Hi Nicolas, Thanks for your feedback.
In our case, we're using CasC to maintain and push known and tested versions of a Jenkins master into a production environment, but we wanted to still accept some degree of freedom, esp. when it comes to credential management. An alternative is to use an external mgt system like Vault (I think it's possible to use Vault as a backend for Jenkins credentials but this remains to be tested). Or I could drop the CasC file for the credentials, and do it using Groovy init.d files, as I did in the (bad) old times :) Best regards, Damien Coraboeuf On Tue, Sep 25, 2018 at 10:28 PM nicolas de loof <nicolas.del...@gmail.com> wrote: > A feature we'd like to investigate for JCasC is to make the web UI > read-only once configured from yaml > The specific sample of credentials could be adapted to support "preserve > existing entries" but we have no way to support this in a generic way > Also, JCasC is designed to support re-creating an equivalent jenkins > master from scratch, so from this point of view this would make no sense. > > Le mar. 25 sept. 2018 à 22:07, <damien.corabo...@collibra.com> a écrit : > >> But many things are otherwise preserved. I feel the implementation of the >> credentials configuration is doing a none vs. all approach, not taking into >> account existing entries: >> >> In SystemCredentialsProviderConfigurator: >> >> target.setDomainCredentialsMap(DomainCredentials.asMap(value)) >> >> >> Maybe this code could be replaced to preserve existing entries. >> >> >> On Tuesday, September 25, 2018 at 10:03:00 PM UTC+2, >> damien.c...@collibra.com wrote: >>> >>> I've created the PR at >>> https://github.com/jenkinsci/configuration-as-code-plugin/pull/556 to >>> show an unit test reproducing the issue. >>> >>> On Tuesday, September 25, 2018 at 9:04:31 PM UTC+2, >>> damien.c...@collibra.com wrote: >>>> >>>> Hi, >>>> >>>> We're using Jenkins 2.121.3 and CasC 1.0. One thing we define as code >>>> is a list of credentials (some SSH keys, some user/passwords, etc.) common >>>> to all our instances but we let also the administrators of a Jenkins >>>> instance define their own credential entries. >>>> >>>> However, when the Jenkins instance is restarted, only the credential >>>> entries defined by the CasC files are kept, and all the ones which were >>>> added manually are lost. >>>> >>>> Is there a way to prevent this? >>>> >>>> Thanks, >>>> Damien Coraboeuf >>>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to jenkinsci-users+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/jenkinsci-users/fb5e1d2b-4df3-4950-902d-5f18490b2ea5%40googlegroups.com >> <https://groups.google.com/d/msgid/jenkinsci-users/fb5e1d2b-4df3-4950-902d-5f18490b2ea5%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > > -- > Nicolas De Loof > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to jenkinsci-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-users/CANMVJzn_LpJBVQbjHKGLmF51oAsyWW7E%2BNxng9sB-KCHKtb%2BWQ%40mail.gmail.com > <https://groups.google.com/d/msgid/jenkinsci-users/CANMVJzn_LpJBVQbjHKGLmF51oAsyWW7E%2BNxng9sB-KCHKtb%2BWQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAPD6afPKoZun3Bu0JHQyQuQKTNU9cvjyUiy%2B_N2Ah2t0C42L7A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
