Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

More cleanly contextualize secrets #21

Open
jglick opened this issue Mar 23, 2022 · 0 comments
Open

More cleanly contextualize secrets #21

jglick opened this issue Mar 23, 2022 · 0 comments

Comments

@jglick
Copy link
Member

jglick commented Mar 23, 2022

In order to generate a proper JWT

conjur-credentials-plugin/src/main/java/org/conjur/jenkins/jwtauth/impl/JwtToken.java

Lines 131 to 133 in 86da1cc

if (contextObject instanceof Run) {
Run run = (Run) contextObject;
jwtToken.claim.put("jenkins_build_number", run.getNumber());
this plugin needs to do some tricks.

conjur-credentials-plugin/src/main/java/org/conjur/jenkins/credentials/ConjurCredentialProvider.java

Lines 56 to 57 in 86da1cc

public <C extends Credentials> List<C> getCredentials(@Nonnull Class<C> type,
@Nonnull Item item,
almost has enough information, but not quite; CredentialsProvider.findCredentialById passes a Job but not a Run to an implementation.

conjur-credentials-plugin/src/main/java/org/conjur/jenkins/conjursecrets/ConjurSecretCredentialsBinding.java

Lines 61 to 62 in 86da1cc

ConjurSecretCredentials conjurSecretCredential = getCredentials(build);
conjurSecretCredential.setContext(build);
abuses the credentials-binding plugin for this purpose, but that will not work in all cases. I am hoping jenkinsci/credentials-plugin#293 will allow this to be solved cleanly.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jglick