Jenkins EC2 plugin spot instances and Google Login plugin - Can't access JNLP file

[Michael Barrientos]

We would like to use Jenkins EC2 plugin to create spot instances for our tests. We also use the Google Login Plugin, but the login plugin seems to get int the way of the mechanism that the Spot plugin uses to register itself; it cannot read the /computer/[slave id]/slave-agent.jnlp file because the slave gets a 403 Forbidden error when it tries to retrieve the file (exception is thrown at hudson.remoting.Launcher.parseJnlpArguments with message "403 Forbidden"). We use the Role Strategy Plugin to control access, but even adding a Role that Anonymous users have access to with Slave Connect privileges does not work.

This was also manifesting itself when we were using the GitHub authentication plugin using the GitHub Commiter Authorization Strategy.

All documentation for the EC2 plugin for spot instances seem to assume you are using the Jenkins built in authentication, and the closest workaround I could find (which is heavily underdocumented) involves making a fake user on Github with a token authentication, which somehow bypasses this issue. This doesn't seem to be available for the Google Login Plugin.

Note that this is happening even with the "Enable Slave → Master Access Control" checkbox in Global Security turned off.

It seems that there may be a case of too many plugins getting in the way, but perhaps I've missed some configuration/extra arguments that either allows alternate authentication with enough permissions to get the JNLP file, or maybe missing some configuration that allows anonymous access to the JNLP file.

Any ideas?

[Michael Barrientos]

Ping since this might have been lost over the holidays.

For now I've resorted to forking EC2 plugin to avoid this. I'm sure this is not what you want.