datadrivers / terraform-provider-nexus Goto Github PK
View Code? Open in Web Editor NEWTerraform provider for Sonatype Nexus
Home Page: https://registry.terraform.io/providers/datadrivers/nexus
License: Mozilla Public License 2.0
Terraform provider for Sonatype Nexus
Home Page: https://registry.terraform.io/providers/datadrivers/nexus
License: Mozilla Public License 2.0
Hi guys
I have found almost all the needed resources in your provider. And that is very cool.
Though 1 resource type seems to be missing or just not implemented yet.
Would be wonderful to have it added/implemented as well and be able to fully manage Nexus as code.
This is repository format = raw . I can’t find it implemented in your provider.
We use it for repository types as follow: hosted, group, proxy .
I had a look into the code here:
https://github.com/datadrivers/terraform-provider-nexus/blob/master/nexus/resource_repository.go
And don’t see that raw format is supported.
Here is the official link to the description: https://help.sonatype.com/repomanager3/formats/raw-repositories
I am creating few roles as follow:
resource "nexus_role" "ROLE" {
roleid = "ROLE"
name = "ldap-role bla"
description = "LDAP role for bla"
privileges = ["nx-repository-view-maven2-maven-internal-releases-*", "nx-repository-view-maven2-maven-internal-snapshots-*", "nx-repository-view-maven2-maven-internal-snapshots-browse", "nx-repository-view-maven2-maven-internal-releases-browse"]
roles = ["npm-group-read", "internal-atap-read", "internal-atap-write", "docker-group-read", "pypi-group-read"]
}
And during second or any other applies they are tried to be changed:
# nexus_role.ROLE will be updated in-place
~ resource "nexus_role" "ROLE" {
~ description = "ROLE" -> "LDAP role for bla"
id = "ROLE"
~ name = "ROLE" -> "ldap-role bla"
~ privileges = [
+ "nx-repository-view-maven2-maven-internal-releases-*",
+ "nx-repository-view-maven2-maven-internal-snapshots-*",
+ "nx-repository-view-maven2-maven-internal-snapshots-browse",
+ "nx-repository-view-maven2-maven-internal-releases-browse",
]
roleid = "ROLE"
~ roles = [
+ "npm-group-read",
+ "internal-read",
+ "internal-write",
+ "docker-group-read",
+ "pypi-group-read",
]
}
But in fact there is some error in logic. As description filed never was equal to "ROLE" . The same as name, privileges etc.
Hence there are seem to be multiple issues:
Hi,
When creating the docker hub repository, it tells me about a missing "type" parameter :
"id" : "PARAMETER type",
"message" : "may not be empty"
} ]```
In my terraform script, the "type" is well specified :
```resource "nexus_repository" "docker_hub" {
name = "%s"
format = "docker"
type = "proxy"
...
}```
My Nexus version is 3.22.1
Best regards
Hi !
When I want to declare a Maven group repository, a 404 error occurred.
Example :
resource "nexus_repository" "maven_group_all" {
name = "maven-public-2"
format = "maven2"
type = "group"
group {
member_names = [
"maven-central",
"maven-releases",
"maven-snapshots"
]
}
}
Provider version : 1.6.0
Server version : 3.23.0-03
Hi, I see there are a bunch of repo formats (bower, nuget, docker etc.) - but no npm... are there plans to include npm repositories?
Thanks S
When creating role and applying set or privileges (as list of strings), updating nexus works.
But validation (or re-applying the same terraform config) causes nexus to be updated every time, as list of privileges comes in different order.
Example output from terraform:
# module.project.nexus_role.nx-project will be updated in-place
~ resource "nexus_role" "nx-project" {
description = "Project role"
id = "nx-project"
name = "nx-project"
~ privileges = [
"nx-repository-admin-maven2-common-public-snapshots-*",
"nx-repository-admin-maven2-common-snapshots-*",
+ "nx-repository-admin-maven2-project-snapshots-*",
"nx-repository-admin-maven2-project-public-snapshots-*",
- "nx-repository-admin-maven2-project-releases-*",
+ "nx-repository-admin-maven2-common-public-releases-*",
"nx-repository-admin-maven2-common-releases-*",
- "nx-repository-admin-maven2-project-snapshots-*",
+ "nx-repository-admin-maven2-project-releases-*",
"nx-repository-admin-maven2-project-public-releases-*",
- "nx-repository-admin-maven2-common-public-releases-*",
]
roleid = "nx-project"
roles = []
}
The privileges will be updated in place, but changes are irrelevant. Just an order.
But when one want to validate whether configuration is up to date (e.g. someone have not changed configuration manually), this will fail every time.
Possible solution would be to sort this list after fetching from nexus server, and sort it for validation/applying.
Similar issue might be with other list-related configurations, but I haven't check.
resource "nexus_repository" "apt-proxy-bionic" {
name = "apt-proxy-bionic"
format = "apt"
type = "proxy"
online = true
apt {
distribution = "bionic"
flat = false
}
negative_cache {
enabled = true
ttl = 1440
}
http_client {
auto_block = true
authentication {
type = "username"
}
}
proxy {
remote_url = "http://archive.ubuntu.com/ubuntu/"
metadata_max_age = "1440"
content_max_age = "1440"
}
storage {
blob_store_name = "apt-internal"
strict_content_type_validation = true
write_policy = "ALLOW_ONCE"
}
depends_on = [nexus_blobstore.apt-internal]
}
During TF Plan:
Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# nexus_repository.apt-proxy-bionic will be updated in-place
~ resource "nexus_repository" "apt-proxy-bionic" {
format = "apt"
id = "apt-proxy-bionic"
name = "apt-proxy-bionic"
online = true
type = "proxy"
apt {
distribution = "bionic"
flat = false
}
~ http_client {
auto_block = true
blocked = false
+ authentication {
+ type = "username"
}
}
negative_cache {
enabled = true
ttl = 1440
}
proxy {
content_max_age = 1440
metadata_max_age = 1440
remote_url = "http://archive.ubuntu.com/ubuntu/"
}
~ storage {
blob_store_name = "apt-internal"
strict_content_type_validation = true
~ write_policy = "ALLOW" -> "ALLOW_ONCE"
}
}
Plan: 0 to add, 1 to change, 0 to destroy.
Hence those two parameters (write_policy and for authentication http_client) are being kind of touched all the time.
Hi,
it really reduces the barrier to use this provider if it was registred at https://registry.terraform.io/
Please consider registering it.
Best regards
Christian
description field of nexus_role always shows changes to be applied when performing plan.
13:07:46 # nexus_role.role["1cc99b0fb76325c7d8259c7fbb7e1402"] will be updated in-place
13:07:46 ~ resource "nexus_role" "role" {
13:07:46 ~ description = "cloud_engineering" -> "Created by Terraform"
13:07:46 id = "cloud_engineering"
13:07:46 name = "cloud_engineering"
13:07:46 ~ privileges = [
13:07:46 + "nx-repository-admin-x-ce-dev-x-x",
13:07:46 + "nx-repository-view-x-ce-dev-x-x",
13:07:46 + "nx-repository-admin-x-ce-prod-x-x",
13:07:46 + "nx-repository-view-x-ce-prod-x-x",
13:07:46 + "nx-repository-admin-apt-ce-prod-test1-*",
13:07:46 ]
13:07:46 roleid = "cloud_engineering"
13:07:46 roles = []
13:07:46 }
I noticed that the field is getting updated in nexus but not in the state file.
Hi, would be cool to configure the System Capabilities with this Provider. There are multiple types of capabilities so we'd probably need multiple resources. The thing that I want to do specific is to configure the session timeout of nexus. This can be found in the settings in System -> Capabilities -> UI Settings.
https://help.sonatype.com/repomanager3/system-configuration/capabilities/ui-settings-capability
Almost every time (9/10 times, at least), my nexus_roles times out while refreshing the state during a tf apply.
Is there any way of increasing the timeout? I work remotely via a VPN, and I'm not sure if that's causing the problem. As mentioned above, it works, but I have to run it 10 times to get one successful run. I've even tried -target to limit to one resource, and the same happens.
nexus_role.role_2: Refreshing state... [id=role_2]
nexus_role.role_3: Refreshing state... [id=role_3]
nexus_role.role_4: Refreshing state... [id=role_4]
nexus_role.role_5: Refreshing state... [id=role_5]
nexus_role.role_6: Refreshing state... [id=role_6]
nexus_role.role_7: Refreshing state... [id=role_7]
Error: Get "https://nexus.domain.com/service/rest/beta/security/roles": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
Error: Get "https://nexus.domain.com/service/rest/beta/security/roles": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
Error: Get "https://nexus.domain.com/service/rest/beta/security/roles": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
Error: Get "https://nexus.domain.com/service/rest/beta/security/roles": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
Error: Get "https://nexus.domain.com/service/rest/beta/security/roles": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
Error: Get "https://nexus.domain.com/service/rest/beta/security/roles": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
Error: Get "https://nexus.domain.com/service/rest/beta/security/roles": context deadline exceeded (Client.Timeout exceeded while awaiting headers)```
Within the Nexus API security management has been placed after the /security/ subpath.
This has also been considered in the naming of security_ldap and security_realms. Since users is part of the security management it would make sense to rename those files to.
Hi !
When I want to get repository from data, this error occured : Error: Invalid address to set: []string{"group"}
data "nexus_repository" "maven_public" {
name = "maven_public"
}
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
It's currently not possible to define blobstore of type Google Cloud Storage.
Would be great to have support for it.
Hi guys
Can you please point me at all possible parameters for the resources creation?
E.G. I am creating repository of type proxy and format apt :
name = "apt-proxy-bionic"
format = "apt"
type = "proxy"
apt {
distribution = "bionic"
}
storage {
blob_store_name = "apt-internal"
strict_content_type_validation = true
write_policy = "ALLOW_ONCE"
}
depends_on = [nexus_blobstore.apt-internal]
}
Once I run apply:
nexus_repository.apt-proxy-bionic: Creating...
Error: could not create repository 'apt-proxy-bionic': HTTP: 400, [ {
"id" : "PARAMETER httpClient",
"message" : "must not be null"
}, {
"id" : "PARAMETER negativeCache",
"message" : "must not be null"
}, {
"id" : "PARAMETER proxy",
"message" : "must not be null"
}, {
"id" : "PARAMETER flat",
"message" : "must not be null"
} ]
on repositories.tf line 1, in resource "nexus_repository" "apt-proxy-bionic":
1: resource "nexus_repository" "apt-proxy-bionic" {
I do have those section in my real repo and would like them to be declared even with null or empry values. But I can’t figure out how to define them. And can’t even find them in repository’s resource GO code as of here:
https://github.com/datadrivers/terraform-provider-nexus/blob/master/nexus/resource_repository.go
It would be nice to have full list of possible parameters or just 1 big example with all possible options provided. It would make it much more easier using this provider. I think it can be applied to all the resources.
When I try to create it I get the error as follow:
Error: could not update repository 'maven-release': HTTP: 400, [ {
"id" : "FIELD password",
"message" : "may not be empty"
} ]
TF code block for this looks as follow:
http_client {
blocked = false
auto_block = false
authentication {
type = "username"
username = "nexus"
ntlm_host = ""
ntlm_domain = ""
}
}
If I try to provide a field called password
I got a message:
An argument named "password" is not expected here.
Summary
When I define a docker repository group the order of the items in the member_names
is not respected which leads to unreliable results when image are pulled.
Reproduce
Create two repos. One for a hosted variant and one for a proxy. As they are ordered by name please name the hosted repo z-repo
and the proxy repo a-repo
.
Define a repository group with the hosted as first item.
# ... repository definition for docker_hosted and docker_proxy.
resource "nexus_repository" "docker_group" {
depends_on = [nexus_repository.z_repo,nexus_repository.a_repo]
name = "docker-group"
format = "docker"
type = "group"
online = true
group {
member_names = ["z-repo","a-repo"]
}
# ... rest or resource configuration.
}
test:a
docker-group
repo.Expected result
The image from the z-repo
would be pulled.
Actual result
The image from the a-repo
is pulled.
Hi !
When I declare a proxy repository (maven2 and pypi) without authentification, I have the message :
HTTP: 400, [ {
"id" : "PARAMETER type",
"message" : "may not be empty"
} ]
resource nexus_repository maven_sonatype_public {
name = "sonatype-public"
type = "proxy"
format = "maven2"
online = true
proxy {
remote_url = "https://oss.sonatype.org/content/repositories/public/"
content_max_age = 1440
metadata_max_age = 1440
}
negative_cache {
enabled = true
ttl = 1440
}
storage {
blob_store_name = "default"
strict_content_type_validation = true
}
maven {
version_policy = "MIXED"
layout_policy = "STRICT"
}
http_client {
}
Client : 1.6.0
Server: 3.23.0-03
There is no current available resources for managing realms and ldap configuration
GET
/beta/security/realms/active
List the active realm IDs in order
PUT
/beta/security/realms/active
Set the active security realms in the order they should be used
GET
/beta/security/realms/available
List the available realms
GET
/beta/security/ldap
List LDAP servers
POST
/beta/security/ldap
Create LDAP server
GET
/beta/security/ldap/{name}
Get LDAP server
PUT
/beta/security/ldap/{name}
Update LDAP server
DELETE
/beta/security/ldap/{name}
Delete LDAP server
POST
/beta/security/ldap/change-order
Change LDAP server order
``
Hello.
Thank you for the great Nexus management tool, which helps a lot with our work.
However, we have encountered problems when updating or deleting resources.
Describe the bug
When resources are changed and Terraform is restarted, errors like the following occurs:
nexus_role.write_only_all: Modifying... [id=nx-write-only-all]
Error: Put "https://nexus-host/service/rest/beta/security/roles/nx-write-only-all": EOF
Running the same command again successfully removes or modifies resources.
The problem occurs not only with Nexus roles, but also with users. It is difficult to reproduce the problem because the error does not occur every time.
It is suspected that the problem is with Nexus, Nexus Proxy or Nginx behind which Nexus is running, but we have not been able to find out at which stage the error occurs.
Expected behavior
The changes go through the first time.
Log output
The nexus provider related log messages can be found here: https://pastebin.com/raw/QSq0pPcA
I'm trying to update a parameter on a newly created nexus_security_ldap
resources but get the following error:
Error: could not update LDAP server `My AD`: HTTP: 400, :[ {
"id" : "PARAMETER id",
"message" : "may not be empty"
} ]
I've only changed the connection_retry_delay_seconds
from 1
to 2
to reproduce this bug. My Terraform Plan looks like this:
# nexus_security_ldap.this will be updated in-place
~ resource "nexus_security_ldap" "this" {
auth_password = (sensitive value)
auth_realm = "LOCAL"
auth_schema = "SIMPLE"
auth_username = "NexusAD"
~ connection_retry_delay_seconds = 1 -> 2
connection_timeout_seconds = 1
group_base_dn = "OU=Groups"
group_id_attribute = "sAMAccountName"
(.... more keys removed....)
}
Terraform Version: 0.13.0
Provider Version 1.10.2
Nexus Version: 3.25.1
More findings:
terraform-provider-nexus/nexus/resource_security_ldap.go
Lines 215 to 220 in fd33183
Nexus API returns the following error when I try to create a nuget proxy repository. I could not find any parameters unique to nuget proxy repositories in the code. However Nexus doesn't seem to allow creating a nuget proxy repository with this parameter missing.
Error: could not create repository 'nuget-proxy': HTTP: 400, [ {
"id" : "PARAMETER nugetProxy",
"message" : "must not be null"
} ]
Furthermore I submitted the following issue to sonatype (not sure if under the right repo!) as the api endpoints description ( and possibly implementation ) has an error.
sonatype-nexus-community/nexus-scripting-examples#7
Hi,
one more submission. As per Nexus' API Proxy and Remote repository types should not allow write_policy
attribute under storage
.
Hi,
Do you have any plans to publish provider to public registry, to allow automatic installation?
Hi guys,
I tried to use resources as follow:
resource "nexus_repository" "docker_hosted" {
name = "docker-hosted-test"
format = "docker"
type = "hosted"
online = true
docker {
http_port = 8083
https_port = 8084
force_basic_auth = true
v1enabled = true
}
storage {
blob_store_name = "default"
strict_content_type_validation = true
write_policy = "ALLOW_ONCE"
}
}
In this resource, port update or repo name update for example doesn't update it on Nexus server. Even though TF reports as there is a change for in-place update.
And one more:
resource "nexus_blobstore" "tf-test" {
name = "blobstore-0101"
type = "File"
path = "/nexus-data/blobstore-01"
soft_quota {
limit = 1024
type = "spaceRemainingQuota"
}
}
In this resource, soft quota
is set up to 0 by default which is incorrect set-up at all. Despite it being provided as 1024 in code. After changes and re-applying still no effect. Even though TF reports as there is a change for in-place updates. It goes through. Says updated and no effect on the Nexus server.
Hi,
Trying to create a maven proxy repository returns a 404. I tried to create multiple different maven proxy repositories, but all of them return 404. Below is one example.
resource "nexus_repository" "repo1_proxy" {
name = "repo1-proxy"
format = "maven2"
type = "proxy"
maven {
version_policy = "RELEASE"
layout_policy = "STRICT"
}
negative_cache {
enabled = true
ttl = 1440
}
proxy {
remote_url = "https://repo1.maven.org/maven2"
}
storage {
blob_store_name = nexus_blobstore.s3.name
strict_content_type_validation = true
}
}
Routing rules are essential settings to block broken artifacts which can be pulled from proxy repositories:
https://help.sonatype.com/repomanager3/repository-management/routing-rules
Could you guys add support for Terraform 0.13?
Now it is mandatory to upload binary like in the guide below:
https://www.terraform.io/upgrade-guides/0-13.html#in-house-providers
A standard install of nexus-oss comes with a default maven2 group repository "maven-public".
I attempted to add a repository to this group using the provider with a configuration like this:
resource "nexus_repository" "maven_public" {
name = "maven-public"
format = "maven2"
type = "group"
online = true
group {
member_names = [
"maven-releases",
"maven-snapshots",
"maven-central",
"my-other-maven2-repo"
]
}
http_client {
blocked = false
}
storage {
blob_store_name = "default"
strict_content_type_validation = true
}
}
and received the following error:
could not create repository 'maven-public': HTTP: 400, "Cannot index record #17:8: found duplicated key 'maven-public' in index 'repository_repository_name_idx' previously assigned to the record #17:3
Looking at the code in resource_repository.go
I wonder if this is because there is no setup for reading and writing maven2 repos?
Thanks for great work!
As I understand there is missed support for S3
type yet:
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# nexus_blobstore.maven will be created
+ resource "nexus_blobstore" "maven" {
+ available_space_in_bytes = (known after apply)
+ blob_count = (known after apply)
+ id = (known after apply)
+ name = "maven"
+ path = "/"
+ total_size_in_bytes = (known after apply)
+ type = "S3"
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
nexus_blobstore.maven: Creating...
Error: could not create blobstore "maven": HTTP: 400, [ {
"id" : "PARAMETER bucketConfiguration",
"message" : "must not be null"
} ]
on blobs.tf line 12, in resource "nexus_blobstore" "maven":
12: resource "nexus_blobstore" "maven" {
Do you have some plans to add S3
type for blobstore
?
Will be nice to have this possibility for stateless instances
Thanks!
Hi,
Could you make bucket_security optional as the nexus EC2 instance will have an instance profile with policies to read/write to the S3 bucket.
Best regards
Looks like there is documentation missing about the encryption stanza in nexus_blobstore.
This encryption stanza seems to work but it appears to be missing from the documentation.
encryption {
encryption_type = "s3ManagedEncryption"
}
It would be nice to have support for Azure Blob Storage.
This feature was added in Nexus 3.30.0.
Support will need to be added to go-nexus-client
first.
Is this in the pipeline?
Currently all the possible repositories are backed by the same resource called "nexus_repository".
The problem with this approach is that..
Proposal
Split repository by type and format (they have quite different configurations anyways).
Usage example in Terraform:
resource "nexus_repository_apt_hosted" "my_apt_hosted_repo" {
name = "my-apt"
distribution = "bionic"
signing {
keypair = "<keypair>"
passphrase = "<passphrase>"
}
storage {
blob_store_name = "default"
strict_content_type_validation = true
write_policy = "ALLOW_ONCE"
}
}
From code point of view, it will produce quite similar files forked files from existing terraform-provider-nexus/nexus/resource_repository.go
Pros:
Cons:
(*) Breaking change can be postponed by:
If I'm destroying all my repos and blobstore I got error:
Error: could not delete blobstore "default": HTTP: 500, ERROR: (ID cc540e55-32c3-49c8-895c-1821fb7ec437) java.lang.IllegalStateException: BlobStore default is in use and cannot be deleted
If I retry destroy command again, it is able to destroy
Hi guys,
I have tried to get a list of repositories with the usage of data source for Repositories:
data "nexus_repository" "all_repos" {
name = ""
format = "docker"
}
But it requires explicit name
. No asterisk or RegExp is accepted
. E.G. it can get only 1 repo. Base on format etc.
Would be nice to have it done in the way that allows just to get a full list of Repositories based on type or format etc.
So that we could just parse for any reason all the repositories inside of Nexus.
Hi guys,
This is an enhancement request.
After Repository creation, Nexus creates privileges for this repository.
Further, in work it might happen that more privileges need to be added/attached to this or that role.
And it's impossible right now to get a list of privileges for the specific repository.
Use-case: needed a role that has privileges from multiple Repositories.
It would be awesome to have this kind of feature. ;)
Regards,
Taras.
Summary
When a nexus_repository of the type group has group->member_names set it does not add new members when they are added to the list after first apply.
Reproduce
# ... repository definition for docker_hosted.
resource "nexus_repository" "docker_group" {
depends_on = [nexus_repository.docker_hosted]
name = "docker-group"
format = "docker"
type = "group"
online = true
group {
member_names = ["docker-hosted"]
}
# ... rest or resource configuration.
}
Apply changes
Add 2rd repository.
# ... repository definition for docker_hosted and docker_proxy.
resource "nexus_repository" "docker_group" {
depends_on = [nexus_repository.docker_hosted,nexus_repository.docker_proxy]
name = "docker-group"
format = "docker"
type = "group"
online = true
group {
member_names = ["docker-hosted","docker-proxy"]
}
# ... rest or resource configuration.
}
Expected result
A 2nd repository created and added as a member to the docker group members.
Current result
A 2nd repository is created but not added to the docker group members.
I see that this repo is quite recent.
Are you willing to accept third party contributions?
Thank you!
Hi, first of all: thank you for this provider and all your work!
I noticed a inconsistent plan when having empty parameter blocks vs. having no parameter block at all. My resource looks like this:
resource "nexus_repository" "maven_central" {
name = "proxy-maven-central"
type = "proxy"
format = "maven2"
http_client {
auto_block = true
blocked = false
}
negative_cache {
enabled = true
ttl = 1440
}
proxy {
remote_url = "https://repo1.maven.org/maven2/"
}
storage {
blob_store_name = "default"
strict_content_type_validation = true
}
}
When applying this I'll get the following plan and error:
Terraform will perform the following actions:
# nexus_repository.maven_central will be created
+ resource "nexus_repository" "maven_central" {
+ format = "maven2"
+ id = (known after apply)
+ name = "proxy-maven-central"
+ online = true
+ type = "proxy"
+ http_client {
+ auto_block = true
+ blocked = false
}
+ negative_cache {
+ enabled = true
+ ttl = 1440
}
+ proxy {
+ content_max_age = 1440
+ metadata_max_age = 1440
+ remote_url = "https://repo1.maven.org/maven2/"
}
+ storage {
+ blob_store_name = "default"
+ strict_content_type_validation = true
}
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
nexus_repository.maven_central: Creating...
Error: could not create repository 'proxy-maven-central': HTTP: 400, [ {
"id" : "PARAMETER maven",
"message" : "must not be null"
} ]
on repositories-cache.tf line 37, in resource "nexus_repository" "maven_central":
37: resource "nexus_repository" "maven_central" {
When adding a empty maven {}
parameter block to my resource like so:
resource "nexus_repository" "maven_central" {
name = "proxy-maven-central"
type = "proxy"
format = "maven2"
+ maven {}
http_client {
auto_block = true
blocked = false
}
negative_cache {
enabled = true
ttl = 1440
}
proxy {
remote_url = "https://repo1.maven.org/maven2/"
}
storage {
blob_store_name = "default"
strict_content_type_validation = true
}
}
My plan changes to this:
# nexus_repository.maven_central will be created
+ resource "nexus_repository" "maven_central" {
+ format = "maven2"
+ id = (known after apply)
+ name = "proxy-maven-central"
+ online = true
+ type = "proxy"
+ http_client {
+ auto_block = true
+ blocked = false
}
+ maven {
+ layout_policy = "PERMISSIVE"
+ version_policy = "RELEASE"
}
+ negative_cache {
+ enabled = true
+ ttl = 1440
}
+ proxy {
+ content_max_age = 1440
+ metadata_max_age = 1440
+ remote_url = "https://repo1.maven.org/maven2/"
}
+ storage {
+ blob_store_name = "default"
+ strict_content_type_validation = true
}
}
Plan: 1 to add, 0 to change, 0 to destroy.
As you can see above my Terraform Plan changes. There is now a maven
block with some default parameters!
+ maven {
+ layout_policy = "PERMISSIVE"
+ version_policy = "RELEASE"
}
This feels like a bug, doesn't it? Either mark this maven block as required or always pass the default values for this block.
Versions:
Terraform v0.13.0
nexus_privilege resource doesn't have the required pattern parameter for wildcard privilege type.
terraform-provider-nexus/nexus/resource_privilege.go
Lines 19 to 63 in c286aa7
Nexus provider version: v1.6.0
My TF code:
resource "nexus_privilege" "nx-repository-view-apt-apt-proxy-bionic-read" {
name = "nx-repository-view-apt-apt-proxy-bionic-read"
description = "Read privilege for apt-proxy-bionic repository views"
type = "repository-view"
format = "apt"
repository = "apt-proxy-bionic"
actions = [
"read"
]
}
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# nexus_privilege.nx-repository-view-apt-apt-proxy-bionic-read will be created
+ resource "nexus_privilege" "nx-repository-view-apt-apt-proxy-bionic-read" {
+ actions = [
+ "read",
]
+ description = "Read privilege for apt-proxy-bionic repository views"
+ format = "apt"
+ id = (known after apply)
+ name = "nx-repository-view-apt-apt-proxy-bionic-read"
+ repository = "apt-proxy-bionic"
+ type = "repository-view"
}
Plan: 1 to add, 0 to change, 0 to destroy.
TF apply (fails with the error):
nexus_privilege.nx-repository-view-apt-apt-proxy-bionic-read: Creating...
Error: could not create privilege "nx-repository-view-apt-apt-proxy-bionic-read": HTTP: 400, [ {
"id" : "PARAMETER format",
"message" : "may not be empty"
} ]
on privileges.tf line 3, in resource "nexus_privilege" "nx-repository-view-apt-apt-proxy-bionic-read":
3: resource "nexus_privilege" "nx-repository-view-apt-apt-proxy-bionic-read" {
Can’t see reason why this would fail. There is no “ID” field or “Message”. Can’t find these in a code of groovy for privilege entity as well. Perhaps a bug that can be addressed?
So far I'm unable to connect through an HTTP proxy to the Nexus API : I'm trying to run Terraform through a proxy (works perfectly with embedded plugins).
nexus_blobstore.project-docker: Creating...
nexus_blobstore.project-maven: Creating...
nexus_blobstore.project-npm-blobstore: Creating...
Error: Post "https://nexus.aws/service/rest/beta/blobstores/s3": dial tcp: lookup nexus.aws on 127.0.0.53:53: no such host
on artifact_repositories.tf line 15, in resource "nexus_blobstore" "project-docker":
15: resource "nexus_blobstore" "project-docker" {
Error: Post "https://nexus.aws/service/rest/beta/blobstores/s3": dial tcp: lookup nexus.aws on 127.0.0.53:53: no such host
on artifact_repositories.tf line 62, in resource "nexus_blobstore" "project-maven":
62: resource "nexus_blobstore" "project-maven" {
Error: Post "https://nexus.aws/service/rest/beta/blobstores/s3": dial tcp: lookup nexus.aws on 127.0.0.53:53: no such host
on artifact_repositories.tf line 142, in resource "nexus_blobstore" "project-npm-blobstore":
142: resource "nexus_blobstore" "project-npm-blobstore" {
nexus.aws
is resolvable by my proxy, but it seems nothing is forwarded despite http_proxy
and https_proxy
being set.
Tried to create docker proxy
repo as in the readme's example:
resource "nexus_repository" "docker-proxy" {
name = "docker-proxy"
type = "proxy"
format = "docker"
docker {
force_basic_auth = true
v1enabled = false
http_port = 5000
}
docker_proxy {
index_type = "HUB"
}
http_client {
blocked = false
auto_block = false
}
negative_cache {
enabled = true
ttl = 1440
}
proxy {
remote_url = "https://registry-1.docker.io"
metadata_max_age = "1440"
content_max_age = "1440"
}
storage {
blob_store_name = "docker-proxy"
strict_content_type_validation = true
write_policy = "ALLOW"
}
}
Getting the error as follow:
Error: could not create repository 'docker-proxy': HTTP: 400, [ {
"id" : "FIELD indexUrl",
"message" : "URL should be in the format 'http://www.example.com'"
} ]
If I try to provide an empty index_url=""
still fails with the same.
Please add support for writableMember in group.
Related to this Add writableMember struct to RepositoryGroup #46
Hi,
when changing the remote_url parameter on an existing remote repository of npm format the change is accepted as will be updated in place
by the provider and executed, however the underlying nexus parameter does not change.
Please let me know if you would like further details.
Hi,
Firstly thank you for solving the previous issue regarding maven repositories. There is another issue that came up during exploratory testing.
The provider accepts maven
as a repository type, but it should accept maven2
. When maven 2 is input you see the error in code block 1). when you change it to maven
the tf code executes just fine, but it creates maven2 repositories in nexus (when you insepct the UI). On a subsequent tf apply it tries to change the repo type from maven2
to maven
. tf code can be found in block 0).
blocks:
0)
resource "nexus_repository" "maven_hosted" {
depends_on = [helm_release.nexus]
name = "maven-hosted"
format = "maven"
type = "hosted"
maven {
version_policy = "MIXED"
layout_policy = "STRICT"
}
storage {
blob_store_name = nexus_blobstore.s3.name
strict_content_type_validation = true
write_policy = "ALLOW"
}
}
Warning: This resource is deprecated and will be removed in the next major version.
Please supply the URL of your repository to helm_release resources directly, using the repository attribute.
See: https://www.terraform.io/docs/providers/helm/r/release.html#example-usage
on modules/helm-nexus/main.tf line 61, in data "helm_repository" "oteemo":
61: data "helm_repository" "oteemo" {
Error: expected format to be one of [apt bower conan docker helm maven npm nuget pypi yum], got maven2
on modules/helm-nexus/nexus_repositories_maven.tf line 82, in resource "nexus_repository" "maven_hosted":
82: resource "nexus_repository" "maven_hosted" {
make: *** [apply] Error 1
# module.helm_nexus.nexus_repository.maven_hosted must be replaced
-/+ resource "nexus_repository" "maven_hosted" {
~ format = "maven2" -> "maven" # forces replacement
~ id = "maven-hosted" -> (known after apply)
name = "maven-hosted"
online = true
type = "hosted"
maven {
layout_policy = "STRICT"
version_policy = "MIXED"
}
storage {
blob_store_name = "REDACTED"
strict_content_type_validation = true
write_policy = "ALLOW"
}
}
Is your feature request related to a problem? Please describe.
No
Describe the solution you'd like
A clear and concise description of what you want to happen.
Describe alternatives you've considered
Disable and anonymous user in nexus
Additional context
Add any other context or screenshots about the feature request here.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.