Try JFrog
Guides
Contact SupportTry JFrog
  1. Platform Administration
  2. Topology

Curation Federation

πŸ“˜

Subscription Information

This feature is supported on JFrog SaaS sites with the Enterprise+ license.

Self-managed JPDs will be supported in an upcoming release.

Follow this procedure to define a federation that syncs curation policies, labels, and related entities in your JFrog environment.

JFrog Federations ensure uniform settings across sites in your subscription. For example, an Access Federation syncs user and permission definitions across all servers in the federation.

This section describes how to define a federation that syncs Curation policies and metadata across servers in your JFrog subscription. This Curation Federation simplifies deployment of Curation policies, and enforces a consistent security posture. Repositories on servers across your subscription are protected by a uniform, centrally managed set of Curation policies.

The federation has a star topology - one JPD acts as the Controller, and the other JPDs act as Followers. To construct the federation, you register each Follower on the Controller. To simplify management and troubleshooting, use a consistent naming convention for all Followers. The federation can include SaaS and Self-managed Followers.

To define the federation, submit API requests to the platform federation (pfed) service on each of the JPDs, as described below. The pfed service on each JPD manages the site’s federations and syncs data as necessary. For more information see related API documentation.

To define a Curation Federation:

  1. Register Follower JPDs on the Controller JPD. for each Follower JPD:

    Request a pairing token with scope platform-federation from the Follower JPD.

    Authenticate the request with an Admin token. For example:

curl --location --request POST 'https://<followerJPD>.jfrog.io/access/api/v1/service_trust/pairing/platform-federation' --header 'Authorization: Bearer <admin_token>'

  1. Define this Follower JPD on the Controller JPD.

    Authenticate the request with an Admin token. For example:

curl --location --request POST 'https://<controllerJPD>.jfrog.io/pfed/api/v1/jpd' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer ADMIN-TOKEN' \
--data '{
  "id": "follower_1",
  "url": "https://follower1.jfrog.io/",
  "pairing_token": "<pairing_token>"
}'

Where

  • id is a unique label for this Follower in the federation
  • url is the URL of the Follower JPD
  • pairing_token is the pairing token you received from this Follower JPD.

  1. Repeat these steps for each Follower JPD in the federation.

  2. Create the Federation on the Controller JPD and define its Followers.

    Authenticate the request with an Admin token. For example:

curl --location --request POST 'https://<controllerJPD>.jfrog.io/pfed/api/v1/federations' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer ADMIN-TOKEN' \
--data '{
 "name": "curation federation",
 "description": "manage curation over multisite architecture",
 "connection_groups": {
     "source-jpd": {
         "target_jpd_ids": [
             "follower_1",  ...  ,"follower_n"
         ]
       }
    },
 "entities": [
     {"type": "catalog.customLabels"},
     {"type": "xray.curationCondition"},
     {"type": "xray.curationPkgType"},
     {"type": "xray.curationPolicy"}
   ]
 }'

Where

  • name is a unique name for this federation.
  • description is a brief description of the federation.
  • target_jpd_ids is a list of the IDs you defined on each Follower JPD.
  1. On the Controller JPD, submit a request to the /federation/fullsync endpoint to initiate data sync across the Federation.
curl --location --request POST 'https://<controllerJPD>.jfrog.io/pfed/api/v1/federation/fullsync' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer ADMIN-TOKEN' \
--data '{
  "federation_id": "my-federation"
}'

Where

  • federation_id is the unique name you gave this federation in the previous step.

When the configuration federation is successfully defined:

  • The Controller JPD is indicated in Curation pages of the JFrog Platform user interface.
  • Audit pages list sync actions performed in the background by the Federation service.

For more details about defining and working with federated Curation policies, see Curation Federation.


Updated 12 days ago