https://github.com/devops-ia/terraform-nexus-security
Terraform module for create Nexus Security
https://github.com/devops-ia/terraform-nexus-security
nexus nexus-security terraform terraform-module
Last synced: about 1 year ago
JSON representation
Terraform module for create Nexus Security
- Host: GitHub
- URL: https://github.com/devops-ia/terraform-nexus-security
- Owner: devops-ia
- License: mit
- Created: 2024-02-20T08:02:36.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2025-03-04T09:03:09.000Z (about 1 year ago)
- Last Synced: 2025-03-04T10:20:34.536Z (about 1 year ago)
- Topics: nexus, nexus-security, terraform, terraform-module
- Language: HCL
- Homepage: https://registry.terraform.io/modules/devops-ia/security/nexus
- Size: 60.5 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# Nexus Security
This module allows you to create **Nexus Security as a global resource** and **individual Nexus Security resources.** For individual examples, see the usage snippets and [examples](https://github.com/devops-ia/terraform-nexus-security/tree/main/examples).
## Provider
You need use a [Nexus provider](https://registry.terraform.io/providers/datadrivers/nexus/latest/docs).
```hcl
provider "nexus" {
insecure = true
password = "admin123"
url = "https://127.0.0.1:8080"
username = "admin"
}
```
## Root module usage
`nexus-security`:
```hcl
module "nexus_security" {
source = "devops-ia/security/nexus"
nexus_security_anonymous = [
{
realm_name = "NexusAuthorizingRealm"
enabled = true
user_id = "anonymous"
},
]
nexus_security_content_selector = [
{
name = "example"
description = "example content selector"
expression = "format == \"raw\""
},
]
nexus_security_ldap = [
{
name = "example-ldap"
auth_schema = "NONE"
auth_username = "admin"
connection_retry_delay_seconds = 1
connection_timeout_seconds = 1
group_type = "static"
host = "ldap.example.com"
max_incident_count = 1
port = 389
protocol = "LDAP"
search_base = "dc=example,dc=com"
use_trust_store = false
auth_password = "t0ps3cr3t"
auth_realm = "EXAMPLE"
group_base_dn = "ou=Group"
group_id_attribute = "cn"
group_member_attribute = "memberUid"
group_member_format = "uid=username,ou=people,dc=example,dc=com"
group_object_class = "example"
group_subtree = true
ldap_groups_as_roles = true
user_base_dn = "ou=people"
user_email_address_attribute = "mail"
user_id_attribute = "uid"
user_ldap_filter = "(|(mail=*@example.com)(uid=dom*))"
user_member_of_attribute = "memberOf"
user_object_class = "posixGroup"
user_password_attribute = "exmaple"
user_real_name_attribute = "cn"
user_subtree = true
},
]
nexus_security_role = [
{
description = "Docker deployment role"
name = "docker-deploy"
privileges = [
"nx-repository-view-docker-*-*",
]
roleid = "docker-deploy"
},
]
nexus_security_saml = [
{
idp_metadata = "..."
username_attribute = "username"
entity_id = "http://nexus.example/service/rest/v1/security/saml/metadata"
validate_response_signature = true
validate_assertion_signature = true
first_name_attribute = "firstName"
last_name_attribute = "lastName"
email_attribute = "email"
groups_attribute = "groups"
},
]
nexus_security_user = [
{
userid = "admin"
firstname = "Administrator"
lastname = "User"
email = "nexus@example.com"
password = "admin123"
roles = ["nx-admin"]
status = "active"
},
]
}
```
## Individual module usage
`nexus-security-anonymous`:
```hcl
module "nexus_security_anonymous" {
source = "devops-ia/security/nexus//modules/nexus-security-anonymous"
enabled = true
realm_name = "NexusAuthorizingRealm"
user_id = "anonymous"
}
```
`nexus-security-content-selector`:
```hcl
module "nexus_security_content_selector" {
source = "devops-ia/security/nexus//modules/nexus-security-content-selector"
name = "example"
description = "example content selector"
expression = "format == \"raw\""
}
```
`nexus-security-ldap`:
```hcl
module "nexus_security_ldap" {
source = "devops-ia/security/nexus//modules/nexus-security-ldap"
name = "example-ldap"
auth_schema = "NONE"
auth_username = "admin"
connection_retry_delay_seconds = 1
connection_timeout_seconds = 1
group_type = "static"
host = "ldap.example.com"
max_incident_count = 1
port = 389
protocol = "LDAP"
search_base = "dc=example,dc=com"
use_trust_store = false
auth_password = "t0ps3cr3t"
auth_realm = "EXAMPLE"
group_base_dn = "ou=Group"
group_id_attribute = "cn"
group_member_attribute = "memberUid"
group_member_format = "uid=username,ou=people,dc=example,dc=com"
group_object_class = "example"
group_subtree = true
ldap_groups_as_roles = true
user_base_dn = "ou=people"
user_email_address_attribute = "mail"
user_id_attribute = "uid"
user_ldap_filter = "(|(mail=*@example.com)(uid=dom*))"
user_member_of_attribute = "memberOf"
user_object_class = "posixGroup"
user_password_attribute = "exmaple"
user_real_name_attribute = "cn"
user_subtree = true
}
```
`nexus-security-ldap-order`:
```hcl
module "nexus_security_ldap_order" {
source = "devops-ia/security/nexus//modules/nexus-security-ldap-order"
order = [
"server1",
"server2"
]
}
```
`nexus-security-reamls`:
```hcl
module "nexus_privilege_script" {
source = "devops-ia/security/nexus//modules/nexus-security-realms"
active = [
"NexusAuthenticatingRealm",
"DockerToken",
]
}
```
`nexus-security-role`:
```hcl
module "nexus_security_role" {
source = "devops-ia/security/nexus//modules/nexus-security-role"
description = "Docker deployment role"
name = "docker-deploy"
privileges = [
"nx-repository-view-docker-*-*",
]
roleid = "docker-deploy"
}
```
`nexus-security-saml`:
```hcl
module "nexus_security_saml" {
source = "devops-ia/security/nexus//modules/nexus-security-saml"
idp_metadata = "..."
entity_id = "http://nexus.example/service/rest/v1/security/saml/metadata"
validate_response_signature = true
validate_assertion_signature = true
username_attribute = "username"
first_name_attribute = "firstName"
last_name_attribute = "lastName"
email_attribute = "email"
groups_attribute = "groups"
}
```
`nexus-security-user`:
```hcl
module "nexus_security_user" {
source = "devops-ia/security/nexus//modules/nexus-security-user"
userid = "admin"
firstname = "Administrator"
lastname = "User"
email = "nexus@example.com"
password = "admin123"
roles = ["nx-admin"]
status = "active"
}
```
`nexus-security-token`:
```hcl
module "nexus_security_user_token" {
source = "devops-ia/security/nexus//modules/nexus-security-token"
enabled = true
protect_content = false
}
```
## Terraform Docs
### Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3.0 |
| [nexus](#requirement\_nexus) | >= 2.0.0 |
### Providers
No providers.
### Modules
| Name | Source | Version |
|------|--------|---------|
| [nexus\_security\_anonymous](#module\_nexus\_security\_anonymous) | ./modules/nexus-security-anonymous | n/a |
| [nexus\_security\_content\_selector](#module\_nexus\_security\_content\_selector) | ./modules/nexus-security-content-selector | n/a |
| [nexus\_security\_ldap](#module\_nexus\_security\_ldap) | ./modules/nexus-security-ldap | n/a |
| [nexus\_security\_role](#module\_nexus\_security\_role) | ./modules/nexus-security-role | n/a |
| [nexus\_security\_saml](#module\_nexus\_security\_saml) | ./modules/nexus-security-saml | n/a |
| [nexus\_security\_user](#module\_nexus\_security\_user) | ./modules/nexus-security-user | n/a |
### Resources
No resources.
### Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [nexus\_security\_anonymous](#input\_nexus\_security\_anonymous) | Security Anonymous. |
list(object({
enabled = optional(bool)
realm_name = optional(string)
user_id = optional(string)
})) | `[]` | no |
| [nexus\_security\_content\_selector](#input\_nexus\_security\_content\_selector) | Security Content Selector. | list(object({
name = string
description = optional(string)
expression = string
})) | `[]` | no |
| [nexus\_security\_ldap](#input\_nexus\_security\_ldap) | Security Ldap. | list(object({
name = string
auth_schema = string
auth_username = string
connection_retry_delay_seconds = number
connection_timeout_seconds = number
group_type = string
host = string
max_incident_count = number
port = number
protocol = string
search_base = string
auth_password = optional(string)
auth_realm = optional(string)
group_base_dn = optional(string)
group_id_attribute = optional(string)
group_member_attribute = optional(string)
group_member_format = optional(string)
group_object_class = optional(string)
group_subtree = optional(string)
ldap_groups_as_roles = optional(bool)
use_trust_store = optional(bool)
user_base_dn = optional(string)
user_email_address_attribute = optional(string)
user_id_attribute = optional(string)
user_ldap_filter = optional(string)
user_member_of_attribute = optional(string)
user_object_class = optional(string)
user_password_attribute = optional(string)
user_real_name_attribute = optional(string)
user_subtree = optional(bool)
})) | `[]` | no |
| [nexus\_security\_role](#input\_nexus\_security\_role) | Security Role. | list(object({
name = string
roleid = string
description = optional(string)
privileges = optional(set(string))
roles = optional(set(string))
})) | `[]` | no |
| [nexus\_security\_saml](#input\_nexus\_security\_saml) | Security Saml. | list(object({
idp_metadata = string
username_attribute = string
email_attribute = optional(string)
entity_id = optional(string)
first_name_attribute = optional(string)
groups_attribute = optional(string)
last_name_attribute = optional(string)
validate_assertion_signature = optional(bool)
validate_response_signature = optional(bool)
})) | `[]` | no |
| [nexus\_security\_user](#input\_nexus\_security\_user) | Security User. | list(object({
email = string
firstname = string
lastname = string
password = string
userid = string
roles = optional(list(string))
status = optional(string)
})) | `[]` | no |
### Outputs
| Name | Description |
|------|-------------|
| [security\_anonymous](#output\_security\_anonymous) | Security Anonymous. |
| [security\_content\_selector](#output\_security\_content\_selector) | Security Content Selector. |
| [security\_ldap](#output\_security\_ldap) | Security Ldap. |
| [security\_role](#output\_security\_role) | Security Role. |
| [security\_saml](#output\_security\_saml) | Security Saml. |
| [security\_user](#output\_security\_user) | Security User. |
## Authors
Module is maintained by [DevOps IA](https://github.com/devops-ia) with help from [these awesome contributors](https://github.com/devops-ia/terraform-nexus-security/graphs/contributors).