Overview

This migration guide describes the typical tasks and planning processes that are required for a successful migration of your Premium JFrog Bintray solution to JFrog Cloud with CDN support. All the settings in JFrog Cloud are performed in the JFrog Platform that has a dedicated Web UI designed to support the most commonly used workflows, including improved package management, security and compliance, and package distribution. For more information, see JFrog Cloud.

Planning the Migration Process

We recommend planning your migration process to include a thorough analysis of your Bintray solution, listing the settings required to migrate, and determining what additional information may be required for the various tasks.

Migration Steps

The migration process consists of setting up Artifactory with your Bintray configurations, migrating the actual data, and then proceeding to configure your Artifactory CDN in MyJFrog, JFrog's customer portal for managing your JFrog Platform. 

Stage A: JFrog Cloud

Perform these task to set up cloud with your Bintray settings.

  1. Subscribe to JFrog Cloud 
  2. Replicate your Bintray settings in the designated Artifactory (This step is Mandatory)
  3. Migrate the Bintray content to Artifactory (This step is Mandatory)
  4. Replace API and CLI commands used as part of the automation process
  5. Create a new set of signed URLs.

Stage B: MyJFrog Customer Portal

Perform these tasks to configure the CDN settings.





The process of setting up JFrog Cloud comprises of these steps.

Step 1: Subscribing to JFrog Cloud

  1. Navigate to the JFrog Cloud page. To view the features and functionality supported according to Cloud Subscription type, see JFrog Cloud with CDN Caching: Main Features and Functionality.
    Note that JFrog Distribution requires an Enterprise+ license. For more information, see JFrog Distribution.
  2. Scroll to subscribe to JFrog Cloud offering or try a Free Trial on the Cloud for Cloud (SaaS) users.
    The Cloud registration form opens.
  3. Follow the Onboarding wizard, select AWS as your preferred cloud provider and fill in the registration form.
  4. Click Next. A Thank You page is displayed confirming the registration process has completed successfully.
    An email containing your Artifactory login information and credentials will be sent to you.
  5. To get up and running quickly, follow the Onboarding Wizard that is invoked the first time you start JFrog Artifactory.

Step 2: Replicating Bintray Settings in Artifactory

Configuring Artifactory  with your Bintray settings includes the following steps:

  1. Setting up Bintray repositories in Artifactory
  2. Enabling CDN Redirection on the repository level
  3. Configuring security and authentication
  4. Migrating Bintray users, groups and permissions

Setting Up Bintray Repositories in Artifactory 

Before you can migrate your Bintray data to Artifactory, the Bintray repository structure needs to be replicated in Artifactory.

The basic Bintray data hierarchy of Repositories, Packages and Versions is supported in Artifactory but the concept of Products is not supported. 
Prior to creating the repositories, be sure to read how Repositories are managed in the JFrog Platform.

Your Bintray repositories need to be created as local repositories in Artifactory.

Enabling CDN Redirection on the Repository Level

You need to enable CDN Redirection on each repository using the following API syntax. For the full Update Repository Configuration REST API command, see Update Repository Configuration.

Update Repository Configuration

Description: Enables CDN Redirect on the existing repository in Artifactory.
Security: Requires an admin user
Usage: POST /api/repositories/{repoKey} -H "Content-Type: application/json"
Consumesapplication/json

{
 "cdnRedirect":true
}

Configuring Security and Authentication

Bintray supports authentication using SAML Authentication. When migrating to Artifactory, you can set up authentication using SAML SSO or choose from the wide range of security and authentication methods supported by Artifactory:

Migrating Bintray Users, Groups and Permissions

To provide your Bintray members access and permissions to the newly created repositories, you first need to create Users in Artifactory for your Bintray Members and Groups for your Bintray Teams in Artifactory.

If some of your repositories have to be publicly exposed without authentication, please refer to the following knowledge base article:  Allowing anonymous access to specific repositories

Creating Users and Groups

Users and groups are defined differently in Bintray and Artifactory. To help you migrate your Bintray entities, refer to the following Bintray to Artifactory mapping table.

Bintray Entities

Artifactory Entities

Comments

Organization Owner

Admin user

Admins are exclusively responsible for administering an Artifactory instance

  • General configuration
  • Security configuration
  • Repository creation

Teams

Groups 

External groups can be synced with your LDAP server.

Members

Users

  • LDAP users are automatically associated with the relevant LDAP groups in Artifactory.
  • Users can also access Artifactory via SSO after enabling the Artifactory SAML SSO integration.

Access Keys

Access Tokens

Tokens are created using the Artifactory Rest API and can be applied in the following scenarios:

  • Cross-instance Authentication
    Access tokens can be used for authentication, not only by an Artifactory instance or cluster where they were created, but also for other instances and clusters that are all part of the same "circle of trust".
     
  • User and Non-User Authentication
    Access tokens can be used for authenticating Artifactory users and also be assigned to non-user entities such as CI server jobs.

  • Time-based Access Control
    Access tokens have an expiry period allowing you to control the period of time for which you grant access.

  • Flexible Scope
    By assigning Groups to tokens, you can control the level of access they provide.

You can migrate your users and groups using one of the following methods:

Creating Bintray Users in the JFrog Platform Web UI
  1. Get the list of members and teams in Bintray:
    1. Log in to https://www.bintray.com.
    2. Click your [User Profile] on the Bintray taskbar and select Manage Organizations.
    3. Click the required Organization and click Edit.
    4. Click Members or Teams to view the list of members.
  2. Create the users and groups in the JFrog Platform:
    1. Create the new users for each of the Bintray members. For more information, see Creating Users.
    2. Create groups for each of the Bintray teams and assign the users to the groups. For more information, see Creating Groups.
Creating Bintray Users and Groups using the JFrog REST APIs

The migration process involves using the Bintray REST API to retrieve user and group information that can then be reconfigured using the Artifactory API.

  1. Get a list of members and teams in Bintray using the Get Organization REST API command. 

    Teams are only supported for Premium users. 

  2. Get a list of current permissions in Bintray using the Get Team Permission REST API command.
  3. For each Bintray team, create an Artifactory group depending on the following contexts : 
    1. If you decide to enable the JFrog Platform LDAP Integration, your LDAP groups can be imported via the UI (see Synchronizing LDAP Groups with the JPD) or using the rest API (see Synchronizing LDAP Groups with the JPD). Please make sure the realm is set to LDAP and that you assign LDAP attributes to your groups while creating them, using the Create or Replace Group REST API.
    2. If you do not enable the JFrog Platform LDAP integration, please create your Artifactory groups using the Create or Replace Group REST API command. Removing the need to specify the realm in this case.
  4. Create the corresponding users in the JFrog Platform according to the following scenarios:
    • LDAP Integration is enabled, therefore there is no need to create users. Users will automatically be created in the JFrog Platform after the initial authentication.
    • LDAP Integration is disabled requiring you to run the Create or Replace User REST API command.
  5. Create Permission Targets for users and groups using the Create or Replace Permission Target REST API command for each of the groups you previously created in Artifactory and corresponding to your actual Bintray teams.

Assigning Permissions to Users and Groups

Bintray permissions are limited to four main permissions - None, Read, Publish and Admin and can be assigned on the repository level for a team and not individually for each Bintray member. By migrating to JFrog Cloud, you gain the full benefits of the the JFrog Platform that provides a flexible permissions model providing administrators with fine-grained control over how users and groups access repositories and are managed from a central location. Note that in the JFrog Platform, creating repositories is limited to Admins whereas non-admin users can be designated to manage permissions for other users in the same permission scope (via the Manage permission). 

The JFrog Platform supports the following repository-specific permissions providing finer granularity when it comes to assigning permissions to repositories. 

Read

Allows reading and downloading of artifacts

Annotate

Allows annotating artifacts and folders with metadata and properties

Upload/Cache

Allows deploying artifacts and deploying to caches (i.e. populating caches with remote artifacts)

Delete/Overwrite

Allows deleting or overwriting artifacts

Manage

Allows changing the permission settings for other users on this permission target

Migrating your Bintray Entities to Artifactory Permissions
  1. Get a list of permissions for each team on the repository level:
    1. Log in to https://www.bintray.com.
    2. Click your [User Profile] on the Bintray taskbar and select Manage Organizations.
    3. Click the required Organization and click Edit.
    4. Click the required repository to view the list of teams and associated permissions.
  2. Create the corresponding permissions for users and groups in the JFrog Platform:
    1. From the Administration module, navigate to Identity and Access | Permissions and click New Permission.
    2. Select the repository.
    3. Assign users or groups.
    4. Assign permissions.

To learn how to assign permissions in the JFrog Platform, see Permissions.

Assigning Access Tokens (Formerly Known as Access Keys) to Users or Groups

In Bintray, you could assign Access Keys that are unique identifiers generated for anyone who is not in one of your Bintray teams (such as external users), and to which permissions specified in Entitlements are assigned. Any user who received an access key could use that key (together with the password provided) to sign in to and navigate through Bintray. When signing in with an access key, the user is "scoped" and can only access those parts of the Bintray UI that are accessible according to the entitlements associated with the access key. As apposed the Bintray, you do not assign entitlements on the access token level in Artifactory, but rather you create your users and groups and then proceed to assign an access token to a user or group.

To assign access tokens to users and groups in Artifactory:

  1. Run the Create or Replace Permission Target REST command or configure directly in the Web UI to create the permission targets and include the required users and groups. For more information, see Permissions.
  2. Run the Create Token REST API command to create the access token and bind it to one or multiple groups or to a single user. 
    The permissions are automatically calculated and associated with the token when you create the token. By using permission targets, Artifactory assigns the same permissions to the token as the group and/or users included in the permission target. To learn how to work with Access Tokens in Artifactory, see Access Tokens.

For some reasons, if you wish to keep the same Bintray access keys password while migrating to Artifactory, we suggest to create Artifactory users, giving them the same id and password as your Bintray access keys. Please note that user id length in Artifactory is limited to 128 characters (please refer to the previous section).


Step 3: Copying Artifacts and Package Attributes

Package attributes are user-defined attributes of a package in addition to the default version metadata fields. User-defined means that you can set the name of field of data itself (the category), not just assign a value to it.

To add or edit package attributes, click the Custom Attributes List link on the left navigation bar. In the Attributes List form, to add a new attribute, simply click the Add to change the value of an existing attribute (you cannot change the name of an attribute o

Copying your Bintray Artifacts to Artifactory

You can migrate Package attributes using one of these methods:

Migrating Package Attributes in the JFrog Platform Web UI
  1. Get a list of attributes for each package in the Repository:
    1. Log in to https://www.bintray.com.
    2. Navigate to the repository containing the package and click the Custom Attributes link on the left navigation bar.   

  2. To create a new property set, go to Administration | Artifactory | General | Property Sets and click New.

Migrating Package Attributes Using the JFrog REST APIs
  1. Run the  Get Packages REST API command to retrieve the package properties. 
  2. Run the Set Item Properties Rest API command to copy the package properties to the target packages.
Migrating Package Attributes Using the JFrog CLI
  1. Run the Getting Version Details CLI command to retrieve the package properties. 
  2. Run the Setting Properties on Files CLI command to copy the package properties to the target packages.

Step 4: Start Using the Artifactory API and CLI

You need to migrate your automation based on the the Bintray API to using the Artifactory REST API and the JFrog CLI. To view a list of commands, see Migrating to the JFrog Artifactory API and CLI.

Step 5: Signing URLS 

Signed URLs created in Bintray will no longer work post the migration requiring you to recreate your signed URLs in Artifactory.

Artifactory supports using signed URLs. Users with administrator or manage permission can generate a signed URL that provides temporary shared access to a specific artifact, using the Create signed URL REST API. In addition, administrators can replace the key for signing and validating signed URLs, invalidating any signed URLs previously created.

When users invoke a signed URL, Artifactory checks if the URL is valid and has not expired. If it is valid, the user will gain access to the artifact.

If the signed URL has expired, Artifactory will reject the download request.

Supported Signed URL API Commands

Create signed URL

Description: Generates a signed url for the provided repository path, providing temporary access to download artifacts. User may provide expiry or valid_for_secs optional parameter. With a maximum timeframe of one year (365 days). Default expiry is 24 hours.
Since: Artifactory 7.4.0
Security: Requires a privileged user (admin or manage permission type)
Usage: POST /artifactory/api/signed/url
Produces: application/json (the string with the signed URL)
Sample Usage:

curl -X POST "http://localhost:8080/artifactory/api/signed/url" -H "Content-Type: application/json" -uadmin:<your_password> -d '{ "repo_path": "/example-repo-local/1.txt", "valid_for_secs":10000 }'
 
201 (Success)
repo_path

Full path to the artifact.

valid_for_secs
Number of seconds since generation before the URL expires.
expiry
An expiry date for the URL after which the URL will be invalid, expiry value is in Unix epoch time in milliseconds.

Example Download resource using the signed URL:

curl "http://localhost:8080/artifactory/example-repo-local/1.java?sig=eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJlbGlnIiwic3VtIjoiY2QwZjRiMGY4ODQ0Y2VjN2M2OWI2NWI4ZTA4NTVjNmE0ZDgzMDE1OTE0NDEwN2E5YTczOThlNWM5MDY3MTBiNyIsImV4cCI6MTU0NzM5MTgyNiwiaWF0IjoxNTQ3MzgxODI2fQ.PLCBySll85H9fOAtxabrMBbCZ2lBTcJmYORWxXS6Mmw"

Replace signed URL key

Description: Replaces the key for signing and validating signed URLs. This will invalidate any signed URLs previously created.
Since:  Artifactory 7.4.0
Security: Requires a privileged user (admin)
Usage: POST /artifactory/api/signed/url/key
Sample Usage:

curl -X POST "http://localhost:8080/artifactory/api/signed/url/key"
 
201 (Success)



Step 6: Restricting Geolocations (Whitelisting Countries) in MyJFrog

In my MyJFrog, you can choose how to manage the Geolocation restrictions according to the following options:

  • Blocking specific countries
  • Allowing only specific countries