Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[JENKINS-59109] Bind triggering user's credentials #210

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

[JENKINS-59109] Bind triggering user's credentials #210

wants to merge 3 commits into from

Conversation

sbgertp
Copy link

@sbgertp sbgertp commented May 19, 2021

@sbgertp
[JENKINS-59109] Add failing test
a8b2d7b
@sbgertp
[JENKINS-59109] Bind triggering user's credentials
5066aa3 
Use CredentialsProvider.triggeredBy to handle case when cause is UpstreamCause chain ending in UserIdCause
jvz
jvz reviewed May 19, 2021
View reviewed changes
Copy link
Member

@jvz jvz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not exactly what I had in mind originally, but this might work. I'll take a closer look at this later in the week. In the meantime, maybe @jglick has any feedback?

jglick
jglick reviewed May 19, 2021
View reviewed changes
Copy link
Member

@jglick jglick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do not understand at a conceptual level how user-scoped credentials are supposed to work, so I cannot comment on whether this is “right”. IIUC the effective change here is that UserIdCause is being considered not just on the “current” build but also on its transitive upstreams?

src/main/java/com/cloudbees/plugins/credentials/CredentialsProvider.java Show resolved Hide resolved
@jvz
Copy link
Member

jvz commented May 19, 2021

Yeah I think this might be backwards. I'd expect a build with a build step to bind its credential parameter bindings to the invoked build.

@sbgertp
Copy link
Author

sbgertp commented May 20, 2021

Yeah I think this might be backwards. I'd expect a build with a build step to bind its credential parameter bindings to the invoked build.

I agree that the binding should happen at the call site of the upstream build creating the downstream one. But changing the architecture for me is a bit much, so I framed this as a bug of the current implementation - it already performs deferred binding of credentials if directly started by the user, it was just missing the case when started by the user as part of a causal chain.

@sbgertp @jglick
Update src/main/java/com/cloudbees/plugins/credentials/CredentialsPro…
3bc0a2e 
…vider.java

Co-authored-by: Jesse Glick <jglick@cloudbees.com>
@jvz
Copy link
Member

jvz commented May 20, 2021

Oh that's interesting! Let me verify this works equivalently to what I had in mind before I can merge this. Should be within the next few days.

@jglick jglick mentioned this pull request Jan 18, 2022
Open
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jvz jvz jvz left review comments

@jglick jglick jglick left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sbgertp @jvz @jglick