Reputation: 75
How to call an JFrog Artifactory user plugin as non-admin user
I'm writing my first Artifactory user plugin which should be callable via REST. Here is a part of the implementation:
executions {
repoInfo(httpMethod: 'GET') { params ->
....
I can call the plugin successfully as the admin user:
$ curl -u admin:XXX -X GET "http://localhost:8080/artifactory/api/plugins/execute/repoInfo"
but when calling it as another user I get http return code 403 in return:
curl -u test-user-1:XXX -X GET "http://localhost:8080/artifactory/api/plugins/execute/repoInfo"{
"errors" : [ {
"status" : 403,
"message" : "You are not permitted to execute 'repoInfo'."
}
]
}
My question is what permissions do I need to assign to test-user-1 in order to being able to access my plugin ?
Thanks in advance for your answers.
Upvotes: 1
Views: 506
Answers (1)
Reputation: 2770
This is explained somewhat unclearly in the docs:
/**
* An execution definition.
* The first value is a unique name for the execution.
*
* ...
*
* Plugin info annotation parameters:
* ...
* users (java.util.Set<java.lang.String>) - Users permitted to query this plugin for information or invoke it.
* groups (java.util.Set<java.lang.String>) - Groups permitted to query this plugin for information or invoke it.
*
* ...
*/
myExecution(version:version, description:description, httpMethod: 'GET', users:[], groups:[], params:[:]) { params ->
}
There are a number of optional parameters you can pass when creating an execution plugin, two of which are users and groups. If these are omitted or empty, then only admin users can execute plugins. If you want non-admin users to execute a plugin, you need to add usernames to the users list or group names to the groups list. For example:
executions {
repoInfo(httpMethod: 'GET', users: ['tom', 'bill'], groups: ['dev-team']) { params ->
// ...
}
}
In this case, the people who can use this plugin are tom, bill, anyone in the dev-team group, and anyone with admin privileges.
Sometimes it makes sense to make a plugin available for anyone and everyone to use. To do this, you would generally do something like:
executions {
publicRepoInfo(httpMethod: 'GET', groups: ['readers']) { params ->
// ...
}
}
Artifactory installs with a pre-existing group called readers, which is automatically added to all new users and gives them basic read access, so all logged-in users should be part of this group. All users that are not logged in are considered to be logged in as the special anonymous user, which is also part of the readers group.
Upvotes: 3
Related Questions
- Jfrog Artifactory repository creation and permission automation
- How to enforce users to access artifacts from JFrog Artifactory with authentication?
- How to unlock a locked admin user in JFrog Artifactory?
- User Plugin in Artifactory not loading
- Specify JFROG_ACCESS home instead of ~/.jfrog_access (Artifactory 5.5.2)
- Error - Artifactory response: 405 Method Not Allowed
- Specify user name and passoword in JFrog Artifactory URL in order to avoid the prompt for credentials
- Why is Artifactory returning a 403 for all users when called from gradle artifactory plugin?
- Artifactory - Can we set permissions on a directory level
- Not permitted to execute user plugin on Artifactory Pro