groovy artifactory artifactory-query-lang

Monitoring invalid license information in Artifactory repositories with a user plugin

I am looking into monitoring my Artifactory for invalid license information. In other words, I want to be aware if a repository has items uploaded with a license information (property artifactory.licenses) that does not match one of the registered licenses (Admin -> Configuration > Licenses)

A simple test case to create an artifact like this with the artifactory client api would be:

File result = artifactory
        .repository("sandbox")
        .upload("com/google/guava/guava/14.0.1/guava-14.0.1.jar", jarFile)
        .withProperty("artifactory.licenses", "NOTaLICENSE-1.0")
        .doUpload()

There is a public REST API to search for license information that may be used to detect license information that is neither approved nor unapproved, and it seems to fit the requirement and find the incorrect artifact:

curl -u "admin:password" -X GET  "http://artifactory_server/artifactory/api/search/license?unapproved=0&approved=0"
{
  "results" : [ {
    "uri" : "http://artifactory_server/artifactory/sandbox/com/google/guava/guava/14.0.1/guava-14.0.1.jar",
    "license" : "Unknown",
    "found" : "",
    "status" : "Unapproved"
  } ]
}

However, I would rather like to do this with a user plugin (see https://www.jfrog.com/confluence/display/RTF/User+Plugins) but I don't see how to get the same information from the Artifactory public API.

After some tests, my current understanding with the public API (artifactory-papi) is that:

A license search similar to what is available over REST is not available using the Searches service http://repo.jfrog.org/artifactory/oss-releases-local/org/artifactory/artifactory-papi/5.4.4/artifactory-papi-5.4.4-javadoc.jar!/org/artifactory/search/Searches.html).
Using the AQL feature from the Searches service only gives access to the underlying property, there is no way to find whether it is "Unknown" or not.

items.find({"@artifactory.licenses" : "NOTaLICENSE-1.0"})

will return our incorrect artifact, whereas

items.find({"@artifactory.licenses" : "Unknown"})

will not return our incorrect artifact

There is no API to return the list of registered licenses. So no scriptable way to match values from property artifactory.licenses with registered licenses

I am thinking of calling the REST API from the User Plugin but this cannot be right :-)

Any ideas welcome. This is with Artifactory 5.4.6.

Solution

So there is an existing user plugin that got me on the right track: https://github.com/JFrogDev/artifactory-user-plugins/blob/master/governance/discoverLicenseAndPreventUnapproved/discoverLicenseAndPreventUnapproved.groovy

Basically, the public REST API to check licenses depends on a service called org.artifactory.addon.license.service.InternalLicensesService

This service provides, among other methods, a way to list all the declared licenses on the server.

// Beware - Internal API of an addon - from artifactory-addon-license-5.4.6.jar
def licensesService = ctx.beanForType(forName('org.artifactory.addon.license.service.InternalLicensesService'))
def allLicenseInfos = licensesService.artifactLicensesInfo.licenses
def artifactLicenses = allLicenseInfos*.name

This code snippet returns the list of all the names of the licenses declared in the Artifactory UI.

After that, It becomes easy to compare the license names attached to an artifact through its artifactory.licenses property with this list.