Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-38827

Add Git support to track where a credential is used

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Resolved (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Component/s: git-plugin
    • Labels:
      None
    • Similar Issues:

      Description

      The credentials plug-in added support for tracking credentials usage, see JENKINS-20139. However the consumer plug-in needs an update to enable this. Please add support.

        Attachments

          Issue Links

            Activity

            Hide
            markewaite Mark Waite added a comment -

            Refer to PR490 for proposed changes to track credentials use by jobs.

            Show
            markewaite Mark Waite added a comment - Refer to PR490 for proposed changes to track credentials use by jobs.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Mark Waite
            Path:
            src/main/java/hudson/plugins/git/GitSCM.java
            src/main/java/hudson/plugins/git/UserRemoteConfig.java
            src/main/java/jenkins/plugins/git/GitSCMFileSystem.java
            http://jenkins-ci.org/commit/git-plugin/79e610c18716c7cdd5287d90f20eac56a6033b56
            Log:
            JENKINS-38827 Track credentials use in some relevant cases

            These were easy cases because CredentialsProvider.track() arguments were
            available in the method where credentials were added.

            It is expected that there are still cases where credentials are not
            tracked correctly by the plugin. Credential checks from the job
            definition page are probably not currently tracked. Other contexts
            (like pipeline) may also not be tracked by these changes.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Mark Waite Path: src/main/java/hudson/plugins/git/GitSCM.java src/main/java/hudson/plugins/git/UserRemoteConfig.java src/main/java/jenkins/plugins/git/GitSCMFileSystem.java http://jenkins-ci.org/commit/git-plugin/79e610c18716c7cdd5287d90f20eac56a6033b56 Log: JENKINS-38827 Track credentials use in some relevant cases These were easy cases because CredentialsProvider.track() arguments were available in the method where credentials were added. It is expected that there are still cases where credentials are not tracked correctly by the plugin. Credential checks from the job definition page are probably not currently tracked. Other contexts (like pipeline) may also not be tracked by these changes.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Mark Waite
            Path:
            pom.xml
            src/main/java/hudson/plugins/git/GitSCM.java
            src/main/java/hudson/plugins/git/UserRemoteConfig.java
            src/main/java/jenkins/plugins/git/GitSCMFileSystem.java
            src/test/java/hudson/plugins/git/AbstractGitTestCase.java
            src/test/java/hudson/plugins/git/GitSCMTest.java
            src/test/java/hudson/plugins/git/TestGitRepo.java
            http://jenkins-ci.org/commit/git-plugin/efeb022d9312b0b6686130752f416fd447403fc2
            Log:
            Merge pull request #490 from MarkEWaite/track-credential-use

            JENKINS-38827 Track credentials use

            Compare: https://github.com/jenkinsci/git-plugin/compare/383f5ab95b75...efeb022d9312

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Mark Waite Path: pom.xml src/main/java/hudson/plugins/git/GitSCM.java src/main/java/hudson/plugins/git/UserRemoteConfig.java src/main/java/jenkins/plugins/git/GitSCMFileSystem.java src/test/java/hudson/plugins/git/AbstractGitTestCase.java src/test/java/hudson/plugins/git/GitSCMTest.java src/test/java/hudson/plugins/git/TestGitRepo.java http://jenkins-ci.org/commit/git-plugin/efeb022d9312b0b6686130752f416fd447403fc2 Log: Merge pull request #490 from MarkEWaite/track-credential-use JENKINS-38827 Track credentials use Compare: https://github.com/jenkinsci/git-plugin/compare/383f5ab95b75...efeb022d9312
            Hide
            johnv John V added a comment -

            Mark Waite is it possible to somehow disable this tracking feature? I would like to do that since this adds two additional buttons ("Project Relationship" and "Check File Fingerprints") to the Jenkins main page and we have no intention to track the credentials.

            Show
            johnv John V added a comment - Mark Waite is it possible to somehow disable this tracking feature? I would like to do that since this adds two additional buttons ("Project Relationship" and "Check File Fingerprints") to the Jenkins main page and we have no intention to track the credentials.
            Hide
            markewaite Mark Waite added a comment -

            Stephen Connolly may know a way to disable credential tracking. I do not know any way to disable credential tracking.

            Show
            markewaite Mark Waite added a comment - Stephen Connolly may know a way to disable credential tracking. I do not know any way to disable credential tracking.
            Hide
            stephenconnolly Stephen Connolly added a comment -

            Credentials tracking is IMHO a core functionality that should not be disabled. If you want to disable the two buttons on all list views then I would suggest filing a pull request against core to modify

            public final class FingerprintMap extends KeyedDataStorage<Fingerprint,FingerprintMap.FingerprintParams> {
            
                /**
                 * Returns true if there's some data in the fingerprint database.
                 */
                public boolean isReady() {
                    return new File(Jenkins.getInstance().getRootDir(),"fingerprints").exists();
                }
            

            such that isReady() is also guarded by a SystemProperties.getBoolean("hudson.model.FingerprintMap.ENABLED",true)

            that way the rare user that wants to disable those two buttons can do that, but that should all be handled under a separate JIRA issue

             

             

            Show
            stephenconnolly Stephen Connolly added a comment - Credentials tracking is IMHO a core functionality that should not be disabled. If you want to disable the two buttons on all list views then I would suggest filing a pull request against core to modify public final class FingerprintMap extends KeyedDataStorage<Fingerprint,FingerprintMap.FingerprintParams> { /** * Returns true if there's some data in the fingerprint database. */ public boolean isReady() { return new File(Jenkins.getInstance().getRootDir(), "fingerprints" ).exists(); } such that isReady() is also guarded by a SystemProperties.getBoolean("hudson.model.FingerprintMap.ENABLED",true) that way the rare user that wants to disable those two buttons can do that, but that should all be handled under a separate JIRA issue    

              People

              • Assignee:
                markewaite Mark Waite
                Reporter:
                wgc123 D Pasto
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: