Curation Federation
Subscription Information
This feature is supported on JFrog SaaS sites with the Enterprise+ license.
Self-managed JPDs will be supported in an upcoming release.
Follow this procedure to define a federation that syncs curation policies, labels, and related entities in your JFrog environment.
JFrog Federations ensure uniform settings across sites in your subscription. For example, an Access Federation syncs user and permission definitions across all servers in the federation.
This section describes how to define a federation that syncs Curation policies and metadata across servers in your JFrog subscription. This Curation Federation simplifies deployment of Curation policies, and enforces a consistent security posture. Repositories on servers across your subscription are protected by a uniform, centrally managed set of Curation policies.
The federation has a star topology - one JPD acts as the Controller, and the other JPDs act as Followers. To construct the federation, you register each Follower on the Controller. To simplify management and troubleshooting, use a consistent naming convention for all Followers.
You define the federation using API requests to the platform federation (pfed) service. After you define the Federation, the pfed service on each JPD manages the siteβs federations and syncs data as necessary.
To define a Curation Federation:
-
Register Follower JPDs on the Controller JPD. for each Follower JPD:
Request a pairing token with scope
platform-federationfrom/access/api/v1/service_trust/pairing/platform-federationendpoint of the Follower JPD:Authenticate the request with an Admin token. For example:
curl --location --request POST 'https://<followerJPD>.jfrog.io/access/api/v1/service_trust/pairing/platform-federation' --header 'Authorization: Bearer <admin_token>'-
Use the
/pfed/api/v1/jpdendpoint with the pairing token to define this Follower JPD on the Controller JPD.Authenticate the request with an Admin token. For example:
curl --location 'https://<controllerJPD>.jfrog.io/pfed/api/v1/jpd' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer ADMIN-TOKEN' \
--data '{
"id": "follower_1",
"url": "https://follower1.jfrog.io/",
"pairing_token": "<pairing_token>"
}'Where
- id is a unique label for this Follower in the federation
- url is the URL of the Follower JPD
- pairing_token is the pairing token you received from this Follower JPD.
-
Repeat this step for each Follower JPD in the federation.
-
Define the Federation on the Controller JPD. Use the
/pfed/api/v1/federationsendpoint to define a platform federation and its Follower JPDs.Authenticate the request with an Admin token. For example:
curl --location 'https://<controllerJPD>.jfrog.io/pfed/api/v1/federations' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <Admin_token>' \
--data '{
"name": "curation federation",
"description": "manage curation over multisite architecture",
"connection_groups": {
"source-jpd": {
"target_jpd_ids": [
"follower_1",
"follower_n"
]
}
},
"entities": [
{"type": "catalog.customLabels"},
{"type": "xray.curationCondition"},
{"type": "xray.curationPkgType"},
{"type": "xray.curationPolicy"}
]
}'
Where
- name is a unique name for this federation.
- description is a brief description of the federation.
- target_jpd_ids is a list of the unique IDs you defined on each Follower JPD in Step 2. These JPDs participate in the federation.
When the configuration federation is successfully defined:
- The Controller JPD indicates identifies itself in Curation pages of the JFrog Platform user interface.
- Audit pages list sync actions performed in the background by the Federation service.
For more details about defining and working with federated Curation policies, see Curation Federation.
Updated about 4 hours ago