Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-38827

Add Git support to track where a credential is used

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed (View Workflow)
    • Minor
    • Resolution: Fixed
    • git-plugin
    • None

    Description

      The credentials plug-in added support for tracking credentials usage, see JENKINS-20139. However the consumer plug-in needs an update to enable this. Please add support.

      Attachments

        Issue Links

          depends on

          New Feature - A new feature of the product, which has yet to be developed. JENKINS-20139 add support to track where a credential is used

          • Major - Major loss of function.
          • Closed
          is blocked by

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-44087 NPE after 'Track credentials of project's last build rather than project'

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            markewaite Mark Waite added a comment -

            Refer to PR490 for proposed changes to track credentials use by jobs.

            markewaite Mark Waite added a comment - Refer to PR490 for proposed changes to track credentials use by jobs.
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Mark Waite
            Path:
            src/main/java/hudson/plugins/git/GitSCM.java
            src/main/java/hudson/plugins/git/UserRemoteConfig.java
            src/main/java/jenkins/plugins/git/GitSCMFileSystem.java
            http://jenkins-ci.org/commit/git-plugin/79e610c18716c7cdd5287d90f20eac56a6033b56
            Log:
            JENKINS-38827 Track credentials use in some relevant cases

            These were easy cases because CredentialsProvider.track() arguments were
            available in the method where credentials were added.

            It is expected that there are still cases where credentials are not
            tracked correctly by the plugin. Credential checks from the job
            definition page are probably not currently tracked. Other contexts
            (like pipeline) may also not be tracked by these changes.

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Mark Waite Path: src/main/java/hudson/plugins/git/GitSCM.java src/main/java/hudson/plugins/git/UserRemoteConfig.java src/main/java/jenkins/plugins/git/GitSCMFileSystem.java http://jenkins-ci.org/commit/git-plugin/79e610c18716c7cdd5287d90f20eac56a6033b56 Log: JENKINS-38827 Track credentials use in some relevant cases These were easy cases because CredentialsProvider.track() arguments were available in the method where credentials were added. It is expected that there are still cases where credentials are not tracked correctly by the plugin. Credential checks from the job definition page are probably not currently tracked. Other contexts (like pipeline) may also not be tracked by these changes.
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Mark Waite
            Path:
            pom.xml
            src/main/java/hudson/plugins/git/GitSCM.java
            src/main/java/hudson/plugins/git/UserRemoteConfig.java
            src/main/java/jenkins/plugins/git/GitSCMFileSystem.java
            src/test/java/hudson/plugins/git/AbstractGitTestCase.java
            src/test/java/hudson/plugins/git/GitSCMTest.java
            src/test/java/hudson/plugins/git/TestGitRepo.java
            http://jenkins-ci.org/commit/git-plugin/efeb022d9312b0b6686130752f416fd447403fc2
            Log:
            Merge pull request #490 from MarkEWaite/track-credential-use

            JENKINS-38827 Track credentials use

            Compare: https://github.com/jenkinsci/git-plugin/compare/383f5ab95b75...efeb022d9312

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Mark Waite Path: pom.xml src/main/java/hudson/plugins/git/GitSCM.java src/main/java/hudson/plugins/git/UserRemoteConfig.java src/main/java/jenkins/plugins/git/GitSCMFileSystem.java src/test/java/hudson/plugins/git/AbstractGitTestCase.java src/test/java/hudson/plugins/git/GitSCMTest.java src/test/java/hudson/plugins/git/TestGitRepo.java http://jenkins-ci.org/commit/git-plugin/efeb022d9312b0b6686130752f416fd447403fc2 Log: Merge pull request #490 from MarkEWaite/track-credential-use JENKINS-38827 Track credentials use Compare: https://github.com/jenkinsci/git-plugin/compare/383f5ab95b75...efeb022d9312
            johnv John V added a comment -

            markewaite is it possible to somehow disable this tracking feature? I would like to do that since this adds two additional buttons ("Project Relationship" and "Check File Fingerprints") to the Jenkins main page and we have no intention to track the credentials.

            johnv John V added a comment - markewaite is it possible to somehow disable this tracking feature? I would like to do that since this adds two additional buttons ("Project Relationship" and "Check File Fingerprints") to the Jenkins main page and we have no intention to track the credentials.
            markewaite Mark Waite added a comment -

            stephenc may know a way to disable credential tracking. I do not know any way to disable credential tracking.

            markewaite Mark Waite added a comment - stephenc may know a way to disable credential tracking. I do not know any way to disable credential tracking.
            stephenconnolly Stephen Connolly added a comment -

            Credentials tracking is IMHO a core functionality that should not be disabled. If you want to disable the two buttons on all list views then I would suggest filing a pull request against core to modify

            public final class FingerprintMap extends KeyedDataStorage<Fingerprint,FingerprintMap.FingerprintParams> {

    /**
     * Returns true if there's some data in the fingerprint database.
     */
    public boolean isReady() {
        return new File(Jenkins.getInstance().getRootDir(),"fingerprints").exists();
    }

            such that isReady() is also guarded by a SystemProperties.getBoolean("hudson.model.FingerprintMap.ENABLED",true)

            that way the rare user that wants to disable those two buttons can do that, but that should all be handled under a separate JIRA issue

             

             

            stephenconnolly Stephen Connolly added a comment - Credentials tracking is IMHO a core functionality that should not be disabled. If you want to disable the two buttons on all list views then I would suggest filing a pull request against core to modify public final class FingerprintMap extends KeyedDataStorage<Fingerprint,FingerprintMap.FingerprintParams> { /** * Returns true if there's some data in the fingerprint database. */ public boolean isReady() { return new File(Jenkins.getInstance().getRootDir(), "fingerprints" ).exists(); } such that isReady() is also guarded by a SystemProperties.getBoolean("hudson.model.FingerprintMap.ENABLED",true) that way the rare user that wants to disable those two buttons can do that, but that should all be handled under a separate JIRA issue    

            People

              markewaite Mark Waite
              wgc123 D Pasto
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: