/origin

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

You should be able to specify secrets for builds with jenkinsPipelineStrategy #11479

Closed
tnozicka opened this Issue Oct 21, 2016 · 3 comments

Comments

Assignees

@bparees bparees

Labels
Projects
None yet
Milestone
No milestone
3 participants
@tnozicka @bparees @danmcp
@tnozicka
Contributor

tnozicka commented Oct 21, 2016

You should be able to specify secrets for builds with jenkinsPipelineStrategy same way as environment variables.

This seems to be essential when trying to do cross-cluster deployments; you need to inject secrets to your pipeline - like token for authentication to remote cluster.

@bparees

@danmcp danmcp added kind/enhancement priority/P2 component/build labels Oct 21, 2016

@danmcp danmcp assigned bparees Oct 21, 2016

@bparees

This comment has been minimized.

Show comment
Hide comment
@bparees

bparees Oct 21, 2016

Contributor

trello'd https://trello.com/c/SHuzb0cL
Contributor

bparees commented Oct 21, 2016

trello'd https://trello.com/c/SHuzb0cL

@bparees bparees closed this Oct 21, 2016

@bparees

This comment has been minimized.

Show comment
Hide comment
@bparees

bparees Dec 5, 2016

Contributor

@tnozicka we discussed this card today and it seems like you can work around this by using oc commands within your Jenkinsfile to grab the secrets you need, true?
Contributor

bparees commented Dec 5, 2016

@tnozicka we discussed this card today and it seems like you can work around this by using oc commands within your Jenkinsfile to grab the secrets you need, true?
@tnozicka

This comment has been minimized.

Show comment
Hide comment
@tnozicka

tnozicka Dec 6, 2016

Contributor

@bparees I think you are right with the workaround.

You can still do a bit more by having a proper support for secrets like:

  • Switch between them without modifying the Jenkinsfile (which you may not have under your control in case of integration solutions using OpenShift API)
  • Modifications require committing code (Jenkinsfile) to development repository
  • Say administrator wants to try to switch the pipeline to use different secrets (configuration) and he has to delete/rename/change the existing secret that may be also referenced by other pipelines or objects because it can be only controlled by editing the name in Jenkinsfile which requires committing code to the development repository.
    Sure you could hack it once more by wrapping all secrets by environment variable, but that's gonna get nasty.
    Modifying pipeline BC, changing secret's name and keeping the same destinationDir seem much easier.
  • Regular builds supports specifying build secrets AFAIK

I would consider this nice to have, but not critical.
Contributor

tnozicka commented Dec 6, 2016

@bparees I think you are right with the workaround.

You can still do a bit more by having a proper support for secrets like:

  • Switch between them without modifying the Jenkinsfile (which you may not have under your control in case of integration solutions using OpenShift API)
  • Modifications require committing code (Jenkinsfile) to development repository
  • Say administrator wants to try to switch the pipeline to use different secrets (configuration) and he has to delete/rename/change the existing secret that may be also referenced by other pipelines or objects because it can be only controlled by editing the name in Jenkinsfile which requires committing code to the development repository.
    Sure you could hack it once more by wrapping all secrets by environment variable, but that's gonna get nasty.
    Modifying pipeline BC, changing secret's name and keeping the same destinationDir seem much easier.
  • Regular builds supports specifying build secrets AFAIK

I would consider this nice to have, but not critical.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment