1. Packages
  2. Artifactory
  3. API Docs
  4. ScopedToken
artifactory v6.4.2 published on Thursday, Mar 28, 2024 by Pulumi

artifactory.ScopedToken

Explore with Pulumi AI

artifactory logo
artifactory v6.4.2 published on Thursday, Mar 28, 2024 by Pulumi

    Provides an Artifactory Scoped Token resource. This can be used to create and manage Artifactory Scoped Tokens.

    !>Scoped Tokens will be stored in the raw state as plain-text. Read more about sensitive data in state.

    ~>Token would not be saved by Artifactory if expires_in is less than the persistency threshold value (default to 10800 seconds) set in Access configuration. See Persistency Threshold for details.

    Example Usage

    S

    import * as pulumi from "@pulumi/pulumi";
    import * as artifactory from "@pulumi/artifactory";
    
    //## Create a new Artifactory scoped token for an existing user
    const scopedToken = new artifactory.ScopedToken("scopedToken", {username: "existing-user"});
    //## **Note:** This assumes that the user `existing-user` has already been created in Artifactory by different means, i.e. manually or in a separate pulumi up.
    //## Create a new Artifactory user and scoped token
    const newUser = new artifactory.User("newUser", {
        email: "new_user@somewhere.com",
        groups: ["readers"],
    });
    const scopedTokenUser = new artifactory.ScopedToken("scopedTokenUser", {username: newUser.name});
    //## Creates a new token for groups
    const scopedTokenGroup = new artifactory.ScopedToken("scopedTokenGroup", {scopes: ["applied-permissions/groups:readers"]});
    //## Create token with expiry
    const scopedTokenNoExpiry = new artifactory.ScopedToken("scopedTokenNoExpiry", {
        username: "existing-user",
        expiresIn: 7200,
    });
    // in seconds
    //## Creates a refreshable token
    const scopedTokenRefreshable = new artifactory.ScopedToken("scopedTokenRefreshable", {
        username: "existing-user",
        refreshable: true,
    });
    //## Creates an administrator token
    const admin = new artifactory.ScopedToken("admin", {
        username: "admin-user",
        scopes: ["applied-permissions/admin"],
    });
    //## Creates a token with an audience
    const audience = new artifactory.ScopedToken("audience", {
        username: "admin-user",
        scopes: ["applied-permissions/admin"],
        audiences: ["jfrt@*"],
    });
    
    import pulumi
    import pulumi_artifactory as artifactory
    
    ### Create a new Artifactory scoped token for an existing user
    scoped_token = artifactory.ScopedToken("scopedToken", username="existing-user")
    ### **Note:** This assumes that the user `existing-user` has already been created in Artifactory by different means, i.e. manually or in a separate pulumi up.
    ### Create a new Artifactory user and scoped token
    new_user = artifactory.User("newUser",
        email="new_user@somewhere.com",
        groups=["readers"])
    scoped_token_user = artifactory.ScopedToken("scopedTokenUser", username=new_user.name)
    ### Creates a new token for groups
    scoped_token_group = artifactory.ScopedToken("scopedTokenGroup", scopes=["applied-permissions/groups:readers"])
    ### Create token with expiry
    scoped_token_no_expiry = artifactory.ScopedToken("scopedTokenNoExpiry",
        username="existing-user",
        expires_in=7200)
    # in seconds
    ### Creates a refreshable token
    scoped_token_refreshable = artifactory.ScopedToken("scopedTokenRefreshable",
        username="existing-user",
        refreshable=True)
    ### Creates an administrator token
    admin = artifactory.ScopedToken("admin",
        username="admin-user",
        scopes=["applied-permissions/admin"])
    ### Creates a token with an audience
    audience = artifactory.ScopedToken("audience",
        username="admin-user",
        scopes=["applied-permissions/admin"],
        audiences=["jfrt@*"])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-artifactory/sdk/v6/go/artifactory"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		// ## Create a new Artifactory scoped token for an existing user
    		_, err := artifactory.NewScopedToken(ctx, "scopedToken", &artifactory.ScopedTokenArgs{
    			Username: pulumi.String("existing-user"),
    		})
    		if err != nil {
    			return err
    		}
    		// ## Create a new Artifactory user and scoped token
    		newUser, err := artifactory.NewUser(ctx, "newUser", &artifactory.UserArgs{
    			Email: pulumi.String("new_user@somewhere.com"),
    			Groups: pulumi.StringArray{
    				pulumi.String("readers"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = artifactory.NewScopedToken(ctx, "scopedTokenUser", &artifactory.ScopedTokenArgs{
    			Username: newUser.Name,
    		})
    		if err != nil {
    			return err
    		}
    		// ## Creates a new token for groups
    		_, err = artifactory.NewScopedToken(ctx, "scopedTokenGroup", &artifactory.ScopedTokenArgs{
    			Scopes: pulumi.StringArray{
    				pulumi.String("applied-permissions/groups:readers"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		// ## Create token with expiry
    		_, err = artifactory.NewScopedToken(ctx, "scopedTokenNoExpiry", &artifactory.ScopedTokenArgs{
    			Username:  pulumi.String("existing-user"),
    			ExpiresIn: pulumi.Int(7200),
    		})
    		if err != nil {
    			return err
    		}
    		// ## Creates a refreshable token
    		_, err = artifactory.NewScopedToken(ctx, "scopedTokenRefreshable", &artifactory.ScopedTokenArgs{
    			Username:    pulumi.String("existing-user"),
    			Refreshable: pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		// ## Creates an administrator token
    		_, err = artifactory.NewScopedToken(ctx, "admin", &artifactory.ScopedTokenArgs{
    			Username: pulumi.String("admin-user"),
    			Scopes: pulumi.StringArray{
    				pulumi.String("applied-permissions/admin"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		// ## Creates a token with an audience
    		_, err = artifactory.NewScopedToken(ctx, "audience", &artifactory.ScopedTokenArgs{
    			Username: pulumi.String("admin-user"),
    			Scopes: pulumi.StringArray{
    				pulumi.String("applied-permissions/admin"),
    			},
    			Audiences: pulumi.StringArray{
    				pulumi.String("jfrt@*"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Artifactory = Pulumi.Artifactory;
    
    return await Deployment.RunAsync(() => 
    {
        //## Create a new Artifactory scoped token for an existing user
        var scopedToken = new Artifactory.ScopedToken("scopedToken", new()
        {
            Username = "existing-user",
        });
    
        //## **Note:** This assumes that the user `existing-user` has already been created in Artifactory by different means, i.e. manually or in a separate pulumi up.
        //## Create a new Artifactory user and scoped token
        var newUser = new Artifactory.User("newUser", new()
        {
            Email = "new_user@somewhere.com",
            Groups = new[]
            {
                "readers",
            },
        });
    
        var scopedTokenUser = new Artifactory.ScopedToken("scopedTokenUser", new()
        {
            Username = newUser.Name,
        });
    
        //## Creates a new token for groups
        var scopedTokenGroup = new Artifactory.ScopedToken("scopedTokenGroup", new()
        {
            Scopes = new[]
            {
                "applied-permissions/groups:readers",
            },
        });
    
        //## Create token with expiry
        var scopedTokenNoExpiry = new Artifactory.ScopedToken("scopedTokenNoExpiry", new()
        {
            Username = "existing-user",
            ExpiresIn = 7200,
        });
    
        // in seconds
        //## Creates a refreshable token
        var scopedTokenRefreshable = new Artifactory.ScopedToken("scopedTokenRefreshable", new()
        {
            Username = "existing-user",
            Refreshable = true,
        });
    
        //## Creates an administrator token
        var admin = new Artifactory.ScopedToken("admin", new()
        {
            Username = "admin-user",
            Scopes = new[]
            {
                "applied-permissions/admin",
            },
        });
    
        //## Creates a token with an audience
        var audience = new Artifactory.ScopedToken("audience", new()
        {
            Username = "admin-user",
            Scopes = new[]
            {
                "applied-permissions/admin",
            },
            Audiences = new[]
            {
                "jfrt@*",
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.artifactory.ScopedToken;
    import com.pulumi.artifactory.ScopedTokenArgs;
    import com.pulumi.artifactory.User;
    import com.pulumi.artifactory.UserArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var scopedToken = new ScopedToken("scopedToken", ScopedTokenArgs.builder()        
                .username("existing-user")
                .build());
    
            var newUser = new User("newUser", UserArgs.builder()        
                .email("new_user@somewhere.com")
                .groups("readers")
                .build());
    
            var scopedTokenUser = new ScopedToken("scopedTokenUser", ScopedTokenArgs.builder()        
                .username(newUser.name())
                .build());
    
            var scopedTokenGroup = new ScopedToken("scopedTokenGroup", ScopedTokenArgs.builder()        
                .scopes("applied-permissions/groups:readers")
                .build());
    
            var scopedTokenNoExpiry = new ScopedToken("scopedTokenNoExpiry", ScopedTokenArgs.builder()        
                .username("existing-user")
                .expiresIn(7200)
                .build());
    
            var scopedTokenRefreshable = new ScopedToken("scopedTokenRefreshable", ScopedTokenArgs.builder()        
                .username("existing-user")
                .refreshable(true)
                .build());
    
            var admin = new ScopedToken("admin", ScopedTokenArgs.builder()        
                .username("admin-user")
                .scopes("applied-permissions/admin")
                .build());
    
            var audience = new ScopedToken("audience", ScopedTokenArgs.builder()        
                .username("admin-user")
                .scopes("applied-permissions/admin")
                .audiences("jfrt@*")
                .build());
    
        }
    }
    
    resources:
      ### Create a new Artifactory scoped token for an existing user
      scopedToken: ### **Note:** This assumes that the user `existing-user` has already been created in Artifactory by different means, i.e. manually or in a separate pulumi up.
        type: artifactory:ScopedToken
        properties:
          username: existing-user
      ### Create a new Artifactory user and scoped token
      newUser:
        type: artifactory:User
        properties:
          email: new_user@somewhere.com
          groups:
            - readers
      scopedTokenUser:
        type: artifactory:ScopedToken
        properties:
          username: ${newUser.name}
      ### Creates a new token for groups
      scopedTokenGroup:
        type: artifactory:ScopedToken
        properties:
          scopes:
            - applied-permissions/groups:readers
      ### Create token with expiry
      scopedTokenNoExpiry:
        type: artifactory:ScopedToken
        properties:
          username: existing-user
          expiresIn: 7200
      ### Creates a refreshable token
      scopedTokenRefreshable:
        type: artifactory:ScopedToken
        properties:
          username: existing-user
          refreshable: true
      ### Creates an administrator token
      admin:
        type: artifactory:ScopedToken
        properties:
          username: admin-user
          scopes:
            - applied-permissions/admin
      ### Creates a token with an audience
      audience:
        type: artifactory:ScopedToken
        properties:
          username: admin-user
          scopes:
            - applied-permissions/admin
          audiences:
            - jfrt@*
    

    References

    • https://jfrog.com/help/r/jfrog-platform-administration-documentation/access-tokens
    • https://jfrog.com/help/r/jfrog-rest-apis/access-tokens

    Create ScopedToken Resource

    new ScopedToken(name: string, args?: ScopedTokenArgs, opts?: CustomResourceOptions);
    @overload
    def ScopedToken(resource_name: str,
                    opts: Optional[ResourceOptions] = None,
                    audiences: Optional[Sequence[str]] = None,
                    description: Optional[str] = None,
                    expires_in: Optional[int] = None,
                    grant_type: Optional[str] = None,
                    include_reference_token: Optional[bool] = None,
                    project_key: Optional[str] = None,
                    refreshable: Optional[bool] = None,
                    scopes: Optional[Sequence[str]] = None,
                    username: Optional[str] = None)
    @overload
    def ScopedToken(resource_name: str,
                    args: Optional[ScopedTokenArgs] = None,
                    opts: Optional[ResourceOptions] = None)
    func NewScopedToken(ctx *Context, name string, args *ScopedTokenArgs, opts ...ResourceOption) (*ScopedToken, error)
    public ScopedToken(string name, ScopedTokenArgs? args = null, CustomResourceOptions? opts = null)
    public ScopedToken(String name, ScopedTokenArgs args)
    public ScopedToken(String name, ScopedTokenArgs args, CustomResourceOptions options)
    
    type: artifactory:ScopedToken
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args ScopedTokenArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ScopedTokenArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ScopedTokenArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ScopedTokenArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ScopedTokenArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    ScopedToken Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The ScopedToken resource accepts the following input properties:

    Audiences List<string>
    A list of the other instances or services that should accept this token identified by their Service-IDs. Limited to total 255 characters. Default to '@' if not set. Service ID must begin with valid JFrog service type. Options: jfrt, jfxr, jfpip, jfds, jfmc, jfac, jfevt, jfmd, jfcon, or *. For instructions to retrieve the Artifactory Service ID see this documentation
    Description string
    Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters.
    ExpiresIn int
    The amount of time, in seconds, it would take for the token to expire. An admin shall be able to set whether expiry is mandatory, what is the default expiry, and what is the maximum expiry allowed. Must be non-negative. Default value is based on configuration in 'access.config.yaml'. See API documentation for details. Access Token would not be saved by Artifactory if this is less than the persistence threshold value (default to 10800 seconds) set in Access configuration. See official documentation for details.
    GrantType string
    The grant type used to authenticate the request. In this case, the only value supported is client_credentials which is also the default value if this parameter is not specified.
    IncludeReferenceToken bool
    Also create a reference token which can be used like an API key. Default is false.
    ProjectKey string
    The project for which this token is created. Enter the project name on which you want to apply this token.
    Refreshable bool
    Is this token refreshable? Default is false.
    Scopes List<string>
    The scope of access that the token provides. Access to the REST API is always provided by default. Administrators can set any scope, while non-admin users can only set the scope to a subset of the groups to which they belong. The supported scopes include: * applied-permissions/user - provides user access. If left at the default setting, the token will be created with the user-identity scope, which allows users to identify themselves in the Platform but does not grant any specific access permissions.* applied-permissions/admin - the scope assigned to admin users.* applied-permissions/groups - this scope assigns permissions to groups using the following format: applied-permissions/groups:[,...]* system:metrics:r - for getting the service metrics* system:livelogs:r - for getting the service livelogsr. The scope to assign to the token should be provided as a list of scope tokens, limited to 500 characters in total. Resource Permissions From Artifactory 7.38.x, resource permissions scoped tokens are also supported in the REST API. A permission can be represented as a scope token string in the following format: <resource-type>:<target>[/<sub-resource>]:<actions> Where: <resource-type> - one of the permission resource types, from a predefined closed list. Currently, the only resource type that is supported is the artifact resource type. <target> - the target resource, can be exact name or a pattern <sub-resource> - optional, the target sub-resource, can be exact name or a pattern <actions> - comma-separated list of action acronyms.The actions allowed are r, w, d, a, m, x, s, or any combination of these actions. To allow all actions - use * Examples: ["applied-permissions/user", "artifact:generic-local:r"] ["applied-permissions/group", "artifact:generic-local/path:*"] ["applied-permissions/admin", "system:metrics:r", "artifact:generic-local:*"]
    Username string
    The user name for which this token is created. The username is based on the authenticated user - either from the user of the authenticated token or based on the username (if basic auth was used). The username is then used to set the subject of the token: /users/. Limited to 255 characters.
    Audiences []string
    A list of the other instances or services that should accept this token identified by their Service-IDs. Limited to total 255 characters. Default to '@' if not set. Service ID must begin with valid JFrog service type. Options: jfrt, jfxr, jfpip, jfds, jfmc, jfac, jfevt, jfmd, jfcon, or *. For instructions to retrieve the Artifactory Service ID see this documentation
    Description string
    Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters.
    ExpiresIn int
    The amount of time, in seconds, it would take for the token to expire. An admin shall be able to set whether expiry is mandatory, what is the default expiry, and what is the maximum expiry allowed. Must be non-negative. Default value is based on configuration in 'access.config.yaml'. See API documentation for details. Access Token would not be saved by Artifactory if this is less than the persistence threshold value (default to 10800 seconds) set in Access configuration. See official documentation for details.
    GrantType string
    The grant type used to authenticate the request. In this case, the only value supported is client_credentials which is also the default value if this parameter is not specified.
    IncludeReferenceToken bool
    Also create a reference token which can be used like an API key. Default is false.
    ProjectKey string
    The project for which this token is created. Enter the project name on which you want to apply this token.
    Refreshable bool
    Is this token refreshable? Default is false.
    Scopes []string
    The scope of access that the token provides. Access to the REST API is always provided by default. Administrators can set any scope, while non-admin users can only set the scope to a subset of the groups to which they belong. The supported scopes include: * applied-permissions/user - provides user access. If left at the default setting, the token will be created with the user-identity scope, which allows users to identify themselves in the Platform but does not grant any specific access permissions.* applied-permissions/admin - the scope assigned to admin users.* applied-permissions/groups - this scope assigns permissions to groups using the following format: applied-permissions/groups:[,...]* system:metrics:r - for getting the service metrics* system:livelogs:r - for getting the service livelogsr. The scope to assign to the token should be provided as a list of scope tokens, limited to 500 characters in total. Resource Permissions From Artifactory 7.38.x, resource permissions scoped tokens are also supported in the REST API. A permission can be represented as a scope token string in the following format: <resource-type>:<target>[/<sub-resource>]:<actions> Where: <resource-type> - one of the permission resource types, from a predefined closed list. Currently, the only resource type that is supported is the artifact resource type. <target> - the target resource, can be exact name or a pattern <sub-resource> - optional, the target sub-resource, can be exact name or a pattern <actions> - comma-separated list of action acronyms.The actions allowed are r, w, d, a, m, x, s, or any combination of these actions. To allow all actions - use * Examples: ["applied-permissions/user", "artifact:generic-local:r"] ["applied-permissions/group", "artifact:generic-local/path:*"] ["applied-permissions/admin", "system:metrics:r", "artifact:generic-local:*"]
    Username string
    The user name for which this token is created. The username is based on the authenticated user - either from the user of the authenticated token or based on the username (if basic auth was used). The username is then used to set the subject of the token: /users/. Limited to 255 characters.
    audiences List<String>
    A list of the other instances or services that should accept this token identified by their Service-IDs. Limited to total 255 characters. Default to '@' if not set. Service ID must begin with valid JFrog service type. Options: jfrt, jfxr, jfpip, jfds, jfmc, jfac, jfevt, jfmd, jfcon, or *. For instructions to retrieve the Artifactory Service ID see this documentation
    description String
    Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters.
    expiresIn Integer
    The amount of time, in seconds, it would take for the token to expire. An admin shall be able to set whether expiry is mandatory, what is the default expiry, and what is the maximum expiry allowed. Must be non-negative. Default value is based on configuration in 'access.config.yaml'. See API documentation for details. Access Token would not be saved by Artifactory if this is less than the persistence threshold value (default to 10800 seconds) set in Access configuration. See official documentation for details.
    grantType String
    The grant type used to authenticate the request. In this case, the only value supported is client_credentials which is also the default value if this parameter is not specified.
    includeReferenceToken Boolean
    Also create a reference token which can be used like an API key. Default is false.
    projectKey String
    The project for which this token is created. Enter the project name on which you want to apply this token.
    refreshable Boolean
    Is this token refreshable? Default is false.
    scopes List<String>
    The scope of access that the token provides. Access to the REST API is always provided by default. Administrators can set any scope, while non-admin users can only set the scope to a subset of the groups to which they belong. The supported scopes include: * applied-permissions/user - provides user access. If left at the default setting, the token will be created with the user-identity scope, which allows users to identify themselves in the Platform but does not grant any specific access permissions.* applied-permissions/admin - the scope assigned to admin users.* applied-permissions/groups - this scope assigns permissions to groups using the following format: applied-permissions/groups:[,...]* system:metrics:r - for getting the service metrics* system:livelogs:r - for getting the service livelogsr. The scope to assign to the token should be provided as a list of scope tokens, limited to 500 characters in total. Resource Permissions From Artifactory 7.38.x, resource permissions scoped tokens are also supported in the REST API. A permission can be represented as a scope token string in the following format: <resource-type>:<target>[/<sub-resource>]:<actions> Where: <resource-type> - one of the permission resource types, from a predefined closed list. Currently, the only resource type that is supported is the artifact resource type. <target> - the target resource, can be exact name or a pattern <sub-resource> - optional, the target sub-resource, can be exact name or a pattern <actions> - comma-separated list of action acronyms.The actions allowed are r, w, d, a, m, x, s, or any combination of these actions. To allow all actions - use * Examples: ["applied-permissions/user", "artifact:generic-local:r"] ["applied-permissions/group", "artifact:generic-local/path:*"] ["applied-permissions/admin", "system:metrics:r", "artifact:generic-local:*"]
    username String
    The user name for which this token is created. The username is based on the authenticated user - either from the user of the authenticated token or based on the username (if basic auth was used). The username is then used to set the subject of the token: /users/. Limited to 255 characters.
    audiences string[]
    A list of the other instances or services that should accept this token identified by their Service-IDs. Limited to total 255 characters. Default to '@' if not set. Service ID must begin with valid JFrog service type. Options: jfrt, jfxr, jfpip, jfds, jfmc, jfac, jfevt, jfmd, jfcon, or *. For instructions to retrieve the Artifactory Service ID see this documentation
    description string
    Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters.
    expiresIn number
    The amount of time, in seconds, it would take for the token to expire. An admin shall be able to set whether expiry is mandatory, what is the default expiry, and what is the maximum expiry allowed. Must be non-negative. Default value is based on configuration in 'access.config.yaml'. See API documentation for details. Access Token would not be saved by Artifactory if this is less than the persistence threshold value (default to 10800 seconds) set in Access configuration. See official documentation for details.
    grantType string
    The grant type used to authenticate the request. In this case, the only value supported is client_credentials which is also the default value if this parameter is not specified.
    includeReferenceToken boolean
    Also create a reference token which can be used like an API key. Default is false.
    projectKey string
    The project for which this token is created. Enter the project name on which you want to apply this token.
    refreshable boolean
    Is this token refreshable? Default is false.
    scopes string[]
    The scope of access that the token provides. Access to the REST API is always provided by default. Administrators can set any scope, while non-admin users can only set the scope to a subset of the groups to which they belong. The supported scopes include: * applied-permissions/user - provides user access. If left at the default setting, the token will be created with the user-identity scope, which allows users to identify themselves in the Platform but does not grant any specific access permissions.* applied-permissions/admin - the scope assigned to admin users.* applied-permissions/groups - this scope assigns permissions to groups using the following format: applied-permissions/groups:[,...]* system:metrics:r - for getting the service metrics* system:livelogs:r - for getting the service livelogsr. The scope to assign to the token should be provided as a list of scope tokens, limited to 500 characters in total. Resource Permissions From Artifactory 7.38.x, resource permissions scoped tokens are also supported in the REST API. A permission can be represented as a scope token string in the following format: <resource-type>:<target>[/<sub-resource>]:<actions> Where: <resource-type> - one of the permission resource types, from a predefined closed list. Currently, the only resource type that is supported is the artifact resource type. <target> - the target resource, can be exact name or a pattern <sub-resource> - optional, the target sub-resource, can be exact name or a pattern <actions> - comma-separated list of action acronyms.The actions allowed are r, w, d, a, m, x, s, or any combination of these actions. To allow all actions - use * Examples: ["applied-permissions/user", "artifact:generic-local:r"] ["applied-permissions/group", "artifact:generic-local/path:*"] ["applied-permissions/admin", "system:metrics:r", "artifact:generic-local:*"]
    username string
    The user name for which this token is created. The username is based on the authenticated user - either from the user of the authenticated token or based on the username (if basic auth was used). The username is then used to set the subject of the token: /users/. Limited to 255 characters.
    audiences Sequence[str]
    A list of the other instances or services that should accept this token identified by their Service-IDs. Limited to total 255 characters. Default to '@' if not set. Service ID must begin with valid JFrog service type. Options: jfrt, jfxr, jfpip, jfds, jfmc, jfac, jfevt, jfmd, jfcon, or *. For instructions to retrieve the Artifactory Service ID see this documentation
    description str
    Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters.
    expires_in int
    The amount of time, in seconds, it would take for the token to expire. An admin shall be able to set whether expiry is mandatory, what is the default expiry, and what is the maximum expiry allowed. Must be non-negative. Default value is based on configuration in 'access.config.yaml'. See API documentation for details. Access Token would not be saved by Artifactory if this is less than the persistence threshold value (default to 10800 seconds) set in Access configuration. See official documentation for details.
    grant_type str
    The grant type used to authenticate the request. In this case, the only value supported is client_credentials which is also the default value if this parameter is not specified.
    include_reference_token bool
    Also create a reference token which can be used like an API key. Default is false.
    project_key str
    The project for which this token is created. Enter the project name on which you want to apply this token.
    refreshable bool
    Is this token refreshable? Default is false.
    scopes Sequence[str]
    The scope of access that the token provides. Access to the REST API is always provided by default. Administrators can set any scope, while non-admin users can only set the scope to a subset of the groups to which they belong. The supported scopes include: * applied-permissions/user - provides user access. If left at the default setting, the token will be created with the user-identity scope, which allows users to identify themselves in the Platform but does not grant any specific access permissions.* applied-permissions/admin - the scope assigned to admin users.* applied-permissions/groups - this scope assigns permissions to groups using the following format: applied-permissions/groups:[,...]* system:metrics:r - for getting the service metrics* system:livelogs:r - for getting the service livelogsr. The scope to assign to the token should be provided as a list of scope tokens, limited to 500 characters in total. Resource Permissions From Artifactory 7.38.x, resource permissions scoped tokens are also supported in the REST API. A permission can be represented as a scope token string in the following format: <resource-type>:<target>[/<sub-resource>]:<actions> Where: <resource-type> - one of the permission resource types, from a predefined closed list. Currently, the only resource type that is supported is the artifact resource type. <target> - the target resource, can be exact name or a pattern <sub-resource> - optional, the target sub-resource, can be exact name or a pattern <actions> - comma-separated list of action acronyms.The actions allowed are r, w, d, a, m, x, s, or any combination of these actions. To allow all actions - use * Examples: ["applied-permissions/user", "artifact:generic-local:r"] ["applied-permissions/group", "artifact:generic-local/path:*"] ["applied-permissions/admin", "system:metrics:r", "artifact:generic-local:*"]
    username str
    The user name for which this token is created. The username is based on the authenticated user - either from the user of the authenticated token or based on the username (if basic auth was used). The username is then used to set the subject of the token: /users/. Limited to 255 characters.
    audiences List<String>
    A list of the other instances or services that should accept this token identified by their Service-IDs. Limited to total 255 characters. Default to '@' if not set. Service ID must begin with valid JFrog service type. Options: jfrt, jfxr, jfpip, jfds, jfmc, jfac, jfevt, jfmd, jfcon, or *. For instructions to retrieve the Artifactory Service ID see this documentation
    description String
    Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters.
    expiresIn Number
    The amount of time, in seconds, it would take for the token to expire. An admin shall be able to set whether expiry is mandatory, what is the default expiry, and what is the maximum expiry allowed. Must be non-negative. Default value is based on configuration in 'access.config.yaml'. See API documentation for details. Access Token would not be saved by Artifactory if this is less than the persistence threshold value (default to 10800 seconds) set in Access configuration. See official documentation for details.
    grantType String
    The grant type used to authenticate the request. In this case, the only value supported is client_credentials which is also the default value if this parameter is not specified.
    includeReferenceToken Boolean
    Also create a reference token which can be used like an API key. Default is false.
    projectKey String
    The project for which this token is created. Enter the project name on which you want to apply this token.
    refreshable Boolean
    Is this token refreshable? Default is false.
    scopes List<String>
    The scope of access that the token provides. Access to the REST API is always provided by default. Administrators can set any scope, while non-admin users can only set the scope to a subset of the groups to which they belong. The supported scopes include: * applied-permissions/user - provides user access. If left at the default setting, the token will be created with the user-identity scope, which allows users to identify themselves in the Platform but does not grant any specific access permissions.* applied-permissions/admin - the scope assigned to admin users.* applied-permissions/groups - this scope assigns permissions to groups using the following format: applied-permissions/groups:[,...]* system:metrics:r - for getting the service metrics* system:livelogs:r - for getting the service livelogsr. The scope to assign to the token should be provided as a list of scope tokens, limited to 500 characters in total. Resource Permissions From Artifactory 7.38.x, resource permissions scoped tokens are also supported in the REST API. A permission can be represented as a scope token string in the following format: <resource-type>:<target>[/<sub-resource>]:<actions> Where: <resource-type> - one of the permission resource types, from a predefined closed list. Currently, the only resource type that is supported is the artifact resource type. <target> - the target resource, can be exact name or a pattern <sub-resource> - optional, the target sub-resource, can be exact name or a pattern <actions> - comma-separated list of action acronyms.The actions allowed are r, w, d, a, m, x, s, or any combination of these actions. To allow all actions - use * Examples: ["applied-permissions/user", "artifact:generic-local:r"] ["applied-permissions/group", "artifact:generic-local/path:*"] ["applied-permissions/admin", "system:metrics:r", "artifact:generic-local:*"]
    username String
    The user name for which this token is created. The username is based on the authenticated user - either from the user of the authenticated token or based on the username (if basic auth was used). The username is then used to set the subject of the token: /users/. Limited to 255 characters.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ScopedToken resource produces the following output properties:

    AccessToken string
    Returns the access token to authenticate to Artifactory.
    Expiry int
    Returns the token expiry.
    Id string
    The provider-assigned unique ID for this managed resource.
    IssuedAt int
    Returns the token issued at date/time.
    Issuer string
    Returns the token issuer.
    ReferenceToken string
    Reference Token (alias to Access Token).
    RefreshToken string
    Refresh token.
    Subject string
    Returns the token type.
    TokenType string
    Returns the token type.
    AccessToken string
    Returns the access token to authenticate to Artifactory.
    Expiry int
    Returns the token expiry.
    Id string
    The provider-assigned unique ID for this managed resource.
    IssuedAt int
    Returns the token issued at date/time.
    Issuer string
    Returns the token issuer.
    ReferenceToken string
    Reference Token (alias to Access Token).
    RefreshToken string
    Refresh token.
    Subject string
    Returns the token type.
    TokenType string
    Returns the token type.
    accessToken String
    Returns the access token to authenticate to Artifactory.
    expiry Integer
    Returns the token expiry.
    id String
    The provider-assigned unique ID for this managed resource.
    issuedAt Integer
    Returns the token issued at date/time.
    issuer String
    Returns the token issuer.
    referenceToken String
    Reference Token (alias to Access Token).
    refreshToken String
    Refresh token.
    subject String
    Returns the token type.
    tokenType String
    Returns the token type.
    accessToken string
    Returns the access token to authenticate to Artifactory.
    expiry number
    Returns the token expiry.
    id string
    The provider-assigned unique ID for this managed resource.
    issuedAt number
    Returns the token issued at date/time.
    issuer string
    Returns the token issuer.
    referenceToken string
    Reference Token (alias to Access Token).
    refreshToken string
    Refresh token.
    subject string
    Returns the token type.
    tokenType string
    Returns the token type.
    access_token str
    Returns the access token to authenticate to Artifactory.
    expiry int
    Returns the token expiry.
    id str
    The provider-assigned unique ID for this managed resource.
    issued_at int
    Returns the token issued at date/time.
    issuer str
    Returns the token issuer.
    reference_token str
    Reference Token (alias to Access Token).
    refresh_token str
    Refresh token.
    subject str
    Returns the token type.
    token_type str
    Returns the token type.
    accessToken String
    Returns the access token to authenticate to Artifactory.
    expiry Number
    Returns the token expiry.
    id String
    The provider-assigned unique ID for this managed resource.
    issuedAt Number
    Returns the token issued at date/time.
    issuer String
    Returns the token issuer.
    referenceToken String
    Reference Token (alias to Access Token).
    refreshToken String
    Refresh token.
    subject String
    Returns the token type.
    tokenType String
    Returns the token type.

    Look up Existing ScopedToken Resource

    Get an existing ScopedToken resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ScopedTokenState, opts?: CustomResourceOptions): ScopedToken
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            access_token: Optional[str] = None,
            audiences: Optional[Sequence[str]] = None,
            description: Optional[str] = None,
            expires_in: Optional[int] = None,
            expiry: Optional[int] = None,
            grant_type: Optional[str] = None,
            include_reference_token: Optional[bool] = None,
            issued_at: Optional[int] = None,
            issuer: Optional[str] = None,
            project_key: Optional[str] = None,
            reference_token: Optional[str] = None,
            refresh_token: Optional[str] = None,
            refreshable: Optional[bool] = None,
            scopes: Optional[Sequence[str]] = None,
            subject: Optional[str] = None,
            token_type: Optional[str] = None,
            username: Optional[str] = None) -> ScopedToken
    func GetScopedToken(ctx *Context, name string, id IDInput, state *ScopedTokenState, opts ...ResourceOption) (*ScopedToken, error)
    public static ScopedToken Get(string name, Input<string> id, ScopedTokenState? state, CustomResourceOptions? opts = null)
    public static ScopedToken get(String name, Output<String> id, ScopedTokenState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AccessToken string
    Returns the access token to authenticate to Artifactory.
    Audiences List<string>
    A list of the other instances or services that should accept this token identified by their Service-IDs. Limited to total 255 characters. Default to '@' if not set. Service ID must begin with valid JFrog service type. Options: jfrt, jfxr, jfpip, jfds, jfmc, jfac, jfevt, jfmd, jfcon, or *. For instructions to retrieve the Artifactory Service ID see this documentation
    Description string
    Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters.
    ExpiresIn int
    The amount of time, in seconds, it would take for the token to expire. An admin shall be able to set whether expiry is mandatory, what is the default expiry, and what is the maximum expiry allowed. Must be non-negative. Default value is based on configuration in 'access.config.yaml'. See API documentation for details. Access Token would not be saved by Artifactory if this is less than the persistence threshold value (default to 10800 seconds) set in Access configuration. See official documentation for details.
    Expiry int
    Returns the token expiry.
    GrantType string
    The grant type used to authenticate the request. In this case, the only value supported is client_credentials which is also the default value if this parameter is not specified.
    IncludeReferenceToken bool
    Also create a reference token which can be used like an API key. Default is false.
    IssuedAt int
    Returns the token issued at date/time.
    Issuer string
    Returns the token issuer.
    ProjectKey string
    The project for which this token is created. Enter the project name on which you want to apply this token.
    ReferenceToken string
    Reference Token (alias to Access Token).
    RefreshToken string
    Refresh token.
    Refreshable bool
    Is this token refreshable? Default is false.
    Scopes List<string>
    The scope of access that the token provides. Access to the REST API is always provided by default. Administrators can set any scope, while non-admin users can only set the scope to a subset of the groups to which they belong. The supported scopes include: * applied-permissions/user - provides user access. If left at the default setting, the token will be created with the user-identity scope, which allows users to identify themselves in the Platform but does not grant any specific access permissions.* applied-permissions/admin - the scope assigned to admin users.* applied-permissions/groups - this scope assigns permissions to groups using the following format: applied-permissions/groups:[,...]* system:metrics:r - for getting the service metrics* system:livelogs:r - for getting the service livelogsr. The scope to assign to the token should be provided as a list of scope tokens, limited to 500 characters in total. Resource Permissions From Artifactory 7.38.x, resource permissions scoped tokens are also supported in the REST API. A permission can be represented as a scope token string in the following format: <resource-type>:<target>[/<sub-resource>]:<actions> Where: <resource-type> - one of the permission resource types, from a predefined closed list. Currently, the only resource type that is supported is the artifact resource type. <target> - the target resource, can be exact name or a pattern <sub-resource> - optional, the target sub-resource, can be exact name or a pattern <actions> - comma-separated list of action acronyms.The actions allowed are r, w, d, a, m, x, s, or any combination of these actions. To allow all actions - use * Examples: ["applied-permissions/user", "artifact:generic-local:r"] ["applied-permissions/group", "artifact:generic-local/path:*"] ["applied-permissions/admin", "system:metrics:r", "artifact:generic-local:*"]
    Subject string
    Returns the token type.
    TokenType string
    Returns the token type.
    Username string
    The user name for which this token is created. The username is based on the authenticated user - either from the user of the authenticated token or based on the username (if basic auth was used). The username is then used to set the subject of the token: /users/. Limited to 255 characters.
    AccessToken string
    Returns the access token to authenticate to Artifactory.
    Audiences []string
    A list of the other instances or services that should accept this token identified by their Service-IDs. Limited to total 255 characters. Default to '@' if not set. Service ID must begin with valid JFrog service type. Options: jfrt, jfxr, jfpip, jfds, jfmc, jfac, jfevt, jfmd, jfcon, or *. For instructions to retrieve the Artifactory Service ID see this documentation
    Description string
    Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters.
    ExpiresIn int
    The amount of time, in seconds, it would take for the token to expire. An admin shall be able to set whether expiry is mandatory, what is the default expiry, and what is the maximum expiry allowed. Must be non-negative. Default value is based on configuration in 'access.config.yaml'. See API documentation for details. Access Token would not be saved by Artifactory if this is less than the persistence threshold value (default to 10800 seconds) set in Access configuration. See official documentation for details.
    Expiry int
    Returns the token expiry.
    GrantType string
    The grant type used to authenticate the request. In this case, the only value supported is client_credentials which is also the default value if this parameter is not specified.
    IncludeReferenceToken bool
    Also create a reference token which can be used like an API key. Default is false.
    IssuedAt int
    Returns the token issued at date/time.
    Issuer string
    Returns the token issuer.
    ProjectKey string
    The project for which this token is created. Enter the project name on which you want to apply this token.
    ReferenceToken string
    Reference Token (alias to Access Token).
    RefreshToken string
    Refresh token.
    Refreshable bool
    Is this token refreshable? Default is false.
    Scopes []string
    The scope of access that the token provides. Access to the REST API is always provided by default. Administrators can set any scope, while non-admin users can only set the scope to a subset of the groups to which they belong. The supported scopes include: * applied-permissions/user - provides user access. If left at the default setting, the token will be created with the user-identity scope, which allows users to identify themselves in the Platform but does not grant any specific access permissions.* applied-permissions/admin - the scope assigned to admin users.* applied-permissions/groups - this scope assigns permissions to groups using the following format: applied-permissions/groups:[,...]* system:metrics:r - for getting the service metrics* system:livelogs:r - for getting the service livelogsr. The scope to assign to the token should be provided as a list of scope tokens, limited to 500 characters in total. Resource Permissions From Artifactory 7.38.x, resource permissions scoped tokens are also supported in the REST API. A permission can be represented as a scope token string in the following format: <resource-type>:<target>[/<sub-resource>]:<actions> Where: <resource-type> - one of the permission resource types, from a predefined closed list. Currently, the only resource type that is supported is the artifact resource type. <target> - the target resource, can be exact name or a pattern <sub-resource> - optional, the target sub-resource, can be exact name or a pattern <actions> - comma-separated list of action acronyms.The actions allowed are r, w, d, a, m, x, s, or any combination of these actions. To allow all actions - use * Examples: ["applied-permissions/user", "artifact:generic-local:r"] ["applied-permissions/group", "artifact:generic-local/path:*"] ["applied-permissions/admin", "system:metrics:r", "artifact:generic-local:*"]
    Subject string
    Returns the token type.
    TokenType string
    Returns the token type.
    Username string
    The user name for which this token is created. The username is based on the authenticated user - either from the user of the authenticated token or based on the username (if basic auth was used). The username is then used to set the subject of the token: /users/. Limited to 255 characters.
    accessToken String
    Returns the access token to authenticate to Artifactory.
    audiences List<String>
    A list of the other instances or services that should accept this token identified by their Service-IDs. Limited to total 255 characters. Default to '@' if not set. Service ID must begin with valid JFrog service type. Options: jfrt, jfxr, jfpip, jfds, jfmc, jfac, jfevt, jfmd, jfcon, or *. For instructions to retrieve the Artifactory Service ID see this documentation
    description String
    Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters.
    expiresIn Integer
    The amount of time, in seconds, it would take for the token to expire. An admin shall be able to set whether expiry is mandatory, what is the default expiry, and what is the maximum expiry allowed. Must be non-negative. Default value is based on configuration in 'access.config.yaml'. See API documentation for details. Access Token would not be saved by Artifactory if this is less than the persistence threshold value (default to 10800 seconds) set in Access configuration. See official documentation for details.
    expiry Integer
    Returns the token expiry.
    grantType String
    The grant type used to authenticate the request. In this case, the only value supported is client_credentials which is also the default value if this parameter is not specified.
    includeReferenceToken Boolean
    Also create a reference token which can be used like an API key. Default is false.
    issuedAt Integer
    Returns the token issued at date/time.
    issuer String
    Returns the token issuer.
    projectKey String
    The project for which this token is created. Enter the project name on which you want to apply this token.
    referenceToken String
    Reference Token (alias to Access Token).
    refreshToken String
    Refresh token.
    refreshable Boolean
    Is this token refreshable? Default is false.
    scopes List<String>
    The scope of access that the token provides. Access to the REST API is always provided by default. Administrators can set any scope, while non-admin users can only set the scope to a subset of the groups to which they belong. The supported scopes include: * applied-permissions/user - provides user access. If left at the default setting, the token will be created with the user-identity scope, which allows users to identify themselves in the Platform but does not grant any specific access permissions.* applied-permissions/admin - the scope assigned to admin users.* applied-permissions/groups - this scope assigns permissions to groups using the following format: applied-permissions/groups:[,...]* system:metrics:r - for getting the service metrics* system:livelogs:r - for getting the service livelogsr. The scope to assign to the token should be provided as a list of scope tokens, limited to 500 characters in total. Resource Permissions From Artifactory 7.38.x, resource permissions scoped tokens are also supported in the REST API. A permission can be represented as a scope token string in the following format: <resource-type>:<target>[/<sub-resource>]:<actions> Where: <resource-type> - one of the permission resource types, from a predefined closed list. Currently, the only resource type that is supported is the artifact resource type. <target> - the target resource, can be exact name or a pattern <sub-resource> - optional, the target sub-resource, can be exact name or a pattern <actions> - comma-separated list of action acronyms.The actions allowed are r, w, d, a, m, x, s, or any combination of these actions. To allow all actions - use * Examples: ["applied-permissions/user", "artifact:generic-local:r"] ["applied-permissions/group", "artifact:generic-local/path:*"] ["applied-permissions/admin", "system:metrics:r", "artifact:generic-local:*"]
    subject String
    Returns the token type.
    tokenType String
    Returns the token type.
    username String
    The user name for which this token is created. The username is based on the authenticated user - either from the user of the authenticated token or based on the username (if basic auth was used). The username is then used to set the subject of the token: /users/. Limited to 255 characters.
    accessToken string
    Returns the access token to authenticate to Artifactory.
    audiences string[]
    A list of the other instances or services that should accept this token identified by their Service-IDs. Limited to total 255 characters. Default to '@' if not set. Service ID must begin with valid JFrog service type. Options: jfrt, jfxr, jfpip, jfds, jfmc, jfac, jfevt, jfmd, jfcon, or *. For instructions to retrieve the Artifactory Service ID see this documentation
    description string
    Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters.
    expiresIn number
    The amount of time, in seconds, it would take for the token to expire. An admin shall be able to set whether expiry is mandatory, what is the default expiry, and what is the maximum expiry allowed. Must be non-negative. Default value is based on configuration in 'access.config.yaml'. See API documentation for details. Access Token would not be saved by Artifactory if this is less than the persistence threshold value (default to 10800 seconds) set in Access configuration. See official documentation for details.
    expiry number
    Returns the token expiry.
    grantType string
    The grant type used to authenticate the request. In this case, the only value supported is client_credentials which is also the default value if this parameter is not specified.
    includeReferenceToken boolean
    Also create a reference token which can be used like an API key. Default is false.
    issuedAt number
    Returns the token issued at date/time.
    issuer string
    Returns the token issuer.
    projectKey string
    The project for which this token is created. Enter the project name on which you want to apply this token.
    referenceToken string
    Reference Token (alias to Access Token).
    refreshToken string
    Refresh token.
    refreshable boolean
    Is this token refreshable? Default is false.
    scopes string[]
    The scope of access that the token provides. Access to the REST API is always provided by default. Administrators can set any scope, while non-admin users can only set the scope to a subset of the groups to which they belong. The supported scopes include: * applied-permissions/user - provides user access. If left at the default setting, the token will be created with the user-identity scope, which allows users to identify themselves in the Platform but does not grant any specific access permissions.* applied-permissions/admin - the scope assigned to admin users.* applied-permissions/groups - this scope assigns permissions to groups using the following format: applied-permissions/groups:[,...]* system:metrics:r - for getting the service metrics* system:livelogs:r - for getting the service livelogsr. The scope to assign to the token should be provided as a list of scope tokens, limited to 500 characters in total. Resource Permissions From Artifactory 7.38.x, resource permissions scoped tokens are also supported in the REST API. A permission can be represented as a scope token string in the following format: <resource-type>:<target>[/<sub-resource>]:<actions> Where: <resource-type> - one of the permission resource types, from a predefined closed list. Currently, the only resource type that is supported is the artifact resource type. <target> - the target resource, can be exact name or a pattern <sub-resource> - optional, the target sub-resource, can be exact name or a pattern <actions> - comma-separated list of action acronyms.The actions allowed are r, w, d, a, m, x, s, or any combination of these actions. To allow all actions - use * Examples: ["applied-permissions/user", "artifact:generic-local:r"] ["applied-permissions/group", "artifact:generic-local/path:*"] ["applied-permissions/admin", "system:metrics:r", "artifact:generic-local:*"]
    subject string
    Returns the token type.
    tokenType string
    Returns the token type.
    username string
    The user name for which this token is created. The username is based on the authenticated user - either from the user of the authenticated token or based on the username (if basic auth was used). The username is then used to set the subject of the token: /users/. Limited to 255 characters.
    access_token str
    Returns the access token to authenticate to Artifactory.
    audiences Sequence[str]
    A list of the other instances or services that should accept this token identified by their Service-IDs. Limited to total 255 characters. Default to '@' if not set. Service ID must begin with valid JFrog service type. Options: jfrt, jfxr, jfpip, jfds, jfmc, jfac, jfevt, jfmd, jfcon, or *. For instructions to retrieve the Artifactory Service ID see this documentation
    description str
    Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters.
    expires_in int
    The amount of time, in seconds, it would take for the token to expire. An admin shall be able to set whether expiry is mandatory, what is the default expiry, and what is the maximum expiry allowed. Must be non-negative. Default value is based on configuration in 'access.config.yaml'. See API documentation for details. Access Token would not be saved by Artifactory if this is less than the persistence threshold value (default to 10800 seconds) set in Access configuration. See official documentation for details.
    expiry int
    Returns the token expiry.
    grant_type str
    The grant type used to authenticate the request. In this case, the only value supported is client_credentials which is also the default value if this parameter is not specified.
    include_reference_token bool
    Also create a reference token which can be used like an API key. Default is false.
    issued_at int
    Returns the token issued at date/time.
    issuer str
    Returns the token issuer.
    project_key str
    The project for which this token is created. Enter the project name on which you want to apply this token.
    reference_token str
    Reference Token (alias to Access Token).
    refresh_token str
    Refresh token.
    refreshable bool
    Is this token refreshable? Default is false.
    scopes Sequence[str]
    The scope of access that the token provides. Access to the REST API is always provided by default. Administrators can set any scope, while non-admin users can only set the scope to a subset of the groups to which they belong. The supported scopes include: * applied-permissions/user - provides user access. If left at the default setting, the token will be created with the user-identity scope, which allows users to identify themselves in the Platform but does not grant any specific access permissions.* applied-permissions/admin - the scope assigned to admin users.* applied-permissions/groups - this scope assigns permissions to groups using the following format: applied-permissions/groups:[,...]* system:metrics:r - for getting the service metrics* system:livelogs:r - for getting the service livelogsr. The scope to assign to the token should be provided as a list of scope tokens, limited to 500 characters in total. Resource Permissions From Artifactory 7.38.x, resource permissions scoped tokens are also supported in the REST API. A permission can be represented as a scope token string in the following format: <resource-type>:<target>[/<sub-resource>]:<actions> Where: <resource-type> - one of the permission resource types, from a predefined closed list. Currently, the only resource type that is supported is the artifact resource type. <target> - the target resource, can be exact name or a pattern <sub-resource> - optional, the target sub-resource, can be exact name or a pattern <actions> - comma-separated list of action acronyms.The actions allowed are r, w, d, a, m, x, s, or any combination of these actions. To allow all actions - use * Examples: ["applied-permissions/user", "artifact:generic-local:r"] ["applied-permissions/group", "artifact:generic-local/path:*"] ["applied-permissions/admin", "system:metrics:r", "artifact:generic-local:*"]
    subject str
    Returns the token type.
    token_type str
    Returns the token type.
    username str
    The user name for which this token is created. The username is based on the authenticated user - either from the user of the authenticated token or based on the username (if basic auth was used). The username is then used to set the subject of the token: /users/. Limited to 255 characters.
    accessToken String
    Returns the access token to authenticate to Artifactory.
    audiences List<String>
    A list of the other instances or services that should accept this token identified by their Service-IDs. Limited to total 255 characters. Default to '@' if not set. Service ID must begin with valid JFrog service type. Options: jfrt, jfxr, jfpip, jfds, jfmc, jfac, jfevt, jfmd, jfcon, or *. For instructions to retrieve the Artifactory Service ID see this documentation
    description String
    Free text token description. Useful for filtering and managing tokens. Limited to 1024 characters.
    expiresIn Number
    The amount of time, in seconds, it would take for the token to expire. An admin shall be able to set whether expiry is mandatory, what is the default expiry, and what is the maximum expiry allowed. Must be non-negative. Default value is based on configuration in 'access.config.yaml'. See API documentation for details. Access Token would not be saved by Artifactory if this is less than the persistence threshold value (default to 10800 seconds) set in Access configuration. See official documentation for details.
    expiry Number
    Returns the token expiry.
    grantType String
    The grant type used to authenticate the request. In this case, the only value supported is client_credentials which is also the default value if this parameter is not specified.
    includeReferenceToken Boolean
    Also create a reference token which can be used like an API key. Default is false.
    issuedAt Number
    Returns the token issued at date/time.
    issuer String
    Returns the token issuer.
    projectKey String
    The project for which this token is created. Enter the project name on which you want to apply this token.
    referenceToken String
    Reference Token (alias to Access Token).
    refreshToken String
    Refresh token.
    refreshable Boolean
    Is this token refreshable? Default is false.
    scopes List<String>
    The scope of access that the token provides. Access to the REST API is always provided by default. Administrators can set any scope, while non-admin users can only set the scope to a subset of the groups to which they belong. The supported scopes include: * applied-permissions/user - provides user access. If left at the default setting, the token will be created with the user-identity scope, which allows users to identify themselves in the Platform but does not grant any specific access permissions.* applied-permissions/admin - the scope assigned to admin users.* applied-permissions/groups - this scope assigns permissions to groups using the following format: applied-permissions/groups:[,...]* system:metrics:r - for getting the service metrics* system:livelogs:r - for getting the service livelogsr. The scope to assign to the token should be provided as a list of scope tokens, limited to 500 characters in total. Resource Permissions From Artifactory 7.38.x, resource permissions scoped tokens are also supported in the REST API. A permission can be represented as a scope token string in the following format: <resource-type>:<target>[/<sub-resource>]:<actions> Where: <resource-type> - one of the permission resource types, from a predefined closed list. Currently, the only resource type that is supported is the artifact resource type. <target> - the target resource, can be exact name or a pattern <sub-resource> - optional, the target sub-resource, can be exact name or a pattern <actions> - comma-separated list of action acronyms.The actions allowed are r, w, d, a, m, x, s, or any combination of these actions. To allow all actions - use * Examples: ["applied-permissions/user", "artifact:generic-local:r"] ["applied-permissions/group", "artifact:generic-local/path:*"] ["applied-permissions/admin", "system:metrics:r", "artifact:generic-local:*"]
    subject String
    Returns the token type.
    tokenType String
    Returns the token type.
    username String
    The user name for which this token is created. The username is based on the authenticated user - either from the user of the authenticated token or based on the username (if basic auth was used). The username is then used to set the subject of the token: /users/. Limited to 255 characters.

    Import

    Artifactory does not retain scoped tokens, and they cannot be imported into state.

    Package Details

    Repository
    artifactory pulumi/pulumi-artifactory
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the artifactory Terraform Provider.
    artifactory logo
    artifactory v6.4.2 published on Thursday, Mar 28, 2024 by Pulumi