In this training session, you’ll learn about the levels of security built into Artifactory and how to leverage them for your setup, as well as extend them with user plugins to provide a custom ACL and permission model. We will get hands-on experience with access tokens, establishing the circle of trust on federated instances and clusters, etc.
Who should attend: Developers, DevOps Engineers and Development Managers who are looking to get hands-on experience with securing Artifactory and securely integrating JFrog Artifactory into their pipeline.
Prerequisites: Knowledgeable with Git and Docker (git and docker clients installed including having a GitHub account). Basic understanding of DevOps concepts (familiarity with JFrog Artifactory).
- Login to your SaaS Enterprise environment and make sure you are able to connect with your credentials.
- Fork this (https://github.com/jfrog/SwampUp2021) repository to your GitHub Account (Top right - Click on "Fork"):
- Run
git clone https://github.com/<YOUR_GITHUB_USERNAME>/SwampUp2021.git
against your forked repository. - Run
cd SwampUp2021/SU-302-Advanced-Artifactory-Security
which is our class's folder with all the relevant code. - Open the file "back/pipelines.resources" and change the configuration.path in the following snippet based on your github username:
- Commit the changes to your forked repository:
git add .
git commit -m "updated my repo path in the source code resource"
git push
-
Create the following Integrations (Administration Panel -> Pipelines -> Integrations -> Add an Integration):
NOTE: Name is CASE-SENSITIVE here-
"github" integration (type: "GitHub") with personal access token from your github account:
Scopes will need to include the following (repo, admin:repo_hook, delete_repo)
-
"generic integration" (type: "Generic"), where the value equals to your SaaS server name (for example, for swampup203.jfrog.io the server name is swampup203):
-
-
Create a Pipeline Source based on the forked repository (From YAML Option), with the following Pipeline Config File Filter:
SU-302-Advanced-Artifactory-Security/(.*)pipelines(.*).yaml
and branchmain
:
-
Setup a "Node Pool" (Node Pools -> Add Node Pool -> Save Node Pool)
-
Run the "suv_302_on_boarding_environment" to populate all repositories for our demo.
The following repositories should be created (Go to "Artifactory" -> "Artifacts"):
* For any issues, please assist the instructor and T.A's!
-
Create two users on artifactory (SuperFrog who work in RnD, and SpiderFrog who work in SRE team)
-
Time to create new projects. Let create one for RnD team first, and assign SuperFrog as project admins.
-
Likewise, following the above steps to create a project for SRE team with all prod repositories assigned and add SpiderFrog as project admin.
-
Project admin can also go to identity and access tab to see who you want to add user into this project and assign specific role. For this specific lab, I have remove everyone under the member lists.
-
Now if you login as superfrog, you will only able to see your RnD project scope.
Play around with SpiderFrog user as well! Let us know if there is any additional questions.