On Fri, May 11, 2018 at 5:44 PM, nicolas de loof <[email protected]> wrote: > Secret is already supported based on jenkins-core registered stapler > converters.
Yes; my point was only that due to the nature of secrets, JCasC needs to support keeping the actual values separate from the main YAML file somehow—whether via a generic variable interpolation system, or symmetric encryption, etc. This is already part of the reference implementation, which is good. >> JEP-201 is a new >> feature, so its developers are responsible for designing and >> implementing appropriate integrations with existing foundational >> components of Jenkins. > > I strongly disagree with this. From my perspective JEP-201 is about generic > mechanism to support configuration-as-code without glue code and option for > custom adapters where required. Yes, that is fine. > Maybe this should be discussed in a subsequent JEP if you consider this > _that_ important. Perhaps, but my perspective is that a JEP should be reasonably self-contained and define enough detail to implement an MVP, which would certainly include support for credentials. If you defer this aspect to an unspecified future JEP then there is a risk that this planning either gets dropped, or that the integration turns out to require fundamental design changes which are difficult to retrofit. In other words, a JEP should describe a complete user story. Obviously there are plenty of plugins which should just have routine integration with JCasC—fully automatic or with minor changes. But we can reasonably expect that the endpoint configuration for the Aqua Security Scanner plugin (whatever that is) could be managed without “interesting” issues arising, and anyway most users of JCasC would not be using this plugin. The Pipeline comparison is a little tough, since the core design there long preceded the JEP process and was not formalized well, but the analogy works so far as we are discussing modularity of code. For example, the `withCredentials` step is indeed implemented in a distinct credentials-related plugin, but there were some subtle aspects that mandated special treatment elsewhere: the environment variables in a block in `program.dat` needed to be kept encrypted, which required API changes; and Blue Ocean needs to know to hide secrets from step summaries, which also required special consideration in other components. -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr2Rck8R9gqd6Dw8v30NsumqM6dTe-ui%2BmvnrXnpe_SVOw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
