Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Folders support for credentials #161

Open
maqzee-git opened this issue Dec 20, 2021 · 6 comments
Open

Folders support for credentials #161

maqzee-git opened this issue Dec 20, 2021 · 6 comments
Labels
enhancement New feature or request

Comments

@maqzee-git
Copy link

Description

  • Within documentation I can see how to add different types of credentials but I don't see how to restrict a credential to a folder, is it possible to do that with this plugin ?
@maqzee-git maqzee-git added the bug Something isn't working label Dec 20, 2021
@chriskilding chriskilding added enhancement New feature or request and removed bug Something isn't working labels Dec 21, 2021
@chriskilding
Copy link
Contributor

Hi, folder support is a feature that has not been implemented in the plugin so far. However, off the top of my head, it could potentially be implemented. Perhaps with a new tag on the Secrets Manager secret which says which folder to restrict it to.

@chriskilding chriskilding changed the title How to add credential restricted to a folder Folders support for credentials Dec 21, 2021
@maqzee-git
Copy link
Author

Thanks for the update chris - do you know how long would it take to include this feature ?

@chriskilding
Copy link
Contributor

@maqzee-git after several attempts at different approaches to multi-tenancy, multi-environment, and folders support, I've finally got an approach which should work with and support all of those...

Basically I'm implementing folders support for the credentials provider (using the OSS Cloudbees Folders Plugin) downstream in a new plugin, https://github.com/chriskilding/aws-secrets-manager-credentials-provider-folders-plugin

The idea is this will behave very similarly to the main plugin (supports all the same credential types, and configuration properties), with 2 differences:

  • The plugin is configured at the folder level (on the Cloudbees Folder object's properties), not the global level
  • Credentials from the extension plugin are scoped to the folder-level (i.e. only visible in the relevant folder and its subfolders)

In future, you'll be able to use this plugin and the extension plugin in 3 different ways:

  • Together: This means you'll get both global credentials from this plugin, and folder-scoped credentials from the extension
  • Just global credentials: Use just this plugin like you do today, and you'll only get global-scoped credentials
  • Just folder credentials: Use only the extension plugin (which will be decoupled from this plugin in the future), and you will only get folder-scoped credentials

I'm looking for initial feedback on a super early stage version of it, so if you (or anyone watching this issue) would like to alpha test it and provide feedback, please head over to chriskilding/aws-secrets-manager-credentials-provider-folders-plugin#1 and indicate your interest :)

@chriskilding chriskilding mentioned this issue Feb 17, 2023
Closed
@chriskilding
Copy link
Contributor

Looping in @edwardprzeniczny @NoamGoren @tuxy85 @alandevine

@Laakso
Copy link

Laakso commented Apr 19, 2024
edited
Loading

I just stumbled upon this. Is there any development going on anymore on this? We would benefit of this feature on our multi-tenant Jenkins instance. @chriskilding

@dave505
Copy link

dave505 commented Jul 31, 2024

We also really need this feature, are there any plans to roll this out? @chriskilding

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@chriskilding @Laakso @maqzee-git @dave505