On Thu, Aug 8, 2013 at 10:11 AM, Stephen Connolly
<stephen.alan.conno...@gmail.com> wrote:
>>> > The way I want to deliver is that you have a drop down underneath any of
>> > the
>> > module remote url fields which lists the relevant credentials for that
>> > URL
>> > (including none) and you would always make a selection (even if that
>> > selection is leaving the default of "none" selected)
>>
>> Will these leak across jobs created by different users?
>
>
> No. Each job will have to explicitly select the credentials to use.
>
> You can, e.g. using the Folders plugin, create credentials that are scoped
> to a specific folder. In which case only the jobs within that folder will
> have access to those credentials.
>
> I view this as a good thing - as credential leaking is prevented... but
> others may view as a bad thing.
Scoping by the user creating the job would make more sense to me,
although I'm not sure how strictly jenkins could enforce that.
>> Also, how
>> will it extend to svn externals if they pull in components that need
>> different credentials?
>
>
> I am currently looking at how to achieve this. My current thinking is that
> you would have an advanced option that allowed you to provide additional
> credentials for specific realms at the job level.... so that you get to
> control how the externals' credentials are selected and supplied... the down
> side is that would be more complex for those cases... and you would have to
> replicate for each job that checks out that repo
What is a 'realm' in this context? We have fairly arbitrary
path-based authorization inside of our subversion repositories but
have made read access to components referenced by externals more open
than the probably should be to accommodate access from jenkins.
Matching the credentials for the most-specific path specified by the
user seems right to me.
--
Les Mikesell
lesmikes...@gmail.com
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
