Unix socket transport

go.mod

@@ -3,4 +3,5 @@ module github.com/atlassian/terraform-provider-artifactory
 require (
  github.com/atlassian/go-artifactory/v2 v2.4.0
  github.com/hashicorp/terraform v0.12.0
+ github.com/mitchellh/go-homedir v1.0.0
 )

go.sum

@@ -43,6 +43,8 @@ github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI=
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/atlassian/go-artifactory/v2 v2.3.0 h1:e6E9fYrn7aWlhByWMxlUftqEjfgq1Hl3e3REIpaAcEw=
 github.com/atlassian/go-artifactory/v2 v2.3.0/go.mod h1:mMEbxu89yTyKev4mysL03aSioTEdZ8+08KuMGG7myUY=
+github.com/atlassian/go-artifactory/v2 v2.4.0 h1:qj2nlDREa8BB03a09BcE+bj7gwlj/VXuD2hBvV80PDM=
+github.com/atlassian/go-artifactory/v2 v2.4.0/go.mod h1:mMEbxu89yTyKev4mysL03aSioTEdZ8+08KuMGG7myUY=
 github.com/aws/aws-sdk-go v1.15.78/go.mod h1:E3/ieXAlvM0XWO57iftYVDLLvQ824smPP3ATZkfNZeM=
 github.com/aws/aws-sdk-go v1.16.36/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.19.18 h1:Hb3+b9HCqrOrbAtFstUWg7H5TQ+/EcklJtE8VShVs8o=

pkg/artifactory/provider.go

@@ -3,12 +3,15 @@ package artifactory
 import (
  "context"
  "fmt"
+ "net"
  "net/http"
+ "time"
 
  "github.com/atlassian/go-artifactory/v2/artifactory"
  "github.com/atlassian/go-artifactory/v2/artifactory/transport"
  "github.com/hashicorp/terraform/helper/schema"
  "github.com/hashicorp/terraform/terraform"
+ "github.com/mitchellh/go-homedir"
 )
 
 // Artifactory Provider that supports configuration via username+password or a token
@@ -56,6 +59,12 @@ func Provider() terraform.ResourceProvider {
  DefaultFunc: schema.EnvDefaultFunc("ARTIFACTORY_ACCESS_TOKEN", nil),
  ConflictsWith: []string{"username", "api_key", "password"},
  },
+ "unix_socket": {
+ Type: schema.TypeString,
+ Optional: true,
+ DefaultFunc: schema.EnvDefaultFunc("ARTIFACTORY_UNIX_SOCKET", nil),
+ ConflictsWith: []string{"username", "password", "api_key", "access_token"},
+ },
  },
 
  ResourcesMap: map[string]*schema.Resource{
@@ -85,6 +94,7 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
  password := d.Get("password").(string)
  apiKey := d.Get("api_key").(string)
  accessToken := d.Get("access_token").(string)
+ unixSocket := d.Get("unix_socket").(string)
 
  // Deprecated
  token := d.Get("token").(string)
@@ -111,8 +121,24 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) {
  ApiKey: token,
  }
  client = tp.Client()
+ } else if unixSocket != "" {
+ expandedUnixSocket, err := homedir.Expand(unixSocket)
+ if err != nil {
+ return nil, fmt.Errorf("error expanding unix_socket '%s'", unixSocket)
+ }
+ tp := &http.Transport{
+ DialContext: func(_ context.Context, _, _ string) (net.Conn, error) {
+ return net.Dial("unix", expandedUnixSocket)
+ },
+ DisableKeepAlives: true,
+ ResponseHeaderTimeout: 30 * time.Second,
+ ExpectContinueTimeout: 10 * time.Second,
+ }
+ client = &http.Client{
+ Transport: tp,
+ }
  } else {
- return nil, fmt.Errorf("either [username, password] or [api_key] or [access_token] must be set to use provider")
+ return nil, fmt.Errorf("either [username, password] or [api_key] or [access_token] or [unix_socket] must be set to use provider")
  }
 
  rt, err := artifactory.NewClient(d.Get("url").(string), client)

pkg/artifactory/provider_test.go

@@ -37,9 +37,10 @@ func testAccPreCheck(t *testing.T) {
  password := os.Getenv("ARTIFACTORY_PASSWORD")
  apiKey := os.Getenv("ARTIFACTORY_APIKEY")
  accessToken := os.Getenv("ARTIFACTORY_ACCESS_TOKEN")
+ unixSocket := os.Getenv("ARTIFACTORY_UNIX_SOCKET")
 
- if (username == "" || password == "") && apiKey == "" && accessToken == "" {
- t.Fatal("either ARTIFACTORY_USERNAME/ARTIFACTORY_PASSWORD or ARTIFACTORY_APIKEY or ARTIFACTORY_ACCESS_TOKEN must be set for acceptance test")
+ if (username == "" || password == "") && apiKey == "" && accessToken == "" && unixSocket == "" {
+ t.Fatal("either ARTIFACTORY_USERNAME/ARTIFACTORY_PASSWORD or ARTIFACTORY_APIKEY or ARTIFACTORY_ACCESS_TOKEN or ARTIFACTORY_UNIX_SOCKET must be set for acceptance test")
  }
 
  err := testAccProvider.Configure(terraform.NewResourceConfig(nil))

website/docs/index.html.markdown

@@ -48,6 +48,7 @@ The Artifactory provider supports multiple means of authentication. The followin
  * Basic Auth
  * Bearer Token
  * JFrog API Key Header
+ * Unix socket
 
 ### Basic Auth
 Basic auth may be used by adding a `username` and `password` field to the provider block
@@ -89,6 +90,19 @@ provider "artifactory" {
 }
 ```
 
+### Unix socket
+Authentication added by proxy listening to unix socket.
+
+Usage:
+```hcl
+# Configure the Artifactory provider
+provider "artifactory" {
+ url = "artifactory.site.com"
+ unix_socket = "~/.authproxy"
+}
+```
+
+
 ## Argument Reference
 
 The following arguments are supported:
@@ -102,3 +116,5 @@ The following arguments are supported:
  Conflicts with `username`, `password`, and `access_token`. This can also be sourced from the `ARTIFACTORY_API_KEY` environment variable.
 * `access_token` - (Optional) API key for token auth. Uses `Authorization: Bearer` header. 
  Conflicts with `username` and `password`, and `api_key`. This can also be sourced from the `ARTIFACTORY_ACCESS_TOKEN` environment variable.
+* `unix_socket` - (Optional) Path to unix socket opened by authenticating proxy.
+ Conflicts with `username` and `password`, `api_key`, and `access_token`. This can also be sourced from the `ARTIFACTORY_UNIX_SOCKET` environment variable.