Skip to content

[JENKINS-59109] Bind triggering user's credentials#210

Open
sbgertp wants to merge 3 commits into
jenkinsci:masterfrom
sbgertp:bugfix/JENKINS-59109
Open

[JENKINS-59109] Bind triggering user's credentials#210
sbgertp wants to merge 3 commits into
jenkinsci:masterfrom
sbgertp:bugfix/JENKINS-59109

Conversation

@sbgertp

@sbgertp sbgertp commented May 19, 2021

Copy link
Copy Markdown

sbgertp added 2 commits May 19, 2021 14:09
@sbgertp
[JENKINS-59109] Add failing test
a8b2d7b
@sbgertp
[JENKINS-59109] Bind triggering user's credentials
5066aa3 
Use CredentialsProvider.triggeredBy to handle case when cause is UpstreamCause chain ending in UserIdCause
jvz
jvz reviewed May 19, 2021
View reviewed changes

@jvz jvz left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not exactly what I had in mind originally, but this might work. I'll take a closer look at this later in the week. In the meantime, maybe @jglick has any feedback?

jglick
jglick reviewed May 19, 2021
View reviewed changes

@jglick jglick left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do not understand at a conceptual level how user-scoped credentials are supposed to work, so I cannot comment on whether this is “right”. IIUC the effective change here is that UserIdCause is being considered not just on the “current” build but also on its transitive upstreams?

Comment thread src/main/java/com/cloudbees/plugins/credentials/CredentialsProvider.java
@jvz

jvz commented May 19, 2021

Copy link
Copy Markdown
Member

Yeah I think this might be backwards. I'd expect a build with a build step to bind its credential parameter bindings to the invoked build.

@sbgertp

sbgertp commented May 20, 2021

Copy link
Copy Markdown
Author

Yeah I think this might be backwards. I'd expect a build with a build step to bind its credential parameter bindings to the invoked build.

I agree that the binding should happen at the call site of the upstream build creating the downstream one. But changing the architecture for me is a bit much, so I framed this as a bug of the current implementation - it already performs deferred binding of credentials if directly started by the user, it was just missing the case when started by the user as part of a causal chain.

@sbgertp @jglick
Update src/main/java/com/cloudbees/plugins/credentials/CredentialsPro…
3bc0a2e 
…vider.java

Co-authored-by: Jesse Glick <jglick@cloudbees.com>
@jvz

jvz commented May 20, 2021

Copy link
Copy Markdown
Member

Oh that's interesting! Let me verify this works equivalently to what I had in mind before I can merge this. Should be within the next few days.

@jglick jglick mentioned this pull request Jan 18, 2022
Closed
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jglick jglick jglick left review comments

@jvz jvz jvz left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sbgertp @jvz @jglick