-
New Feature
-
Resolution: Unresolved
-
Minor
-
None
User Story
As an admin of Jenkins, I would like the flexibility to restrict how credentials are accessed based on the class type of the caller requesting the credential so that I can flexibly restrict credentials without the need to add new scopes.
Acceptance Criteria
- Verify that arbitrary classes can be selected for restricting. (e.g. hudson.model.Item)
Additional Information
This will likely require at least 3 new classes (I'm not completely sure):
- ClassnameSpecification extending from DomainSpecification.java
- ClassnameRequirement extending from DomainRequirement.java
- Perhaps a ClassnameMatcher which implements CredentialsMatcher.java (I'm really not sure about this)
I would like the configuration of the DomainSpecification to be similar to how the job restrictions plugin allows configuration of restricting by class. See the following screenshot:
Removing myself as assignee. My current work assignments do not provide sufficient bandwidth to review these issues and in the majority of cases I am only assigned by virtue of being the default assignee. For the credentials-api and scm-api related plugins I have permission to allocate time reviewing changes to these APIs themselves to ensure these APIs remain cohesive, but that can be handled through PR reviews rather than assigning issues in JIRA