Deeply understand how to manage the most commonly used General Administration Activities in JFrog Artifactory. Analyze how these activities are performed by the project admin:
In this article, we will look at administering certain critical activities as part of your JFrog Artifactory Administration needs.
This tutorial will cover topics like creating users and assigning permission, creating permission targets, artifactory settings to enable folder downloads, trash can retention settings, adding custom messages, etc for the JFrog SAAS environment.
Typically the above activities are performed either by the Platform Admin or Project Admin.
=> In-Depth JFrog Tutorials for Beginners
Table of Contents:
- General Administration Activities in JFrog: Must-Know Steps
- Creating User and Assigning Permission
- Create Permission Target
- Creating Identity Token
- Locking and Unlocking User
- Enabling Anonymous Access
- Artifactory Settings for Folder Download and Trash Can Retention
- Adding Custom Message for the Instance
- Maximum Size for Uploading Files
- Property Sets
- Assigning Property Set to Repository
- Creating Projects
- Conclusion
General Administration Activities in JFrog: Must-Know Steps
JFrog Artifactory SAAS now has two User Interfaces (UI). One is Classic UI and the other is New UI (Currently in Beta).
The admin activities can be done as per Platform configuration in the new UI and in Classic UI it is the old Administration TAB. You can switch between the UI from the Profile menu.
Creating User and Assigning Permission
In this section let’s look at how User Management and Tokens in Artifactory can be managed from the Administration Tab. Login to the Artifactory URL and go to the Administration TAB.
#1) In the new UI, click on Platform Configurations -> User Management -> Users
In the classic UI, click on User Management -> Users
#2) Click on + New user
#3) Enter a Username, email, and password (scroll below to provide the same)
#4) If the user is supposed to be Admin then click on the role Administer Platform. Click on Save.
We still have not provided access to any repository for the user. To do this we need to create a Permission Target.
Also Read =>> What is GitHub and How to Create a Repository
Create Permission Target
This will provide users access to the repository.
#1) In the Administration Tab, click on Permissions under User Management.
#2) Click on +New Permission. Provide a name and click on + Add Repositories.
#3) Select a Local Repository for this permission target.
#4) Click OK.
#5) Click on the Users Tab and + under Selected Users
#6) Click OK once you select all users.
#7) Select the appropriate permissions under the Repositories section and click on Create.
Read permission will allow only to download artifacts that are already available in the remote cache. New artifacts will not be downloaded which are not available or do not exist in the remote cache.
Deploy permission will allow caching of artifacts from Dockerhub, and Maven central to the remote repositories in Artifactory
Admin users will have access to all repositories by default. Users can log in and start accessing the repositories. Normally if SAML Single Sign On is enabled then users will log in with their corporate ID and Password.
=>> Read SAML SSO – JFrog – JFrog Documentation to find out more about configuring SAML for your JFrog site.
Creating Identity Token
Creating any kind of token provides a flexible way of authentication. We will look at how it can be used, especially in pipelines or logins using docker. Using an Identity token is the preferred way.
#1) Go to the User Profile -> Edit Profile
#2) Unlock your profile.
#3) Click on Generate an Identity Token.
Copy and Save the token locally. The tokens generated can be used for authentication for all of the package types and also used in CI/CD pipelines instead of passwords.
Locking and Unlocking User
Artifactory can be configured to lock a user’s account after a specified number of failed login attempts. In the new UI, this can be enabled under Administration -> Platform Configurations -> Platform Security -> General by checking the box ‘Lock User After Exceeding Max Failed Login Attempts’, and specifying the Max Failed Login Attempts field.
In the classic UI, the option can be found in Administration -> User Management -> Settings.
Only a platform administrator can unlock the user’s account by clicking on the link given below in the Security configuration ‘Unlock All Users’.
Enabling Anonymous Access
Artifactory supports the concept of a pre-defined Anonymous user which can be used to download cached artifacts and also populate caches irrespective of the permissions defined.
For example, the team would like to enable anonymous access for local repositories but would like to know for remote repositories who downloaded certain artifacts. So anonymous access need not be enabled for remote repositories.
To activate an anonymous user in the new UI, go to Administration -> Platform Configurations -> Platform Security -> General. Enable the checkbox ‘Allow Anonymous Access’.
In the classic UI, the option can be found in Administration -> User Management -> Settings.
Go to User Management -> Users. If you look at anonymous users, it is assigned to the Anything and Any Remote permission target by default.
Remove permissions for both Anything and Any Remote for the anonymous user. Click on each of these permission targets and go to Users TAB. Click on Save once done.
Any Remote Permission Target
Anything Permission Target
Let’s look at how to implement the use case of providing Anonymous access to local repositories but specifying users for access to remote repositories. We will need to create 2 permission targets. One for each.
Permission target for local repositories – Anonymous access
Go to Administration -> User Management -> Permissions. Click on + New Permission.
In the Resources section, click on Add Repositories. Select the checkbox Any Local Repository and click on OK.
Next, add the anonymous user with Read permission so that any anonymous request can read and access artifacts in all.
Similarly, create a permission target for Remote repositories and select the check box Any Remote Repository while adding Repositories. Click OK.
Now add specific users who will be able to access all remote repositories and also deploy artifacts to the remote cache. Click on Save.
Artifactory Settings for Folder Download and Trash Can Retention
Artifactory provides 2 options, one for folder-level download from local repositories when using API with CURL command. The other is to ensure how long the artifacts once deleted from your local repository can remain in the trash can.
To set this in the classic UI, go to Administration -> Artifactory -> General -> Settings. Select the checkboxes for options as shown.
In the new UI, set this option in Administration -> Platform Configurations -> Artifactory Settings -> Settings
For example, downloading a folder.
curl -XGET -u niranjan:<Identity Token> “https://<Server>.jfrog.io/artifactory/api/archive/download/example-repo-local/doc?archiveType=zip” –output example-local2.zip
In the above command doc is the folder that we are trying to download only and not the contents of the entire repository.
Adding Custom Message for the Instance
To add any custom message at the instance level to communicate important information/messages to all Artifactory users in the new UI, go to Administration -> Platform Configurations -> Platform Management -> General. Enable the custom message settings and add the text. Click on Save once done.
In the classic UI, set this option in Administration -> General -> Settings
Maximum Size for Uploading Files
In organizations, there could be certain network/bandwidth restrictions concerning uploading and downloading files from SAAS platforms. To take care of these aspects we can set the maximum file size setting for uploading in Artifactory.
In the new UI, set this option in Administration -> Platform Configurations -> Artifactory Settings -> Settings
In the classic UI, go to Administration -> Artifactory -> General Settings. Set the size in MB as shown below.
Property Sets
Typically, when you want to tag a repository, you can use Property sets to define a property of single or multiple values. Property sets can also be used in locating items.
For example, we can tag a repository being used exclusively in India or European locations so that the teams have the clarity to upload any artifacts appropriately.
#1) To create a Property set in the classic UI, go to Administration -> Services -> Artifactory -> General -> Property Sets
#2) Click on New Property Sets.
#3) Provide a name and click on New Record.
#4) Add a Property Name using the Single Select value and click on Save.
#5) Click on Save in the main Property Set screen.
Assigning Property Set to Repository
To assign a Property set to a repository, go to the Administration Tab -> Repositories. Go to the Advanced Tab of the repository and add the property set just created. Click on Save once done.
Apply the property set and value to a local repository
Go to the Application TAB, click on the local repository, and click on Properties -> Property set sub tab. You need not be an Admin to perform the below steps.
Select the Property set and value and click on Add. Selecting Recursive will be added to all folders and artifacts under the repository. The final view is shown below after selecting the Property set and values.
Creating Projects
Normally in self-hosted and SAAS Artifactory, storage is an important aspect of pricing that has to be controlled. So it is very important to plan. Projects in Artifactory help to plan and control storage usage. With projects, you can add users/groups with Project Admin / Member privileges, assign repositories, etc.
#1) In the new UI to create a project, go to Platform Configurations -> Projects
In the classic UI to create a project, go to Administration -> Projects and click on Create New
#2) Provide a project name and key. Set the Storage quota as well.
#3) Click on Create.
#4) Go to the Administration -> Repositories.
#5) Select the Local Repository and click on Assign Project.
#6) Click on Assign To Project. Once assigned, the project admin can then add other members to the project.
Project Admin can click on Edit Settings to increase quota size and add members to the Developer role.
In the screenshot, you can see multiple roles like Developer, Viewer, etc. JFrog Artifactory supports Role Based Access Control. Let’s look at Global and Project Roles.
Global roles apply to projects and are pre-defined. New Global roles cannot be created only new project roles specific to the project can be created
To view the Global roles in the Administration pane, ensure All Projects are selected from the Projects list in the taskbar.
Now go to Administration -> User Management -> Global Roles. You can look at the access controls provided like Read/Write/Delete Artifacts and other controls.
Project Roles are a combination of Global roles and Customized roles. To create a project role you need to be a platform admin or a project admin.
From the projects drop-down list select the project for which to assign the role. At this level, go to User Management -> Roles
Click on + Create Project Role. Add the role name and select the appropriate controls/actions. Click on Create.
The role is now available for the project. Click on + Add Members and select the Tester role.
Conclusion
In this very important article, we have seen the most commonly used General administration activities performed by the platform admin or the project admin.
The activities shown in this article from my experience have been used almost daily to administer the platform to support the project teams in their day-to-day development and deployment activities.
Suggested Reading =>> Most Popular On-premise and Cloud DevOps Tools
Hope this article can help you as a platform admin to effectively perform your activities.