Doesn't seem to be possible to get/extract a list of privileges for Repository created. about terraform-provider-nexus HOT 16 CLOSED

Hi @fog1985 ,

would it help to provide a data source for privileges? It could return, based on a filter like domain, repository or name, all privileges matching the filter. You could than use the returned list to do some other stuff with it.

resource "nexus_repository" "demo" {
  type   = "hosted"
  format = "maven2"
  name   = "demo"
  ...
}

data "nexus_privileges" "demo" {
  repository = nexus_repository.demo.name
}

from terraform-provider-nexus.

I believe the only thing we could do is to add a name filter like name = ".*-read". So we could use a regexp on the privilege name to get only privileges matching the regexp. Would that help you?

from terraform-provider-nexus.

As an interim solution, I have just come up with this one:

value = [for x in data.nexus_privileges.apt-proxy-read.privileges: x.name if contains(x["actions"], "READ")]

Which returns READ privilege. :)

from terraform-provider-nexus.

For those who might be looking for the same:

output "privileges_apt_proxy_all_read" {
    value = [for x in data.nexus_privileges.apt-proxy-read.privileges: x.name if can(regex("ALL|READ", join("",x.actions)))]
}

output "privileges_apt_proxy_browse" {
    value = [for x in data.nexus_privileges.apt-proxy-read.privileges: x.name if can(regex("BROWSE", join("",x.actions)))]
}

output "privileges_multiple_repos_example" {
    value = concat([for x in data.nexus_privileges.apt-proxy-read.privileges: x.name if can(regex("ALL|READ", join("",x.actions)))], [for x in data.nexus_privileges.apt-proxy-read.privileges: x.name if can(regex("BROWSE", join("",x.actions)))])
}

In this way, we can get nice filtering based on actions with the usage of RegExp.
Or even combine privileges from different repositories and data sources with the usage of Terraform's concat function.

from terraform-provider-nexus.

Hi @Nosmoht ,
Yeap. It would work like a charm.

from terraform-provider-nexus.

@Nosmoht ,
It would be nice to have the possibility of multiple filters or nested results. Cuz in the repository there are multiple types of privileges. Hence it would be nice to get let's say privileges of type repository-view which are applied for this repository.

from terraform-provider-nexus.

Hi @fog1985 ,

this should be fixed with v1.7.0.

Documentation

from terraform-provider-nexus.

Documentation

Cool. Thank you @Nosmoht

from terraform-provider-nexus.

@fog1985 Please let me know if it works and if we can close the issue.

from terraform-provider-nexus.

Hey @Nosmoht ,
I am sure it works. Don't have a chance to put a new release and test it right away.
Or please leave it for a few days and I will try my best to test it out early next week.

from terraform-provider-nexus.

Hi @Nosmoht ,
I have just tried to use it. And a bit confused with the way of how to declare all the needed stuff.
Here what I have:

data "nexus_privileges" "apt-proxy-read" {
  format     = "apt"
  repository = "apt-proxy"
  type = "repository-view"
  privileges {
    actions = ["read"]
  }
}

Was referring at this code:
https://github.com/datadrivers/terraform-provider-nexus/blob/master/nexus/data_source_privileges.go

It indeed seems to have privileges section.
But not sure what is the difference between format for example in a root declaration and format inside of the privileges.

Nevertheless, I get as follow:

Error: "privileges": this field cannot be set

  on roles.tf line 1, in data "nexus_privileges" "apt-proxy-read":
   1: data "nexus_privileges" "apt-proxy-read" {

If I put actions into the root still fails that actions are not expected here.

from terraform-provider-nexus.

Hi @fog1985 ,

the data resource is used to get the list of privileges for the specified repository format and type. So please remove the privileges from your declaration and you should get a list of all privileges of repository apt-proxy as return value.

from terraform-provider-nexus.

Hi @Nosmoht ,
Thanks. I have managed to read all the privileges' names as follow:

data "nexus_privileges" "apt-proxy-read" {
  format     = "apt"
  repository = "apt-proxy"
  type = "repository-view"
}

output "privileges" {
    value = data.nexus_privileges.apt-proxy-read.privileges.*.name
}

Is there a way to get a privilege for example which's action stands for READ or WRITE?
Or just a list of all privileges?

Also not clear about this parameter in data source block:

type = "repository-view"

Should it be the format of the repository or format of the privileges?
If it's a format of the privileges then it doesn't work as expected. Cuz with repository-view I got the full list of all the privileges including those aimed for write/edit etc.

It would be nice to have a short example on how to filter out the output of data source to some READ, WRITE, or other filters for privileges.

from terraform-provider-nexus.

I think yes. That would work.
I also tried to use Terrafomr's filter facility. As described here:
https://www.terraform.io/docs/providers/oci/guides/filters.html
Doesn't work either.

data "nexus_privileges" "apt-proxy-read" {
  format     = "apt"
  repository = "apt-proxy"
  type = "repository-view"
  
  filter {
    name = "actions"
    values = ["READ"]
  }
}

Result:

Error: Unsupported block type

  on roles.tf line 6, in data "nexus_privileges" "apt-proxy-read":
   6:   filter {

Blocks of type "filter" are not expected here.

So name would work if possible.

from terraform-provider-nexus.

Hi @fog1985,

can we close the issue and create a new feature request for the privilege filter?

from terraform-provider-nexus.

Hi @fog1985,

can we close the issue and create a new feature request for the privilege filter?

Hi @Nosmoht ,
Sure.
Thank you.

from terraform-provider-nexus.