Skip to content

octoenergy/terraform-provider-nexus

 
 

Repository files navigation

Terraform provider Nexus

codeql workflow Contributor Covenant Go Report Card

Introduction

Terraform provider to configure Sonatype Nexus using its API.

Implemented and tested with Sonatype Nexus 3.70.1-02.

Usage

Provider config

provider "nexus" {
  insecure         = true
  password         = "admin123"
  url              = "https://127.0.0.1:8080"
  username         = "admin"
  client_cert_path = "/path/to/client.crt"
  client_key_path  = "/path/to/client.key"
  root_ca_path     = "/path/to/root_ca.crt"
}

Optionally with mTLS if Nexus is deployed behind a reverse proxy:

provider "nexus" {
  insecure         = true
  password         = "admin123"
  url              = "https://127.0.0.1:8080"
  username         = "admin"
  client_cert_path = "/path/to/client.crt"
  client_key_path  = "/path/to/client.key"
  root_ca_path     = "/path/to/root_ca.crt"
}

Note that the root_ca_path should contain ALL certificates required for communication. It overrides the system CA store, rather than adding to it.

You can point the root_ca_path to the system trust store if required, e.g.:

root_ca_path = "/etc/ssl/certs/ca-certificates.crt"

Development

Build

There is a makefile to build the provider and place it in repos root dir.

make

To use the local build version you need tell terraform where to look for it via a terraform config override.

Create dev.tfrc in your terraform code folder (f.e. in dev.tfrc):

# dev.tfrc
provider_installation {

  # Use /home/developer/tmp/terraform-nexus as an overridden package directory
  # for the datadrivers/nexus provider. This disables the version and checksum
  # verifications for this provider and forces Terraform to look for the
  # nexus provider plugin in the given directory.
  # relative path also works, but no variable or ~ evaluation
  dev_overrides {
    "datadrivers/nexus" = "../../"
  }

  # For all other providers, install them directly from their origin provider
  # registries as normal. If you omit this, Terraform will _only_ use
  # the dev_overrides block, and so no other providers will be available.
  direct {}
}

Tell your shell environment to use override file:

export TF_CLI_CONFIG_FILE=dev.tfrc

Now run your terraform commands (plan or apply), init is not required.

# start local nexus
make start-services
# run local terraform code
cd examples/local-development
terraform plan
terraform apply

Testing

NOTE: For testing Nexus Pro features, place the license.lic in scripts/.

For testing start a local Docker containers using make

make start-services

This will start a Docker and MinIO containers and expose ports 8081 and 9000.

Now start the tests

make testacc

or skipped tests:

SKIP_S3_TESTS=true make testacc
SKIP_AZURE_TESTS=true make testacc
SKIP_PRO_TESTS=true make testacc

To debug tests

Set env variable TF_LOG=DEBUG to see additional output.

Use printState() function to discover terraform state (and resource props) during test.

Debug configurations are also available for VS Code.

Create documentation

When creating or updating resources/data resources please make sure to update the examples in the respective folder (./examples/resources/<name> for resources, ./examples/data-sources/<name> for data sources)

Next you can use the following command to generate the terraform documentation from go files

make docs

Author

Datadrivers GmbH