artifactory v8.4.0, Nov 19 24

artifactory v8.4.0 published on Tuesday, Nov 19, 2024 by Pulumi

artifactory.ScopedToken

Explore with Pulumi AI

artifactory v8.4.0 published on Tuesday, Nov 19, 2024 by Pulumi

pulumi/pulumi-artifactory

Example Usage

S

import * as pulumi from "@pulumi/pulumi";
import * as artifactory from "@pulumi/artifactory";

//## Create a new Artifactory scoped token for an existing user
const scopedToken = new artifactory.ScopedToken("scoped_token", {username: "existing-user"});
//## **Note:** This assumes that the user `existing-user` has already been created in Artifactory by different means, i.e. manually or in a separate pulumi up.
//## Create a new Artifactory user and scoped token
const newUser = new artifactory.User("new_user", {
    name: "new_user",
    email: "new_user@somewhere.com",
    groups: ["readers"],
});
const scopedTokenUser = new artifactory.ScopedToken("scoped_token_user", {username: newUser.name});
//## Creates a new token for groups
const scopedTokenGroup = new artifactory.ScopedToken("scoped_token_group", {scopes: ["applied-permissions/groups:readers"]});
//## Create token with expiry
const scopedTokenNoExpiry = new artifactory.ScopedToken("scoped_token_no_expiry", {
    username: "existing-user",
    expiresIn: 7200,
});
//## Creates a refreshable token
const scopedTokenRefreshable = new artifactory.ScopedToken("scoped_token_refreshable", {
    username: "existing-user",
    refreshable: true,
});
//## Creates an administrator token
const admin = new artifactory.ScopedToken("admin", {
    username: "admin-user",
    scopes: ["applied-permissions/admin"],
});
//## Creates a token with an audience
const audience = new artifactory.ScopedToken("audience", {
    username: "admin-user",
    scopes: ["applied-permissions/admin"],
    audiences: ["jfrt@*"],
});

import pulumi
import pulumi_artifactory as artifactory

### Create a new Artifactory scoped token for an existing user
scoped_token = artifactory.ScopedToken("scoped_token", username="existing-user")
### **Note:** This assumes that the user `existing-user` has already been created in Artifactory by different means, i.e. manually or in a separate pulumi up.
### Create a new Artifactory user and scoped token
new_user = artifactory.User("new_user",
    name="new_user",
    email="new_user@somewhere.com",
    groups=["readers"])
scoped_token_user = artifactory.ScopedToken("scoped_token_user", username=new_user.name)
### Creates a new token for groups
scoped_token_group = artifactory.ScopedToken("scoped_token_group", scopes=["applied-permissions/groups:readers"])
### Create token with expiry
scoped_token_no_expiry = artifactory.ScopedToken("scoped_token_no_expiry",
    username="existing-user",
    expires_in=7200)
### Creates a refreshable token
scoped_token_refreshable = artifactory.ScopedToken("scoped_token_refreshable",
    username="existing-user",
    refreshable=True)
### Creates an administrator token
admin = artifactory.ScopedToken("admin",
    username="admin-user",
    scopes=["applied-permissions/admin"])
### Creates a token with an audience
audience = artifactory.ScopedToken("audience",
    username="admin-user",
    scopes=["applied-permissions/admin"],
    audiences=["jfrt@*"])

package main

import (
	"github.com/pulumi/pulumi-artifactory/sdk/v8/go/artifactory"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		// ## Create a new Artifactory scoped token for an existing user
		_, err := artifactory.NewScopedToken(ctx, "scoped_token", &artifactory.ScopedTokenArgs{
			Username: pulumi.String("existing-user"),
		})
		if err != nil {
			return err
		}
		// ## Create a new Artifactory user and scoped token
		newUser, err := artifactory.NewUser(ctx, "new_user", &artifactory.UserArgs{
			Name:  pulumi.String("new_user"),
			Email: pulumi.String("new_user@somewhere.com"),
			Groups: pulumi.StringArray{
				pulumi.String("readers"),
			},
		})
		if err != nil {
			return err
		}
		_, err = artifactory.NewScopedToken(ctx, "scoped_token_user", &artifactory.ScopedTokenArgs{
			Username: newUser.Name,
		})
		if err != nil {
			return err
		}
		// ## Creates a new token for groups
		_, err = artifactory.NewScopedToken(ctx, "scoped_token_group", &artifactory.ScopedTokenArgs{
			Scopes: pulumi.StringArray{
				pulumi.String("applied-permissions/groups:readers"),
			},
		})
		if err != nil {
			return err
		}
		// ## Create token with expiry
		_, err = artifactory.NewScopedToken(ctx, "scoped_token_no_expiry", &artifactory.ScopedTokenArgs{
			Username:  pulumi.String("existing-user"),
			ExpiresIn: pulumi.Int(7200),
		})
		if err != nil {
			return err
		}
		// ## Creates a refreshable token
		_, err = artifactory.NewScopedToken(ctx, "scoped_token_refreshable", &artifactory.ScopedTokenArgs{
			Username:    pulumi.String("existing-user"),
			Refreshable: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		// ## Creates an administrator token
		_, err = artifactory.NewScopedToken(ctx, "admin", &artifactory.ScopedTokenArgs{
			Username: pulumi.String("admin-user"),
			Scopes: pulumi.StringArray{
				pulumi.String("applied-permissions/admin"),
			},
		})
		if err != nil {
			return err
		}
		// ## Creates a token with an audience
		_, err = artifactory.NewScopedToken(ctx, "audience", &artifactory.ScopedTokenArgs{
			Username: pulumi.String("admin-user"),
			Scopes: pulumi.StringArray{
				pulumi.String("applied-permissions/admin"),
			},
			Audiences: pulumi.StringArray{
				pulumi.String("jfrt@*"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Artifactory = Pulumi.Artifactory;

return await Deployment.RunAsync(() => 
{
    //## Create a new Artifactory scoped token for an existing user
    var scopedToken = new Artifactory.ScopedToken("scoped_token", new()
    {
        Username = "existing-user",
    });

    //## **Note:** This assumes that the user `existing-user` has already been created in Artifactory by different means, i.e. manually or in a separate pulumi up.
    //## Create a new Artifactory user and scoped token
    var newUser = new Artifactory.User("new_user", new()
    {
        Name = "new_user",
        Email = "new_user@somewhere.com",
        Groups = new[]
        {
            "readers",
        },
    });

    var scopedTokenUser = new Artifactory.ScopedToken("scoped_token_user", new()
    {
        Username = newUser.Name,
    });

    //## Creates a new token for groups
    var scopedTokenGroup = new Artifactory.ScopedToken("scoped_token_group", new()
    {
        Scopes = new[]
        {
            "applied-permissions/groups:readers",
        },
    });

    //## Create token with expiry
    var scopedTokenNoExpiry = new Artifactory.ScopedToken("scoped_token_no_expiry", new()
    {
        Username = "existing-user",
        ExpiresIn = 7200,
    });

    //## Creates a refreshable token
    var scopedTokenRefreshable = new Artifactory.ScopedToken("scoped_token_refreshable", new()
    {
        Username = "existing-user",
        Refreshable = true,
    });

    //## Creates an administrator token
    var admin = new Artifactory.ScopedToken("admin", new()
    {
        Username = "admin-user",
        Scopes = new[]
        {
            "applied-permissions/admin",
        },
    });

    //## Creates a token with an audience
    var audience = new Artifactory.ScopedToken("audience", new()
    {
        Username = "admin-user",
        Scopes = new[]
        {
            "applied-permissions/admin",
        },
        Audiences = new[]
        {
            "jfrt@*",
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.artifactory.ScopedToken;
import com.pulumi.artifactory.ScopedTokenArgs;
import com.pulumi.artifactory.User;
import com.pulumi.artifactory.UserArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        //## Create a new Artifactory scoped token for an existing user
        var scopedToken = new ScopedToken("scopedToken", ScopedTokenArgs.builder()
            .username("existing-user")
            .build());

        //## **Note:** This assumes that the user `existing-user` has already been created in Artifactory by different means, i.e. manually or in a separate pulumi up.
        //## Create a new Artifactory user and scoped token
        var newUser = new User("newUser", UserArgs.builder()
            .name("new_user")
            .email("new_user@somewhere.com")
            .groups("readers")
            .build());

        var scopedTokenUser = new ScopedToken("scopedTokenUser", ScopedTokenArgs.builder()
            .username(newUser.name())
            .build());

        //## Creates a new token for groups
        var scopedTokenGroup = new ScopedToken("scopedTokenGroup", ScopedTokenArgs.builder()
            .scopes("applied-permissions/groups:readers")
            .build());

        //## Create token with expiry
        var scopedTokenNoExpiry = new ScopedToken("scopedTokenNoExpiry", ScopedTokenArgs.builder()
            .username("existing-user")
            .expiresIn(7200)
            .build());

        //## Creates a refreshable token
        var scopedTokenRefreshable = new ScopedToken("scopedTokenRefreshable", ScopedTokenArgs.builder()
            .username("existing-user")
            .refreshable(true)
            .build());

        //## Creates an administrator token
        var admin = new ScopedToken("admin", ScopedTokenArgs.builder()
            .username("admin-user")
            .scopes("applied-permissions/admin")
            .build());

        //## Creates a token with an audience
        var audience = new ScopedToken("audience", ScopedTokenArgs.builder()
            .username("admin-user")
            .scopes("applied-permissions/admin")
            .audiences("jfrt@*")
            .build());

    }
}

resources:
  ### Create a new Artifactory scoped token for an existing user
  scopedToken: ### **Note:** This assumes that the user `existing-user` has already been created in Artifactory by different means, i.e. manually or in a separate pulumi up.
    type: artifactory:ScopedToken
    name: scoped_token
    properties:
      username: existing-user
  ### Create a new Artifactory user and scoped token
  newUser:
    type: artifactory:User
    name: new_user
    properties:
      name: new_user
      email: new_user@somewhere.com
      groups:
        - readers
  scopedTokenUser:
    type: artifactory:ScopedToken
    name: scoped_token_user
    properties:
      username: ${newUser.name}
  ### Creates a new token for groups
  scopedTokenGroup:
    type: artifactory:ScopedToken
    name: scoped_token_group
    properties:
      scopes:
        - applied-permissions/groups:readers
  ### Create token with expiry
  scopedTokenNoExpiry:
    type: artifactory:ScopedToken
    name: scoped_token_no_expiry
    properties:
      username: existing-user
      expiresIn: 7200 # in seconds
  ### Creates a refreshable token
  scopedTokenRefreshable:
    type: artifactory:ScopedToken
    name: scoped_token_refreshable
    properties:
      username: existing-user
      refreshable: true
  ### Creates an administrator token
  admin:
    type: artifactory:ScopedToken
    properties:
      username: admin-user
      scopes:
        - applied-permissions/admin
  ### Creates a token with an audience
  audience:
    type: artifactory:ScopedToken
    properties:
      username: admin-user
      scopes:
        - applied-permissions/admin
      audiences:
        - jfrt@*

References

https://jfrog.com/help/r/jfrog-platform-administration-documentation/access-tokens
https://jfrog.com/help/r/jfrog-rest-apis/access-tokens

Create ScopedToken Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new ScopedToken(name: string, args?: ScopedTokenArgs, opts?: CustomResourceOptions);

@overload
def ScopedToken(resource_name: str,
                args: Optional[ScopedTokenArgs] = None,
                opts: Optional[ResourceOptions] = None)

@overload
def ScopedToken(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                audiences: Optional[Sequence[str]] = None,
                description: Optional[str] = None,
                expires_in: Optional[int] = None,
                grant_type: Optional[str] = None,
                ignore_missing_token_warning: Optional[bool] = None,
                include_reference_token: Optional[bool] = None,
                project_key: Optional[str] = None,
                refreshable: Optional[bool] = None,
                scopes: Optional[Sequence[str]] = None,
                username: Optional[str] = None)

func NewScopedToken(ctx *Context, name string, args *ScopedTokenArgs, opts ...ResourceOption) (*ScopedToken, error)

public ScopedToken(string name, ScopedTokenArgs? args = null, CustomResourceOptions? opts = null)

public ScopedToken(String name, ScopedTokenArgs args)
public ScopedToken(String name, ScopedTokenArgs args, CustomResourceOptions options)

type: artifactory:ScopedToken
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args ScopedTokenArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args ScopedTokenArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ScopedTokenArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ScopedTokenArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args ScopedTokenArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var scopedTokenResource = new Artifactory.ScopedToken("scopedTokenResource", new()
{
    Audiences = new[]
    {
        "string",
    },
    Description = "string",
    ExpiresIn = 0,
    GrantType = "string",
    IgnoreMissingTokenWarning = false,
    IncludeReferenceToken = false,
    ProjectKey = "string",
    Refreshable = false,
    Scopes = new[]
    {
        "string",
    },
    Username = "string",
});

example, err := artifactory.NewScopedToken(ctx, "scopedTokenResource", &artifactory.ScopedTokenArgs{
	Audiences: pulumi.StringArray{
		pulumi.String("string"),
	},
	Description:               pulumi.String("string"),
	ExpiresIn:                 pulumi.Int(0),
	GrantType:                 pulumi.String("string"),
	IgnoreMissingTokenWarning: pulumi.Bool(false),
	IncludeReferenceToken:     pulumi.Bool(false),
	ProjectKey:                pulumi.String("string"),
	Refreshable:               pulumi.Bool(false),
	Scopes: pulumi.StringArray{
		pulumi.String("string"),
	},
	Username: pulumi.String("string"),
})

var scopedTokenResource = new ScopedToken("scopedTokenResource", ScopedTokenArgs.builder()
    .audiences("string")
    .description("string")
    .expiresIn(0)
    .grantType("string")
    .ignoreMissingTokenWarning(false)
    .includeReferenceToken(false)
    .projectKey("string")
    .refreshable(false)
    .scopes("string")
    .username("string")
    .build());

scoped_token_resource = artifactory.ScopedToken("scopedTokenResource",
    audiences=["string"],
    description="string",
    expires_in=0,
    grant_type="string",
    ignore_missing_token_warning=False,
    include_reference_token=False,
    project_key="string",
    refreshable=False,
    scopes=["string"],
    username="string")

const scopedTokenResource = new artifactory.ScopedToken("scopedTokenResource", {
    audiences: ["string"],
    description: "string",
    expiresIn: 0,
    grantType: "string",
    ignoreMissingTokenWarning: false,
    includeReferenceToken: false,
    projectKey: "string",
    refreshable: false,
    scopes: ["string"],
    username: "string",
});

type: artifactory:ScopedToken
properties:
    audiences:
        - string
    description: string
    expiresIn: 0
    grantType: string
    ignoreMissingTokenWarning: false
    includeReferenceToken: false
    projectKey: string
    refreshable: false
    scopes:
        - string
    username: string

ScopedToken Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The ScopedToken resource accepts the following input properties:

Audiences List<string>: A list of the other instances or services that should accept this token identified by their Service-IDs. Limited to total 255 characters. Default to '@' if not set. Service ID must begin with valid JFrog service type. Options: jfrt, jfxr, jfpip, jfds, jfmc, jfac, jfevt, jfmd, jfcon, or *. For instructions to retrieve the Artifactory Service ID see this documentation
Description string: Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters.
ExpiresIn int: The amount of time, in seconds, it would take for the token to expire. An admin shall be able to set whether expiry is mandatory, what is the default expiry, and what is the maximum expiry allowed. Must be non-negative. Default value is based on configuration in 'access.config.yaml'. See API documentation for details. Access Token would not be saved by Artifactory if this is less than the persistence threshold value (default to 10800 seconds) set in Access configuration. See official documentation for details.
GrantType string: The grant type used to authenticate the request. In this case, the only value supported is client_credentials which is also the default value if this parameter is not specified.
IgnoreMissingTokenWarning bool: Toggle to ignore warning message when token was missing or not created and stored by Artifactory. Default is false.
IncludeReferenceToken bool: Also create a reference token which can be used like an API key. Default is false.
ProjectKey string: The project for which this token is created. Enter the project name on which you want to apply this token.
Refreshable bool: Is this token refreshable? Default is false.
Scopes List<string>: The scope of access that the token provides. Access to the REST API is always provided by default. Administrators can set any scope, while non-admin users can only set the scope to a subset of the groups to which they belong. The supported scopes include: - applied-permissions/user - provides user access. If left at the default setting, the token will be created with the user-identity scope, which allows users to identify themselves in the Platform but does not grant any specific access permissions. - applied-permissions/admin - the scope assigned to admin users. - applied-permissions/groups - this scope assigns permissions to groups using the following format: applied-permissions/groups:<group-name>[,<group-name>...] - system:metrics:r - for getting the service metrics - system:livelogs:r - for getting the service livelogs - Resource Permissions: From Artifactory 7.38.x, resource permissions scoped tokens are also supported in the REST API. A permission can be represented as a scope token string in the following format: <resource-type>:<target>[/<sub-resource>]:<actions> - Where: - <resource-type> - one of the permission resource types, from a predefined closed list. Currently, the only resource type that is supported is the artifact resource type. - <target> - the target resource, can be exact name or a pattern - <sub-resource> - optional, the target sub-resource, can be exact name or a pattern - <actions> - comma-separated list of action acronyms. The actions allowed are r, w, d, a, m, x, s, or any combination of these actions. To allow all actions - use * - Examples: - ["applied-permissions/user", "artifact:generic-local:r"] - ["applied-permissions/group", "artifact:generic-local/path:*"] - ["applied-permissions/admin", "system:metrics:r", "artifact:generic-local:*"] - applied-permissions/roles:project-key - provides access to elements associated with the project based on the project role. For example, applied-permissions/roles:project-type:developer,qa. ->The scope to assign to the token should be provided as a list of scope tokens, limited to 500 characters in total. From Artifactory 7.84.3, project admins can create access tokens that are tied to the projects in which they hold administrative privileges.
Username string: The user name for which this token is created. The username is based on the authenticated user - either from the user of the authenticated token or based on the username (if basic auth was used). The username is then used to set the subject of the token: /users/. Limited to 255 characters.

Audiences []string: A list of the other instances or services that should accept this token identified by their Service-IDs. Limited to total 255 characters. Default to '@' if not set. Service ID must begin with valid JFrog service type. Options: jfrt, jfxr, jfpip, jfds, jfmc, jfac, jfevt, jfmd, jfcon, or *. For instructions to retrieve the Artifactory Service ID see this documentation
Description string: Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters.
ExpiresIn int: The amount of time, in seconds, it would take for the token to expire. An admin shall be able to set whether expiry is mandatory, what is the default expiry, and what is the maximum expiry allowed. Must be non-negative. Default value is based on configuration in 'access.config.yaml'. See API documentation for details. Access Token would not be saved by Artifactory if this is less than the persistence threshold value (default to 10800 seconds) set in Access configuration. See official documentation for details.
GrantType string: The grant type used to authenticate the request. In this case, the only value supported is client_credentials which is also the default value if this parameter is not specified.
IgnoreMissingTokenWarning bool: Toggle to ignore warning message when token was missing or not created and stored by Artifactory. Default is false.
IncludeReferenceToken bool: Also create a reference token which can be used like an API key. Default is false.
ProjectKey string: The project for which this token is created. Enter the project name on which you want to apply this token.
Refreshable bool: Is this token refreshable? Default is false.
Scopes []string: The scope of access that the token provides. Access to the REST API is always provided by default. Administrators can set any scope, while non-admin users can only set the scope to a subset of the groups to which they belong. The supported scopes include: - applied-permissions/user - provides user access. If left at the default setting, the token will be created with the user-identity scope, which allows users to identify themselves in the Platform but does not grant any specific access permissions. - applied-permissions/admin - the scope assigned to admin users. - applied-permissions/groups - this scope assigns permissions to groups using the following format: applied-permissions/groups:<group-name>[,<group-name>...] - system:metrics:r - for getting the service metrics - system:livelogs:r - for getting the service livelogs - Resource Permissions: From Artifactory 7.38.x, resource permissions scoped tokens are also supported in the REST API. A permission can be represented as a scope token string in the following format: <resource-type>:<target>[/<sub-resource>]:<actions> - Where: - <resource-type> - one of the permission resource types, from a predefined closed list. Currently, the only resource type that is supported is the artifact resource type. - <target> - the target resource, can be exact name or a pattern - <sub-resource> - optional, the target sub-resource, can be exact name or a pattern - <actions> - comma-separated list of action acronyms. The actions allowed are r, w, d, a, m, x, s, or any combination of these actions. To allow all actions - use * - Examples: - ["applied-permissions/user", "artifact:generic-local:r"] - ["applied-permissions/group", "artifact:generic-local/path:*"] - ["applied-permissions/admin", "system:metrics:r", "artifact:generic-local:*"] - applied-permissions/roles:project-key - provides access to elements associated with the project based on the project role. For example, applied-permissions/roles:project-type:developer,qa. ->The scope to assign to the token should be provided as a list of scope tokens, limited to 500 characters in total. From Artifactory 7.84.3, project admins can create access tokens that are tied to the projects in which they hold administrative privileges.
Username string: The user name for which this token is created. The username is based on the authenticated user - either from the user of the authenticated token or based on the username (if basic auth was used). The username is then used to set the subject of the token: /users/. Limited to 255 characters.

audiences List<String>: A list of the other instances or services that should accept this token identified by their Service-IDs. Limited to total 255 characters. Default to '@' if not set. Service ID must begin with valid JFrog service type. Options: jfrt, jfxr, jfpip, jfds, jfmc, jfac, jfevt, jfmd, jfcon, or *. For instructions to retrieve the Artifactory Service ID see this documentation
description String: Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters.
expiresIn Integer: The amount of time, in seconds, it would take for the token to expire. An admin shall be able to set whether expiry is mandatory, what is the default expiry, and what is the maximum expiry allowed. Must be non-negative. Default value is based on configuration in 'access.config.yaml'. See API documentation for details. Access Token would not be saved by Artifactory if this is less than the persistence threshold value (default to 10800 seconds) set in Access configuration. See official documentation for details.
grantType String: The grant type used to authenticate the request. In this case, the only value supported is client_credentials which is also the default value if this parameter is not specified.
ignoreMissingTokenWarning Boolean: Toggle to ignore warning message when token was missing or not created and stored by Artifactory. Default is false.
includeReferenceToken Boolean: Also create a reference token which can be used like an API key. Default is false.
projectKey String: The project for which this token is created. Enter the project name on which you want to apply this token.
refreshable Boolean: Is this token refreshable? Default is false.
scopes List<String>: The scope of access that the token provides. Access to the REST API is always provided by default. Administrators can set any scope, while non-admin users can only set the scope to a subset of the groups to which they belong. The supported scopes include: - applied-permissions/user - provides user access. If left at the default setting, the token will be created with the user-identity scope, which allows users to identify themselves in the Platform but does not grant any specific access permissions. - applied-permissions/admin - the scope assigned to admin users. - applied-permissions/groups - this scope assigns permissions to groups using the following format: applied-permissions/groups:<group-name>[,<group-name>...] - system:metrics:r - for getting the service metrics - system:livelogs:r - for getting the service livelogs - Resource Permissions: From Artifactory 7.38.x, resource permissions scoped tokens are also supported in the REST API. A permission can be represented as a scope token string in the following format: <resource-type>:<target>[/<sub-resource>]:<actions> - Where: - <resource-type> - one of the permission resource types, from a predefined closed list. Currently, the only resource type that is supported is the artifact resource type. - <target> - the target resource, can be exact name or a pattern - <sub-resource> - optional, the target sub-resource, can be exact name or a pattern - <actions> - comma-separated list of action acronyms. The actions allowed are r, w, d, a, m, x, s, or any combination of these actions. To allow all actions - use * - Examples: - ["applied-permissions/user", "artifact:generic-local:r"] - ["applied-permissions/group", "artifact:generic-local/path:*"] - ["applied-permissions/admin", "system:metrics:r", "artifact:generic-local:*"] - applied-permissions/roles:project-key - provides access to elements associated with the project based on the project role. For example, applied-permissions/roles:project-type:developer,qa. ->The scope to assign to the token should be provided as a list of scope tokens, limited to 500 characters in total. From Artifactory 7.84.3, project admins can create access tokens that are tied to the projects in which they hold administrative privileges.
username String: The user name for which this token is created. The username is based on the authenticated user - either from the user of the authenticated token or based on the username (if basic auth was used). The username is then used to set the subject of the token: /users/. Limited to 255 characters.

audiences string[]: A list of the other instances or services that should accept this token identified by their Service-IDs. Limited to total 255 characters. Default to '@' if not set. Service ID must begin with valid JFrog service type. Options: jfrt, jfxr, jfpip, jfds, jfmc, jfac, jfevt, jfmd, jfcon, or *. For instructions to retrieve the Artifactory Service ID see this documentation
description string: Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters.
expiresIn number: The amount of time, in seconds, it would take for the token to expire. An admin shall be able to set whether expiry is mandatory, what is the default expiry, and what is the maximum expiry allowed. Must be non-negative. Default value is based on configuration in 'access.config.yaml'. See API documentation for details. Access Token would not be saved by Artifactory if this is less than the persistence threshold value (default to 10800 seconds) set in Access configuration. See official documentation for details.
grantType string: The grant type used to authenticate the request. In this case, the only value supported is client_credentials which is also the default value if this parameter is not specified.
ignoreMissingTokenWarning boolean: Toggle to ignore warning message when token was missing or not created and stored by Artifactory. Default is false.
includeReferenceToken boolean: Also create a reference token which can be used like an API key. Default is false.
projectKey string: The project for which this token is created. Enter the project name on which you want to apply this token.
refreshable boolean: Is this token refreshable? Default is false.
scopes string[]: The scope of access that the token provides. Access to the REST API is always provided by default. Administrators can set any scope, while non-admin users can only set the scope to a subset of the groups to which they belong. The supported scopes include: - applied-permissions/user - provides user access. If left at the default setting, the token will be created with the user-identity scope, which allows users to identify themselves in the Platform but does not grant any specific access permissions. - applied-permissions/admin - the scope assigned to admin users. - applied-permissions/groups - this scope assigns permissions to groups using the following format: applied-permissions/groups:<group-name>[,<group-name>...] - system:metrics:r - for getting the service metrics - system:livelogs:r - for getting the service livelogs - Resource Permissions: From Artifactory 7.38.x, resource permissions scoped tokens are also supported in the REST API. A permission can be represented as a scope token string in the following format: <resource-type>:<target>[/<sub-resource>]:<actions> - Where: - <resource-type> - one of the permission resource types, from a predefined closed list. Currently, the only resource type that is supported is the artifact resource type. - <target> - the target resource, can be exact name or a pattern - <sub-resource> - optional, the target sub-resource, can be exact name or a pattern - <actions> - comma-separated list of action acronyms. The actions allowed are r, w, d, a, m, x, s, or any combination of these actions. To allow all actions - use * - Examples: - ["applied-permissions/user", "artifact:generic-local:r"] - ["applied-permissions/group", "artifact:generic-local/path:*"] - ["applied-permissions/admin", "system:metrics:r", "artifact:generic-local:*"] - applied-permissions/roles:project-key - provides access to elements associated with the project based on the project role. For example, applied-permissions/roles:project-type:developer,qa. ->The scope to assign to the token should be provided as a list of scope tokens, limited to 500 characters in total. From Artifactory 7.84.3, project admins can create access tokens that are tied to the projects in which they hold administrative privileges.
username string: The user name for which this token is created. The username is based on the authenticated user - either from the user of the authenticated token or based on the username (if basic auth was used). The username is then used to set the subject of the token: /users/. Limited to 255 characters.

audiences Sequence[str]: A list of the other instances or services that should accept this token identified by their Service-IDs. Limited to total 255 characters. Default to '@' if not set. Service ID must begin with valid JFrog service type. Options: jfrt, jfxr, jfpip, jfds, jfmc, jfac, jfevt, jfmd, jfcon, or *. For instructions to retrieve the Artifactory Service ID see this documentation
description str: Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters.
expires_in int: The amount of time, in seconds, it would take for the token to expire. An admin shall be able to set whether expiry is mandatory, what is the default expiry, and what is the maximum expiry allowed. Must be non-negative. Default value is based on configuration in 'access.config.yaml'. See API documentation for details. Access Token would not be saved by Artifactory if this is less than the persistence threshold value (default to 10800 seconds) set in Access configuration. See official documentation for details.
grant_type str: The grant type used to authenticate the request. In this case, the only value supported is client_credentials which is also the default value if this parameter is not specified.
ignore_missing_token_warning bool: Toggle to ignore warning message when token was missing or not created and stored by Artifactory. Default is false.
include_reference_token bool: Also create a reference token which can be used like an API key. Default is false.
project_key str: The project for which this token is created. Enter the project name on which you want to apply this token.
refreshable bool: Is this token refreshable? Default is false.
scopes Sequence[str]: The scope of access that the token provides. Access to the REST API is always provided by default. Administrators can set any scope, while non-admin users can only set the scope to a subset of the groups to which they belong. The supported scopes include: - applied-permissions/user - provides user access. If left at the default setting, the token will be created with the user-identity scope, which allows users to identify themselves in the Platform but does not grant any specific access permissions. - applied-permissions/admin - the scope assigned to admin users. - applied-permissions/groups - this scope assigns permissions to groups using the following format: applied-permissions/groups:<group-name>[,<group-name>...] - system:metrics:r - for getting the service metrics - system:livelogs:r - for getting the service livelogs - Resource Permissions: From Artifactory 7.38.x, resource permissions scoped tokens are also supported in the REST API. A permission can be represented as a scope token string in the following format: <resource-type>:<target>[/<sub-resource>]:<actions> - Where: - <resource-type> - one of the permission resource types, from a predefined closed list. Currently, the only resource type that is supported is the artifact resource type. - <target> - the target resource, can be exact name or a pattern - <sub-resource> - optional, the target sub-resource, can be exact name or a pattern - <actions> - comma-separated list of action acronyms. The actions allowed are r, w, d, a, m, x, s, or any combination of these actions. To allow all actions - use * - Examples: - ["applied-permissions/user", "artifact:generic-local:r"] - ["applied-permissions/group", "artifact:generic-local/path:*"] - ["applied-permissions/admin", "system:metrics:r", "artifact:generic-local:*"] - applied-permissions/roles:project-key - provides access to elements associated with the project based on the project role. For example, applied-permissions/roles:project-type:developer,qa. ->The scope to assign to the token should be provided as a list of scope tokens, limited to 500 characters in total. From Artifactory 7.84.3, project admins can create access tokens that are tied to the projects in which they hold administrative privileges.
username str: The user name for which this token is created. The username is based on the authenticated user - either from the user of the authenticated token or based on the username (if basic auth was used). The username is then used to set the subject of the token: /users/. Limited to 255 characters.

audiences List<String>: A list of the other instances or services that should accept this token identified by their Service-IDs. Limited to total 255 characters. Default to '@' if not set. Service ID must begin with valid JFrog service type. Options: jfrt, jfxr, jfpip, jfds, jfmc, jfac, jfevt, jfmd, jfcon, or *. For instructions to retrieve the Artifactory Service ID see this documentation
description String: Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters.
expiresIn Number: The amount of time, in seconds, it would take for the token to expire. An admin shall be able to set whether expiry is mandatory, what is the default expiry, and what is the maximum expiry allowed. Must be non-negative. Default value is based on configuration in 'access.config.yaml'. See API documentation for details. Access Token would not be saved by Artifactory if this is less than the persistence threshold value (default to 10800 seconds) set in Access configuration. See official documentation for details.
grantType String: The grant type used to authenticate the request. In this case, the only value supported is client_credentials which is also the default value if this parameter is not specified.
ignoreMissingTokenWarning Boolean: Toggle to ignore warning message when token was missing or not created and stored by Artifactory. Default is false.
includeReferenceToken Boolean: Also create a reference token which can be used like an API key. Default is false.
projectKey String: The project for which this token is created. Enter the project name on which you want to apply this token.
refreshable Boolean: Is this token refreshable? Default is false.
scopes List<String>: The scope of access that the token provides. Access to the REST API is always provided by default. Administrators can set any scope, while non-admin users can only set the scope to a subset of the groups to which they belong. The supported scopes include: - applied-permissions/user - provides user access. If left at the default setting, the token will be created with the user-identity scope, which allows users to identify themselves in the Platform but does not grant any specific access permissions. - applied-permissions/admin - the scope assigned to admin users. - applied-permissions/groups - this scope assigns permissions to groups using the following format: applied-permissions/groups:<group-name>[,<group-name>...] - system:metrics:r - for getting the service metrics - system:livelogs:r - for getting the service livelogs - Resource Permissions: From Artifactory 7.38.x, resource permissions scoped tokens are also supported in the REST API. A permission can be represented as a scope token string in the following format: <resource-type>:<target>[/<sub-resource>]:<actions> - Where: - <resource-type> - one of the permission resource types, from a predefined closed list. Currently, the only resource type that is supported is the artifact resource type. - <target> - the target resource, can be exact name or a pattern - <sub-resource> - optional, the target sub-resource, can be exact name or a pattern - <actions> - comma-separated list of action acronyms. The actions allowed are r, w, d, a, m, x, s, or any combination of these actions. To allow all actions - use * - Examples: - ["applied-permissions/user", "artifact:generic-local:r"] - ["applied-permissions/group", "artifact:generic-local/path:*"] - ["applied-permissions/admin", "system:metrics:r", "artifact:generic-local:*"] - applied-permissions/roles:project-key - provides access to elements associated with the project based on the project role. For example, applied-permissions/roles:project-type:developer,qa. ->The scope to assign to the token should be provided as a list of scope tokens, limited to 500 characters in total. From Artifactory 7.84.3, project admins can create access tokens that are tied to the projects in which they hold administrative privileges.
username String: The user name for which this token is created. The username is based on the authenticated user - either from the user of the authenticated token or based on the username (if basic auth was used). The username is then used to set the subject of the token: /users/. Limited to 255 characters.

Outputs

All input properties are implicitly available as output properties. Additionally, the ScopedToken resource produces the following output properties:

AccessToken string: Returns the access token to authenticate to Artifactory.
Expiry int: Returns the token expiry.
Id string: The provider-assigned unique ID for this managed resource.
IssuedAt int: Returns the token issued at date/time.
Issuer string: Returns the token issuer.
ReferenceToken string: Reference Token (alias to Access Token).
RefreshToken string: Refresh token.
Subject string: Returns the token type.
TokenType string: Returns the token type.

AccessToken string: Returns the access token to authenticate to Artifactory.
Expiry int: Returns the token expiry.
Id string: The provider-assigned unique ID for this managed resource.
IssuedAt int: Returns the token issued at date/time.
Issuer string: Returns the token issuer.
ReferenceToken string: Reference Token (alias to Access Token).
RefreshToken string: Refresh token.
Subject string: Returns the token type.
TokenType string: Returns the token type.

accessToken String: Returns the access token to authenticate to Artifactory.
expiry Integer: Returns the token expiry.
id String: The provider-assigned unique ID for this managed resource.
issuedAt Integer: Returns the token issued at date/time.
issuer String: Returns the token issuer.
referenceToken String: Reference Token (alias to Access Token).
refreshToken String: Refresh token.
subject String: Returns the token type.
tokenType String: Returns the token type.

accessToken string: Returns the access token to authenticate to Artifactory.
expiry number: Returns the token expiry.
id string: The provider-assigned unique ID for this managed resource.
issuedAt number: Returns the token issued at date/time.
issuer string: Returns the token issuer.
referenceToken string: Reference Token (alias to Access Token).
refreshToken string: Refresh token.
subject string: Returns the token type.
tokenType string: Returns the token type.

access_token str: Returns the access token to authenticate to Artifactory.
expiry int: Returns the token expiry.
id str: The provider-assigned unique ID for this managed resource.
issued_at int: Returns the token issued at date/time.
issuer str: Returns the token issuer.
reference_token str: Reference Token (alias to Access Token).
refresh_token str: Refresh token.
subject str: Returns the token type.
token_type str: Returns the token type.

accessToken String: Returns the access token to authenticate to Artifactory.
expiry Number: Returns the token expiry.
id String: The provider-assigned unique ID for this managed resource.
issuedAt Number: Returns the token issued at date/time.
issuer String: Returns the token issuer.
referenceToken String: Reference Token (alias to Access Token).
refreshToken String: Refresh token.
subject String: Returns the token type.
tokenType String: Returns the token type.

Look up Existing ScopedToken Resource

Get an existing ScopedToken resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ScopedTokenState, opts?: CustomResourceOptions): ScopedToken

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        access_token: Optional[str] = None,
        audiences: Optional[Sequence[str]] = None,
        description: Optional[str] = None,
        expires_in: Optional[int] = None,
        expiry: Optional[int] = None,
        grant_type: Optional[str] = None,
        ignore_missing_token_warning: Optional[bool] = None,
        include_reference_token: Optional[bool] = None,
        issued_at: Optional[int] = None,
        issuer: Optional[str] = None,
        project_key: Optional[str] = None,
        reference_token: Optional[str] = None,
        refresh_token: Optional[str] = None,
        refreshable: Optional[bool] = None,
        scopes: Optional[Sequence[str]] = None,
        subject: Optional[str] = None,
        token_type: Optional[str] = None,
        username: Optional[str] = None) -> ScopedToken

func GetScopedToken(ctx *Context, name string, id IDInput, state *ScopedTokenState, opts ...ResourceOption) (*ScopedToken, error)

public static ScopedToken Get(string name, Input<string> id, ScopedTokenState? state, CustomResourceOptions? opts = null)

public static ScopedToken get(String name, Output<String> id, ScopedTokenState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccessToken string: Returns the access token to authenticate to Artifactory.
Audiences List<string>: A list of the other instances or services that should accept this token identified by their Service-IDs. Limited to total 255 characters. Default to '@' if not set. Service ID must begin with valid JFrog service type. Options: jfrt, jfxr, jfpip, jfds, jfmc, jfac, jfevt, jfmd, jfcon, or *. For instructions to retrieve the Artifactory Service ID see this documentation
Description string: Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters.
ExpiresIn int: The amount of time, in seconds, it would take for the token to expire. An admin shall be able to set whether expiry is mandatory, what is the default expiry, and what is the maximum expiry allowed. Must be non-negative. Default value is based on configuration in 'access.config.yaml'. See API documentation for details. Access Token would not be saved by Artifactory if this is less than the persistence threshold value (default to 10800 seconds) set in Access configuration. See official documentation for details.
Expiry int: Returns the token expiry.
GrantType string: The grant type used to authenticate the request. In this case, the only value supported is client_credentials which is also the default value if this parameter is not specified.
IgnoreMissingTokenWarning bool: Toggle to ignore warning message when token was missing or not created and stored by Artifactory. Default is false.
IncludeReferenceToken bool: Also create a reference token which can be used like an API key. Default is false.
IssuedAt int: Returns the token issued at date/time.
Issuer string: Returns the token issuer.
ProjectKey string: The project for which this token is created. Enter the project name on which you want to apply this token.
ReferenceToken string: Reference Token (alias to Access Token).
RefreshToken string: Refresh token.
Refreshable bool: Is this token refreshable? Default is false.
Scopes List<string>: The scope of access that the token provides. Access to the REST API is always provided by default. Administrators can set any scope, while non-admin users can only set the scope to a subset of the groups to which they belong. The supported scopes include: - applied-permissions/user - provides user access. If left at the default setting, the token will be created with the user-identity scope, which allows users to identify themselves in the Platform but does not grant any specific access permissions. - applied-permissions/admin - the scope assigned to admin users. - applied-permissions/groups - this scope assigns permissions to groups using the following format: applied-permissions/groups:<group-name>[,<group-name>...] - system:metrics:r - for getting the service metrics - system:livelogs:r - for getting the service livelogs - Resource Permissions: From Artifactory 7.38.x, resource permissions scoped tokens are also supported in the REST API. A permission can be represented as a scope token string in the following format: <resource-type>:<target>[/<sub-resource>]:<actions> - Where: - <resource-type> - one of the permission resource types, from a predefined closed list. Currently, the only resource type that is supported is the artifact resource type. - <target> - the target resource, can be exact name or a pattern - <sub-resource> - optional, the target sub-resource, can be exact name or a pattern - <actions> - comma-separated list of action acronyms. The actions allowed are r, w, d, a, m, x, s, or any combination of these actions. To allow all actions - use * - Examples: - ["applied-permissions/user", "artifact:generic-local:r"] - ["applied-permissions/group", "artifact:generic-local/path:*"] - ["applied-permissions/admin", "system:metrics:r", "artifact:generic-local:*"] - applied-permissions/roles:project-key - provides access to elements associated with the project based on the project role. For example, applied-permissions/roles:project-type:developer,qa. ->The scope to assign to the token should be provided as a list of scope tokens, limited to 500 characters in total. From Artifactory 7.84.3, project admins can create access tokens that are tied to the projects in which they hold administrative privileges.
Subject string: Returns the token type.
TokenType string: Returns the token type.
Username string: The user name for which this token is created. The username is based on the authenticated user - either from the user of the authenticated token or based on the username (if basic auth was used). The username is then used to set the subject of the token: /users/. Limited to 255 characters.

AccessToken string: Returns the access token to authenticate to Artifactory.
Audiences []string: A list of the other instances or services that should accept this token identified by their Service-IDs. Limited to total 255 characters. Default to '@' if not set. Service ID must begin with valid JFrog service type. Options: jfrt, jfxr, jfpip, jfds, jfmc, jfac, jfevt, jfmd, jfcon, or *. For instructions to retrieve the Artifactory Service ID see this documentation
Description string: Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters.
ExpiresIn int: The amount of time, in seconds, it would take for the token to expire. An admin shall be able to set whether expiry is mandatory, what is the default expiry, and what is the maximum expiry allowed. Must be non-negative. Default value is based on configuration in 'access.config.yaml'. See API documentation for details. Access Token would not be saved by Artifactory if this is less than the persistence threshold value (default to 10800 seconds) set in Access configuration. See official documentation for details.
Expiry int: Returns the token expiry.
GrantType string: The grant type used to authenticate the request. In this case, the only value supported is client_credentials which is also the default value if this parameter is not specified.
IgnoreMissingTokenWarning bool: Toggle to ignore warning message when token was missing or not created and stored by Artifactory. Default is false.
IncludeReferenceToken bool: Also create a reference token which can be used like an API key. Default is false.
IssuedAt int: Returns the token issued at date/time.
Issuer string: Returns the token issuer.
ProjectKey string: The project for which this token is created. Enter the project name on which you want to apply this token.
ReferenceToken string: Reference Token (alias to Access Token).
RefreshToken string: Refresh token.
Refreshable bool: Is this token refreshable? Default is false.
Scopes []string: The scope of access that the token provides. Access to the REST API is always provided by default. Administrators can set any scope, while non-admin users can only set the scope to a subset of the groups to which they belong. The supported scopes include: - applied-permissions/user - provides user access. If left at the default setting, the token will be created with the user-identity scope, which allows users to identify themselves in the Platform but does not grant any specific access permissions. - applied-permissions/admin - the scope assigned to admin users. - applied-permissions/groups - this scope assigns permissions to groups using the following format: applied-permissions/groups:<group-name>[,<group-name>...] - system:metrics:r - for getting the service metrics - system:livelogs:r - for getting the service livelogs - Resource Permissions: From Artifactory 7.38.x, resource permissions scoped tokens are also supported in the REST API. A permission can be represented as a scope token string in the following format: <resource-type>:<target>[/<sub-resource>]:<actions> - Where: - <resource-type> - one of the permission resource types, from a predefined closed list. Currently, the only resource type that is supported is the artifact resource type. - <target> - the target resource, can be exact name or a pattern - <sub-resource> - optional, the target sub-resource, can be exact name or a pattern - <actions> - comma-separated list of action acronyms. The actions allowed are r, w, d, a, m, x, s, or any combination of these actions. To allow all actions - use * - Examples: - ["applied-permissions/user", "artifact:generic-local:r"] - ["applied-permissions/group", "artifact:generic-local/path:*"] - ["applied-permissions/admin", "system:metrics:r", "artifact:generic-local:*"] - applied-permissions/roles:project-key - provides access to elements associated with the project based on the project role. For example, applied-permissions/roles:project-type:developer,qa. ->The scope to assign to the token should be provided as a list of scope tokens, limited to 500 characters in total. From Artifactory 7.84.3, project admins can create access tokens that are tied to the projects in which they hold administrative privileges.
Subject string: Returns the token type.
TokenType string: Returns the token type.
Username string: The user name for which this token is created. The username is based on the authenticated user - either from the user of the authenticated token or based on the username (if basic auth was used). The username is then used to set the subject of the token: /users/. Limited to 255 characters.

accessToken String: Returns the access token to authenticate to Artifactory.
audiences List<String>: A list of the other instances or services that should accept this token identified by their Service-IDs. Limited to total 255 characters. Default to '@' if not set. Service ID must begin with valid JFrog service type. Options: jfrt, jfxr, jfpip, jfds, jfmc, jfac, jfevt, jfmd, jfcon, or *. For instructions to retrieve the Artifactory Service ID see this documentation
description String: Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters.
expiresIn Integer: The amount of time, in seconds, it would take for the token to expire. An admin shall be able to set whether expiry is mandatory, what is the default expiry, and what is the maximum expiry allowed. Must be non-negative. Default value is based on configuration in 'access.config.yaml'. See API documentation for details. Access Token would not be saved by Artifactory if this is less than the persistence threshold value (default to 10800 seconds) set in Access configuration. See official documentation for details.
expiry Integer: Returns the token expiry.
grantType String: The grant type used to authenticate the request. In this case, the only value supported is client_credentials which is also the default value if this parameter is not specified.
ignoreMissingTokenWarning Boolean: Toggle to ignore warning message when token was missing or not created and stored by Artifactory. Default is false.
includeReferenceToken Boolean: Also create a reference token which can be used like an API key. Default is false.
issuedAt Integer: Returns the token issued at date/time.
issuer String: Returns the token issuer.
projectKey String: The project for which this token is created. Enter the project name on which you want to apply this token.
referenceToken String: Reference Token (alias to Access Token).
refreshToken String: Refresh token.
refreshable Boolean: Is this token refreshable? Default is false.
scopes List<String>: The scope of access that the token provides. Access to the REST API is always provided by default. Administrators can set any scope, while non-admin users can only set the scope to a subset of the groups to which they belong. The supported scopes include: - applied-permissions/user - provides user access. If left at the default setting, the token will be created with the user-identity scope, which allows users to identify themselves in the Platform but does not grant any specific access permissions. - applied-permissions/admin - the scope assigned to admin users. - applied-permissions/groups - this scope assigns permissions to groups using the following format: applied-permissions/groups:<group-name>[,<group-name>...] - system:metrics:r - for getting the service metrics - system:livelogs:r - for getting the service livelogs - Resource Permissions: From Artifactory 7.38.x, resource permissions scoped tokens are also supported in the REST API. A permission can be represented as a scope token string in the following format: <resource-type>:<target>[/<sub-resource>]:<actions> - Where: - <resource-type> - one of the permission resource types, from a predefined closed list. Currently, the only resource type that is supported is the artifact resource type. - <target> - the target resource, can be exact name or a pattern - <sub-resource> - optional, the target sub-resource, can be exact name or a pattern - <actions> - comma-separated list of action acronyms. The actions allowed are r, w, d, a, m, x, s, or any combination of these actions. To allow all actions - use * - Examples: - ["applied-permissions/user", "artifact:generic-local:r"] - ["applied-permissions/group", "artifact:generic-local/path:*"] - ["applied-permissions/admin", "system:metrics:r", "artifact:generic-local:*"] - applied-permissions/roles:project-key - provides access to elements associated with the project based on the project role. For example, applied-permissions/roles:project-type:developer,qa. ->The scope to assign to the token should be provided as a list of scope tokens, limited to 500 characters in total. From Artifactory 7.84.3, project admins can create access tokens that are tied to the projects in which they hold administrative privileges.
subject String: Returns the token type.
tokenType String: Returns the token type.
username String: The user name for which this token is created. The username is based on the authenticated user - either from the user of the authenticated token or based on the username (if basic auth was used). The username is then used to set the subject of the token: /users/. Limited to 255 characters.

accessToken string: Returns the access token to authenticate to Artifactory.
audiences string[]: A list of the other instances or services that should accept this token identified by their Service-IDs. Limited to total 255 characters. Default to '@' if not set. Service ID must begin with valid JFrog service type. Options: jfrt, jfxr, jfpip, jfds, jfmc, jfac, jfevt, jfmd, jfcon, or *. For instructions to retrieve the Artifactory Service ID see this documentation
description string: Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters.
expiresIn number: The amount of time, in seconds, it would take for the token to expire. An admin shall be able to set whether expiry is mandatory, what is the default expiry, and what is the maximum expiry allowed. Must be non-negative. Default value is based on configuration in 'access.config.yaml'. See API documentation for details. Access Token would not be saved by Artifactory if this is less than the persistence threshold value (default to 10800 seconds) set in Access configuration. See official documentation for details.
expiry number: Returns the token expiry.
grantType string: The grant type used to authenticate the request. In this case, the only value supported is client_credentials which is also the default value if this parameter is not specified.
ignoreMissingTokenWarning boolean: Toggle to ignore warning message when token was missing or not created and stored by Artifactory. Default is false.
includeReferenceToken boolean: Also create a reference token which can be used like an API key. Default is false.
issuedAt number: Returns the token issued at date/time.
issuer string: Returns the token issuer.
projectKey string: The project for which this token is created. Enter the project name on which you want to apply this token.
referenceToken string: Reference Token (alias to Access Token).
refreshToken string: Refresh token.
refreshable boolean: Is this token refreshable? Default is false.
scopes string[]: The scope of access that the token provides. Access to the REST API is always provided by default. Administrators can set any scope, while non-admin users can only set the scope to a subset of the groups to which they belong. The supported scopes include: - applied-permissions/user - provides user access. If left at the default setting, the token will be created with the user-identity scope, which allows users to identify themselves in the Platform but does not grant any specific access permissions. - applied-permissions/admin - the scope assigned to admin users. - applied-permissions/groups - this scope assigns permissions to groups using the following format: applied-permissions/groups:<group-name>[,<group-name>...] - system:metrics:r - for getting the service metrics - system:livelogs:r - for getting the service livelogs - Resource Permissions: From Artifactory 7.38.x, resource permissions scoped tokens are also supported in the REST API. A permission can be represented as a scope token string in the following format: <resource-type>:<target>[/<sub-resource>]:<actions> - Where: - <resource-type> - one of the permission resource types, from a predefined closed list. Currently, the only resource type that is supported is the artifact resource type. - <target> - the target resource, can be exact name or a pattern - <sub-resource> - optional, the target sub-resource, can be exact name or a pattern - <actions> - comma-separated list of action acronyms. The actions allowed are r, w, d, a, m, x, s, or any combination of these actions. To allow all actions - use * - Examples: - ["applied-permissions/user", "artifact:generic-local:r"] - ["applied-permissions/group", "artifact:generic-local/path:*"] - ["applied-permissions/admin", "system:metrics:r", "artifact:generic-local:*"] - applied-permissions/roles:project-key - provides access to elements associated with the project based on the project role. For example, applied-permissions/roles:project-type:developer,qa. ->The scope to assign to the token should be provided as a list of scope tokens, limited to 500 characters in total. From Artifactory 7.84.3, project admins can create access tokens that are tied to the projects in which they hold administrative privileges.
subject string: Returns the token type.
tokenType string: Returns the token type.
username string: The user name for which this token is created. The username is based on the authenticated user - either from the user of the authenticated token or based on the username (if basic auth was used). The username is then used to set the subject of the token: /users/. Limited to 255 characters.

access_token str: Returns the access token to authenticate to Artifactory.
audiences Sequence[str]: A list of the other instances or services that should accept this token identified by their Service-IDs. Limited to total 255 characters. Default to '@' if not set. Service ID must begin with valid JFrog service type. Options: jfrt, jfxr, jfpip, jfds, jfmc, jfac, jfevt, jfmd, jfcon, or *. For instructions to retrieve the Artifactory Service ID see this documentation
description str: Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters.
expires_in int: The amount of time, in seconds, it would take for the token to expire. An admin shall be able to set whether expiry is mandatory, what is the default expiry, and what is the maximum expiry allowed. Must be non-negative. Default value is based on configuration in 'access.config.yaml'. See API documentation for details. Access Token would not be saved by Artifactory if this is less than the persistence threshold value (default to 10800 seconds) set in Access configuration. See official documentation for details.
expiry int: Returns the token expiry.
grant_type str: The grant type used to authenticate the request. In this case, the only value supported is client_credentials which is also the default value if this parameter is not specified.
ignore_missing_token_warning bool: Toggle to ignore warning message when token was missing or not created and stored by Artifactory. Default is false.
include_reference_token bool: Also create a reference token which can be used like an API key. Default is false.
issued_at int: Returns the token issued at date/time.
issuer str: Returns the token issuer.
project_key str: The project for which this token is created. Enter the project name on which you want to apply this token.
reference_token str: Reference Token (alias to Access Token).
refresh_token str: Refresh token.
refreshable bool: Is this token refreshable? Default is false.
scopes Sequence[str]: The scope of access that the token provides. Access to the REST API is always provided by default. Administrators can set any scope, while non-admin users can only set the scope to a subset of the groups to which they belong. The supported scopes include: - applied-permissions/user - provides user access. If left at the default setting, the token will be created with the user-identity scope, which allows users to identify themselves in the Platform but does not grant any specific access permissions. - applied-permissions/admin - the scope assigned to admin users. - applied-permissions/groups - this scope assigns permissions to groups using the following format: applied-permissions/groups:<group-name>[,<group-name>...] - system:metrics:r - for getting the service metrics - system:livelogs:r - for getting the service livelogs - Resource Permissions: From Artifactory 7.38.x, resource permissions scoped tokens are also supported in the REST API. A permission can be represented as a scope token string in the following format: <resource-type>:<target>[/<sub-resource>]:<actions> - Where: - <resource-type> - one of the permission resource types, from a predefined closed list. Currently, the only resource type that is supported is the artifact resource type. - <target> - the target resource, can be exact name or a pattern - <sub-resource> - optional, the target sub-resource, can be exact name or a pattern - <actions> - comma-separated list of action acronyms. The actions allowed are r, w, d, a, m, x, s, or any combination of these actions. To allow all actions - use * - Examples: - ["applied-permissions/user", "artifact:generic-local:r"] - ["applied-permissions/group", "artifact:generic-local/path:*"] - ["applied-permissions/admin", "system:metrics:r", "artifact:generic-local:*"] - applied-permissions/roles:project-key - provides access to elements associated with the project based on the project role. For example, applied-permissions/roles:project-type:developer,qa. ->The scope to assign to the token should be provided as a list of scope tokens, limited to 500 characters in total. From Artifactory 7.84.3, project admins can create access tokens that are tied to the projects in which they hold administrative privileges.
subject str: Returns the token type.
token_type str: Returns the token type.
username str: The user name for which this token is created. The username is based on the authenticated user - either from the user of the authenticated token or based on the username (if basic auth was used). The username is then used to set the subject of the token: /users/. Limited to 255 characters.

accessToken String: Returns the access token to authenticate to Artifactory.
audiences List<String>: A list of the other instances or services that should accept this token identified by their Service-IDs. Limited to total 255 characters. Default to '@' if not set. Service ID must begin with valid JFrog service type. Options: jfrt, jfxr, jfpip, jfds, jfmc, jfac, jfevt, jfmd, jfcon, or *. For instructions to retrieve the Artifactory Service ID see this documentation
description String: Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters.
expiresIn Number: The amount of time, in seconds, it would take for the token to expire. An admin shall be able to set whether expiry is mandatory, what is the default expiry, and what is the maximum expiry allowed. Must be non-negative. Default value is based on configuration in 'access.config.yaml'. See API documentation for details. Access Token would not be saved by Artifactory if this is less than the persistence threshold value (default to 10800 seconds) set in Access configuration. See official documentation for details.
expiry Number: Returns the token expiry.
grantType String: The grant type used to authenticate the request. In this case, the only value supported is client_credentials which is also the default value if this parameter is not specified.
ignoreMissingTokenWarning Boolean: Toggle to ignore warning message when token was missing or not created and stored by Artifactory. Default is false.
includeReferenceToken Boolean: Also create a reference token which can be used like an API key. Default is false.
issuedAt Number: Returns the token issued at date/time.
issuer String: Returns the token issuer.
projectKey String: The project for which this token is created. Enter the project name on which you want to apply this token.
referenceToken String: Reference Token (alias to Access Token).
refreshToken String: Refresh token.
refreshable Boolean: Is this token refreshable? Default is false.
scopes List<String>: The scope of access that the token provides. Access to the REST API is always provided by default. Administrators can set any scope, while non-admin users can only set the scope to a subset of the groups to which they belong. The supported scopes include: - applied-permissions/user - provides user access. If left at the default setting, the token will be created with the user-identity scope, which allows users to identify themselves in the Platform but does not grant any specific access permissions. - applied-permissions/admin - the scope assigned to admin users. - applied-permissions/groups - this scope assigns permissions to groups using the following format: applied-permissions/groups:<group-name>[,<group-name>...] - system:metrics:r - for getting the service metrics - system:livelogs:r - for getting the service livelogs - Resource Permissions: From Artifactory 7.38.x, resource permissions scoped tokens are also supported in the REST API. A permission can be represented as a scope token string in the following format: <resource-type>:<target>[/<sub-resource>]:<actions> - Where: - <resource-type> - one of the permission resource types, from a predefined closed list. Currently, the only resource type that is supported is the artifact resource type. - <target> - the target resource, can be exact name or a pattern - <sub-resource> - optional, the target sub-resource, can be exact name or a pattern - <actions> - comma-separated list of action acronyms. The actions allowed are r, w, d, a, m, x, s, or any combination of these actions. To allow all actions - use * - Examples: - ["applied-permissions/user", "artifact:generic-local:r"] - ["applied-permissions/group", "artifact:generic-local/path:*"] - ["applied-permissions/admin", "system:metrics:r", "artifact:generic-local:*"] - applied-permissions/roles:project-key - provides access to elements associated with the project based on the project role. For example, applied-permissions/roles:project-type:developer,qa. ->The scope to assign to the token should be provided as a list of scope tokens, limited to 500 characters in total. From Artifactory 7.84.3, project admins can create access tokens that are tied to the projects in which they hold administrative privileges.
subject String: Returns the token type.
tokenType String: Returns the token type.
username String: The user name for which this token is created. The username is based on the authenticated user - either from the user of the authenticated token or based on the username (if basic auth was used). The username is then used to set the subject of the token: /users/. Limited to 255 characters.

Import

Artifactory does not retain scoped tokens, and they cannot be imported into state.

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: artifactory pulumi/pulumi-artifactory
License: Apache-2.0
Notes: This Pulumi package is based on the artifactory Terraform Provider.

artifactory v8.4.0 published on Tuesday, Nov 19, 2024 by Pulumi

pulumi/pulumi-artifactory

artifactory.ScopedToken

On this page

On this page

Example Usage

S

References

Create ScopedToken Resource

Constructor syntax

Parameters

Constructor example

ScopedToken Resource Properties

Inputs

Outputs

Look up Existing ScopedToken Resource

Import

Package Details

On this page

On this page