How to assign access token to a group or specific permissions?

[sheldonhull]

I've looked through the issues and documentation and a bit confused.

When I created an access token through the rest api in the past, I had to assign it to a group to ensure the permissions were associated with the access token.

Right now, I have created the api token using the documented example:

resource "artifactory_api_key" "ci" {}

However, when trying to assign this token into a group, I'm not clear how to do this from the provider documentation.

When doing via POST request, you can see I had to designate member-of-groups for the access token to be generated.

    $invokeRestMethodSplat = @{
        Method  = 'POST'
        Body    =
        @{  
            "username"     = $UserName #this is access token name, anything can be used
            "scope"        = "member-of-groups:$GroupName"
            'Content-Type' = 'application/x-www-form-urlencoded'
            'expires_in'   = 0                                  # Used to set as non-expiring
            'refreshable'  = $true # allow access tokens to be refreshed and leave user the same
        }
        Headers = @{ Authorization = "Basic $encodedCredentials" }
        Uri     = "https://$ACCOUNTNAME.jfrog.io/$ACCOUNTNAME/api/security/token"
    }
    $response = Invoke-RestMethod @invokeRestMethodSplat

What I'd thought I'd see would be something like

resource "artifactory_api_key" "ci" {
      groups = [ resource.group.id ] 
}

If you have any examples on how to do this, or an issue I missed that answered this please let me know. I plan on looking at the provider code more, but figured I'd make this visible so if it's an easy fix others might benefit, or if I contribute a PR with something I can link it to this anyway.

Appreciate the great work on this project as it solves a big need in making Jfrog more manageable.

[sheldonhull]

I think I've found the answer. This hasn't been implemented.
I found that the go-artifactory library does support this, but it hasn't been implemented into the provider.

https://github.com/atlassian/go-artifactory/blob/6111b34bd09a5f74a3fb36a2a882687693c984a8/artifactory/v1/security.go#L904-L919

// Creates an access token
// Since: 5.0.0
// Security: Requires a valid user
func (s *SecurityService) CreateToken(ctx context.Context, opts *AccessTokenOptions) (*AccessToken, *http.Response, error) {
	path := "/api/security/token"
	req, err := s.client.NewURLEncodedRequest("POST", path, opts)
	if err != nil {
		return nil, nil, err
	}
	req.Header.Set("Accept", client.MediaTypeJson)

	token := new(AccessToken)
	resp, err := s.client.Do(ctx, req, token)
	return token, resp, err
}

This shows the creation for an access token is there, and it's the exact same api endpoint from my powershell invoke-webrequest.
Looks like this needs to be added to provider for me to leverage.
I'll take a look at what that might entail and if I make some progress I'll post an update.
Haven't done a provider contribution yet so I need to familiarize myself with it.