Add and enable Rut Auth capability using scripting API


I’m trying to add Rut Auth capability and enable Rut Auth realm using scripting API. But I haven’t found anything useful yet. The documentation examples are for repositories. Is there any way to add Rut Auth capability and enable Rut Auth realm using scripting API? Or we have to add it manually from UI?

Any help would be much apprieciated.

Have a look here: nexus3-oss/setup_realms.groovy at master · ansible-ThoTeam/nexus3-oss · GitHub

Continuing the discussion from Advanced Use Cases for the Nexus Repository Manager API:

In addition to what @rseddon mentioned, you may also need to create and configure a Nexus Capability so that Nexus knows which HTTP header to look at for the authenticated user name.

More about RUT Auth can be found in the docs at Authentication via Remote User Token. And, not directly related, but architecturally the same, this guide provides context around Remote User Token Authentication: PKI Authentication for Nexus - Sonatype Guides

A sample groovy script to create and configure the capability, which will also automatically enable the realm:

import groovy.json.JsonOutput

returnValue = JsonOutput.toJson([result : 'Did NOT add Rut Auth'])

def capabilityRegistry = container.lookup(DefaultCapabilityRegistry.class.getName())

//Capability specific values/properties
def capabilityType = CapabilityType.capabilityType("rutauth")
def capabilityProps = ['httpHeader': 'some_auth_header']
def capabilityNotes = 'configured through scripting api'

//check if existing Rut Auth capability exists
DefaultCapabilityReference existing = capabilityRegistry.all.find { CapabilityReference capabilityReference ->
  capabilityReference.context().descriptor().type() == capabilityType

//If it doesn't, add it with given values/properties
//This should also enable the rutauth-realm
if (!existing)
{'Rut Auth capability created as: {}',
           capabilityRegistry.add(capabilityType, true, capabilityNotes, capabilityProps).toString())

  returnValue = JsonOutput.toJson([result : 'Successfully added Rut Auth!'])

return returnValue

Thank you @mworthington and @rseddon. This helped me a lot.

1 Like

“Simple” being a relative term here. The scripting capability in Nexus is not very conducive for infrastructure-as-code; so if you are trying to completely rebuild your environment using tools like Ansible or Puppet it’s really quite painful.

Thank you very much for this interessting snippet.
However i have a trivial question.

This line: “def capabilityRegistry = container.lookup(DefaultCapabilityRegistry.class.getName())”

Where is the value form “container” set ? you access the container object and it has not been defined before.

The system provides it, the scripts don’t need to define it.

In the above example, the capabilityType "rutauth’ is used. If we want to automate the creation of other types of Capabilities, where do we find information/doco on what ID we should use for the other Capabilities?

I need to create an ‘IQ: Audit and Quarantine’ capability. Where do I find information on what ID I should use, and what properties I should set?

Hopefully you had received an answer to this by now, but in case not (and for others future ref), the typeId is firewall.audit and the properties you can set are repository (use desired repositoryId) and quarantine (true/false)