[JIRA] (JENKINS-59331) withCredentials certificate(aliasVariable: ) stores description of credential, not keystore alias name
Title: Message Title
Kalle Niemitalo edited a comment on JENKINS-59331
Re: withCredentials certificate(aliasVariable: ) stores description of credential, not keystore alias name
Credentials Binding Plugin has done this ever since the certificate binding feature was added in [commit 7d789a8c590fd87cb9dd61c89c894a5df26a0605|https://github.com/jenkinsci/credentials-binding-plugin/commit/7d789a8c590fd87cb9dd61c89c894a5df26a0605] and merged in [PR#39|https://github.com/jenkinsci/credentials-binding-plugin/pull/39]. The commit message even mentions the assumption that the credential description matches the keystore alias name, but I don't think I have seen it documented anywhere else. When I edit the description of a certificate credential, the help text "An optional description to help tell similar credentials apart" certainly gives no hint of any such requirement.CertificateMultiBinding already calls {{credentials.getKeyStore()}}, so perhaps it could just enumerate the returned KeyStore and get the alias name from there, without needing changes in the Credentials Plugin. If the {{aliasVariable}} parameter is specified but the KeyStore actually contains more than one key, then CertificateMultiBinding could log a warning about that , perhaps unless the description of the credential matches one of these aliases .If each certificate credential normally contains only one certificate and private key, then the keystore alias name is not really needed for selecting the correct certificate, and I think users are likely to choose short words like "cert" as keystore alias names. If the {{withCredentials}} step is then changed to store these to the {{aliasVariable}}, there may be a risk that Jenkins starts unnecessarily masking this word in unrelated output. Perhaps the keystore alias name should be exempt from this masking, like JENKINS-44860 requests for usernames.
Add Comment
This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)
[JIRA] (JENKINS-59331) withCredentials certificate(aliasVariable: ) stores description of credential, not keystore alias name
Title: Message Title
Kalle Niemitalo edited a comment on JENKINS-59331
Re: withCredentials certificate(aliasVariable: ) stores description of credential, not keystore alias name
Credentials Binding Plugin has done this ever since the certificate binding feature was added in [commit 7d789a8c590fd87cb9dd61c89c894a5df26a0605|https://github.com/jenkinsci/credentials-binding-plugin/commit/7d789a8c590fd87cb9dd61c89c894a5df26a0605] and merged in [PR#39|https://github.com/jenkinsci/credentials-binding-plugin/pull/39]. The commit message even mentions the assumption that the credential description matches the keystore alias name, but I don't think I have seen it documented anywhere else. When I edit the description of a certificate credential, the help text "An optional description to help tell similar credentials apart" certainly gives no hint of any such requirement.CertificateMultiBinding already calls {{credentials.getKeyStore()}}, so perhaps it could just enumerate the returned KeyStore and get the alias name from there, without needing changes in the Credentials Plugin. If the {{aliasVariable}} parameter is specified but the KeyStore actually contains more than one key, then CertificateMultiBinding could log a warning about that.If each certificate credential normally contains only one certificate and private key, then the keystore alias name is not really needed for selecting the correct certificate, and I think users are likely to choose short words like "cert" as keystore alias names. If the {{withCredentials}} step is then changed to store these to the {{aliasVariable}}, there may be a risk that Jenkins starts unnecessarily masking this word in unrelated output. Perhaps the keystore alias name should be exempt from this masking , like JENKINS-44860 requests for usernames .
Add Comment
This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)
[JIRA] (JENKINS-59331) withCredentials certificate(aliasVariable: ) stores description of credential, not keystore alias name
Title: Message Title Kalle Niemitalo commented on JENKINS-59331 Re: withCredentials certificate(aliasVariable: ) stores description of credential, not keystore alias name In the Certificate Plugin, CertificateCredentialsImpl.KeyStoreSourceDescriptor#validateCertificateKeystore apparently supports multiple certificate entries and multiple key entries in the same KeyStore. StandardCertificateCredentials.NameProvider#getSubjectDN only uses one key entry, though. Add Comment This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.201882.1568291887000.8674.1574940061181%40Atlassian.JIRA.
[JIRA] (JENKINS-59331) withCredentials certificate(aliasVariable: ) stores description of credential, not keystore alias name
Title: Message Title
Kalle Niemitalo edited a comment on JENKINS-59331
Re: withCredentials certificate(aliasVariable: ) stores description of credential, not keystore alias name
Credentials Binding Plugin has done this ever since the certificate binding feature was added in [commit 7d789a8c590fd87cb9dd61c89c894a5df26a0605|https://github.com/jenkinsci/credentials-binding-plugin/commit/7d789a8c590fd87cb9dd61c89c894a5df26a0605] and merged in [PR#39|https://github.com/jenkinsci/credentials-binding-plugin/pull/39]. The commit message even mentions the assumption that the credential description matches the keystore alias name, but I don't think I have seen it documented anywhere else. When I edit the description of a certificate credential, the help text "An optional description to help tell similar credentials apart" certainly gives no hint of any such requirement.CertificateMultiBinding already calls {{credentials.getKeyStore()}}, so perhaps it could just enumerate the returned KeyStore and get the alias name from there, without needing changes in the Credentials Plugin. If the {{aliasVariable}} parameter is specified but the KeyStore actually contains more than one key, then CertificateMultiBinding could log a warning about that. If each certificate credential normally contains only one certificate and private key, then the keystore alias name is not really needed for selecting the correct certificate, and I think users are likely to choose short words like "cert" as keystore alias names. If the {{withCredentials}} step is then changed to store these to the {{aliasVariable}}, there may be a risk that Jenkins starts unnecessarily masking this word in unrelated output. Perhaps the keystore alias name should be exempt from this masking.
Add Comment
This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)
[JIRA] (JENKINS-59331) withCredentials certificate(aliasVariable: ) stores description of credential, not keystore alias name
Title: Message Title
Kalle Niemitalo edited a comment on JENKINS-59331
Re: withCredentials certificate(aliasVariable: ) stores description of credential, not keystore alias name
Credentials Binding Plugin has done this ever since the certificate binding feature was added in [commit 7d789a8c590fd87cb9dd61c89c894a5df26a0605|https://github.com/jenkinsci/credentials-binding-plugin/commit/7d789a8c590fd87cb9dd61c89c894a5df26a0605] and merged in [PR#39|https://github.com/jenkinsci/credentials-binding-plugin/pull/39]. The commit message even mentions the assumption that the credential description matches the keystore alias name, but I don't think I have seen it documented anywhere else. When I edit the description of a certificate credential, the help text "An optional description to help tell similar credentials apart" certainly gives no hint of any such requirement.CertificateMultiBinding already calls {{credentials.getKeyStore()}}, so perhaps it could just enumerate the returned KeyStore and get the alias name from there, without needing changes in the Credentials Plugin. If the {{aliasVariable}} parameter is specified but the KeyStore actually contains more than one key, then CertificateMultiBinding could log a warning about that.
Add Comment
This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)
--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
To view this discussion on the web visit
[JIRA] (JENKINS-59331) withCredentials certificate(aliasVariable: ) stores description of credential, not keystore alias name
Title: Message Title Kalle Niemitalo commented on JENKINS-59331 Re: withCredentials certificate(aliasVariable: ) stores description of credential, not keystore alias name Credentials Binding Plugin has done this ever since the certificate binding feature was added commit 7d789a8c590fd87cb9dd61c89c894a5df26a0605 and merged in PR#39. The commit message even mentions the assumption that the credential description matches the keystore alias name, but I don't think I have seen it documented anywhere else. When I edit the description of a certificate credential, the help text "An optional description to help tell similar credentials apart" certainly gives no hint of any such requirement. CertificateMultiBinding already calls credentials.getKeyStore(), so perhaps it could just enumerate the returned KeyStore and get the alias name from there, without needing changes in the Credentials Plugin. If the aliasVariable parameter is specified but the KeyStore actually contains more than one key, then CertificateMultiBinding could log a warning about that. Add Comment This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.201882.1568291887000.7859.1574880720140%40Atlassian.JIRA.
[JIRA] (JENKINS-59331) withCredentials certificate(aliasVariable: ) stores description of credential, not keystore alias name
Title: Message Title Kalle Niemitalo updated an issue Jenkins / JENKINS-59331 withCredentials certificate(aliasVariable: ) stores description of credential, not keystore alias name Change By: Kalle Niemitalo Summary: Empty 'Alias Variable' when using withCredentials certificate binding (aliasVariable: ) stores description of credential, not keystore alias name Issue Type: Task Bug Add Comment This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.201882.1568291887000.7856.1574879940251%40Atlassian.JIRA.
