Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-67988

Cannot iterate on credentials per folder/Multibranch

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • job-dsl-plugin
    • None

      The Jenkins Infrastructure manages a set of Jenkins controllers in configuration as code using JCasc + Job-DSL (Either through Helm values in Kubernetes or Puppet templates in VMs).

      Our credentials are managed at instance level for now, and we would want to move most of these credentials at folder/multibranch/gh-org. level to improve the safety (e.g. not allowing jobs to see each other credentials).

      From https://github.com/jenkinsci/configuration-as-code-plugin/issues/782#issuecomment-494406090 + the Job-DSL wiki, we learnt that Job-DSL allows to define credentiuals scoped to folder: \O/.

      However we are stuck as soon as we want to define a list of credentials for each of our folders and we need help to ensure that it is possible (or not).

      I've tried to simplify to the most minimalistic code snippet below:

      [
        [
          name: 'Docker OpenVPN', repository: 'docker-openvpn', credentials: [
            usernamePasswordCredentialsImpl {
              scope("GLOBAL")
              id("dockerhub-credential")
              description("DockerHub Credential")
              username("janedoe")
              password("SuperSecretInClearWhatCouldGoRight?")
            }
          ],
        ],
      ].each { config ->
        multibranchPipelineJob(config.repository) {
          displayName config.name
          properties {
            folderCredentialsProperty {
              domainCredentials {
                domainCredentials {
                  domain {
                    name("cred-" + config.name)
                    description("Credentials for " + config.name)
                  }
                  credentials {
                    config.credentials.each { cred -> cred }
                  }
                }
              }
            }
          }
        }
      }
      

      While the iteration on the jobs works, whatever "technique" we use for the credential iteration always ends up with an error like:

      ```
      groovy.lang.MissingMethodException: No signature of method: script.usernamePasswordCredentialsImpl() is applicable for argument types: (script$_run_closure1) values: [script$_run_closure1@6e89dcd6]
      ```

      Tried the followings without any success (keep having the same error):

      It feels like that the value provided by the iteration inside the "credentials{}" block is treated as a method; but this is not clear for non groovy experts alas.

      Is it technically possible to do that, or shall we move to using a templating engine? Did we miss something important?

      Thanks a lot

            Unassigned Unassigned
            dduportal Damien Duportal
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: