Allow openstack application credential id and secret as openstack authentication option #376
Description
What feature do you want to see added?
When configuring the openstack cloud plugin, we can currently use a user and password combination that is authorized for openstack. However, in many environments this user/password may be too broad and able to login to resources other than just openstack. As a security best practice, I would prefer to instead abide by the principle of least privilege and configure an openstack application credential that can only be used for the openstack project being configured and nothing more.
I tried creating an openstack application credential and using it for the jenkins openstack plugin instead of user and password. However, this resulted in an "unauthorized" response from openstack. I'm guessing that the problem is the openstack cloud plugin needs to be aware that I am configuring a application credential id and secret instead a user and password so it can properly form the request to openstack.
This would be an awesomely cool feature that we all need when coding the least privileged credential that gets the job done is a necessity. Allowing the coding of an credential id and secret would allow us to achieve this goal. In the configuration panels, perhaps this could be implemented with a simple check box that indicates that the credential that is coded is an application id and secret instead of a user and password.
Upstream changes
No response
Are you interested in contributing this feature?
No response