The Jenkins Infrastructure manages a set of Jenkins controllers in configuration as code using JCasc + Job-DSL (Either through Helm values in Kubernetes or Puppet templates in VMs).

Our credentials are managed at instance level for now, and we would want to move most of these credentials at folder/multibranch/gh-org. level to improve the safety (e.g. not allowing jobs to see each other credentials).

From https://github.com/jenkinsci/configuration-as-code-plugin/issues/782#issuecomment-494406090 + the Job-DSL wiki, we learnt that Job-DSL allows to define credentiuals scoped to folder: \O/.

However we are stuck as soon as we want to define a list of credentials for each of our folders and we need help to ensure that it is possible (or not).

I've tried to simplify to the most minimalistic code snippet below:

[
  [
    name: 'Docker OpenVPN', repository: 'docker-openvpn', credentials: [
      usernamePasswordCredentialsImpl {
        scope("GLOBAL")
        id("dockerhub-credential")
        description("DockerHub Credential")
        username("janedoe")
        password("SuperSecretInClearWhatCouldGoRight?")
      }
    ],
  ],
].each { config ->
  multibranchPipelineJob(config.repository) {
    displayName config.name
    properties {
      folderCredentialsProperty {
        domainCredentials {
          domainCredentials {
            domain {
              name("cred-" + config.name)
              description("Credentials for " + config.name)
            }
            credentials {
              config.credentials.each { cred -> cred }
            }
          }
        }
      }
    }
  }
}

While the iteration on the jobs works, whatever "technique" we use for the credential iteration always ends up with an error like:

```
groovy.lang.MissingMethodException: No signature of method: script.usernamePasswordCredentialsImpl() is applicable for argument types: (script$_run_closure1) values: [script$_run_closure1@6e89dcd6]
```

Tried the followings without any success (keep having the same error):

• Using `usernamePassword` instead of the `usernamePasswordCredentialsImpl` as per the symbol annotation at https://github.com/jenkinsci/credentials-plugin/blob/master/src%2Fmain%2Fjava%2Fcom%2Fcloudbees%2Fplugins%2Fcredentials%2Fimpl%2FUsernamePasswordCredentialsImpl.java#L112
• Using a "for" loop instead of ".Each" iterator as per https://github.com/jenkinsci/job-dsl-plugin/wiki/Frequently-Asked-Questions#why-does-a-method-defined-in-an-outer-scope-takes-precedence-of-a-method-defined-in-an-inner-scope
• Calling "delegate.cred" in the iterator's block (as per https://github.com/jenkinsci/job-dsl-plugin/wiki/Frequently-Asked-Questions#why-does-a-method-defined-in-an-outer-scope-takes-precedence-of-a-method-defined-in-an-inner-scope)

It feels like that the value provided by the iteration inside the "credentials{}" block is treated as a method; but this is not clear for non groovy experts alas.

Is it technically possible to do that, or shall we move to using a templating engine? Did we miss something important?

Thanks a lot