifactory"])
-  access_token = var.artifactory_access_token
+  url           = join("/", [var.jfrog_url, "artifactory"])
+  access_token  = var.artifactory_access_token
+  check_license = var.check_license
 }
 
 resource "artifactory_scoped_token" "me" {
   # This is hacky, but on terraform plan the data source gives empty strings,
   # which fails validation.
   username    = length(local.username) > 0 ? local.username : "dummy"
   scopes      = ["applied-permissions/user"]
-  refreshable = true
+  refreshable = var.refreshable
+  expires_in  = var.expires_in
 }
 
 data "coder_workspace" "me" {}
