search

jenkinsci / azure-keyvault-plugin

Jenkins plugin for Azure Keyvault
https://plugins.jenkins.io/azure-keyvault/
MIT License
14 stars 21 forks source link

Add support for scoping credentials to SYSTEM #222

Closed bsloan-icl closed 1 year ago

bsloan-icl commented 1 year ago

This change adds support for scoping Jenkins credentials to system. For the secret in Key Vault to be scoped to system in Jenkins, a tag of 'scope' should be set on the Key Vault secret with a value of 'system'. If no scope is set on the Key Vault secret, the default scope will be global. The code uses the same logic as the Kubernetes Credentials Provider plugin to scope the credential to system.

This partially meets #199 although it doesn't include scoping credentials to items (e.g. jobs/ folders).

Testing done

This was tested manually with the following steps.

  1. Secrets created in Azure Key Vault with the following tags

Secret Text image

SSH Private Key image

Username/Password image

  1. Azure Key Vault plugin configured in Jenkins to pull in the credentials image

  2. Credentials are accessible for system settings

Secret Text image

SSH Private Key & Username/Password image

  1. Credentials aren't accessible for jobs

Secret Text image

SSH Private Key image

Username/Password image

### Submitter checklist
- [x] Make sure you are opening from a **topic/feature/bugfix branch** (right side) and not your main branch!
- [x] Ensure that the pull request title represents the desired changelog entry
- [x] Please describe what you did
- [x] Link to relevant issues in GitHub or Jira
- [x] Link to relevant pull requests, esp. upstream and downstream changes
- [x] Ensure you have provided tests - that demonstrates feature works or fixes the issue