Differents credentials per node

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Differents credentials per node

Jérôme Godbout

Hi, I would like to use a custom credential per slave node. I did not found any way to enter a credential that is attach to a particular node only. Is this possible? Let’s say I have 2 slave node (Slave1 and Slave2), I would like to write the script that request the credential with a single ID but return a different password based on the actual node.

 

The only ugly workaround is to concat the node name to the credentialID (and making sure the name is not full of unsupported character). And enter that credential with a weird name.

MyCredientalIdSlave1

MyCredentialIdSlave2

 

That make maintening the thing really hard and need to have slave node with very basic name. I don’t like to rely on the item names to do thing, it break easily.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/YQXPR0101MB10808BDA8D93F0761435E7C3CDBD0%40YQXPR0101MB1080.CANPRD01.PROD.OUTLOOK.COM.
Reply | Threaded
Open this post in threaded view
|

Re: Differents credentials per node

Gavin Mogan
1) Slave has been renamed to agent, please use Agent.

2) How do you want to manage them? Do you want a random credential returned every time you call credential()? do you just want your pipeline to say credential("string" + functiontogetagentname())? Its probably not that hard to subclass the credential() one to do what you need, but I'm not sure how you'd want to manage them.  I havn't heard of any plugin implementing node storage, but it might be possible, but utterly useless for dynamic nodes.

So asking some questions that might lead to a solution

Gavin

On Friday, May 15, 2020 at 7:12:19 AM UTC-7, Jérôme Godbout wrote:

Hi, I would like to use a custom credential per slave node. I did not found any way to enter a credential that is attach to a particular node only. Is this possible? Let’s say I have 2 slave node (Slave1 and Slave2), I would like to write the script that request the credential with a single ID but return a different password based on the actual node.

 

The only ugly workaround is to concat the node name to the credentialID (and making sure the name is not full of unsupported character). And enter that credential with a weird name.

MyCredientalIdSlave1

MyCredentialIdSlave2

 

That make maintening the thing really hard and need to have slave node with very basic name. I don’t like to rely on the item names to do thing, it break easily.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/ca4aa782-3ac2-4a0a-b5ab-9a0b46675884%40googlegroups.com.
Reply | Threaded
Open this post in threaded view
|

RE: Differents credentials per node

Jérôme Godbout

Ok, Agent if that please you…

 

What I want into my pipeline scripts:

 

Node(“myAgent1”) {

   step(“test”) {

        // This will actually be inside a resuable code between project and nodes library

        withCredential(“MyCredentials”, …) {

            // Do something with it

       }

   }

}

 

Node(“myAgent2”) {

    step(“test”) {

        // same function from lib, but need the credential for that particular node

        withCredential(“MyCredentials”, …) {

            // Do something with it

       }

   }

}

 

Is there a way to setup the credentials to be different value per node (I haven't found any and it doesn't seem to be supported). The credentials seem to reside on the master and multiple value per agent node seem impossible. So I will most likely happen a suffix to the credentials id from an env variables and set a env per agent.

 

Node(“myAgent1”) {

   step(“test”) {

        // This will actually be inside a resuable code between project and nodes library

        withCredential(“MyCredentials” + env["AGENT_CREDENTIAL_SUFFIX"], …) {

            // Do something with it

       }

   }

}

 

Node(“myAgent2”) {

    step(“test”) {

        // same function from lib, but need the credential for that particular node

        withCredential(“MyCredentials”  + env["AGENT_CREDENTIAL_SUFFIX"], …) {

            // Do something with it

       }

   }

}

 

and enter each agent credential and inject that env variable into each agent. That seem like the only workaround I could see.

 

 

From: 'Gavin Mogan' via Jenkins Users <[hidden email]>
Sent: May 18, 2020 12:08 AM
To: Jenkins Users <[hidden email]>
Subject: Re: Differents credentials per node

 

1) Slave has been renamed to agent, please use Agent.

 

2) How do you want to manage them? Do you want a random credential returned every time you call credential()? do you just want your pipeline to say credential("string" + functiontogetagentname())? Its probably not that hard to subclass the credential() one to do what you need, but I'm not sure how you'd want to manage them.  I havn't heard of any plugin implementing node storage, but it might be possible, but utterly useless for dynamic nodes.

 

So asking some questions that might lead to a solution

 

Gavin

 

On Friday, May 15, 2020 at 7:12:19 AM UTC-7, Jérôme Godbout wrote:

Hi, I would like to use a custom credential per slave node. I did not found any way to enter a credential that is attach to a particular node only. Is this possible? Let’s say I have 2 slave node (Slave1 and Slave2), I would like to write the script that request the credential with a single ID but return a different password based on the actual node.

 

The only ugly workaround is to concat the node name to the credentialID (and making sure the name is not full of unsupported character). And enter that credential with a weird name.

MyCredientalIdSlave1

MyCredentialIdSlave2

 

That make maintening the thing really hard and need to have slave node with very basic name. I don’t like to rely on the item names to do thing, it break easily.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/ca4aa782-3ac2-4a0a-b5ab-9a0b46675884%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/YQBPR0101MB1074F6FDE34CBAA2E36E2731CDB80%40YQBPR0101MB1074.CANPRD01.PROD.OUTLOOK.COM.
Reply | Threaded
Open this post in threaded view
|

Re: Differents credentials per node

Gavin Mogan
I think thats going to be your best bet, at least for the short term.

The code in question is https://github.com/jenkinsci/credentials-binding-plugin/blob/9bed48e5b36820cc1d2f8053965eb37bb18a6f17/src/main/java/org/jenkinsci/plugins/credentialsbinding/MultiBinding.java#L143-L159

Which uses the findCredentialById method. That takes in a build to look for credentials for.

It'll look for build => build parent (folder/multibranch/etc) => repeat => system

Node is not in the lookup chain.

Gavin

On Monday, May 18, 2020 at 10:41:38 AM UTC-7, Jérôme Godbout wrote:

Ok, Agent if that please you…

 

What I want into my pipeline scripts:

 

Node(“myAgent1”) {

   step(“test”) {

        // This will actually be inside a resuable code between project and nodes library

        withCredential(“MyCredentials”, …) {

            // Do something with it

       }

   }

}

 

Node(“myAgent2”) {

    step(“test”) {

        // same function from lib, but need the credential for that particular node

        withCredential(“MyCredentials”, …) {

            // Do something with it

       }

   }

}

 

Is there a way to setup the credentials to be different value per node (I haven't found any and it doesn't seem to be supported). The credentials seem to reside on the master and multiple value per agent node seem impossible. So I will most likely happen a suffix to the credentials id from an env variables and set a env per agent.

 

Node(“myAgent1”) {

   step(“test”) {

        // This will actually be inside a resuable code between project and nodes library

        withCredential(“MyCredentials” + env["AGENT_CREDENTIAL_SUFFIX"], …) {

            // Do something with it

       }

   }

}

 

Node(“myAgent2”) {

    step(“test”) {

        // same function from lib, but need the credential for that particular node

        withCredential(“MyCredentials”  + env["AGENT_CREDENTIAL_SUFFIX"], …) {

            // Do something with it

       }

   }

}

 

and enter each agent credential and inject that env variable into each agent. That seem like the only workaround I could see.

 

 

From: 'Gavin Mogan' via Jenkins Users <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="CcwY9r9MAgAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">jenkins...@googlegroups.com>
Sent: May 18, 2020 12:08 AM
To: Jenkins Users <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="CcwY9r9MAgAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">jenkins...@googlegroups.com>
Subject: Re: Differents credentials per node

 

1) Slave has been renamed to agent, please use Agent.

 

2) How do you want to manage them? Do you want a random credential returned every time you call credential()? do you just want your pipeline to say credential("string" + functiontogetagentname())? Its probably not that hard to subclass the credential() one to do what you need, but I'm not sure how you'd want to manage them.  I havn't heard of any plugin implementing node storage, but it might be possible, but utterly useless for dynamic nodes.

 

So asking some questions that might lead to a solution

 

Gavin

 

On Friday, May 15, 2020 at 7:12:19 AM UTC-7, Jérôme Godbout wrote:

Hi, I would like to use a custom credential per slave node. I did not found any way to enter a credential that is attach to a particular node only. Is this possible? Let’s say I have 2 slave node (Slave1 and Slave2), I would like to write the script that request the credential with a single ID but return a different password based on the actual node.

 

The only ugly workaround is to concat the node name to the credentialID (and making sure the name is not full of unsupported character). And enter that credential with a weird name.

MyCredientalIdSlave1

MyCredentialIdSlave2

 

That make maintening the thing really hard and need to have slave node with very basic name. I don’t like to rely on the item names to do thing, it break easily.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to <a href="javascript:" target="_blank" gdf-obfuscated-mailto="CcwY9r9MAgAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">jenkins...@googlegroups.com.
To view this discussion on the web visit <a href="https://groups.google.com/d/msgid/jenkinsci-users/ca4aa782-3ac2-4a0a-b5ab-9a0b46675884%40googlegroups.com?utm_medium=email&amp;utm_source=footer" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://groups.google.com/d/msgid/jenkinsci-users/ca4aa782-3ac2-4a0a-b5ab-9a0b46675884%40googlegroups.com?utm_medium\x3demail\x26utm_source\x3dfooter&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/d/msgid/jenkinsci-users/ca4aa782-3ac2-4a0a-b5ab-9a0b46675884%40googlegroups.com?utm_medium\x3demail\x26utm_source\x3dfooter&#39;;return true;"> https://groups.google.com/d/msgid/jenkinsci-users/ca4aa782-3ac2-4a0a-b5ab-9a0b46675884%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/b83f5c2b-bffa-4f53-89bb-e4f777922c87%40googlegroups.com.