Terraform provider to configure Sonatype Nexus using it's API.
Implemented and tested with Sonatype Nexus 3.22.0.
provider "nexus" {
insecure = true
password = "admin123"
url = "https://127.0.0.1:8080"
username = "admin"
}data "nexus_blobstore" "default" {
name = "default
}data "nexus_repository" "maven-central" {
name = "maven-central"
}data "nexus_user" "admin" {
userid = "admin"
}Blobstore can be imported using
terraform import nexus_blobstore.default defaultresource "nexus_blobstore" "default" {
name = "blobstore-01"
type = "File"
path = "/nexus-data/blobstore-01"
soft_quota {
limit = 1024
type = "spaceRemainingQuota"
}
}resource "nexus_blobstore" "aws" {
name = "blobstore-01"
type = "S3"
bucket_configuration {
bucket {
name = "aws-bucket-name"
region = "us-central-1"
}
bucket_security {
access_key_id = "<your-aws-access-key-id>"
secret_access_key = "<your-aws-secret-access-key>"
}
}
soft_quota {
limit = 1024
type = "spaceRemainingQuota"
}
}Repository can be imported using
terraform import nexus_repository.maven_central maven-centralresource "nexus_repository" "apt_hosted" {
name = "apt-repo"
format = "apt"
type = "hosted"
apt {
distribution = "bionic"
}
apt_signing {
keypair = "<keypair>"
passphrase = "<passphrase>"
}
storage {
blob_store_name = "default"
strict_content_type_validation = true
write_policy = "ALLOW_ONCE"
}
}resource "nexus_repository" "bower_hosted" {
name = "bower-hosted-repo"
format = "bower"
type = "hosted"
bower {
rewrite_package_urls = false
}
storage {
blob_store_name = "default"
strict_content_type_validation = true
write_policy = "ALLOW_ONCE"
}
}resource "nexus_repository" "docker_group" {
name = "docker-group"
format = "docker"
type = "group"
online = true
group {
member_names = ["docker-hub"]
}
docker {
force_basic_auth = true
http_port = 5000
https_port = 5001
v1enabled = false
}
storage {
blob_store_name = "default"
strict_content_type_validation = true
}
}resource "nexus_repository" "docker_hosted" {
name = "docker-hosted"
format = "docker"
type = "hosted"
online = true
docker {
http_port = 8082
https_port = 8083
force_basic_auth = true
v1enabled = true
}
storage {
blob_store_name = "default"
strict_content_type_validation = true
write_policy = "ALLOW_ONCE"
}
}resource "nexus_repository" "docker_hub" {
name = "docker-hub"
type = "proxy"
format = "docker"
docker {
force_basic_auth = true
v1enabled = true
}
docker_proxy {
index_type = "HUB"
}
http_client {
}
negative_cache {
enabled = true
ttl = 1440
}
proxy {
remote_url = "https://registry-1.docker.io"
}
storage {
blob_store_name = "default"
strict_content_type_validation = true
write_policy = "ALLOW_ONCE"
}
}resource "nexus_repository" "pypi_hosted" {
name = "pypi-hosted-repo"
format = "pypi"
type = "hosted"
storage {
blob_store_name = "default"
strict_content_type_validation = true
write_policy = "ALLOW_ONCE"
}
}resource "nexus_repository" "npm_hosted" {
name = "npm-hosted-repo"
format = "npm"
type = "hosted"
storage {
blob_store_name = "default"
strict_content_type_validation = true
write_policy = "ALLOW_ONCE"
}
}Role can be imported using
terraform import nexus_role.nx_admin nx-adminresource "nexus_role" "nx-admin" {
roleid = "nx-admin"
name = "nx-admin"
description = "Administrator role"
privileges = ["nx-all"]
roles = []
}User can be imported using
terraform import nexus_user.admin adminresource "nexus_user" "admin" {
userid = "admin"
firstname = "Administrator"
lastname = "User"
email = "nexus@example.com"
password = "admin123"
roles = ["nx-admin"]
status = "active"
}Script can be imported using
terraform import nexus_script.my_script my-scriptresource "nexus_script" "hello_world" {
name = "hello-world"
content = "log.info('Hello, World!')"
}There is a makefile to build the provider.
makeTo build and install provider on macOS into ~/.terraform.d/plugins/darwin_amd64, you can run
make darwin-build-installIn this case provider will be available to use with your terraform codebase (in terraform init stage).
For testing start a local Docker container using make
make nexus-startThis will start a Docker container and expose port 8081.
Now start the tests
NEXUS_URL="http://127.0.0.1:8081" NEXUS_USERNAME="admin" NEXUS_PASSWORD="admin123" make testaccor without s3 tests which require additional configuration:
SKIP_S3_TESTS=1 NEXUS_URL="http://127.0.0.1:8081" NEXUS_USERNAME="admin" NEXUS_PASSWORD="admin123" make testaccNOTE: To test Blobstore type S3 following environment variables must be set, otherwise tests will fail.
AWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEYAWS_DEFAULT_REGIONthe AWS region of the S3 bucket to use, defaults toeu-central-1AWS_BUCKET_NAMEthe name of S3 bucket to use, defaults toterraform-provider-nexus-s3-test
To debug tests
Set env variable TF_LOG=DEBUG to see additional output.
Use printState() function to discover terraform state (and resource props) during test.
Debug configurations are also available for VS Code.