Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
Limiting Resource Credentials in Environments
-
We would like to limit down specific resource credentials by the environment. Below is a resource credential we set up. Notice the environment is set to "Production."
I have a plan where I'm pulling this Resource Credential and handing it to a global script to set the specific values I'm looking for. For a rough example:
set $myUsername = $GetCredentialProperty(UsernamePassword::ExampleDBProduction, UserName); set $myPassword = $GetCredentialProperty(UsernamePassword::ExampleDBProduction, Password); PSCall GLOBAL::Secure-Test ( username: $myUsername, password: $myPassword, );
I have set "Agents.EnforceServerRestrictions" to be on.
I have also limited the user (or group) as a restriction on the task/permissions.
But I'm able to pull the Resource Credential that was limited to "Production" to "Test" with my user that is also restricted from "Production".
Is this a bug or do I have something wrong in the setup.
Product: BuildMaster
Version: 5.8.2
-
This exact feature was added in v6.0; in that version there is another checkbox when editing the resource credential to "Restrict by environment" and it behaves exactly as you describe.
As a side note, the
Agents.EnforceServerRestrictions
setting is designed to catch server/environment mismatches (i.e. error out when deploying to stage associated with Integration and targeting a server associated with Production) when deploying and will not affect credentials.
-
@Todd
Upgraded to version 6.0.4 and was able to block the access to the creditial in the plan as expected.
With that said, I'm still able to access the credential via the administration area (/administration/credentials). Logging in with my limited user I can see the following (including the hidden if I open it).
As a reminder here is the "restriction" I have set up for the limited user.
-
Found the follow-up issue as a user error. After upgrading to 6.0.x the feature worked as expected.