Repository Management with Nexus
9.5. Configuring Procurement

To configure a procurement rule, right click on a folder in the tree. Figure 9.10, “Applying a Rule to a Component Folder for org/elipse/aether” displays the procurement interface after right clicking on the org/eclipse/aether component folder.

In this dialog, we are deciding to configure a rule for everything within the group and its sub-groups, which will bring up the rule configuration dialog displayed in Figure 9.11, “Approving org.eclipse.aether Components”. The dialog to add rules allows you to select the available rule, e.g. a Forced Approve/Deny Rule, and configure the rule properties. The displayed dialog approves all components Eclipse Aether components.

By right clicking on the top level folder of the repository as displayed in Figure 9.12, “Accessing the Global Repository Configuration” you can configure rules for the complete repository as well as access all configured rules via the Applied Rules option.

This allows you to setup a global rule like blocking all components from the repository. Once you have configured this you can then selectively allow specific versions of a component. Figure 9.13, “Procurement Configurations Options for a Specific Component Version” displays the options available for configuring rules for a specific component version of the Apache Commons Collections component.

Once you approve a specific version the tree view will change the icons for the component displaying green checkmarks for approved components and red cross lines for denied components as visible in Figure 9.14, “Procurement Repository Tree View with Rule Visualization”. The icons are updated for signature validation rule violations, if applicable, showing a yellow icon.

An example dialog of Applied Rules for the complete repository, as configured by ::*, is visible in Figure 9.15, “Applied Rules for the Complete Procurement Repository”. This repository currently denies access to all components, only approving components within org/apache/maven and org/eclipse/aether'.

This dialog gives the procurement administrator a fine-grained view into the rules that apply to the complete repository. A view of all Applied Rules for a specific repository folder can be access by right-clicking on the folder and selecting Applied Rules. The dialog allows you to remove specific rules or all rules as well.

The Refresh button above the tree view of a repository tree view allows you to update the tree view and the visualization of all applied rules. The Add Freeform Rule button allows you to bring up the dialog to manually configure a procurement rule displayed in Figure 9.16, “Adding a Freeform Rule”. This is especially useful if the tree view is not complete due to a missing repository index or if you have detailed knowledge of the component you want to apply a rule to. The format for entering the a specific component to be in the Enter GAV input field is the short form for a Maven component coordinate using the groupId, artifactId and version separated by :. The * character can be used as a wildcard for a complete coordinate.

Examples for a freeform rule coordinates are:

::* matches any component in the complete repository

These coordinates are displayed as part of a Maven built when retrieving a component fails as part of the error message with the addition of the packaging type. It is therefore possible to cut and paste the respective coordinates from the build output and insert them into a freeform rule. Once you have done that you can kick off the build again, potentially forcing downloads with the option -U and continue procurement configuration for further components.