[JIRA] (JENKINS-60695) "Filter by AWS secret namespace ID" not working
Title: Message Title Chris Kilding updated JENKINS-60695 Jenkins / JENKINS-60695 "Filter by AWS secret namespace ID" not working Change By: Chris Kilding Status: In Review Resolved Resolution: Fixed Add Comment This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.203940.1578490848000.4870.1579861260579%40Atlassian.JIRA.
[JIRA] (JENKINS-60695) "Filter by AWS secret namespace ID" not working
Title: Message Title Chris Kilding updated JENKINS-60695 Jenkins / JENKINS-60695 "Filter by AWS secret namespace ID" not working Change By: Chris Kilding Status: In Progress Review Add Comment This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.203940.1578490848000.4868.1579861260532%40Atlassian.JIRA.
[JIRA] (JENKINS-60695) "Filter by AWS secret namespace ID" not working
Title: Message Title Chris Kilding commented on JENKINS-60695 Re: "Filter by AWS secret namespace ID" not working Started work in GitHub PR #20 Add Comment This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.203940.1578490848000.4242.1579781160269%40Atlassian.JIRA.
[JIRA] (JENKINS-60695) "Filter by AWS secret namespace ID" not working
Title: Message Title Chris Kilding started work on JENKINS-60695 Change By: Chris Kilding Status: Open In Progress Add Comment This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.203940.1578490848000.4240.1579781100168%40Atlassian.JIRA.
[JIRA] (JENKINS-60695) "Filter by AWS secret namespace ID" not working
Title: Message Title Chris Kilding commented on JENKINS-60695 Re: "Filter by AWS secret namespace ID" not working We don't use this feature ourselves (yet) but it was in the AWS documentation, and might be relevant to some plugin users, so I thought I'd better mention it in the README. It's quite possible that the ARN filter is not in the right format. Would you be able to toy with it in the AWS CLI and find a filter pattern that does work? Then we could fix the example. Have a look at the AWS docs for inspiration: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_identity-based-policies.html Add Comment This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.203940.1578490848000.8079.1579012680201%40Atlassian.JIRA.
[JIRA] (JENKINS-60695) "Filter by AWS secret namespace ID" not working
Title: Message Title
Dominik Bartholdi created an issue
Jenkins / JENKINS-60695
"Filter by AWS secret namespace ID" not working
Issue Type:
Bug
Assignee:
Chris Kilding
Components:
aws-secrets-manager-credentials-provider-plugin
Created:
2020-01-08 13:40
Priority:
Major
Reporter:
Dominik Bartholdi
I created credentials like this:
aws secretsmanager create-secret --name 'jks/DB_USER_X' --secret-string 'zz' --tags 'Key=jenkins:credentials:username,Value=u' --description ''
Then I used the documented policy template: https://github.com/jenkinsci/aws-secrets-manager-credentials-provider-plugin/blob/master/docs/iam/secret-namespace-id.json to filter credentials by a namespace. My complete policy looked like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "secretsmanager:GetSecretValue",
"Resource": "arn:aws:secretsmanager:::secret:jks/*",
"Effect": "Allow"
},
{
"Action": "secretsmanager:ListSecrets",
"Resource": "*",
"Effect": "Allow"
}
]
}
unfortunate this ends up in this error:
com.cloudbees.plugins.credentials.CredentialsUnavailableException: Pr
