Nexus Security

This module allows you to create Nexus Security as a global resource and individual Nexus Security resources. For individual examples, see the usage snippets and examples.

Provider

You need use a Nexus provider.

provider "nexus" {
  insecure = true
  password = "admin123"
  url      = "https://127.0.0.1:8080"
  username = "admin"
}

Root module usage

nexus-security:

module "nexus_security" {
  source  = "devops-ia/security/nexus"

 nexus_security_anonymous = [
    {
      realm_name = "NexusAuthorizingRealm"
      enabled    = true
      user_id    = "anonymous"
    },
  ]

  nexus_security_content_selector = [
    {
      name        = "example"
      description = "example content selector"
      expression  = "format == \"raw\""
    },
  ]

  nexus_security_ldap = [
    {
      name                           = "example-ldap"
      auth_schema                    = "NONE"
      auth_username                  = "admin"
      connection_retry_delay_seconds = 1
      connection_timeout_seconds     = 1
      group_type                     = "static"
      host                           = "ldap.example.com"
      max_incident_count             = 1
      port                           = 389
      protocol                       = "LDAP"
      search_base                    = "dc=example,dc=com"
      use_trust_store                = false
      auth_password                  = "t0ps3cr3t"
      auth_realm                     = "EXAMPLE"
      group_base_dn                  = "ou=Group"
      group_id_attribute             = "cn"
      group_member_attribute         = "memberUid"
      group_member_format            = "uid=username,ou=people,dc=example,dc=com"
      group_object_class             = "example"
      group_subtree                  = true
      ldap_groups_as_roles           = true
      user_base_dn                   = "ou=people"
      user_email_address_attribute   = "mail"
      user_id_attribute              = "uid"
      user_ldap_filter               = "(|(mail=*@example.com)(uid=dom*))"
      user_member_of_attribute       = "memberOf"
      user_object_class              = "posixGroup"
      user_password_attribute        = "exmaple"
      user_real_name_attribute       = "cn"
      user_subtree                   = true
    },
  ]

  nexus_security_role = [
    {
      description = "Docker deployment role"
      name        = "docker-deploy"
      privileges = [
        "nx-repository-view-docker-*-*",
      ]
      roleid = "docker-deploy"
    },
  ]

  nexus_security_saml = [
    {
      idp_metadata                 = "<EntityDescriptor ...>...</EntityDescriptor>"
      username_attribute           = "username"
      entity_id                    = "http://nexus.example/service/rest/v1/security/saml/metadata"
      validate_response_signature  = true
      validate_assertion_signature = true
      first_name_attribute         = "firstName"
      last_name_attribute          = "lastName"
      email_attribute              = "email"
      groups_attribute             = "groups"
    },
  ]

  nexus_security_user = [
    {
      userid    = "admin"
      firstname = "Administrator"
      lastname  = "User"
      email     = "[email protected]"
      password  = "admin123"
      roles     = ["nx-admin"]
      status    = "active"
    },
  ]
}

Individual module usage

nexus-security-anonymous:

module "nexus_security_anonymous" {
  source  = "devops-ia/security/nexus//modules/nexus-security-anonymous"

  enabled    = true
  realm_name = "NexusAuthorizingRealm"
  user_id    = "anonymous"
}

nexus-security-content-selector:

module "nexus_security_content_selector" {
  source  = "devops-ia/security/nexus//modules/nexus-security-content-selector"

  name        = "example"
  description = "example content selector"
  expression  = "format == \"raw\""
}

nexus-security-ldap:

module "nexus_security_ldap" {
  source  = "devops-ia/security/nexus//modules/nexus-security-ldap"

  name                           = "example-ldap"
  auth_schema                    = "NONE"
  auth_username                  = "admin"
  connection_retry_delay_seconds = 1
  connection_timeout_seconds     = 1
  group_type                     = "static"
  host                           = "ldap.example.com"
  max_incident_count             = 1
  port                           = 389
  protocol                       = "LDAP"
  search_base                    = "dc=example,dc=com"
  use_trust_store                = false
  auth_password                  = "t0ps3cr3t"
  auth_realm                     = "EXAMPLE"
  group_base_dn                  = "ou=Group"
  group_id_attribute             = "cn"
  group_member_attribute         = "memberUid"
  group_member_format            = "uid=username,ou=people,dc=example,dc=com"
  group_object_class             = "example"
  group_subtree                  = true
  ldap_groups_as_roles           = true
  user_base_dn                   = "ou=people"
  user_email_address_attribute   = "mail"
  user_id_attribute              = "uid"
  user_ldap_filter               = "(|(mail=*@example.com)(uid=dom*))"
  user_member_of_attribute       = "memberOf"
  user_object_class              = "posixGroup"
  user_password_attribute        = "exmaple"
  user_real_name_attribute       = "cn"
  user_subtree                   = true
}

nexus-security-ldap-order:

module "nexus_security_ldap_order" {
  source  = "devops-ia/security/nexus//modules/nexus-security-ldap-order"

  order = [
    "server1",
    "server2"
  ]
}

nexus-security-reamls:

module "nexus_privilege_script" {
  source  = "devops-ia/security/nexus//modules/nexus-security-realms"

  active = [
    "NexusAuthenticatingRealm",
    "DockerToken",
  ]
}

nexus-security-role:

module "nexus_security_role" {
  source  = "devops-ia/security/nexus//modules/nexus-security-role"

  description = "Docker deployment role"
  name        = "docker-deploy"
  privileges = [
    "nx-repository-view-docker-*-*",
  ]
  roleid = "docker-deploy"
}

nexus-security-saml:

module "nexus_security_saml" {
  source  = "devops-ia/security/nexus//modules/nexus-security-saml"

  idp_metadata                 = "<EntityDescriptor ...>...</EntityDescriptor>"
  entity_id                    = "http://nexus.example/service/rest/v1/security/saml/metadata"
  validate_response_signature  = true
  validate_assertion_signature = true
  username_attribute           = "username"
  first_name_attribute         = "firstName"
  last_name_attribute          = "lastName"
  email_attribute              = "email"
  groups_attribute             = "groups"
}

nexus-security-user:

module "nexus_security_user" {
  source  = "devops-ia/security/nexus//modules/nexus-security-user"

  userid    = "admin"
  firstname = "Administrator"
  lastname  = "User"
  email     = "[email protected]"
  password  = "admin123"
  roles     = ["nx-admin"]
  status    = "active"
}

nexus-security-token:

module "nexus_security_user_token" {
  source  = "devops-ia/security/nexus//modules/nexus-security-token"

  enabled         = true
  protect_content = false
}

Terraform Docs

Requirements

Name	Version
terraform	>= 1.3.0
nexus	>= 2.0.0

Providers

No providers.

Modules

Name	Source	Version
nexus_security_anonymous	./modules/nexus-security-anonymous	n/a
nexus_security_content_selector	./modules/nexus-security-content-selector	n/a
nexus_security_ldap	./modules/nexus-security-ldap	n/a
nexus_security_role	./modules/nexus-security-role	n/a
nexus_security_saml	./modules/nexus-security-saml	n/a
nexus_security_user	./modules/nexus-security-user	n/a

Resources

No resources.

Inputs

Name	Description	Type	Default	Required
nexus_security_anonymous	Security Anonymous.	list(object({ enabled = optional(bool) realm_name = optional(string) user_id = optional(string) }))	`[]`	no
nexus_security_content_selector	Security Content Selector.	list(object({ name = string description = optional(string) expression = string }))	`[]`	no
nexus_security_ldap	Security Ldap.	list(object({ name = string auth_schema = string auth_username = string connection_retry_delay_seconds = number connection_timeout_seconds = number group_type = string host = string max_incident_count = number port = number protocol = string search_base = string auth_password = optional(string) auth_realm = optional(string) group_base_dn = optional(string) group_id_attribute = optional(string) group_member_attribute = optional(string) group_member_format = optional(string) group_object_class = optional(string) group_subtree = optional(string) ldap_groups_as_roles = optional(bool) use_trust_store = optional(bool) user_base_dn = optional(string) user_email_address_attribute = optional(string) user_id_attribute = optional(string) user_ldap_filter = optional(string) user_member_of_attribute = optional(string) user_object_class = optional(string) user_password_attribute = optional(string) user_real_name_attribute = optional(string) user_subtree = optional(bool) }))	`[]`	no
nexus_security_role	Security Role.	list(object({ name = string roleid = string description = optional(string) privileges = optional(set(string)) roles = optional(set(string)) }))	`[]`	no
nexus_security_saml	Security Saml.	list(object({ idp_metadata = string username_attribute = string email_attribute = optional(string) entity_id = optional(string) first_name_attribute = optional(string) groups_attribute = optional(string) last_name_attribute = optional(string) validate_assertion_signature = optional(bool) validate_response_signature = optional(bool) }))	`[]`	no
nexus_security_user	Security User.	list(object({ email = string firstname = string lastname = string password = string userid = string roles = optional(list(string)) status = optional(string) }))	`[]`	no

Outputs

Name	Description
security_anonymous	Security Anonymous.
security_content_selector	Security Content Selector.
security_ldap	Security Ldap.
security_role	Security Role.
security_saml	Security Saml.
security_user	Security User.

Authors

Module is maintained by DevOps IA with help from these awesome contributors.

Name		Name	Last commit message	Last commit date
Latest commit History 15 Commits
.github		.github
examples		examples
modules		modules
.editorconfig		.editorconfig
.gitignore		.gitignore
.pre-commit-config.yaml		.pre-commit-config.yaml
.releaserc.json		.releaserc.json
CHANGELOG.md		CHANGELOG.md
LICENSE		LICENSE
README.md		README.md
main.tf		main.tf
outputs.tf		outputs.tf
variables.tf		variables.tf
versions.tf		versions.tf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Nexus Security

Provider

Root module usage

Individual module usage

Terraform Docs

Requirements

Providers

Modules

Resources

Inputs

Outputs

Authors

About

Releases 2

Contributors 4

Languages

License

devops-ia/terraform-nexus-security

Folders and files

Latest commit

History

Repository files navigation

Nexus Security

Provider

Root module usage

Individual module usage

Terraform Docs

Requirements

Providers

Modules

Resources

Inputs

Outputs

Authors

About

Topics

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Releases 2

Contributors 4

Languages