Add examples

docs/resources/repository.md

@@ -53,6 +53,15 @@ resource "cloudsmith_repository" "my_repository" {
 * `show_setup_all` - (Optional) If checked, the Set Me Up help for all formats will always be shown, even if you don't have packages of that type uploaded. Otherwise, help will only be shown for packages that are in the repository. For example, if you have uploaded only NuGet packages, then the Set Me Up help for NuGet packages will be shown only.
 * `slug` - (Optional) The slug identifies the repository in URIs.
 * `storage_region` - (Optional) The Cloudsmith region in which package files are stored.
+  * `default` - Default Region
+  * `us-norcal` - Northern California, United States
+  * `au-sydney` - Sydney, Australia
+  * `sg-singapore` - Singapore
+  * `ca-montreal` - Montreal, Canada
+  * `de-frankfurt` - Frankfurt, Germany
+  * `us-oregon` - Oregon, United States
+  * `us-ohio` - Ohio, United States
+  * `ie-dublin` - Dublin, Ireland
 * `strict_npm_validation` - (Optional) If checked, npm packages will be validated strictly to ensure the package matches specifcation. You can turn this off if you have packages that are old or otherwise mildly off-spec, but we can't guarantee the packages will work with npm-cli or other tooling correctly. Turn off at your own risk!
 * `use_debian_labels` - (Optional) If checked, a 'Label' field will be present in Debian-based repositories. It will contain a string that identifies the entitlement token used to authenticate the repository, in the form of 'source=t-'; or 'source=none' if no token was used. You can use this to help with pinning.
 * `use_default_cargo_upstream` - (Optional) If checked, dependencies of uploaded Cargo crates which do not set an explicit value for \"registry\" will be assumed to be available from crates.io. If unchecked, dependencies with unspecified \"registry\" values will be assumed to be available in the registry being uploaded to. Uncheck this if you want to ensure that dependencies are only ever installed from Cloudsmith unless explicitly specified as belong to another registry.

examples/flat-example/README.md

@@ -0,0 +1,9 @@
+# Terraform flat structure example
+
+This terraform example project will setup 4 repositories, each with different settings/functionality that can be configured within Cloudsmith.
+
+The example will also configures basic org-level settings like license policy, SAML group sync, Service accounts etc.
+
+## Usage
+
+In order to get started, supply your api key and org name in `global-variables.tf` file and run `terraform apply` against it.

examples/flat-example/global-variables.tf

@@ -0,0 +1,31 @@
+
+data "cloudsmith_organization" "org-demo" {
+  slug = "YOUR-ORG-NAME"
+}
+
+variable "api_key" {
+  type    = string
+  default = "YOUR-API-KEY"
+}
+
+variable "default_storage_region" {
+  type    = string
+  default = "us-ohio"
+}
+
+variable "main_entitlement_token" {
+  type    = string
+  default = "Main Entitlement"
+}
+
+variable "main_entitlement_token_limit_num_downloads" {
+  type    = string
+  default = 1000
+}
+
+variable "geopip_allow_countries" {
+  type    = list(string)
+  default = ["US", "GB", "DE"]
+}
+
+

examples/flat-example/org-license-policy.tf

@@ -0,0 +1,17 @@
+resource "cloudsmith_license_policy" "apache-python-policy" {
+    name                    = "Example License Policy"
+    description             = "Apache 2 License Policy for Python packages"
+    spdx_identifiers        = ["Apache-2.0"]
+    on_violation_quarantine = true
+    package_query_string    = "format:python AND downloads:>50"
+    organization            = data.cloudsmith_organization.org-demo.slug
+}
+
+resource "cloudsmith_license_policy" "mit-npm-policy" {
+    name                    = "Example License Policy"
+    description             = "MIT License Policy for Python packages"
+    spdx_identifiers        = ["MIT"]
+    on_violation_quarantine = true
+    package_query_string    = "format:npm"
+    organization            = data.cloudsmith_organization.org-demo.slug
+}

examples/flat-example/org-oidc-config.tf

@@ -0,0 +1,10 @@
+resource "cloudsmith_oidc" "devops-oidc" {
+    namespace  = data.cloudsmith_organization.org-demo.slug
+    name       = "OIDC-DEMO"
+    enabled    = true
+    provider_url = "https://token.actions.githubusercontent.com"
+    service_accounts = [cloudsmith_service.production-service.slug]
+    claims = {
+        "repository" = "Owner/GitHubRepoName"
+    }
+}

examples/flat-example/org-saml-group.tf

@@ -0,0 +1,15 @@
+resource "cloudsmith_saml" "owners_mapping" {
+  organization = data.cloudsmith_organization.org-demo.slug
+  idp_key = "administrators"
+  idp_value = "administrators"
+  role = "Manager"
+  team = "owners"
+}
+
+resource "cloudsmith_saml" "developers_mapping" {
+  organization = data.cloudsmith_organization.org-demo.slug
+  idp_key = "interns"
+  idp_value = "interns"
+  role = "Member"
+  team = resource.cloudsmith_team.interns.slug
+}

examples/flat-example/org-services.tf

@@ -0,0 +1,19 @@
+resource "cloudsmith_service" "devops-service" {
+  name         = "devops-service"
+  organization = data.cloudsmith_organization.org-demo.slug
+}
+
+resource "cloudsmith_service" "production-service" {
+  name         = "production-service"
+  organization = data.cloudsmith_organization.org-demo.slug
+}
+
+resource "cloudsmith_service" "qa-service" {
+  name         = "qa-service"
+  organization = data.cloudsmith_organization.org-demo.slug
+}
+
+resource "cloudsmith_service" "developer-service" {
+  name         = "developer-service"
+  organization = data.cloudsmith_organization.org-demo.slug
+}

examples/flat-example/org-teams.tf

@@ -0,0 +1,9 @@
+resource "cloudsmith_team" "developers" {
+  organization = data.cloudsmith_organization.org-demo.slug_perm
+  name         = "Developers"
+}
+
+resource "cloudsmith_team" "interns" {
+  organization = data.cloudsmith_organization.org-demo.slug_perm
+  name         = "Interns"
+}

examples/flat-example/org-vulnerability-policy.tf

@@ -0,0 +1,52 @@
+resource "cloudsmith_vulnerability_policy" "python_policy" {
+  name                    = "Python policy"
+  description             = "Python block policy"
+  min_severity            = "High"
+  on_violation_quarantine = true
+  allow_unknown_severity  = false
+  package_query_string    = "format:python"
+  organization            = data.cloudsmith_organization.org-demo.slug
+}
+
+resource "cloudsmith_vulnerability_policy" "container-policy-test" {
+  name                    = "Container policy test"
+  description             = "Container block policy test"
+  min_severity            = "High"
+  on_violation_quarantine = true
+  allow_unknown_severity  = true
+  package_query_string    = "format:docker and repository:shared-proxy-test"
+  organization            = data.cloudsmith_organization.org-demo.slug
+}
+
+
+resource "cloudsmith_vulnerability_policy" "maven-policy" {
+  name                    = "Maven policy"
+  description             = "Maven block policy"
+  min_severity            = "High"
+  on_violation_quarantine = true
+  allow_unknown_severity  = true
+  package_query_string    = "format:maven"
+  organization            = data.cloudsmith_organization.org-demo.slug
+}
+
+
+resource "cloudsmith_vulnerability_policy" "nuget-policy" {
+  name                    = "Nuget policy"
+  description             = "Nuget block policy"
+  min_severity            = "High"
+  on_violation_quarantine = true
+  allow_unknown_severity  = true
+  package_query_string    = "format:nuget"
+  organization            = data.cloudsmith_organization.org-demo.slug
+}
+
+
+resource "cloudsmith_vulnerability_policy" "npm-policy" {
+  name                    = "npm policy"
+  description             = "npm block policy"
+  min_severity            = "High"
+  on_violation_quarantine = true
+  allow_unknown_severity  = true
+  package_query_string    = "format:npm"
+  organization            = data.cloudsmith_organization.org-demo.slug
+}

examples/flat-example/repo-devops.tf

@@ -0,0 +1,33 @@
+resource "cloudsmith_repository" "devops" {
+  description                = "DevOps repository"
+  name                       = "devops"
+  namespace                  = data.cloudsmith_organization.org-demo.slug_perm
+  slug                       = "devops"
+  repository_type            = "Private"
+  storage_region             = var.default_storage_region
+  proxy_npmjs                = false
+  proxy_pypi                 = false
+  use_default_cargo_upstream = false
+}
+
+
+resource "cloudsmith_repository_privileges" "devops-privs" {
+  organization = data.cloudsmith_organization.org-demo.slug
+  repository   = cloudsmith_repository.devops.slug
+
+  service {
+    privilege = "Write"
+    slug      = cloudsmith_service.qa-service.slug
+  }
+
+  service {
+    privilege = "Read"
+    slug      = cloudsmith_service.developer-service.slug
+  }
+}
+
+resource "cloudsmith_repository_geo_ip_rules" "devops-geoip" {
+  repository = cloudsmith_repository.devops.slug
+  namespace = data.cloudsmith_organization.org-demo.slug
+  country_code_allow = var.geopip_allow_countries
+}

examples/flat-example/repo-oidc-demo.tf

@@ -0,0 +1,22 @@
+resource "cloudsmith_repository" "oidc_demo" {
+  description                = "OIDC repository"
+  name                       = "oidc-demo"
+  namespace                  = data.cloudsmith_organization.org-demo.slug_perm
+  slug                       = "oidc"
+  repository_type            = "Private"
+  storage_region             = var.default_storage_region
+  proxy_npmjs                = false
+  proxy_pypi                 = false
+  use_default_cargo_upstream = false
+}
+
+
+resource "cloudsmith_repository_privileges" "oidc_demo-privs" {
+  organization = data.cloudsmith_organization.org-demo.slug
+  repository   = cloudsmith_repository.oidc_demo.slug
+
+  service {
+    privilege = "Write"
+    slug      = cloudsmith_service.developer-service.slug
+  }
+}

examples/flat-example/repo-staging.tf

@@ -0,0 +1,44 @@
+resource "cloudsmith_repository" "staging" {
+  description                = "Staging repository"
+  name                       = "staging"
+  namespace                  = data.cloudsmith_organization.org-demo.slug_perm
+  slug                       = "staging"
+  repository_type            = "Private"
+  storage_region             = var.default_storage_region
+  proxy_npmjs                = false
+  proxy_pypi                 = false
+  use_default_cargo_upstream = false
+}
+
+resource "cloudsmith_entitlement" "staging-main_entitlement" {
+  namespace           = data.cloudsmith_organization.org-demo.slug
+  name                = var.main_entitlement_token
+  repository          = cloudsmith_repository.staging.slug
+  limit_num_downloads = var.main_entitlement_token_limit_num_downloads
+}
+
+resource "cloudsmith_repository_privileges" "staging-privs" {
+  organization = data.cloudsmith_organization.org-demo.slug
+  repository   = cloudsmith_repository.staging.slug
+
+  service {
+    privilege = "Write"
+    slug      = cloudsmith_service.devops-service.slug
+  }
+
+  service {
+    privilege = "Write"
+    slug      = cloudsmith_service.qa-service.slug
+  }
+
+  team {
+    privilege = "Read"
+    slug      = cloudsmith_team.developers.slug
+  }
+
+  # user {
+  #   privilege = "Read"
+  #   username  = "example-user"
+  # }
+
+}

examples/flat-example/repo-upstreams.tf

@@ -0,0 +1,63 @@
+resource "cloudsmith_repository" "upstream" {
+  description       = "Global upstream proxy repository for docker, nuget, python, npm and maven"
+  name              = "upstreams-demo"
+  namespace         = data.cloudsmith_organization.org-demo.slug_perm
+  slug              = "upstreams-demo"
+  repository_type   = "Private"
+  storage_region    = var.default_storage_region
+  default_privilege = "Read"
+}
+
+resource "cloudsmith_repository_upstream" "pypi" {
+  name          = "pypi"
+  namespace     = data.cloudsmith_organization.org-demo.slug_perm
+  repository    = cloudsmith_repository.upstream.slug_perm
+  upstream_type = "python"
+  upstream_url  = "https://pypi.org"
+  mode          = "Cache and Proxy"
+}
+
+resource "cloudsmith_repository_upstream" "npm" {
+  name          = "npm"
+  namespace     = data.cloudsmith_organization.org-demo.slug_perm
+  repository    = cloudsmith_repository.upstream.slug_perm
+  upstream_type = "npm"
+  upstream_url  = "https://registry.npmjs.org"
+  mode          = "Cache and Proxy"
+}
+
+resource "cloudsmith_repository_upstream" "nuget" {
+  name          = "nuget.org"
+  namespace     = data.cloudsmith_organization.org-demo.slug_perm
+  repository    = cloudsmith_repository.upstream.slug_perm
+  upstream_type = "nuget"
+  upstream_url  = "https://api.nuget.org/v3/index.json"
+  mode          = "Cache and Proxy"
+}
+
+resource "cloudsmith_repository_upstream" "dockerhub" {
+  name          = "dockerhub"
+  namespace     = data.cloudsmith_organization.org-demo.slug_perm
+  repository    = cloudsmith_repository.upstream.slug_perm
+  upstream_type = "docker"
+  upstream_url  = "https://index.docker.io"
+  mode          = "Cache and Proxy"
+}
+
+resource "cloudsmith_repository_upstream" "mcr-microsoft" {
+  name          = "mcr.microsoft.com"
+  namespace     = data.cloudsmith_organization.org-demo.slug_perm
+  repository    = cloudsmith_repository.upstream.slug_perm
+  upstream_type = "docker"
+  upstream_url  = "https://mcr.microsoft.com"
+  mode          = "Cache and Proxy"
+}
+
+resource "cloudsmith_repository_upstream" "maven" {
+  name          = "Maven"
+  namespace     = data.cloudsmith_organization.org-demo.slug_perm
+  repository    = cloudsmith_repository.upstream.slug_perm
+  upstream_type = "maven"
+  upstream_url  = "https://repo1.maven.org/maven2"
+  mode          = "Cache and Proxy"
+}