Skip to content

Files

Latest commit

f876b61 · May 25, 2021

History

History

SU-302-Advanced-Artifactory-Security

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
May 21, 2021
May 21, 2021
May 21, 2021
May 21, 2021
May 21, 2021
May 25, 2021

SU-302 Advanced JFrog Artifactory Security practices

In this training session, you’ll learn about the levels of security built into Artifactory and how to leverage them for your setup, as well as extend them with user plugins to provide a custom ACL and permission model. We will get hands-on experience with access tokens, establishing the circle of trust on federated instances and clusters, etc.

Who should attend: Developers, DevOps Engineers and Development Managers who are looking to get hands-on experience with securing Artifactory and securely integrating JFrog Artifactory into their pipeline.

Prerequisites: Knowledgeable with Git and Docker (git and docker clients installed including having a GitHub account). Basic understanding of DevOps concepts (familiarity with JFrog Artifactory).

Lab #1 - Onboarding to Labs Environment

  • Login to your SaaS Enterprise environment and make sure you are able to connect with your credentials.
  • Fork this (https://github.com/jfrog/SwampUp2021) repository to your GitHub Account (Top right - Click on "Fork"): alt text
  • Run git clone https://github.com/<YOUR_GITHUB_USERNAME>/SwampUp2021.git against your forked repository.
  • Run cd SwampUp2021/SU-302-Advanced-Artifactory-Security which is our class's folder with all the relevant code.
  • Open the file "back/pipelines.resources" and change the configuration.path in the following snippet based on your github username:
    alt text
  • Commit the changes to your forked repository:
git add .
git commit -m "updated my repo path in the source code resource"
git push
  • Create the following Integrations (Administration Panel -> Pipelines -> Integrations -> Add an Integration):
    NOTE: Name is CASE-SENSITIVE here

    • "github" integration (type: "GitHub") with personal access token from your github account:
      Scopes will need to include the following (repo, admin:repo_hook, delete_repo)
      alt text

    • "artifactory" integration (type: "Artifactory"):
      alt text

    • "docker integration" (type: "Docker"):
      alt text

    • "generic integration" (type: "Generic"), where the value equals to your SaaS server name (for example, for swampup203.jfrog.io the server name is swampup203):
      alt text

  • Create a Pipeline Source based on the forked repository (From YAML Option), with the following Pipeline Config File Filter: SU-302-Advanced-Artifactory-Security/(.*)pipelines(.*).yaml and branch main:
    alt text

  • Make sure all pipelines were loaded under "My Pipelines": alt text

  • Setup a "Node Pool" (Node Pools -> Add Node Pool -> Save Node Pool) image

  • Run the "suv_302_on_boarding_environment" to populate all repositories for our demo.
    alt text

The following repositories should be created (Go to "Artifactory" -> "Artifacts"): alt text

* For any issues, please assist the instructor and T.A's!

Lab #2 - Start leverging project and protect your resources

  • Create two users on artifactory (SuperFrog who work in RnD, and SpiderFrog who work in SRE team) image

  • Time to create new projects. Let create one for RnD team first, and assign SuperFrog as project admins. image

  • Assign all dev repositories to this project (RnD). image

  • Likewise, following the above steps to create a project for SRE team with all prod repositories assigned and add SpiderFrog as project admin. image

  • Project admin can also go to identity and access tab to see who you want to add user into this project and assign specific role. For this specific lab, I have remove everyone under the member lists. image

  • Now if you login as superfrog, you will only able to see your RnD project scope. image

Play around with SpiderFrog user as well! Let us know if there is any additional questions.