Skip to content

Commit

Permalink
Merge pull request #895 from jfrog/GH889-fix-scoped-token-validation-…
Browse files Browse the repository at this point in the history
…message

Fix scope validation regex and tests
  • Loading branch information
alexhung authored Feb 29, 2024
2 parents 2877920 + 53787dd commit 5b213e6
Show file tree
Hide file tree
Showing 4 changed files with 13 additions and 8 deletions.
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,9 @@
## 10.1.5 (Feb 29, 2024)

BUG FIXES:

* resource/artifactory_scoped_token: Fix validation regex for `scopes` attribute. Also fix documentation with invalid Markdown. PR: [#895](https://github.com/jfrog/terraform-provider-artifactory/pull/895) Issue: [#889](https://github.com/jfrog/terraform-provider-artifactory/issues/889)

## 10.1.4 (Feb 14, 2024)

BUG FIXES:
Expand Down
4 changes: 2 additions & 2 deletions docs/resources/scoped_token.md
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ resource "artifactory_scoped_token" "audience" {
- `scopes` (Set of String) The scope of access that the token provides. Access to the REST API is always provided by default. Administrators can set any scope, while non-admin users can only set the scope to a subset of the groups to which they belong. The supported scopes include:
- `applied-permissions/user` - provides user access. If left at the default setting, the token will be created with the user-identity scope, which allows users to identify themselves in the Platform but does not grant any specific access permissions.
- `applied-permissions/admin` - the scope assigned to admin users.
- `applied-permissions/groups` - the group to which permissions are assigned by group name (use username to indicate the group name)
- `applied-permissions/groups` - this scope assigns permissions to groups using the following format: `applied-permissions/groups:<group-name>[,<group-name>...]`
- `system:metrics:r` - for getting the service metrics
- `system:livelogs:r` - for getting the service livelogs. The scope to assign to the token should be provided as a list of scope tokens, limited to 500 characters in total.
- Resource Permissions: From Artifactory 7.38.x, resource permissions scoped tokens are also supported in the REST API. A permission can be represented as a scope token string in the following format: `<resource-type>:<target>[/<sub-resource>]:<actions>`
Expand All @@ -95,7 +95,7 @@ resource "artifactory_scoped_token" "audience" {
- `["applied-permissions/user", "artifact:generic-local:r"]`
- `["applied-permissions/group", "artifact:generic-local/path:*"]`
- `["applied-permissions/admin", "system:metrics:r", "artifact:generic-local:*"]`
- `username` (String) The user name for which this token is created. The username is based on the authenticated user - either from the user of the authenticated token or based on the username (if basic auth was used). The username is then used to set the subject of the token: <service-id>/users/<username>. Limited to 255 characters.
- `username` (String) The user name for which this token is created. The username is based on the authenticated user - either from the user of the authenticated token or based on the username (if basic auth was used). The username is then used to set the subject of the token: `<service-id>/users/<username>`. Limited to 255 characters.

### Read-Only

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -154,8 +154,7 @@ func (r *ScopedTokenResource) Schema(ctx context.Context, req resource.SchemaReq
"token will be created with the user-identity scope, which allows users to identify themselves " +
"in the Platform but does not grant any specific access permissions." +
"* `applied-permissions/admin` - the scope assigned to admin users." +
"* `applied-permissions/groups` - the group to which permissions are assigned by group name " +
"(use username to indicate the group name)" +
"* `applied-permissions/groups` - this scope assigns permissions to groups using the following format: applied-permissions/groups:<group-name>[,<group-name>...]" +
"* `system:metrics:r` - for getting the service metrics" +
"* `system:livelogs:r` - for getting the service livelogsr. " +
"The scope to assign to the token should be provided as a list of scope tokens, limited to 500 characters in total.\n" +
Expand Down Expand Up @@ -190,7 +189,7 @@ func (r *ScopedTokenResource) Schema(ctx context.Context, req resource.SchemaReq
"system:metrics:r",
"system:livelogs:r",
),
stringvalidator.RegexMatches(regexp.MustCompile(`^applied-permissions/groups:.+$`), "must be 'applied-permissions/groups:<group-name>[,<group-name>...]'"),
stringvalidator.RegexMatches(regexp.MustCompile(`^applied-permissions\/groups:.+$`), "must be 'applied-permissions/groups:<group-name>[,<group-name>...]'"),
stringvalidator.RegexMatches(regexp.MustCompile(`^artifact:.+:([rwdamxs*]|([rwdamxs]+(,[rwdamxs]+)))$`), "must be '<resource-type>:<target>[/<sub-resource>]:<actions>'"),
),
),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -481,7 +481,7 @@ func TestAccScopedToken_WithInvalidResourceScopes(t *testing.T) {
Steps: []resource.TestStep{
{
Config: accessTokenConfig,
ExpectError: regexp.MustCompile(`.*Invalid Attribute Value Match.*`),
ExpectError: regexp.MustCompile(`.*'<resource-type>:<target>\[\/<sub-resource>]:<actions>'.*`),
},
},
})
Expand All @@ -493,7 +493,7 @@ func TestAccScopedToken_WithInvalidScopes(t *testing.T) {
scopedTokenConfig := util.ExecuteTemplate(
"TestAccScopedToken",
`resource "artifactory_scoped_token" "{{ .name }}" {
scopes = ["foo"]
scopes = ["invalid-scope"]
}`,
map[string]interface{}{
"name": name,
Expand All @@ -506,7 +506,7 @@ func TestAccScopedToken_WithInvalidScopes(t *testing.T) {
Steps: []resource.TestStep{
{
Config: scopedTokenConfig,
ExpectError: regexp.MustCompile(`.*Invalid Attribute Value Match.*`),
ExpectError: regexp.MustCompile(`.*'applied-permissions\/groups:<group-name>\[,<group-name>\.\.\.]'.*`),
},
},
})
Expand Down

0 comments on commit 5b213e6

Please sign in to comment.