Currently there is no uniform way to provide secure files to jobs or plugins. That ability only exists in individual plugins.Each of them solves part of the problem but do not work together.
References: "Build Secret Plugin", "Maven 3 Configuration"
Need to have
- Document has the following properties
- Type (Some predefined, but with ability to write in your own)
- Secure flag
- Provide a User interface for Hudson users to manage documents
- Create and update documents
- View Documents (if the secure flag is set the document content cannot be viewed only the checksum)
- Validate checksum of file against checksums (check fingerprints)
- Provide Job integration similar to Build Secret Plugin
- Allow the user to select one or more documents, and provide a environment variable (or system property) for each
- Document is downloaded to the slave in a "secret" (preferably random) location inside the hudson home but outside the workspace
- Document location is provided to the job in the configured environment variable
- Documents are removed when job is complete.
- Provide API for plugins to get manage (get) documents
- Will allow builders to use documents without storing them on disk (like maven3 plugin)
Nice to have
- Versioning of documents
- At least 2 levels of security
- Document users: Allowed to see Name, Type, Description of documents. Allowed to use documents in jobs
- Document admins: Allowed to see content, and manage documents
- Job Configure: Same as Document users
Suggestion (by henrik)
It should be evident that this functionality is very similar to the Maven 3 Configuration page. Luckily that page is not really maven spcific except that the document types are Maven related. So we should be able to extend it fairly easily. I suggest we do the following
- Remove the Maven "branding" and make it generic document management
- Allow the users to specify type as a text box in addition to the predefined types
- Allow users to upload files.
- Add the checksum and secure flag to documents.
- Provide a UI similar to Build Secret Plugin
- Document to plugin developers how to query the document storage