Differents credentials per node

[Jérôme Godbout]

Hi, I would like to use a custom credential per slave node. I did not found any way to enter a credential that is attach to a particular node only. Is this possible? Let’s say I have 2 slave node (Slave1 and Slave2), I would like to write the script that request the credential with a single ID but return a different password based on the actual node.

 

The only ugly workaround is to concat the node name to the credentialID (and making sure the name is not full of unsupported character). And enter that credential with a weird name.

MyCredientalIdSlave1

MyCredentialIdSlave2

 

That make maintening the thing really hard and need to have slave node with very basic name. I don’t like to rely on the item names to do thing, it break easily.

[Gavin Mogan]

1) Slave has been renamed to agent, please use Agent.

2) How do you want to manage them? Do you want a random credential returned every time you call credential()? do you just want your pipeline to say credential("string" + functiontogetagentname())? Its probably not that hard to subclass the credential() one to do what you need, but I'm not sure how you'd want to manage them.  I havn't heard of any plugin implementing node storage, but it might be possible, but utterly useless for dynamic nodes.

So asking some questions that might lead to a solution

Gavin

[Jérôme Godbout]

Ok, Agent if that please you…

 

What I want into my pipeline scripts:

 

Node(“myAgent1”) {

   step(“test”) {

        // This will actually be inside a resuable code between project and nodes library

        withCredential(“MyCredentials”, …) {

            // Do something with it

       }

   }

}

 

Node(“myAgent2”) {

    step(“test”) {

        // same function from lib, but need the credential for that particular node

        withCredential(“MyCredentials”, …) {

            // Do something with it

       }

   }

}

 

Is there a way to setup the credentials to be different value per node (I haven't found any and it doesn't seem to be supported). The credentials seem to reside on the master and multiple value per agent node seem impossible. So I will most likely happen a suffix to the credentials id from an env variables and set a env per agent.

 

Node(“myAgent1”) {

   step(“test”) {

        // This will actually be inside a resuable code between project and nodes library

        withCredential(“MyCredentials” + env["AGENT_CREDENTIAL_SUFFIX"], …) {

            // Do something with it

       }

   }

}

 

Node(“myAgent2”) {

    step(“test”) {

        // same function from lib, but need the credential for that particular node

        withCredential(“MyCredentials”  + env["AGENT_CREDENTIAL_SUFFIX"], …) {

            // Do something with it

       }

   }

}

 

and enter each agent credential and inject that env variable into each agent. That seem like the only workaround I could see.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/ca4aa782-3ac2-4a0a-b5ab-9a0b46675884%40googlegroups.com.

[Gavin Mogan]

I think thats going to be your best bet, at least for the short term.

The code in question is https://github.com/jenkinsci/credentials-binding-plugin/blob/9bed48e5b36820cc1d2f8053965eb37bb18a6f17/src/main/java/org/jenkinsci/plugins/credentialsbinding/MultiBinding.java#L143-L159

Which uses the findCredentialById method. That takes in a build to look for credentials for.

It'll look for build => build parent (folder/multibranch/etc) => repeat => system

Node is not in the lookup chain.

Gavin

To unsubscribe from this group and stop receiving emails from it, send an email to jenkins...@googlegroups.com.