Need to split credentials secret in 2.

[apogrebnyak]

Currently jenkins-operator-credentials-<cr-name> secret contains both credentials for operator Admin user and API token, namely

• user
• password
• token
• tokenCreationTime

I think the original intent was to generate all values in this secret on the operator side.

However with requirement for LDAP admin user be written to this secret by external process we now have a disconnect.

If external process manages the content of the secret (i.e. terraform), then on every successive update the external process will delete token and tokenCreationTime fields, as it knows nothing about these fields.

In order to allow for external tool managing admin credentials, I propose splitting token and tokenCreationTime out of jenkins-operator-credentials-<cr-name> secret into its own jenkins-operator-api-token-<cr-name> secret.

This #133 (comment) describes the problem as related to LDAP configuration

[mkarebski]

I'm on it.

[apogrebnyak]

As a workaround, with terraform I've created a null_resource with trigger of base64sha512 of username and password.
When triggered it passes username and password through environment block to local-exec provisioner, that applies a secret.

[tomaszsek]

Hi @apogrebnyak,

In terraform I would consider using
the https://www.terraform.io/docs/configuration/resources.html#ignore_changes ;)

Cheers

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If this issue is still affecting you, just comment with any updates and we'll keep it open. Thank you for your contributions.

[Sig00rd]

Freezing this for it to stay in the backlog, since it's out of scope of next release but we're planning on working on this in the newer API.