[JIRA] [scm-sync-configuration] (JENKINS-18124) Proposal : Modularizing scm-sync-config scm implementations

[stephenconno...@java.net (JIRA)]

stephenconnolly commented on JENKINS-18124 Proposal : Modularizing scm-sync-config scm implementations @Frédéric well we should be moving authentication credential storage to the credentials-plugin. I was discussing with @Nicolas what needs to be done to get, e.g. subversion-plugin using the credentials-plugin. There is a number of things that I would like to see in terms of additions to the credentials-plugin API that should take place before wiring it up to more plugins. The point of getting credentials 1.0 out was to let the API soak some more. After over a year of soaking I am mostly happy with the core of the API. Where I feel there are gaps are with respect to grouping credentials and providing an easy way for consumers to retrieve credentials. I am leaning towards adding Hamcrest matchers as a dependency, with methods for using those matchers to select a sub-set of credentials. Additionally I am thinking of adding some grouping extension point to allow grouping related credentials together. Finally, there needs to be a credential mapper extension point, thus you could have A grouping that reflects, e.g. an Active Directory / LDAP domain. Within the group a User/Password pair A credential mapper from User/Password to SSH User/Password A credential mapper from User/Password to HTTP(s) User/Password A credential mapper from User/Password to SVNSERVE User/Password Then the Credential consumer can ask for credentials within a Jenkins scope (i.e. specific job) for a specific user, against a specific host (which the grouping then matches) and for a specific protocol The user, on the other hand, sees just the one credential in the one group, and changing that password updates all of that credential's use by Jenkins in one go. The bits I need to refine are: Credential mapper - and when a credential mapper should not be employed, e.g. if the SSH password is different in that scope for the same user name and there already is a SSH credential defined in the group Credential group extension point - how to handle matching which group is appropriate... maybe not needed, if the group is just a "name" but it would be nice to have a better solution. Whether to expose hamcrest matchers directly (pushing the API into Jenkins Core effectively as credentials is now in core) or whether to copy the "nice" bits of Hamcrest and do an NIH... leaning towards exposing as Hamcrest seems to be good at maintaining backwards compatibility (unlike some others... I'm looking at you BouncyCastle) Then the final bits should actually be mostly trivial as there are very few authentication schemes that would need to be handled. (user/pass, user/key, client certificate. I think that is all)

This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira

--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.