Allow secrets references within config repos that dont share a material with any pipeline#13232
Merged
chadlwilson merged 2 commits intogocd:masterfrom Nov 3, 2024
Merged
Conversation
This allows resolution to work for materials in config repos that aren't used elsewhere by pipelines.
chadlwilson
changed the title
Clarifies that some materials are used only by configuration repos, not pipelines. Also logs a single line at info level so anything complete unexpected can be checked after the fact. Currently the root causes can be swallowed if the exception has no message.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Per the discussion at https://groups.google.com/g/go-cd/c/JlzHTa-Vy_0/m/EvpRpsofBwAJ secrets resolution fails within the
passwordof a config repo material which it is not used by any pipelines.If you add a single pipeline that uses the material it works, so this change makes things consistent, and improves the error messages somewhat.
There is a separate question about whether config repos should be able to refer to arbitrary secrets, however it is still an admin function to manage such repos so this should be relatively safe.
Separately, its noted that "test connection" for pipeline materials resolves secrets but does not attempt to validate whether a Pipeline should be allowed to use that secret, as should happen at runtime - however that is not addressed here.