Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CredentialsPlugin should support more than username/password credentials #214

Closed
kmanning opened this issue Apr 8, 2020 · 3 comments · Fixed by #403
Closed

CredentialsPlugin should support more than username/password credentials #214

kmanning opened this issue Apr 8, 2020 · 3 comments · Fixed by #403
Labels
enhancement New feature or request
Milestone
v5.18

Comments

@kmanning
Copy link
Collaborator

kmanning commented Apr 8, 2020

@kmanning
Copy link
Collaborator Author

kmanning commented Apr 8, 2020

From @dkolb :

Overview

Currently Credentials Plugin only supports the build stage and Username/Password credentail types.

The current use case I have requires mapping credentials onto TF_VAR_blah environment variables in the environment stages. Furthermore, some of these credentials are of the string() type of DSL call. Finally, some of these credentials differ between individual environment stage.

Current Workarounds

Currently I'm moving to decorating each stage directly in the Jenkinsfile for now.

def validate   = new TerraformValidateStage()
def deployDev  = new TerraformEnvironmentStage('dev')

deployDev.decorate(TerraformEnvironmentStage.ALL, { closure ->
  withCredentials([
    usernamePassword(
      credentialsId: 'some-user'
      usernameVariable: 'TF_VAR_some_user',
      passwordVariable: 'TF_VAR_some_passord'
    ),
    string(
      credentialsId: 'some-secret',
      variable: 'TF_VAR_some_secret'
    )
  ]) {
    closure()
  }
})

validate
  .then(deployDev)
  .build()

@kmanning kmanning added the enhancement New feature or request label Jul 31, 2020
@kmanning
Copy link
Collaborator Author

kmanning commented Aug 26, 2021
edited
Loading

CredentialsPlugin currently offers

CredentialsPlugin.withBuildCredentials('my-credentials').init()

That's way too specific, and does not indicate that it's using username/password credentials. Part of what makes this complicated is that Jenkinsfile uses specific DSL to generate binding configuration.

Seems like there are 2 options:

  1. Offer binding-specific methods
  2. Offer a binding method

Both options could be provided, without conflicting. Either way, the existing withBuildCredentials should probably be deprecated and replaced.

To sketch out what option 2 could look like:

CredentialsPlugin.withBinding {
        usernamePassword(
            credentialsId: 'some-user'
            usernameVariable: 'TF_VAR_some_user',
            passwordVariable: 'TF_VAR_some_password'
        )
    }.init()

^-- that would be the equivalent of:

...
  withCredentials([
    usernamePassword(
      credentialsId: 'some-user'
      usernameVariable: 'TF_VAR_some_user',
      passwordVariable: 'TF_VAR_some_passord'
    )] {
        ... // your pipeline
  }
...

We could make the method cumulative. So using your example above:

CredentialsPlugin.withBinding {
        usernamePassword(
            credentialsId: 'some-user'
            usernameVariable: 'TF_VAR_some_user',
            passwordVariable: 'TF_VAR_some_password'
        ) 
    }.withBinding {
        string(
            credentialsId: 'some-secret',
            variable: 'TF_VAR_some_secret'
        )
    }.init()

^--- that would produce the equivalent:

...
  withCredentials([
    usernamePassword(
      credentialsId: 'some-user'
      usernameVariable: 'TF_VAR_some_user',
      passwordVariable: 'TF_VAR_some_passord'
    ),
    string(
      credentialsId: 'some-secret',
      variable: 'TF_VAR_some_secret'
    )
  ]) {
       .... // your pipeline
  }
...

@kmanning kmanning linked a pull request Aug 27, 2021 that will close this issue
Issue 214: CredentialsPlugin - support more than username/password #403
Merged
6 tasks
@kmanning kmanning mentioned this issue Aug 27, 2021
Open
@kmanning
Copy link
Collaborator Author

Let's deprecate withBuildCredentials as part of this issue.
Then remove withBuildCredentials in the next major release - Issue #404

@vincentclee vincentclee added this to the v5.18 milestone Mar 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
v5.18
Development

Successfully merging a pull request may close this issue.

Issue 214: CredentialsPlugin - support more than username/password kmanning/terraform-pipeline
2 participants
@kmanning @vincentclee