Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-51694

Fix tracking for credentials against cloud agents

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      The proposed fix for JENKINS-49235 will cause credential tracking information for cloud agents to be removed as soon as the ephemeral agent is destroyed, making the tracking nearly useless for those agents.

      We should track credentials used by ephemeral agents against the cloud that launched them rather than against the agent itself. Unfortunately, there does not currently seem to be a way to associate an agent with the cloud that launched it. The best option that I am aware of is the following:

      public static Set<Cloud> getCloudsForNode(Node node) {
          return node.getAssignedLabels().stream()
              .flatMap(l -> l.getClouds().stream())
              .collect(Collectors.toSet());
      }
      

      However, if there are multiple clouds that launch for the same label, there is no way to distinguish which one actually launched the node (not counting any plugin-specific code such as EC2AbstractSlave.java#getCloud). Changing that would require a new API in core.

      I think it would be better to get precise tracking by implementing a new core API than approximate tracking using the above method, but I do not have a strong opinion.

        Attachments

          Issue Links

            Activity

            dnusbaum Devin Nusbaum created issue -
            dnusbaum Devin Nusbaum made changes -
            Field Original Value New Value
            Link This issue relates to JENKINS-49235 [ JENKINS-49235 ]

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              dnusbaum Devin Nusbaum
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated: