sync OpenShift Secrets to Jenkins Credentials #131
Assignees
Comments
jstrachan
added a commit
to fabric8io/jenkins-sync-plugin
that referenced
this issue
Apr 12, 2017
|
there's a branch with this fix here https://github.com/fabric8io/jenkins-sync-plugin/tree/job-to-bc we need to do a bit of rebasing before we can push these changes; will try get to that by mid-May... |
|
@csrwng does this overlap w/ what you were trying to do w/ your controller? |
|
It does overlap... you can see my simple python-based controller here: https://github.com/openshift/release/tree/master/jenkins/controllers/secrets |
|
per our discussion yesterday, we were thinking about doing this in the jenkins image itself rather than via the sync plugin (thus keeping the sync plugin purely focused on buildconfig/pipeline execution). But admittedly we hadn't sorted out exactly how we were going to do that (something watching the jenkins filesystem for mounted secrets (and updates to those secrets) and injecting it into the jenkins config, basically). |
|
@oatmealraisin /cc |
|
we're tracking this in trello now: |
gabemontero
pushed a commit
that referenced
this issue
Oct 12, 2017
* 1. lets allow jobs to be syncd to new BCs if the job name matches a configured jobNamePattern
2. handle creating a new BC if BuildConfigProjectProperty is null
3. lets handle creating new BCs better; updating the UUID if its not preset on the property and only inserting/updating valid pipeline jobs with a jenkinsfile/path
4. add test dependencies for running the github org plugin
5. lets handle ItemGroup to find nested WorkflowJobs inside multi-branch jobs
6. if this is a multi branch workflow project then by default we only look for files that match Jenkinsfile so no need to set optional BC value
7. lets use safe names for the generated BuildConfig names
8. fixes creating BuildConfigs from multibranch jobs and ensuring that the generated BuildConfigs don't generate new Jobs via the BuildWatcher
9.lets try avoid the github organisation prefix and the master branch suffix by default for the generated BuildConfig names
10. refactor to use a constants class for annotations; fixed up name versus fullPath logic and allow BCs to be annotated to avoid creating a linked jenkins job
11. lets support using a folder for each namespace so that BuildConfigs created via openshift look nice and clean inside Jenkins
12. address findbug issues
13. ets add support for ${FOO} environment variable expressions for the namespace to watch
14. fixes #131 to support the syncing of Secrets -> Jenkins Credentials
15. lets annotate the Build with pending input JSON so consoles can do the Proceed/Abort stuff if they want
16. added a Build annotation for the namespace jenkins is running inside
* Resolving code reviews from @gabemontero
1. changed getOpenShiftClient() -> getAuthenticatedOpenShiftClient were suggested
2. changed the annotation name from DISABLE_SYNC_CREATE_ON -> DISABLE_SYNC_CREATE
3. Added a comment for the need of getPendingActionsJson method
* Resolve conflicts
* fixed reviews from @bparees
* formatting in eclipse style
* 1.fixing review from @bparees
2.missing eclipse style formatting
gabemontero
pushed a commit
to jenkinsci/openshift-sync-plugin
that referenced
this issue
Nov 20, 2017
* 1. lets allow jobs to be syncd to new BCs if the job name matches a configured jobNamePattern
2. handle creating a new BC if BuildConfigProjectProperty is null
3. lets handle creating new BCs better; updating the UUID if its not preset on the property and only inserting/updating valid pipeline jobs with a jenkinsfile/path
4. add test dependencies for running the github org plugin
5. lets handle ItemGroup to find nested WorkflowJobs inside multi-branch jobs
6. if this is a multi branch workflow project then by default we only look for files that match Jenkinsfile so no need to set optional BC value
7. lets use safe names for the generated BuildConfig names
8. fixes creating BuildConfigs from multibranch jobs and ensuring that the generated BuildConfigs don't generate new Jobs via the BuildWatcher
9.lets try avoid the github organisation prefix and the master branch suffix by default for the generated BuildConfig names
10. refactor to use a constants class for annotations; fixed up name versus fullPath logic and allow BCs to be annotated to avoid creating a linked jenkins job
11. lets support using a folder for each namespace so that BuildConfigs created via openshift look nice and clean inside Jenkins
12. address findbug issues
13. ets add support for ${FOO} environment variable expressions for the namespace to watch
14. fixes openshift#131 to support the syncing of Secrets -> Jenkins Credentials
15. lets annotate the Build with pending input JSON so consoles can do the Proceed/Abort stuff if they want
16. added a Build annotation for the namespace jenkins is running inside
* Resolving code reviews from @gabemontero
1. changed getOpenShiftClient() -> getAuthenticatedOpenShiftClient were suggested
2. changed the annotation name from DISABLE_SYNC_CREATE_ON -> DISABLE_SYNC_CREATE
3. Added a comment for the need of getPendingActionsJson method
* Resolve conflicts
* fixed reviews from @bparees
* formatting in eclipse style
* 1.fixing review from @bparees
2.missing eclipse style formatting
waveywaves
pushed a commit
to waveywaves/jenkins-sync-plugin
that referenced
this issue
Oct 30, 2019
allow nss to configure for uid 1001
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
right now the sync plugin syncs
Source SecretsinsideBuildConfigsto JenkinsCredentialswhich is great; but it would be nice to support other Secrets too. Such as git credentials when using github organisation folder plugin.So lets also add a watcher of
Secretswith labeljenkins = syncand all secrets in the sync namespace should create/update a suitable Credential in Jenkins.PR on its way soon...
The text was updated successfully, but these errors were encountered: