Skip to content

Commit

Permalink
Merge pull request #197 from aHenryJard/JENKINS-65398_terminology
Browse files Browse the repository at this point in the history 
[JENKINS-65398] terminology update
  • Loading branch information
@jvz
jvz committed Apr 19, 2021
2 parents 9eddc8f + 557ac61 commit ef50f54
Show file tree
Hide file tree
Showing 18 changed files with 45 additions and 45 deletions.
12 changes: 6 additions & 6 deletions docs/user.adoc
View file
Expand Up @@ -52,7 +52,7 @@ While the Credentials API plugin provides a default _internal_ credentials store
If you are using the _internal_ credentials store to store *high value* credentials then you will need to lock down your Jenkins configuration:
* Apply all of the recommendations from the https://wiki.jenkins.io/display/JENKINS/Securing+Jenkins[Securing Jenkins] wiki page.
* No builds on the master (ideally zero executors)
* No builds on the controller (ideally zero executors)
* Probably use the https://plugins.jenkins.io/authorize-project[Authorize Project plugin] to control effective permission of running builds.
* etc.
Expand All @@ -66,9 +66,9 @@ While the above security recommendations are generally valid for any situation w
* the _internal_ store is encrypted using a key that is also stored in `JENKINS_HOME`
* the JVM running Jenkins must have access to these files
It becomes critical to secure the filesystem of the Jenkins master process.
It becomes critical to secure the filesystem of the Jenkins controller process.
With an _external_ credentials store, access to the Jenkins master filesystem will not generically compromise credentials.
With an _external_ credentials store, access to the Jenkins controller filesystem will not generically compromise credentials.
In the event of a breach, the last-accessed tracking facilities of an enterprise-grade external store will enable identification of _at risk_ credentials in need of rotation.
====

Expand Down Expand Up @@ -119,7 +119,7 @@ Jenkins is a multithreaded application.
Each execution thread has an associated authentication.
There are three classes of authentication that a thread can be associated with:

* `ACL.SYSTEM` this is the super-user authentication of the Jenkins master process itself.
* `ACL.SYSTEM` this is the super-user authentication of the Jenkins controller process itself.
Also known as `SYSTEM`.
Any actions performed by Jenkins itself will start in a thread using this authentication.
* A user authentication, this type of authentication is assigned to any web/CLI requests by a logged in user.
Expand Down Expand Up @@ -429,10 +429,10 @@ The two options:
Are logically equivalent.
The difference between these two options is in how they react as new plugins are installed.
_Only selected_ is essentially a whitelist strategy.
_Only selected_ is essentially a allowlist strategy.
When new plugins are installed the configuration will not automatically select any new options to be enabled.
_Exclude selected_ is essentially a blacklist strategy.
_Exclude selected_ is essentially a denylist strategy.
When new plugins are installed the configuration will not automatically select any new options to be disabled.
====

Expand Down
16 changes: 8 additions & 8 deletions src/main/java/com/cloudbees/plugins/credentials/CredentialsProviderFilter.java
View file
Expand Up @@ -159,7 +159,7 @@ public String getDisplayName() {
}

/**
* A filter that implements a whitelist policy, "if you are not on the list you can't come in".
* A filter that implements a allowlist policy, "if you are not on the list you can't come in".
*
* @since 2.0
*/
Expand All @@ -177,7 +177,7 @@ public static class Includes extends CredentialsProviderFilter {
/**
* Our constructor.
*
* @param classNames the whitelist of class names.
* @param classNames the list of allowed class names.
*/
@DataBoundConstructor
public Includes(@CheckForNull List<String> classNames) {
Expand All @@ -193,9 +193,9 @@ public boolean filter(CredentialsProvider provider) {
}

/**
* Returns the whitelist of allowed {@link Class#getName()}.
* Returns the list of allowed {@link Class#getName()}.
*
* @return the whitelist of allowed {@link Class#getName()}.
* @return the list of allowed {@link Class#getName()}.
*/
@NonNull
public List<String> getClassNames() {
Expand Down Expand Up @@ -271,7 +271,7 @@ public List<CredentialsProvider> getProviderDescriptors() {
}

/**
* A filter that implements a blacklist policy, "if you are not on the list you can come in".
* A filter that implements a denylist policy, "if you are not on the list you can come in".
*
* @since 2.0
*/
Expand All @@ -289,7 +289,7 @@ public static class Excludes extends CredentialsProviderFilter {
/**
* Our constructor.
*
* @param classNames the blacklist of class names.
* @param classNames the excluded list of class names.
*/
@DataBoundConstructor
public Excludes(@CheckForNull List<String> classNames) {
Expand All @@ -305,9 +305,9 @@ public boolean filter(CredentialsProvider provider) {
}

/**
* Returns the blacklist of banned {@link Class#getName()}.
* Returns the list of banned {@link Class#getName()}.
*
* @return the blacklist of banned {@link Class#getName()}.
* @return the list of banned {@link Class#getName()}.
*/
@NonNull
public List<String> getClassNames() {
Expand Down
4 changes: 2 additions & 2 deletions src/main/java/com/cloudbees/plugins/credentials/CredentialsProviderTypeRestriction.java
View file
Expand Up @@ -91,7 +91,7 @@ public CredentialsProviderTypeRestrictionDescriptor getDescriptor() {
public abstract String toString();

/**
* A whitelist of types for each provider. If you specify any {@link Includes} for any specific
* A list of included types for each provider. If you specify any {@link Includes} for any specific
* {@link #getProvider()} then at least one {@link Includes} for that {@link #getProvider()} must match for a
* {@link #getType()} to be permitted.
*
Expand Down Expand Up @@ -264,7 +264,7 @@ public ListBoxModel doFillTypeItems() {
}

/**
* A blacklist of types for each provider.
* A list of excluded types for each provider.
*
* @since 2.0
*/
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/com/cloudbees/plugins/credentials/CredentialsScope.java
View file
Expand Up @@ -36,7 +36,7 @@ public enum CredentialsScope implements Serializable {

/**
* This credential is only available to the object on which the credential is associated. Typically you would
* use SYSTEM scoped credentials for things like email auth, slave connection, etc, i.e. where the
* use SYSTEM scoped credentials for things like email auth, agent connection, etc, i.e. where the
* Jenkins instance itself is using the credential.
*/
SYSTEM {
Expand Down
16 changes: 8 additions & 8 deletions src/main/java/com/cloudbees/plugins/credentials/CredentialsTypeFilter.java
View file
Expand Up @@ -160,7 +160,7 @@ public String getDisplayName() {
}

/**
* A filter that implements a whitelist policy, "if you are not on the list you can't come in".
* A filter that implements a allowlist policy, "if you are not on the list you can't come in".
*
* @since 2.0
*/
Expand All @@ -177,7 +177,7 @@ public static class Includes extends CredentialsTypeFilter {
/**
* Our constructor.
*
* @param classNames the whitelist of class names.
* @param classNames the list of included class names.
*/
@DataBoundConstructor
public Includes(@CheckForNull List<String> classNames) {
Expand All @@ -193,9 +193,9 @@ public boolean filter(CredentialsDescriptor type) {
}

/**
* Returns the whitelist of allowed {@link Class#getName()}.
* Returns the list of allowed {@link Class#getName()}.
*
* @return the whitelist of allowed {@link Class#getName()}.
* @return the list of allowed {@link Class#getName()}.
*/
@NonNull
public List<String> getClassNames() {
Expand Down Expand Up @@ -272,7 +272,7 @@ public List<CredentialsDescriptor> getTypeDescriptors() {
}

/**
* A filter that implements a blacklist policy, "if you are not on the list you can come in".
* A filter that implements a denylist policy, "if you are not on the list you can come in".
*
* @since 2.0
*/
Expand All @@ -289,7 +289,7 @@ public static class Excludes extends CredentialsTypeFilter {
/**
* Our constructor.
*
* @param classNames the blacklist of class names.
* @param classNames the list of excluded class names.
*/
@DataBoundConstructor
public Excludes(@CheckForNull List<String> classNames) {
Expand All @@ -305,9 +305,9 @@ public boolean filter(CredentialsDescriptor type) {
}

/**
* Returns the blacklist of banned {@link Class#getName()}.
* Returns the list of banned {@link Class#getName()}.
*
* @return the blacklist of banned {@link Class#getName()}.
* @return the list of banned {@link Class#getName()}.
*/
@NonNull
public List<String> getClassNames() {
Expand Down
2 changes: 1 addition & 1 deletion ...main/java/com/cloudbees/plugins/credentials/common/AbstractIdCredentialsListBoxModel.java
View file
Expand Up @@ -99,7 +99,7 @@
* <dt>System-level settings
* <dd>
* If your model is a singleton in the whole Jenkins instance, things that belong to the root {@link Jenkins}
* (such as slaves), or do not have any ancestors serving as the context, then use {@link Jenkins#get} as the
* (such as agents), or do not have any ancestors serving as the context, then use {@link Jenkins#get} as the
* context.
* <dt>Job-level settings
* <dd>
Expand Down
4 changes: 2 additions & 2 deletions src/main/java/com/cloudbees/plugins/credentials/domains/PathSpecification.java
View file
Expand Up @@ -33,8 +33,8 @@
import org.springframework.util.AntPathMatcher;

/**
* A {@link DomainSpecification} that matches {@link PathRequirement}s where the URI path is on a whitelist
* of paths.
* A {@link DomainSpecification} that matches {@link PathRequirement}s where the URI path is on a list
* of allowed paths.
*
* @see <a href="http://tools.ietf.org/rfc/rfc3986.txt">RFC-3986 Section 3.1</a>
* @since 1.12
Expand Down
4 changes: 2 additions & 2 deletions src/main/java/com/cloudbees/plugins/credentials/domains/SchemeSpecification.java
View file
Expand Up @@ -33,8 +33,8 @@
import org.kohsuke.stapler.DataBoundConstructor;

/**
* A {@link DomainSpecification} that matches {@link SchemeRequirement}s where the URI scheme is on a whitelist
* of schemes.
* A {@link DomainSpecification} that matches {@link SchemeRequirement}s where the URI scheme is on a list
* of allowed schemes.
*
* @see <a href="http://tools.ietf.org/rfc/rfc3986.txt">RFC-3986 Section 3.1</a>
* @since 1.5
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/com/cloudbees/plugins/credentials/impl/CertificateCredentialsImpl.java
View file
Expand Up @@ -346,7 +346,7 @@ public static class FileOnMasterKeyStoreSource extends KeyStoreSource {
private static final Logger LOGGER = Logger.getLogger(FileOnMasterKeyStoreSource.class.getName());

/**
* The path of the file on the master.
* The path of the file on the controller.
*/
private final String keyStoreFile;

Expand Down
4 changes: 2 additions & 2 deletions src/main/resources/com/cloudbees/plugins/credentials/BaseCredentials/help-scope.html
View file
Expand Up @@ -29,7 +29,7 @@
<dt>System</dt>
<dd>
This credential is only available to the object on which the credential is associated. Typically you would
use system-scoped credentials for things like email auth, slave connection, etc, i.e. where the
use system-scoped credentials for things like email auth, agent connection, etc, i.e. where the
Jenkins instance itself is using the credential. Unlike the global scope, this significantly restricts
where the credential can be used, thereby providing a higher degree of confidentiality to the credential.
</dd>
Expand All @@ -47,7 +47,7 @@

<p>
In general, a credential is defined in one place (e.g., the credentials configuration page under "Manage Jenkins")
and then used in another place (e.g., when connecting to a new SSH slave).
and then used in another place (e.g., when connecting to a new SSH build agent).
The scope allows you to say "this credential is only used by these places" by looking at the relationship
between the two locations.
</div>
2 changes: 1 addition & 1 deletion ...es/com/cloudbees/plugins/credentials/domains/HostnamePortSpecification/help-excludes.html
View file
Expand Up @@ -23,7 +23,7 @@
-->

<div>
A comma separated blacklist of hostnames. (The <code>*</code> wildcard is permitted in hostnames,
A comma separated list of excluded hostnames. (The <code>*</code> wildcard is permitted in hostnames,
for example: <code>jenkins-ci.org:*, *.jenkins-ci.org:80, jenkinsci.github.io:443</code>.)
<br/>
The empty list implies no <var>hostname:port</var> is excluded. The excludes list is processed after the includes
Expand Down
2 changes: 1 addition & 1 deletion ...es/com/cloudbees/plugins/credentials/domains/HostnamePortSpecification/help-includes.html
View file
Expand Up @@ -23,7 +23,7 @@
-->

<div>
A comma separated whitelist of hostnames. (The <code>*</code> wildcard is permitted in hostnames,
A comma separated list of included hostnames. (The <code>*</code> wildcard is permitted in hostnames,
for example: <code>jenkins-ci.org:*, *.jenkins-ci.org:80, jenkinsci.github.io:443</code>.)
<br/>
The empty list implies no <var>hostname:port</var> is excluded. The excludes list is processed after the includes
Expand Down
2 changes: 1 addition & 1 deletion ...ources/com/cloudbees/plugins/credentials/domains/HostnameSpecification/help-excludes.html
View file
Expand Up @@ -23,7 +23,7 @@
-->

<div>
A comma separated blacklist of hostnames. (The <code>*</code> wildcard is permitted in hostnames,
A comma separated list of excluded hostnames. (The <code>*</code> wildcard is permitted in hostnames,
for example: <code>jenkins-ci.org, *.jenkins-ci.org, jenkinsci.github.io</code>.)
<br/>
The empty list implies no hostnames are excluded. The excludes list is processed after the includes list.
Expand Down
2 changes: 1 addition & 1 deletion ...ources/com/cloudbees/plugins/credentials/domains/HostnameSpecification/help-includes.html
View file
Expand Up @@ -23,7 +23,7 @@
-->

<div>
A comma separated whitelist of hostnames. (The <code>*</code> wildcard is permitted in hostnames,
A comma separated list of included hostnames. (The <code>*</code> wildcard is permitted in hostnames,
for example: <code>jenkins-ci.org, *.jenkins-ci.org, jenkinsci.github.io</code>.)
<br/>
The empty list implies no hostnames are excluded. The excludes list is processed after the includes list.
Expand Down
2 changes: 1 addition & 1 deletion .../resources/com/cloudbees/plugins/credentials/domains/PathSpecification/help-excludes.html
View file
Expand Up @@ -23,7 +23,7 @@
-->

<div>
A comma separated blacklist of paths. (ANT style <code>*</code> and <code>**</code> wildcards are permitted in paths,
A comma separated list of excluded paths. (ANT style <code>*</code> and <code>**</code> wildcards are permitted in paths,
for example: <code>/jenkins/github/*,/jenkins-ci/**/org,jenkinsci.github.io</code>.)
<br/>
The empty list implies no paths are excluded. The excludes list is processed after the includes list.
Expand Down
2 changes: 1 addition & 1 deletion .../resources/com/cloudbees/plugins/credentials/domains/PathSpecification/help-includes.html
View file
Expand Up @@ -23,7 +23,7 @@
-->

<div>
A comma separated whitelist of paths. (ANT style <code>*</code> and <code>**</code> wildcards are permitted in paths,
A comma separated list of included paths. (ANT style <code>*</code> and <code>**</code> wildcards are permitted in paths,
for example: <code>/jenkins/github/*,/jenkins-ci/**/org,jenkinsci.github.io</code>.)
<br/>
The empty list implies no paths are excluded. The excludes list is processed after the includes list.
Expand Down
4 changes: 2 additions & 2 deletions ...entials/impl/CertificateCredentialsImpl/FileOnMasterKeyStoreSource/help-keyStoreFile.html
View file
Expand Up @@ -23,5 +23,5 @@
-->

<div>
The path to the file on the Jenkins master node.
</div>
The path to the file on the Jenkins controller.
</div>
8 changes: 4 additions & 4 deletions src/test/java/com/cloudbees/plugins/credentials/CredentialsProviderTest.java
View file
Expand Up @@ -277,7 +277,7 @@ public void testNodeCredentialFingerprintsAreRemovedForNonExistentNodes() throws
// Create a DumbSlave, this time don't add it to the model,
// it should not be recorded
DumbSlave nonAddedSlave = new DumbSlave("non-added-slave",
"dummy", "/home/test/slave", "1", Node.Mode.NORMAL, "remote",
"dummy", "/home/test/agent", "1", Node.Mode.NORMAL, "remote",
new JNLPLauncher(),
RetentionStrategy.INSTANCE, Collections.emptyList());

Expand All @@ -288,8 +288,8 @@ public void testNodeCredentialFingerprintsAreRemovedForNonExistentNodes() throws

// Create a DumbSlave to use, and add it to the Jenkins model, this
// one should be recorded
DumbSlave addedSlave = new DumbSlave("added-slave",
"dummy", "/home/test/slave", "1", Node.Mode.NORMAL, "remote",
DumbSlave addedSlave = new DumbSlave("added-agent",
"dummy", "/home/test/agent", "1", Node.Mode.NORMAL, "remote",
new JNLPLauncher(),
RetentionStrategy.INSTANCE, Collections.emptyList());

Expand All @@ -302,7 +302,7 @@ public void testNodeCredentialFingerprintsAreRemovedForNonExistentNodes() throws
CredentialsProvider.track(addedSlave, globalCred);
assertEquals(initialFingerprintSize+1, CredentialsProvider.getOrCreateFingerprintOf(globalCred).getFacets().size());

// Remove the added slave from Jenkins, and track the non-added slave
// Remove the added agent from Jenkins, and track the non-added agent
// to flush any mapped credentials for nodes that no longer exist.
Jenkins.get().removeNode(addedSlave);
CredentialsProvider.track(nonAddedSlave, globalCred);
Expand Down

0 comments on commit ef50f54

Please sign in to comment.