[JIRA] (JENKINS-60445) Depend on the AWS Global Configuration plugin

7 views
Skip to first unread message

chris+jenkins@chriskilding.com (JIRA)

unread,
Dec 11, 2019, 10:58:02 AM12/11/19
to jenkinsc...@googlegroups.com
Chris Kilding created an issue
 
Jenkins / Improvement JENKINS-60445
Depend on the AWS Global Configuration plugin
Issue Type: Improvement Improvement
Assignee: Chris Kilding
Components: aws-secrets-manager-credentials-provider-plugin
Created: 2019-12-11 15:57
Priority: Minor Minor
Reporter: Chris Kilding

Add a dependency on the AWS Global Configuration plugin. Read relevant config values from it instead of asking them to duplicate their configuration. Use the transitive AWS SDK dependency from the Global Configuration plugin too.
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)
Atlassian logo

chris+jenkins@chriskilding.com (JIRA)

unread,
Dec 11, 2019, 10:59:02 AM12/11/19
to jenkinsc...@googlegroups.com
Chris Kilding commented on Improvement JENKINS-60445
 
Re: Depend on the AWS Global Configuration plugin

Questions:

  • Does the Global Config plugin contain the kind of config values we want? In particular, Endpoint Configuration.

chris+jenkins@chriskilding.com (JIRA)

unread,
Dec 12, 2019, 6:18:43 AM12/12/19
to jenkinsc...@googlegroups.com
Chris Kilding edited a comment on Improvement JENKINS-60445
Questions:

- Does the Global Config plugin contain the kind of config values we want? In particular, Endpoint Configuration.
- A lot of installations will retrieve these kinds of settings from the IAM instance profile. Are there any settings the Global Config plugin can hold that the IAM instance profile does not?

chris+jenkins@chriskilding.com (JIRA)

unread,
Feb 17, 2020, 1:09:03 PM2/17/20
to jenkinsc...@googlegroups.com

There are certain problems with leveraging this plugin.

First, it has particular ideas about what kind of AWS auth strategy we will use, which may not be applicable in all cases. Eg Global Configuration expects you to use it with a single AWS account, but the credentials provider has an upcoming feature to let you specify a list of cross-account role ARNs which will allow it to retrieve credentials from the respective accounts. We couldn’t use the Global Configuration together with that feature, as the AWS auth strategy classes are different.

chris+jenkins@chriskilding.com (JIRA)

unread,
Feb 26, 2020, 7:35:03 AM2/26/20
to jenkinsc...@googlegroups.com
Chris Kilding updated an issue
 
Change By: Chris Kilding
Comment:
There are certain problems with leveraging this plugin.

First, it has particular ideas about what kind of AWS auth strategy we will use, which may not be applicable in all cases. Eg Global Configuration expects you to use it with a single AWS account, but the credentials provider has an upcoming feature to let you specify a list of cross-account role ARNs which will allow it to retrieve credentials from the respective accounts. We couldn’t use the Global Configuration together with that feature, as the AWS auth strategy classes are different.

chris+jenkins@chriskilding.com (JIRA)

unread,
Mar 4, 2020, 5:42:02 AM3/4/20
to jenkinsc...@googlegroups.com
Chris Kilding started work on Improvement JENKINS-60445
 
Change By: Chris Kilding
Status: Open In Progress
This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38)
Atlassian logo
Reply all
Reply to author
Forward
0 new messages