Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-50298

Use p4trust file if credential's Trust fingerprint is blank

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Major Major
    • p4-plugin

      If the credential's Trust field is blank, just use the fingerprint from the p4trust file.

      This means any node using this credential must have a P4TRUST file that already trusts the server.

          [JENKINS-50298] Use p4trust file if credential's Trust fingerprint is blank

          Igor Milos added a comment - - edited

          We deploy a p4 trust file on all our servers, including Jenkins slaves, and we export the variable P4TRUST to point to it.

          We would like p4-plugin in Jenkins to use this set up (the P4TRUST and the file) when we try to configure an SSL connection.

          However, this doesn't work - we get a fingerprint error. The only way to make p4-plugin establish an SSL connection, which is not really usable at scale, is to unset the P4TRUST variable and enter the fingerprint manually in the configuration. This approach based on manual input does not scale for us as we have more than 20 Jenkins master servers to maintain and would require an undesirable exception in our deployment process. The risk is that if the fingerprint changes a manual procedure does not guarantee that all of the Masters will be updated, causing connection failures.

          We are therefore at this stage unable to use SSL connections effectively from p4-plugin, which runs contrary to our companies internal Security policies.

          This is a major issue in our adoption of Jenkins / Perforce CI pipeline.

          Igor Milos added a comment - - edited We deploy a p4 trust file on all our servers, including Jenkins slaves, and we export the variable P4TRUST to point to it. We would like p4-plugin in Jenkins to use this set up (the P4TRUST and the file) when we try to configure an SSL connection. However, this doesn't work - we get a fingerprint error. The only way to make p4-plugin establish an SSL connection, which is not really usable at scale, is to unset the P4TRUST variable and enter the fingerprint manually in the configuration. This approach based on manual input does not scale for us as we have more than 20 Jenkins master servers to maintain and would require an undesirable exception in our deployment process. The risk is that if the fingerprint changes a manual procedure does not guarantee that all of the Masters will be updated, causing connection failures. We are therefore at this stage unable to use SSL connections effectively from p4-plugin, which runs contrary to our companies internal Security policies. This is a major issue in our adoption of Jenkins / Perforce CI pipeline.

          Igor Milos added a comment -

          Hello, is this fixing this issue going to be put in the road map?

          Igor Milos added a comment - Hello, is this fixing this issue going to be put in the road map?

            Unassigned Unassigned
            joel_brown Joel Brown
            Votes:
            2 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: