fix: surface artifactory variables (#618)

huayuenh · web-flow · commit af1eb2e2dfed · 2025-09-09T15:18:57.000+01:00
* chore: surface artifactory variables

* chore: update description

* chore: update artifactory defaults

* fix: typo
diff --git a/README.md b/README.md
@@ -108,6 +108,13 @@ statement instead the previous block.
 | <a name="input_app_repo_git_token_secret_crn"></a> [app\_repo\_git\_token\_secret\_crn](#input\_app\_repo\_git\_token\_secret\_crn) | The CRN of the Git token used for accessing the sample application repository. | `string` | `""` | no |
 | <a name="input_app_repo_git_token_secret_name"></a> [app\_repo\_git\_token\_secret\_name](#input\_app\_repo\_git\_token\_secret\_name) | Name of the Git token secret in the secret provider used for accessing the sample (or bring your own) application repository. | `string` | `""` | no |
 | <a name="input_app_repo_secret_group"></a> [app\_repo\_secret\_group](#input\_app\_repo\_secret\_group) | Secret group for the App repository secret. Defaults to the value set in `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `""` | no |
+| <a name="input_artifactory_dashboard_url"></a> [artifactory\_dashboard\_url](#input\_artifactory\_dashboard\_url) | Type the URL that you want to navigate to when you click the Artifactory integration tile. | `string` | `""` | no |
+| <a name="input_artifactory_integration_name"></a> [artifactory\_integration\_name](#input\_artifactory\_integration\_name) | The name of the Artifactory tool integration | `string` | `"artifactory-dockerconfigjson"` | no |
+| <a name="input_artifactory_repo_name"></a> [artifactory\_repo\_name](#input\_artifactory\_repo\_name) | Type the name of your Artifactory repository where your docker images are located. | `string` | `""` | no |
+| <a name="input_artifactory_repo_url"></a> [artifactory\_repo\_url](#input\_artifactory\_repo\_url) | Type the URL for your Artifactory release repository. | `string` | `""` | no |
+| <a name="input_artifactory_token_secret_group"></a> [artifactory\_token\_secret\_group](#input\_artifactory\_token\_secret\_group) | Secret group prefix for the Artifactory token secret. Defaults to `sm_secret_group` if not set. Only used with `Secrets Manager`. | `string` | `""` | no |
+| <a name="input_artifactory_token_secret_name"></a> [artifactory\_token\_secret\_name](#input\_artifactory\_token\_secret\_name) | Name of the artifactory token secret in the secret provider. | `string` | `"artifactory-token"` | no |
+| <a name="input_artifactory_user"></a> [artifactory\_user](#input\_artifactory\_user) | Type the User ID or email for your Artifactory repository. | `string` | `""` | no |
 | <a name="input_authorization_policy_creation"></a> [authorization\_policy\_creation](#input\_authorization\_policy\_creation) | Disable Toolchain Service to Secrets Manager/Key Protect/Notifications Service authorization policy creation. To disable set the value to `disabled`. This applies to the CI, CD, and CC toolchains. To set independently, see `ci_authorization_policy_creation`, `cd_authorization_policy_creation`, and `cc_authorization_policy_creation`. | `string` | `""` | no |
 | <a name="input_autostart"></a> [autostart](#input\_autostart) | Set to `true` to auto run the CI pipeline in the CI toolchain after creation. | `bool` | `false` | no |
 | <a name="input_cc_app_group"></a> [cc\_app\_group](#input\_cc\_app\_group) | Specify user or group for app repository. | `string` | `""` | no |
@@ -509,6 +516,7 @@ statement instead the previous block.
 | <a name="input_create_secret_group"></a> [create\_secret\_group](#input\_create\_secret\_group) | Set to `true` to create the specified Secrets Manager secret group. | `bool` | `false` | no |
 | <a name="input_create_signing_key"></a> [create\_signing\_key](#input\_create\_signing\_key) | Set to `true` to create and add a `signing-key` and the `signing-certificate` to the Secrets Provider. | `bool` | `false` | no |
 | <a name="input_create_triggers"></a> [create\_triggers](#input\_create\_triggers) | Set to `true` to create the default triggers associated with the compliance repos and sample app. | `string` | `"true"` | no |
+| <a name="input_enable_artifactory"></a> [enable\_artifactory](#input\_enable\_artifactory) | Set to `true` to enable Artifactory for devsecops. | `bool` | `false` | no |
 | <a name="input_enable_cos"></a> [enable\_cos](#input\_enable\_cos) | Set to `true` to enable the new COS integration. | `bool` | `false` | no |
 | <a name="input_enable_key_protect"></a> [enable\_key\_protect](#input\_enable\_key\_protect) | Set to `true` to the enable Key Protect integrations. | `string` | `"false"` | no |
 | <a name="input_enable_pipeline_notifications"></a> [enable\_pipeline\_notifications](#input\_enable\_pipeline\_notifications) | When enabled, pipeline run events will be sent to the Event Notifications and Slack integrations in the enclosing toolchain. | `string` | `""` | no |
diff --git a/main.tf b/main.tf
@@ -396,6 +396,10 @@ module "devsecops_ci_toolchain" {
   pipeline_doi_api_key_secret_name  = (var.ci_pipeline_doi_api_key_secret_name == "") ? var.pipeline_doi_api_key_secret_name : var.ci_pipeline_doi_api_key_secret_name
   pipeline_doi_api_key_secret_group = (var.ci_pipeline_doi_api_key_secret_group == "") ? var.pipeline_doi_api_key_secret_group : var.ci_pipeline_doi_api_key_secret_group
 
+  artifactory_token_secret_name  = var.artifactory_token_secret_name
+  artifactory_token_secret_group = var.artifactory_token_secret_group
+
+
   # CRN SECRETS
   app_repo_git_token_secret_crn = (
     (local.ci_app_repo_git_token_secret_crn != "") ? local.ci_app_repo_git_token_secret_crn : var.repo_git_token_secret_crn
@@ -575,6 +579,15 @@ module "devsecops_ci_toolchain" {
   #DEVOPS INSIGHTS
   link_to_doi_toolchain = var.ci_link_to_doi_toolchain
 
+  #ARTIFACTORY
+  enable_artifactory           = var.enable_artifactory
+  artifactory_user             = var.artifactory_user
+  artifactory_dashboard_url    = var.artifactory_dashboard_url
+  artifactory_repo_url         = var.artifactory_repo_url
+  artifactory_repo_name        = var.artifactory_repo_name
+  artifactory_integration_name = var.artifactory_integration_name
+
+
   #TRIGGER PROPERTIES
   create_triggers              = var.create_triggers
   create_git_triggers          = var.create_git_triggers
@@ -666,6 +679,9 @@ module "devsecops_cd_toolchain" {
   pipeline_doi_api_key_secret_name  = (var.cd_pipeline_doi_api_key_secret_name == "") ? var.pipeline_doi_api_key_secret_name : var.cd_pipeline_doi_api_key_secret_name
   pipeline_doi_api_key_secret_group = (var.cd_pipeline_doi_api_key_secret_group == "") ? var.pipeline_doi_api_key_secret_group : var.cd_pipeline_doi_api_key_secret_group
 
+  artifactory_token_secret_name  = var.artifactory_token_secret_name
+  artifactory_token_secret_group = var.artifactory_token_secret_group
+
   # CRN SECRETS
   deployment_repo_git_token_secret_crn = (
     (var.cd_deployment_repo_git_token_secret_crn != "") ? var.cd_deployment_repo_git_token_secret_crn : var.repo_git_token_secret_crn
@@ -855,6 +871,14 @@ module "devsecops_cd_toolchain" {
   kp_integration_name    = var.kp_integration_name
   slack_integration_name = var.slack_integration_name
 
+  #ARTIFACTORY
+  enable_artifactory           = var.enable_artifactory
+  artifactory_user             = var.artifactory_user
+  artifactory_dashboard_url    = var.artifactory_dashboard_url
+  artifactory_repo_url         = var.artifactory_repo_url
+  artifactory_repo_name        = var.artifactory_repo_name
+  artifactory_integration_name = var.artifactory_integration_name
+
   #TRIGGER PROPERTIES
   create_triggers                       = var.create_triggers
   create_git_triggers                   = var.create_git_triggers
@@ -944,6 +968,9 @@ module "devsecops_cc_toolchain" {
   pipeline_doi_api_key_secret_name  = (var.cc_pipeline_doi_api_key_secret_name == "") ? var.pipeline_doi_api_key_secret_name : var.cc_pipeline_doi_api_key_secret_name
   pipeline_doi_api_key_secret_group = (var.cc_pipeline_doi_api_key_secret_group == "") ? var.pipeline_doi_api_key_secret_group : var.cc_pipeline_doi_api_key_secret_group
 
+  artifactory_token_secret_name  = var.artifactory_token_secret_name
+  artifactory_token_secret_group = var.artifactory_token_secret_group
+
   # CRN SECRETS
   app_repo_git_token_secret_crn = (
     (local.cc_app_repo_git_token_secret_crn != "") ? local.cc_app_repo_git_token_secret_crn : var.repo_git_token_secret_crn
@@ -1114,6 +1141,14 @@ module "devsecops_cc_toolchain" {
   sonarqube_is_blind_connection = (var.cc_sonarqube_is_blind_connection == "") ? var.sonarqube_is_blind_connection : var.cc_sonarqube_is_blind_connection
   sonarqube_server_url          = (var.cc_sonarqube_server_url == "") ? var.sonarqube_server_url : var.cc_sonarqube_server_url
 
+  #ARTIFACTORY
+  enable_artifactory           = var.enable_artifactory
+  artifactory_user             = var.artifactory_user
+  artifactory_dashboard_url    = var.artifactory_dashboard_url
+  artifactory_repo_url         = var.artifactory_repo_url
+  artifactory_repo_name        = var.artifactory_repo_name
+  artifactory_integration_name = var.artifactory_integration_name
+
   #TRIGGER PROPERTIES
   create_triggers              = var.create_triggers
   trigger_timed_name           = var.cc_trigger_timed_name
diff --git a/variables.tf b/variables.tf
@@ -97,6 +97,47 @@ variable "app_repo_git_token_secret_crn" {
   }
 }
 
+variable "artifactory_token_secret_name" {
+  type        = string
+  default     = "artifactory-token"
+  description = "Name of the artifactory token secret in the secret provider."
+}
+
+variable "artifactory_token_secret_group" {
+  type        = string
+  description = "Secret group prefix for the Artifactory token secret. Defaults to `sm_secret_group` if not set. Only used with `Secrets Manager`."
+  default     = ""
+}
+
+variable "artifactory_user" {
+  type        = string
+  description = "Type the User ID or email for your Artifactory repository."
+  default     = ""
+}
+
+variable "artifactory_dashboard_url" {
+  type        = string
+  default     = ""
+  description = "Type the URL that you want to navigate to when you click the Artifactory integration tile."
+}
+variable "artifactory_repo_url" {
+  type        = string
+  default     = ""
+  description = "Type the URL for your Artifactory release repository."
+}
+
+variable "artifactory_repo_name" {
+  type        = string
+  default     = ""
+  description = "Type the name of your Artifactory repository where your docker images are located."
+}
+
+variable "artifactory_integration_name" {
+  type        = string
+  default     = "artifactory-dockerconfigjson"
+  description = "The name of the Artifactory tool integration"
+}
+
 variable "authorization_policy_creation" {
   type        = string
   description = "Disable Toolchain Service to Secrets Manager/Key Protect/Notifications Service authorization policy creation. To disable set the value to `disabled`. This applies to the CI, CD, and CC toolchains. To set independently, see `ci_authorization_policy_creation`, `cd_authorization_policy_creation`, and `cc_authorization_policy_creation`."
@@ -358,6 +399,12 @@ variable "create_triggers" {
   default     = "true"
 }
 
+variable "enable_artifactory" {
+  type        = bool
+  default     = false
+  description = "Set to `true` to enable Artifactory for devsecops."
+}
+
 variable "enable_cos" {
   type        = bool
   description = "Set to `true` to enable the new COS integration."
