This Terraform configuration manages resources for JFrog's platform, allowing optional creation of SAML settings, SCIM groups, and SCIM users. Each resource can be toggled independently, providing flexibility in deployment.
Below is an example of a CICD Implementation using BitBucket to call the module and Codefresh to deploy Terraform
- To see additional notes please see NOTES.
Below you will find a diagram of the overall terraform module
Module Diagram
classDiagram
class Module {
+bool create_saml_settings
+bool create_scim_group
+bool create_scim_user
+bool saml_allow_user_to_access_profile
+bool saml_auto_redirect
+bool saml_enabled
+bool saml_sync_groups
+bool saml_use_encrypted_assertion
+bool saml_verify_audience_restriction
+bool scim_user_active
}
class SensitiveVariables {
+string saml_certificate
+string saml_login_url
+string saml_logout_url
+string saml_id_attribute
+string saml_mail
+list~string~ scim_user_emails
+string scim_user_username
}
class SCIMGroup {
+string scim_group_display_name
+string scim_group_id
+list~string~ scim_group_members
}
class SAMLSettings {
+string saml_group_attribute
+string saml_settings_name
+string saml_provider_name
+bool saml_auto_user_creation
}
Module <|-- SensitiveVariables : Sensitive
Module <|-- SCIMGroup : SCIM Group Configuration
Module <|-- SAMLSettings : SAML Settings Configuration
WARNING: THIS IS ONLY AVAILABLE FOR SELF-HOSTED INSTANCES OF ARTIFACTORY!!!
- Terraform Version: >= 1.5.6
- Required Provider:
jfrog/platformversion 1.7.4
The following variables are used to configure the resources. Boolean variables can be toggled to control which resources are created.
create_saml_settings(bool): Toggle creation of theplatform_saml_settingsresource. Default isfalse.create_scim_group(bool): Toggle creation of theplatform_scim_groupresource. Default isfalse.create_scim_user(bool): Toggle creation of theplatform_scim_userresource. Default isfalse.
saml_allow_user_to_access_profile(bool): Allow user to access profile.saml_auto_redirect(bool): Automatically redirect SAML requests.saml_certificate(string): Certificate for SAML.saml_enabled(bool): Enable SAML.saml_group_attribute(string): Group attribute for SAML.saml_id_attribute(string): Name ID attribute for SAML.saml_login_url(string): Login URL for SAML.saml_logout_url(string): Logout URL for SAML.saml_mail(string): Email attribute for SAML.saml_no_auto_user_creation(bool): Disable automatic user creation for SAML.saml_provider_name(string): Service provider name for SAML.saml_settings_name(string): Name for the SAML settings.saml_sync_groups(bool): Sync groups for SAML.saml_use_encrypted_assertion(bool): Use encrypted assertion for SAML.saml_verify_audience_restriction(bool): Verify audience restriction for SAML.
scim_group_display_name(string): Display name for SCIM group.scim_group_id(string): ID for SCIM group.scim_group_members(list(string)): Members of SCIM group.
scim_user_active(bool): Active status for SCIM user.scim_user_emails(list(string)): Emails for SCIM user.scim_user_username(string): Username for SCIM user.
- Set up your variables: Define variables in a
.tfvarsfile or use environment variables to configure the settings. - Toggle resource creation: Set the
create_saml_settings,create_scim_group, andcreate_scim_uservariables totruefor each resource you want to create. - Initialize Terraform:
terraform init
- Apply the configuration:
terraform apply
To create only the SAML settings, the module might look like this:
module "jfrog_platform" {
source = "git::https://github.com/Richard-Barrett/terraform-artifactory-scim-integration.git?ref=0.6.0"
# Enable only SAML settings
create_saml_settings = true
create_scim_group = false
create_scim_user = false
# Define SAML settings
saml_enabled = true
saml_settings_name = "example_saml"
saml_certificate = "CERTIFICATE_STRING_HERE"
saml_mail = "email"
saml_group_attribute = "group"
saml_id_attribute = "id"
saml_login_url = "https://saml.example.com/login"
saml_logout_url = "https://saml.example.com/logout"
saml_no_auto_user_creation = true
saml_provider_name = "ExampleProvider"
saml_allow_user_to_access_profile = true
saml_auto_redirect = false
saml_sync_groups = false
saml_verify_audience_restriction = true
saml_use_encrypted_assertion = false
}Or you can specify it with tf.vars:
export TF_VAR_create_saml_settings=true
export TF_VAR_create_scim_group=false
export TF_VAR_create_scim_user=false
export TF_VAR_saml_enabled=true
export TF_VAR_saml_settings_name="example_saml"
export TF_VAR_saml_certificate="CERTIFICATE_STRING_HERE"
export TF_VAR_saml_mail="email"
export TF_VAR_saml_group_attribute="group"
export TF_VAR_saml_id_attribute="id"
export TF_VAR_saml_login_url="https://saml.example.com/login"
export TF_VAR_saml_logout_url="https://saml.example.com/logout"
export TF_VAR_saml_no_auto_user_creation=true
export TF_VAR_saml_provider_name="ExampleProvider"
export TF_VAR_saml_allow_user_to_access_profile=true
export TF_VAR_saml_auto_redirect=false
export TF_VAR_saml_sync_groups=false
export TF_VAR_saml_verify_audience_restriction=true
export TF_VAR_saml_use_encrypted_assertion=falseallowing you to specify it with just the following:
terraform {
required_version = ">= 1.5.6"
required_providers {
platform = {
source = "jfrog/platform"
version = "1.7.4"
}
}
}
provider "platform" {
# Add provider configuration here if required
}
module "jfrog_platform" {
source = "git::https://github.com/Richard-Barrett/terraform-artifactory-scim-integration.git?ref=0.6.0"
}You can also specify data resources and read in the certificate via AWS Secrets Manager.
| Name | Version |
|---|---|
| terraform | >= 1.5.6 |
| platform | 1.15.1 |
| Name | Version |
|---|---|
| platform | 1.15.1 |
No modules.
| Name | Type |
|---|---|
| platform_saml_settings.this | resource |
| platform_scim_group.this | resource |
| platform_scim_user.this | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| create_saml_settings | n/a | bool |
false |
no |
| create_scim_group | n/a | bool |
false |
no |
| create_scim_user | n/a | bool |
false |
no |
| saml_allow_user_to_access_profile | Allow user to access profile | bool |
false |
no |
| saml_auto_redirect | Automatically redirect SAML requests | bool |
true |
no |
| saml_auto_user_creation | Disable automatic user creation for SAML | bool |
true |
no |
| saml_certificate | Certificate for SAML | string |
n/a | yes |
| saml_enabled | Enable SAML | bool |
true |
no |
| saml_group_attribute | Group attribute for SAML | string |
n/a | yes |
| saml_id_attribute | Name ID attribute for SAML | string |
n/a | yes |
| saml_login_url | Login URL for SAML | string |
n/a | yes |
| saml_logout_url | Logout URL for SAML | string |
n/a | yes |
| saml_mail | Email attribute for SAML | string |
"" |
no |
| saml_provider_name | Service provider name for SAML | string |
n/a | yes |
| saml_settings_name | Name for the SAML settings | string |
n/a | yes |
| saml_sync_groups | Sync groups for SAML | bool |
true |
no |
| saml_use_encrypted_assertion | Use encrypted assertion for SAML | bool |
false |
no |
| saml_verify_audience_restriction | Verify audience restriction for SAML | bool |
true |
no |
| scim_group_display_name | Display name for SCIM group | string |
null |
no |
| scim_group_id | ID for SCIM group | string |
null |
no |
| scim_group_members | List of members for SCIM group, each with 'value', 'type', and 'display' fields. | list(object({ |
[] |
no |
| scim_user_active | Active status for SCIM user | bool |
false |
no |
| scim_user_emails | List of email objects for SCIM user, each with 'value', 'type', and 'primary' fields. | list(object({ |
[] |
no |
| scim_user_username | Username for SCIM user | string |
null |
no |
| Name | Description |
|---|---|
| saml_login_url | The login URL for SAML |
| saml_logout_url | The logout URL for SAML |
| saml_provider_name | The service provider name for SAML |
| saml_settings_name | The name of the SAML settings resource |