aws-secrets-manager-credentials-provider-plugin icon indicating copy to clipboard operation
aws-secrets-manager-credentials-provider-plugin copied to clipboard

Published 20 hours ago verified publisher icon jenkinsci

Folders support for credentials

Open maqzee-git opened this issue 3 years ago • 6 comments
trafficstars

Description

  • Within documentation I can see how to add different types of credentials but I don't see how to restrict a credential to a folder, is it possible to do that with this plugin ?

maqzee-git avatar Dec 20 '21 10:12 maqzee-git

Hi, folder support is a feature that has not been implemented in the plugin so far. However, off the top of my head, it could potentially be implemented. Perhaps with a new tag on the Secrets Manager secret which says which folder to restrict it to.

chriskilding avatar Dec 21 '21 14:12 chriskilding

Thanks for the update chris - do you know how long would it take to include this feature ?

maqzee-git avatar Dec 22 '21 04:12 maqzee-git

@maqzee-git after several attempts at different approaches to multi-tenancy, multi-environment, and folders support, I've finally got an approach which should work with and support all of those...

Basically I'm implementing folders support for the credentials provider (using the OSS Cloudbees Folders Plugin) downstream in a new plugin, https://github.com/chriskilding/aws-secrets-manager-credentials-provider-folders-plugin

The idea is this will behave very similarly to the main plugin (supports all the same credential types, and configuration properties), with 2 differences:

  • The plugin is configured at the folder level (on the Cloudbees Folder object's properties), not the global level
  • Credentials from the extension plugin are scoped to the folder-level (i.e. only visible in the relevant folder and its subfolders)

In future, you'll be able to use this plugin and the extension plugin in 3 different ways:

  • Together: This means you'll get both global credentials from this plugin, and folder-scoped credentials from the extension
  • Just global credentials: Use just this plugin like you do today, and you'll only get global-scoped credentials
  • Just folder credentials: Use only the extension plugin (which will be decoupled from this plugin in the future), and you will only get folder-scoped credentials

I'm looking for initial feedback on a super early stage version of it, so if you (or anyone watching this issue) would like to alpha test it and provide feedback, please head over to https://github.com/chriskilding/aws-secrets-manager-credentials-provider-folders-plugin/pull/1 and indicate your interest :)

chriskilding avatar Feb 17 '23 11:02 chriskilding

Looping in @edwardprzeniczny @NoamGoren @tuxy85 @alandevine

chriskilding avatar Feb 17 '23 12:02 chriskilding

I just stumbled upon this. Is there any development going on anymore on this? We would benefit of this feature on our multi-tenant Jenkins instance. @chriskilding

Laakso avatar Apr 19 '24 13:04 Laakso