diff --git a/client/client.go b/client/client.go index bde9bb3..8666e68 100644 --- a/client/client.go +++ b/client/client.go @@ -13,22 +13,24 @@ import ( ) type Client struct { - url string - username string - password string - insecure bool - httpClient *http.Client + url string + username string + password string + bearerToken string + insecure bool + httpClient *http.Client } // NewClient creates common settings -func NewClient(url string, username string, password string, insecure bool) *Client { +func NewClient(url string, username string, password string, bearerToken string, insecure bool) *Client { return &Client{ - url: url, - username: username, - password: password, - insecure: insecure, - httpClient: &http.Client{}, + url: url, + username: username, + password: password, + bearerToken: bearerToken, + insecure: insecure, + httpClient: &http.Client{}, } } @@ -56,7 +58,13 @@ func (c *Client) SendRequest(method string, path string, payload interface{}, st return "", "", 0, err } - req.SetBasicAuth(c.username, c.password) + // Use access token authentification if bearer Token is specified + if c.bearerToken != "" { + req.Header.Add("Authorization", "Bearer "+c.bearerToken) + } else { + req.SetBasicAuth(c.username, c.password) + } + req.Header.Add("Content-Type", "application/json") resp, err := client.Do(req) diff --git a/docs/index.md b/docs/index.md index 49fe838..7a3d1be 100644 --- a/docs/index.md +++ b/docs/index.md @@ -26,6 +26,7 @@ provider "harbor" { url = "https://harbor.aceme_corpartion.com" username = "insert_admin_username_here" password = "insert_password_here" + bearer_token = "insert_bearer_token_here" } ``` @@ -34,6 +35,7 @@ Alternatively, these environment variables can be used to set the provider confi HARBOR_URL HARBOR_USERNAME HARBOR_PASSWORD +HARBOR_BEARER_TOKEN HARBOR_IGNORE_CERT ``` @@ -43,5 +45,6 @@ The following arguments are supported: * **url** - (Required) The url of harbor * **username** - (Required) The username to be used to access harbor * **password** - (Required) The password to be used to access harbor +* **bearer_token** - (Optional) The bearer token to be used to access harbor. Will take precedence over username and password if set * **insecure** - (Optional) Choose to ignore certificate errors * **api_version** - (Optional) Choose which version of the api you would like to use 1 or 2. Default is `2` diff --git a/docs/resources/robot_account.md b/docs/resources/robot_account.md index d1188ef..ea5cc8e 100644 --- a/docs/resources/robot_account.md +++ b/docs/resources/robot_account.md @@ -35,14 +35,6 @@ resource "harbor_robot_account" "system" { action = "push" resource = "repository" } - access { - action = "read" - resource = "helm-chart" - } - access { - action = "read" - resource = "helm-chart-version" - } kind = "project" namespace = harbor_project.main.name } @@ -61,7 +53,6 @@ The above example, creates a system level robot account with permissions to - permission to create labels on system level - pull repository across all projects - push repository to project "my-project-name" -- read helm-chart and helm-chart-version in project "my-project-name" ### Project Level @@ -147,7 +138,7 @@ The following arguments are supported: ### Access Arguments * **action** - (string, required) Eg. `push`, `pull`, `read`, etc. Check [available actions](https://github.com/goharbor/harbor/blob/-/src/common/rbac/const.go). -* **resource** - (string, required) Eg. `repository`, `helm-chart`, `labels`, etc. Check [available resources](https://github.com/goharbor/harbor/blob/-/src/common/rbac/const.go). +* **resource** - (string, required) Eg. `repository`, `labels`, etc. Check [available resources](https://github.com/goharbor/harbor/blob/-/src/common/rbac/const.go). * **effect** - (string, optional) Either `allow` or `deny`. Defaults to `allow`. diff --git a/provider/provider.go b/provider/provider.go index 41e0867..062e90e 100644 --- a/provider/provider.go +++ b/provider/provider.go @@ -28,6 +28,11 @@ func Provider() *schema.Provider { Optional: true, DefaultFunc: schema.EnvDefaultFunc("HARBOR_PASSWORD", ""), }, + "bearer_token": { + Type: schema.TypeString, + Optional: true, + DefaultFunc: schema.EnvDefaultFunc("HARBOR_BEARER_TOKEN", ""), + }, "insecure": { Type: schema.TypeBool, Optional: true, @@ -88,6 +93,7 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) { username := d.Get("username").(string) password := d.Get("password").(string) + bearerToken := d.Get("bearer_token").(string) insecure := d.Get("insecure").(bool) apiVersion := d.Get("api_version").(int) @@ -101,5 +107,5 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) { apiPath = "/api/v2.0" } - return client.NewClient(url+apiPath, username, password, insecure), nil + return client.NewClient(url+apiPath, username, password, bearerToken, insecure), nil } diff --git a/provider/resource_robot_account_test.go b/provider/resource_robot_account_test.go index a1e9408..ea67838 100644 --- a/provider/resource_robot_account_test.go +++ b/provider/resource_robot_account_test.go @@ -86,7 +86,7 @@ func testAccCheckRobotSystem(projectName string) string { permissions { access { action = "create" - resource = "labels" + resource = "label" } kind = "system" namespace = "/" @@ -96,14 +96,6 @@ func testAccCheckRobotSystem(projectName string) string { action = "push" resource = "repository" } - access { - action = "read" - resource = "helm-chart" - } - access { - action = "read" - resource = "helm-chart-version" - } kind = "project" namespace = harbor_project.main.name }