diff --git a/charts/nexus3/CHANGELOG.md b/charts/nexus3/CHANGELOG.md index 0c3d730e..2655876e 100644 --- a/charts/nexus3/CHANGELOG.md +++ b/charts/nexus3/CHANGELOG.md @@ -14,12 +14,26 @@ ## [UNRELEASED] +## [v5.2.0] - 2024-10-24 + +> [!IMPORTANT] +> If you're upgrading to this version you will need to run `kubectl --namespace delete statefulset --cascade=orphan` before upgrading as there was a bug in previous versions of this chart that incorrectly labeled the volume claim template. + +### Changed + +- Changed the order of the initialization scripts to allow creating roles based on repository privileges. ([#xxxx](https://github.com/stevehipwell/helm-charts/pull/xxxx)) _@stevehipwell_ & _@mreiche_ +- Improved docs for config with reference to the API documentation. ([#xxxx](https://github.com/stevehipwell/helm-charts/pull/xxxx)) _@stevehipwell_ & _@mreiche_ + ### Fixed -- Fix ldap config missing argument +- Fixed LDAP templating incorrectly using `toJson` without passing in the data resulting in no configuration to apply. ([#1064](https://github.com/stevehipwell/helm-charts/pull/1064)) _@KuroXII_ +- Fixed incorrect labeling on the volume claim template. ([#xxxx](https://github.com/stevehipwell/helm-charts/pull/xxxx)) _@stevehipwell_ ## [v5.1.0] - 2024-10-14 +> [!CAUTION] +> Don't use this version, there is a bug in the logic for creating the `StatefulSet` volume; please use [`5.2.0`](https://github.com/stevehipwell/helm-charts/releases/tag/nexus3-5.2.0). + ### Changed - Updated the _Nexus3_ OCI image to [v3.73.0](https://github.com/sonatype/nexus-public/releases/tag/release-3.73.0-12). _@stevehipwell_ @@ -27,6 +41,9 @@ ## [v5.0.0] - 2024-09-10 +> [!CAUTION] +> Don't use this version, there is a bug in the logic for creating the `StatefulSet` volume; please use [`5.2.0`](https://github.com/stevehipwell/helm-charts/releases/tag/nexus3-5.2.0). + > [!WARNING] > The release contains multiple breaking changes including removing support for OrientDB, please pay attention to the removals section. If you were previously using OrientDB you need to make sure you follow the [upgrade guide](https://help.sonatype.com/en/upgrading-to-nexus-repository-3-71-0-and-beyond.html) before upgrading to this version. @@ -713,6 +730,7 @@ RELEASE LINKS --> [UNRELEASED]: https://github.com/stevehipwell/helm-charts/tree/main/charts/nexus3 +[v5.2.0]: https://github.com/stevehipwell/helm-charts/releases/tag/nexus3-5.2.0 [v5.1.0]: https://github.com/stevehipwell/helm-charts/releases/tag/nexus3-5.1.0 [v5.0.0]: https://github.com/stevehipwell/helm-charts/releases/tag/nexus3-5.0.0 [v4.45.1]: https://github.com/stevehipwell/helm-charts/releases/tag/nexus3-4.45.1 diff --git a/charts/nexus3/Chart.yaml b/charts/nexus3/Chart.yaml index 945e676c..483e514c 100644 --- a/charts/nexus3/Chart.yaml +++ b/charts/nexus3/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: nexus3 description: Helm chart for Sonatype Nexus 3 OSS. type: application -version: 5.1.0 +version: 5.2.0 appVersion: 3.73.0 home: https://www.sonatype.com/products/sonatype-nexus-repository icon: https://raw.githubusercontent.com/stevehipwell/helm-charts/main/charts/nexus3/icon.png @@ -24,4 +24,10 @@ annotations: artifacthub.io/alternativeName: nexus artifacthub.io/changes: | - kind: changed - description: "Updated the _Nexus3_ OCI image to [v3.73.0](https://github.com/sonatype/nexus-public/releases/tag/release-3.73.0-12)." + description: "Changed the order of the initialization scripts to allow creating roles based on repository privileges." + - kind: changed + description: "Improved docs for config with reference to the API documentation." + - kind: fixed + description: "Fixed LDAP templating incorrectly using `toJson` without passing in the data resulting in no configuration to apply." + - kind: fixed + description: "Fixed incorrect labeling on the volume claim template." diff --git a/charts/nexus3/README.md b/charts/nexus3/README.md index 9ebeef7f..abe563b3 100644 --- a/charts/nexus3/README.md +++ b/charts/nexus3/README.md @@ -1,6 +1,6 @@ # nexus3 -![Version: 5.1.0](https://img.shields.io/badge/Version-5.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.73.0](https://img.shields.io/badge/AppVersion-3.73.0-informational?style=flat-square) +![Version: 5.2.0](https://img.shields.io/badge/Version-5.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.73.0](https://img.shields.io/badge/AppVersion-3.73.0-informational?style=flat-square) Helm chart for Sonatype Nexus 3 OSS. @@ -25,7 +25,7 @@ Helm chart for Sonatype Nexus 3 OSS. To install the chart using the recommended OCI method you can use the following command. ```shell -helm upgrade --install nexus3 oci://ghcr.io/stevehipwell/helm-charts/nexus3 --version 5.1.0 +helm upgrade --install nexus3 oci://ghcr.io/stevehipwell/helm-charts/nexus3 --version 5.2.0 ``` #### Verification @@ -33,7 +33,7 @@ helm upgrade --install nexus3 oci://ghcr.io/stevehipwell/helm-charts/nexus3 --ve As the OCI chart release is signed by [Cosign](https://github.com/sigstore/cosign) you can verify the chart before installing it by running the following command. ```shell -cosign verify --certificate-oidc-issuer https://token.actions.githubusercontent.com --certificate-identity-regexp 'https://github\.com/action-stars/helm-workflows/\.github/workflows/release\.yaml@.+' --certificate-github-workflow-repository stevehipwell/helm-charts --certificate-github-workflow-name Release ghcr.io/stevehipwell/helm-charts/nexus3:5.1.0 +cosign verify --certificate-oidc-issuer https://token.actions.githubusercontent.com --certificate-identity-regexp 'https://github\.com/action-stars/helm-workflows/\.github/workflows/release\.yaml@.+' --certificate-github-workflow-repository stevehipwell/helm-charts --certificate-github-workflow-name Release ghcr.io/stevehipwell/helm-charts/nexus3:5.2.0 ``` ### Non-OCI Repository @@ -42,7 +42,7 @@ Alternatively you can use the legacy non-OCI method via the following commands. ```shell helm repo add stevehipwell https://stevehipwell.github.io/helm-charts/ -helm upgrade --install nexus3 stevehipwell/nexus3 --version 5.1.0 +helm upgrade --install nexus3 stevehipwell/nexus3 --version 5.2.0 ``` ## Values @@ -57,10 +57,11 @@ helm upgrade --install nexus3 stevehipwell/nexus3 --version 5.1.0 | caCerts.enabled | bool | `false` | If `true`, add the CA certificates in the provided secret to the JVM cacerts key store. | | caCerts.secret | string | `nil` | Name of the secret containing the CA certificates. | | commonLabels | object | `{}` | Labels to add to all chart resources. | -| config.anonymous | object | `{"enabled":false,"roles":["nx-anonymous","nx-metrics"]}` | Anonymous access configuration. | -| config.blobStores | list | `[]` | Blob store configuration. | +| config.anonymous.enabled | bool | `false` | If `true`, enable anonymous access. | +| config.anonymous.roles | list | `["nx-anonymous","nx-metrics"]` | Roles for anonymous access. | +| config.blobStores | list | `[]` | Blob store configuration; based on the REST API (API reference docs require an existing Nexus installation and can be found at **Administration** under _System_ → _API_). | | config.cleanup | list | `[]` | Cleanup configuration. | -| config.enabled | bool | `false` | If `true`, enable the configuration Job. | +| config.enabled | bool | `false` | If `true` & `rootPassword.secret` is set, enable the configuration Job. | | config.job.affinity | object | `{}` | Affinity settings for scheduling the config job. | | config.job.image.digest | string | `nil` | Optional image digest for the config container. | | config.job.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy for config container. | @@ -69,14 +70,15 @@ helm upgrade --install nexus3 stevehipwell/nexus3 --version 5.1.0 | config.job.nodeSelector | object | `{}` | Node labels to match for scheduling the config job. | | config.job.tolerations | list | `[]` | Node taints which will be tolerated for scheduling the config job. | | config.job.ttlSecondsAfterFinished | int | `600` | The number of seconds to keep the config job after it's finished. | -| config.ldap | object | `{"authPassword":{"key":null,"secret":null},"authRealm":null,"authScheme":"simple","authUsername":null,"connectionRetryDelaySeconds":300,"connectionTimeoutSeconds":30,"enabled":false,"groupBaseDn":null,"groupIdAttribute":null,"groupMemberAttribute":null,"groupMemberFormat":null,"groupObjectClass":null,"groupSubtree":false,"groupType":"dynamic","host":null,"ldapGroupsAsRoles":false,"maxIncidentsCount":3,"name":null,"port":636,"protocol":"ldaps","searchBase":null,"useTrustStore":true,"userBaseDn":null,"userEmailAddressAttribute":"email","userIdAttribute":"sAMAccountName","userLdapFilter":null,"userMemberOfAttribute":"memberOf","userObjectClass":"user","userPasswordAttribute":null,"userRealNameAttribute":"cn","userSubtree":false}` | LDAP configuration. | -| config.realms | object | `{"enabled":false,"values":[]}` | Realms configuration. | +| config.ldap | object | `{"authPassword":{"key":null,"secret":null},"authRealm":null,"authScheme":"simple","authUsername":null,"connectionRetryDelaySeconds":300,"connectionTimeoutSeconds":30,"enabled":false,"groupBaseDn":null,"groupIdAttribute":null,"groupMemberAttribute":null,"groupMemberFormat":null,"groupObjectClass":null,"groupSubtree":false,"groupType":"dynamic","host":null,"ldapGroupsAsRoles":false,"maxIncidentsCount":3,"name":null,"port":636,"protocol":"ldaps","searchBase":null,"useTrustStore":true,"userBaseDn":null,"userEmailAddressAttribute":"email","userIdAttribute":"sAMAccountName","userLdapFilter":null,"userMemberOfAttribute":"memberOf","userObjectClass":"user","userPasswordAttribute":null,"userRealNameAttribute":"cn","userSubtree":false}` | LDAP configuration; based on the REST API (API reference docs require an existing Nexus installation and can be found at **Administration** under _System_ → _API_). | +| config.realms.enabled | bool | `false` | If `true`, enable realms. | +| config.realms.values | list | `[]` | List of realms to configure; can be empty or contain any of `NexusAuthenticatingRealm`, `LdapRealm`, `DockerToken`, `NpmToken`, `NuGetApiKey` or `rutauth-realm`. | | config.repoCredentials.enabled | bool | `false` | If `true`, enable repository credentials. | | config.repoCredentials.secret | string | `nil` | Name of the secret containing the repository credentials. | -| config.repos | list | `[]` | Repository configuration. | -| config.roles | list | `[]` | Roles configuration. | +| config.repos | list | `[]` | Repository configuration; based on the REST API (API reference docs require an existing Nexus installation and can be found at **Administration** under _System_ → _API_) but with `format` & `type` defined in the object. | +| config.roles | list | `[]` | Roles configuration; based on the REST API (API reference docs require an existing Nexus installation and can be found at **Administration** under _System_ → _API_). | | config.tasks | list | `[]` | Task configuration. | -| config.users | list | `[]` | Users configuration. | +| config.users | list | `[]` | Users configuration; based on the REST API (API reference docs require an existing Nexus installation and can be found at **Administration** under _System_ → _API_). | | env | list | `[]` | Environment variables for the default container. | | extraInitContainers | list | `[]` | Extra init container to run before the default container. | | extraVolumeMounts | list | `[]` | Extra volume mounts for the default container. | diff --git a/charts/nexus3/scripts/configure.sh b/charts/nexus3/scripts/configure.sh index fee2903c..934fcc88 100644 --- a/charts/nexus3/scripts/configure.sh +++ b/charts/nexus3/scripts/configure.sh @@ -53,90 +53,6 @@ if [[ -f "${json_file}" ]]; then echo "Realms configured." fi -echo "Configuring roles..." -for json_file in "${CONFIG_DIR}"/conf/*-role.json; do - if [[ -f "${json_file}" ]]; then - id="$(jq -r '.id' "${json_file}")" - source="$(jq -r '.source' "${json_file}")" - - status_code=$(curl -sS -o /dev/null -w "%{http_code}" -X GET -H 'Content-Type: application/json' -u "${NEXUS_USER}:${password}" "${NEXUS_HOST}/service/rest/v1/security/roles/${id}?source=${source}") - if [[ "${status_code}" -eq 200 ]]; then - status_code="$(curl -sS -o /dev/null -w "%{http_code}" -X PUT -H 'Content-Type: application/json' -u "${NEXUS_USER}:${password}" -d "@${json_file}" "${NEXUS_HOST}/service/rest/v1/security/roles/${id}")" - if [[ "${status_code}" -ne 204 ]]; then - error "Could not update role '${id}'." - fi - else - status_code="$(curl -sS -o /dev/null -w "%{http_code}" -X POST -H 'Content-Type: application/json' -u "${NEXUS_USER}:${password}" -d "@${json_file}" "${NEXUS_HOST}/service/rest/v1/security/roles")" - if [[ "${status_code}" -ne 200 ]]; then - error "Could not create role '${id}'." - fi - fi - - echo "Role '${id}' configured." - fi -done - -echo "Configuring users..." -for json_file in "${CONFIG_DIR}"/conf/*-user.json; do - if [[ -f "${json_file}" ]]; then - id="$(jq -r '.userId' "${json_file}")" - source="$(jq -r '.source' "${json_file}")" - - out_file="$(mktemp -p "${tmp_dir}")" - status_code=$(curl -sS -o "${out_file}" -w "%{http_code}" -X GET -H 'Content-Type: application/json' -u "${NEXUS_USER}:${password}" "${NEXUS_HOST}/service/rest/v1/security/users/?userId=${id}&source=${source}") - if [[ "${status_code}" -eq 200 ]] && [[ -n "$(jq -r 'first(.[]).userId // empty' "${out_file}")" ]]; then - status_code="$(curl -sS -o /dev/null -w "%{http_code}" -X PUT -H 'Content-Type: application/json' -u "${NEXUS_USER}:${password}" -d "@${json_file}" "${NEXUS_HOST}/service/rest/v1/security/users/${id}")" - if [[ "${status_code}" -ne 204 ]]; then - error "Could not update user '${id}'." - fi - else - tmp_file="$(mktemp -p "${tmp_dir}")" - jq -r --arg password "$(echo "${RANDOM}" | md5sum | head -c 20)" '. + {password: $password}' "${json_file}" >"${tmp_file}" - json_file="${tmp_file}" - - status_code="$(curl -sS -o /dev/null -w "%{http_code}" -X POST -H 'Content-Type: application/json' -u "${NEXUS_USER}:${password}" -d "@${json_file}" "${NEXUS_HOST}/service/rest/v1/security/users")" - if [[ "${status_code}" -ne 200 ]]; then - error "Could not create user '${id}'." - fi - fi - - echo "User '${id}' configured." - fi -done - -json_file="${CONFIG_DIR}/conf/ldap.json" -if [[ -f "${json_file}" ]]; then - echo "Configuring LDAP..." - - name="$(jq -r '.name' "${json_file}")" - - if [[ -f "${CONFIG_DIR}/secret/ldap.password" ]]; then - tmp_file="$(mktemp -p "${tmp_dir}")" - jq -r --arg password "$(sed 's|"|\\"|g;s|/|\\/|g' "${CONFIG_DIR}/secret/ldap.password")" '. + {authPassword: $password}' "${json_file}" >"${tmp_file}" - json_file="${tmp_file}" - fi - - out_file="$(mktemp -p "${tmp_dir}")" - status_code=$(curl -sS -o "${out_file}" -w "%{http_code}" -X GET -H 'Content-Type: application/json' -u "${NEXUS_USER}:${password}" "${NEXUS_HOST}/service/rest/v1/security/ldap/${name// /%20}") - if [[ "${status_code}" -eq 200 ]]; then - tmp_file="$(mktemp -p "${tmp_dir}")" - jq -r --arg id "$(jq -r '.id' "${out_file}")" '. + {id: $id}' "${json_file}" >"${tmp_file}" - json_file="${tmp_file}" - - status_code="$(curl -sS -o /dev/null -w "%{http_code}" -X PUT -H 'Content-Type: application/json' -u "${NEXUS_USER}:${password}" -d "@${json_file}" "${NEXUS_HOST}/service/rest/v1/security/ldap/${name// /%20}")" - if [[ "${status_code}" -ne 204 ]]; then - error "Could not update LDAP '${name}'." - fi - else - status_code="$(curl -sS -o /dev/null -w "%{http_code}" -X POST -H 'Content-Type: application/json' -u "${NEXUS_USER}:${password}" -d "@${json_file}" "${NEXUS_HOST}/service/rest/v1/security/ldap")" - if [[ "${status_code}" -ne 201 ]]; then - error "Could not create LDAP '${name}'." - fi - fi - - echo "LDAP '${name}' configured." -fi - echo "Configuring blob stores..." for json_file in "${CONFIG_DIR}"/conf/*-blobstore.json; do if [[ -f "${json_file}" ]]; then @@ -237,6 +153,90 @@ for json_file in "${CONFIG_DIR}"/conf/*-repo.json; do fi done +echo "Configuring roles..." +for json_file in "${CONFIG_DIR}"/conf/*-role.json; do + if [[ -f "${json_file}" ]]; then + id="$(jq -r '.id' "${json_file}")" + source="$(jq -r '.source' "${json_file}")" + + status_code=$(curl -sS -o /dev/null -w "%{http_code}" -X GET -H 'Content-Type: application/json' -u "${NEXUS_USER}:${password}" "${NEXUS_HOST}/service/rest/v1/security/roles/${id}?source=${source}") + if [[ "${status_code}" -eq 200 ]]; then + status_code="$(curl -sS -o /dev/null -w "%{http_code}" -X PUT -H 'Content-Type: application/json' -u "${NEXUS_USER}:${password}" -d "@${json_file}" "${NEXUS_HOST}/service/rest/v1/security/roles/${id}")" + if [[ "${status_code}" -ne 204 ]]; then + error "Could not update role '${id}'." + fi + else + status_code="$(curl -sS -o /dev/null -w "%{http_code}" -X POST -H 'Content-Type: application/json' -u "${NEXUS_USER}:${password}" -d "@${json_file}" "${NEXUS_HOST}/service/rest/v1/security/roles")" + if [[ "${status_code}" -ne 200 ]]; then + error "Could not create role '${id}'." + fi + fi + + echo "Role '${id}' configured." + fi +done + +echo "Configuring users..." +for json_file in "${CONFIG_DIR}"/conf/*-user.json; do + if [[ -f "${json_file}" ]]; then + id="$(jq -r '.userId' "${json_file}")" + source="$(jq -r '.source' "${json_file}")" + + out_file="$(mktemp -p "${tmp_dir}")" + status_code=$(curl -sS -o "${out_file}" -w "%{http_code}" -X GET -H 'Content-Type: application/json' -u "${NEXUS_USER}:${password}" "${NEXUS_HOST}/service/rest/v1/security/users/?userId=${id}&source=${source}") + if [[ "${status_code}" -eq 200 ]] && [[ -n "$(jq -r 'first(.[]).userId // empty' "${out_file}")" ]]; then + status_code="$(curl -sS -o /dev/null -w "%{http_code}" -X PUT -H 'Content-Type: application/json' -u "${NEXUS_USER}:${password}" -d "@${json_file}" "${NEXUS_HOST}/service/rest/v1/security/users/${id}")" + if [[ "${status_code}" -ne 204 ]]; then + error "Could not update user '${id}'." + fi + else + tmp_file="$(mktemp -p "${tmp_dir}")" + jq -r --arg password "$(echo "${RANDOM}" | md5sum | head -c 20)" '. + {password: $password}' "${json_file}" >"${tmp_file}" + json_file="${tmp_file}" + + status_code="$(curl -sS -o /dev/null -w "%{http_code}" -X POST -H 'Content-Type: application/json' -u "${NEXUS_USER}:${password}" -d "@${json_file}" "${NEXUS_HOST}/service/rest/v1/security/users")" + if [[ "${status_code}" -ne 200 ]]; then + error "Could not create user '${id}'." + fi + fi + + echo "User '${id}' configured." + fi +done + +json_file="${CONFIG_DIR}/conf/ldap.json" +if [[ -f "${json_file}" ]]; then + echo "Configuring LDAP..." + + name="$(jq -r '.name' "${json_file}")" + + if [[ -f "${CONFIG_DIR}/secret/ldap.password" ]]; then + tmp_file="$(mktemp -p "${tmp_dir}")" + jq -r --arg password "$(sed 's|"|\\"|g;s|/|\\/|g' "${CONFIG_DIR}/secret/ldap.password")" '. + {authPassword: $password}' "${json_file}" >"${tmp_file}" + json_file="${tmp_file}" + fi + + out_file="$(mktemp -p "${tmp_dir}")" + status_code=$(curl -sS -o "${out_file}" -w "%{http_code}" -X GET -H 'Content-Type: application/json' -u "${NEXUS_USER}:${password}" "${NEXUS_HOST}/service/rest/v1/security/ldap/${name// /%20}") + if [[ "${status_code}" -eq 200 ]]; then + tmp_file="$(mktemp -p "${tmp_dir}")" + jq -r --arg id "$(jq -r '.id' "${out_file}")" '. + {id: $id}' "${json_file}" >"${tmp_file}" + json_file="${tmp_file}" + + status_code="$(curl -sS -o /dev/null -w "%{http_code}" -X PUT -H 'Content-Type: application/json' -u "${NEXUS_USER}:${password}" -d "@${json_file}" "${NEXUS_HOST}/service/rest/v1/security/ldap/${name// /%20}")" + if [[ "${status_code}" -ne 204 ]]; then + error "Could not update LDAP '${name}'." + fi + else + status_code="$(curl -sS -o /dev/null -w "%{http_code}" -X POST -H 'Content-Type: application/json' -u "${NEXUS_USER}:${password}" -d "@${json_file}" "${NEXUS_HOST}/service/rest/v1/security/ldap")" + if [[ "${status_code}" -ne 201 ]]; then + error "Could not create LDAP '${name}'." + fi + fi + + echo "LDAP '${name}' configured." +fi + echo "Configuring tasks..." for json_file in "${CONFIG_DIR}"/conf/*-task.json; do if [[ -f "${json_file}" ]]; then diff --git a/charts/nexus3/templates/statefulset.yaml b/charts/nexus3/templates/statefulset.yaml index 472412e4..a88b7490 100644 --- a/charts/nexus3/templates/statefulset.yaml +++ b/charts/nexus3/templates/statefulset.yaml @@ -400,7 +400,7 @@ spec: - metadata: name: data labels: - {{- include "nexus3.labels" . | nindent 10 }} + {{- include "nexus3.selectorLabels" . | nindent 10 }} {{- with .Values.persistence.annotations }} annotations: {{- . | toYaml | nindent 10 }} diff --git a/charts/nexus3/values.yaml b/charts/nexus3/values.yaml index 62ca4b7c..e30778f1 100644 --- a/charts/nexus3/values.yaml +++ b/charts/nexus3/values.yaml @@ -299,7 +299,7 @@ rootPassword: key: password config: - # -- If `true`, enable the configuration Job. + # -- If `true` & `rootPassword.secret` is set, enable the configuration Job. enabled: false job: image: @@ -319,15 +319,17 @@ config: affinity: {} # -- Node taints which will be tolerated for scheduling the config job. tolerations: [] - # -- Anonymous access configuration. anonymous: + # -- If `true`, enable anonymous access. enabled: false + # -- Roles for anonymous access. roles: - nx-anonymous - nx-metrics - # -- Realms configuration. realms: + # -- If `true`, enable realms. enabled: false + # -- List of realms to configure; can be empty or contain any of `NexusAuthenticatingRealm`, `LdapRealm`, `DockerToken`, `NpmToken`, `NuGetApiKey` or `rutauth-realm`. values: [] # - NexusAuthenticatingRealm # - LdapRealm @@ -335,7 +337,7 @@ config: # - NpmToken # - NuGetApiKey # - rutauth-realm - # -- Roles configuration. + # -- Roles configuration; based on the REST API (API reference docs require an existing Nexus installation and can be found at **Administration** under _System_ → _API_). roles: [] # - id: nexus-administrators # source: default @@ -344,7 +346,7 @@ config: # privileges: [] # roles: # - nx-admin - # -- Users configuration. + # -- Users configuration; based on the REST API (API reference docs require an existing Nexus installation and can be found at **Administration** under _System_ → _API_). users: [] # - userId: test # firstName: Test @@ -355,7 +357,7 @@ config: # roles: # - nx-anonymous # externalRoles: [] - # -- LDAP configuration. + # -- LDAP configuration; based on the REST API (API reference docs require an existing Nexus installation and can be found at **Administration** under _System_ → _API_). ldap: enabled: false name: @@ -390,7 +392,7 @@ config: groupIdAttribute: groupMemberAttribute: groupMemberFormat: - # -- Blob store configuration. + # -- Blob store configuration; based on the REST API (API reference docs require an existing Nexus installation and can be found at **Administration** under _System_ → _API_). blobStores: [] # Reference the Nexus Blob store REST API for supported types and expected request body structures of each # - name: ExampleFileBlobStore @@ -426,7 +428,7 @@ config: enabled: false # -- (string) Name of the secret containing the repository credentials. secret: - # -- Repository configuration. + # -- Repository configuration; based on the REST API (API reference docs require an existing Nexus installation and can be found at **Administration** under _System_ → _API_) but with `format` & `type` defined in the object. repos: [] # - name: test-repo # format: raw