Repository Management with Nexus

10.5. Configuring Procurement

To configure a procurement rule, right-click on a folder in the tree. Figure 10.10, “Applying a Rule to a Component Folder for org/elipse/aether displays the procurement interface after right-clicking on the org/eclipse/aether component folder.

figs/web/procure-aether.png

Figure 10.10. Applying a Rule to a Component Folder for org/elipse/aether


In this dialog, we are deciding to configure a rule for everything within the group and its sub groups that display the rule configuration dialog displayed in Figure 10.11, “Approving org.eclipse.aether Components”. The dialog to add rules allows you to select the available rule, e.g., a Forced Approve/Deny Rule, and configure the rule properties. The displayed dialog approves all components Eclipse Aether components.

figs/web/procure-aether-add-rule.png

Figure 10.11. Approving org.eclipse.aether Components


By right-clicking on the top level folder of the repository, as displayed in Figure 10.12, “Accessing the Global Repository Configuration”, you can configure rules for the complete repository as well as access all configured rules via the Applied Rules option.

figs/web/procure-global-rules.png

Figure 10.12. Accessing the Global Repository Configuration


This allows you to set up a global rule, like blocking all components from the repository. Once you have configured this you can then selectively allow specific versions of a component. Figure 10.13, “Procurement Configurations Options for a Specific Component Version” displays the options available for configuring rules for a specific component version of the Apache Commons Collections component.

figs/web/procure-collections-version.png

Figure 10.13. Procurement Configurations Options for a Specific Component Version


Once you approve a specific version, the tree view will change the icons for the component displaying green checkmarks for approved components and red cross lines for denied components as visible in Figure 10.14, “Procurement Repository Tree View with Rule Visualization”. The icons are updated for signature validation rule violations, if applicable, showing a yellow icon.

figs/web/procure-status-tree.png

Figure 10.14. Procurement Repository Tree View with Rule Visualization


An example dialog of Applied Rules for the complete repository, as configured by ::*, is visible in Figure 10.15, “Applied Rules for the Complete Procurement Repository”. This repository currently denies access to all components, only approving components within org/apache/maven and org/eclipse/aether'.

This dialog gives the procurement administrator a fine-grained view into the rules that apply to the complete repository. A view of all Applied Rules for a specific repository folder can be access by right-clicking on the folder and selecting Applied Rules. The dialog allows you to remove specific rules or all rules as well.

figs/web/procure-applied-rules.png

Figure 10.15. Applied Rules for the Complete Procurement Repository


The Refresh button above the tree view of a repository tree view allows you to update the tree view and to see all of the applied rules. The Add Freeform Rule button allows you to display the dialog to manually configure a procurement rule displayed in Figure 10.16, “Adding a Freeform Rule”. This is especially useful if the tree view is not complete due to a missing repository index or if you have detailed knowledge of the component to which you want to apply a rule. The format for entering a specific component in the Enter GAV input field is the short form for a Maven component coordinate using the groupId, artifactId and version separated by :. The * character can be used as a wildcard for a complete coordinate.

figs/web/procure-freeform-rule.png

Figure 10.16. Adding a Freeform Rule


Examples for freeform rule coordinates are:

*:*:*
matches any component in the complete repository
org.apache.ant:*:*
matches any component with the groupId org.apache.ant located in org/apache/ant
org.apache.ant.*:*:*
matches any component with the groupId org.apache.ant located in org/apache/ant as well as any sub-groups e.g., org.apache.ant.ant

These coordinates are displayed in the Maven build output log when retrieving a component fails. You can see them as part of the error message with the addition of the packaging type. It is therefore possible to cut and paste the respective coordinates from the build output and insert them into a freeform rule. Once you have done that you can kick off the build again, potentially forcing downloads with the option -U and continue procurement configuration for further components.