• Type: New Feature
• Resolution: Unresolved
• Priority: Minor
• Component/s: credentials-plugin
• Labels:

  None

1. 

   screenshot-job-restrictions-plugin-config.png

   164 kB

   2018-09-27 01:30

[JENKINS-53806] Class-based DomainSpecification filter for more flexibility of restricting credentials

Sam Gleske created issue - 2018-09-27 01:30

Sam Gleske made changes - 2018-09-27 01:30

Attachment

New: screenshot-job-restrictions-plugin-config.png [ 44608 ]

Sam Gleske made changes - 2018-09-27 01:30

Description

Original: h2. User Story As an admin of Jenkins, I would like the flexibility to restrict how credentials are accessed based on the class type of the caller requesting the credential so that I can flexibly restrict credentials without the need to add new scopes. h2. Acceptance Criteria * Verify that arbitrary classes can be selected for restricting. (e.g. hudson.model.Item) h2. Additional Information This will likely require at least 3 new classes (I'm not completely sure): * {{ClassnameSpecification}} extending from [DomainSpecification.java|https://github.com/jenkinsci/credentials-plugin/blob/master/src/main/java/com/cloudbees/plugins/credentials/domains/DomainSpecification.java] * {{ClassnameRequirement}} extending from [DomainRequirement.java|https://github.com/jenkinsci/credentials-plugin/blob/master/src/main/java/com/cloudbees/plugins/credentials/domains/DomainRequirement.java] * Perhaps a {{ClassnameMatcher}} which implements [CredentialsMatcher.java|https://github.com/jenkinsci/credentials-plugin/blob/master/src/main/java/com/cloudbees/plugins/credentials/CredentialsMatcher.java] (I'm really not sure about this) I would like the configuration of the DomainSpecification to be similar to how the job restrictions plugin allows configuration of restricting by class.

New: h2. User Story As an admin of Jenkins, I would like the flexibility to restrict how credentials are accessed based on the class type of the caller requesting the credential so that I can flexibly restrict credentials without the need to add new scopes. h2. Acceptance Criteria * Verify that arbitrary classes can be selected for restricting. (e.g. hudson.model.Item) h2. Additional Information This will likely require at least 3 new classes (I'm not completely sure): * {{ClassnameSpecification}} extending from [DomainSpecification.java|https://github.com/jenkinsci/credentials-plugin/blob/master/src/main/java/com/cloudbees/plugins/credentials/domains/DomainSpecification.java] * {{ClassnameRequirement}} extending from [DomainRequirement.java|https://github.com/jenkinsci/credentials-plugin/blob/master/src/main/java/com/cloudbees/plugins/credentials/domains/DomainRequirement.java] * Perhaps a {{ClassnameMatcher}} which implements [CredentialsMatcher.java|https://github.com/jenkinsci/credentials-plugin/blob/master/src/main/java/com/cloudbees/plugins/credentials/CredentialsMatcher.java] (I'm really not sure about this) I would like the configuration of the DomainSpecification to be similar to how the job restrictions plugin allows configuration of restricting by class. See the following screenshot:

Sam Gleske made changes - 2018-09-27 01:31

Description

Original: h2. User Story As an admin of Jenkins, I would like the flexibility to restrict how credentials are accessed based on the class type of the caller requesting the credential so that I can flexibly restrict credentials without the need to add new scopes. h2. Acceptance Criteria * Verify that arbitrary classes can be selected for restricting. (e.g. hudson.model.Item) h2. Additional Information This will likely require at least 3 new classes (I'm not completely sure): * {{ClassnameSpecification}} extending from [DomainSpecification.java|https://github.com/jenkinsci/credentials-plugin/blob/master/src/main/java/com/cloudbees/plugins/credentials/domains/DomainSpecification.java] * {{ClassnameRequirement}} extending from [DomainRequirement.java|https://github.com/jenkinsci/credentials-plugin/blob/master/src/main/java/com/cloudbees/plugins/credentials/domains/DomainRequirement.java] * Perhaps a {{ClassnameMatcher}} which implements [CredentialsMatcher.java|https://github.com/jenkinsci/credentials-plugin/blob/master/src/main/java/com/cloudbees/plugins/credentials/CredentialsMatcher.java] (I'm really not sure about this) I would like the configuration of the DomainSpecification to be similar to how the job restrictions plugin allows configuration of restricting by class. See the following screenshot:

New: h2. User Story As an admin of Jenkins, I would like the flexibility to restrict how credentials are accessed based on the class type of the caller requesting the credential so that I can flexibly restrict credentials without the need to add new scopes. h2. Acceptance Criteria * Verify that arbitrary classes can be selected for restricting. (e.g. hudson.model.Item) h2. Additional Information This will likely require at least 3 new classes (I'm not completely sure): * {{ClassnameSpecification}} extending from [DomainSpecification.java|https://github.com/jenkinsci/credentials-plugin/blob/master/src/main/java/com/cloudbees/plugins/credentials/domains/DomainSpecification.java] * {{ClassnameRequirement}} extending from [DomainRequirement.java|https://github.com/jenkinsci/credentials-plugin/blob/master/src/main/java/com/cloudbees/plugins/credentials/domains/DomainRequirement.java] * Perhaps a {{ClassnameMatcher}} which implements [CredentialsMatcher.java|https://github.com/jenkinsci/credentials-plugin/blob/master/src/main/java/com/cloudbees/plugins/credentials/CredentialsMatcher.java] (I'm really not sure about this) I would like the configuration of the DomainSpecification to be similar to how the job restrictions plugin allows configuration of restricting by class. See the following screenshot:  !screenshot-job-restrictions-plugin-config.png|thumbnail!

Sam Gleske made changes - 2018-09-27 01:31

Link

New: This issue is related to SECURITY-1175 [ SECURITY-1175 ]

Stephen Connolly made changes - 2018-10-31 09:59

Assignee

Original: Stephen Connolly [ stephenconnolly ]