Hello, Interest in multi-cloud and multi-account cloud setups is increasing at my company, and I have had correspondence from people in other companies about this too. It's worth thinking about how Jenkins is going to work in this scenario going forward.
There are quite a few Jenkins plugins that connect to cloud providers (e.g. EC2 plugin, S3 plugin, my own Secrets Manager plugin, plus all the Azure, GCP, Kubernetes equivalents). At the moment, these plugins are (at the risk of generalising) built with the assumption that they connect to a single cloud account. They work well within this assumption, but not outside it. The key issues at the moment are: 1. Name clashes (due to lack of namespacing facilities) when two resources in different accounts have the same name. 2. Slowness/unavailability from interactions with one cloud account affecting interactions with other accounts. To resolve the first problem, I would propose that we introduce a namespacing feature of some kind, to allow resources from different accounts to safely coexist. For the second problem, perhaps some partitioning of operations could be done within the namespacing feature, so that if one API call goes bad or slower than the others, it doesn't affect interactions with other accounts. At a minimum this would need to be done in the credentials API plugin: I'm thinking an optional `namespace` argument could be specified for the `withCredentials` or `credentials` bindings, implemented by the credential providers. But I'm not sure that namespaces should be limited to just the credentials system. Are there other parts of the Jenkins pipeline which deal with cloud resources, and so would need to be aware of the namespacing feature as well? Regards, Chris PS: In the past I have considered generalising the folders credentials provider for this purpose, but this does not seem like the right fit. This is really a namespacing problem, not an access control problem (which is what folders are for). -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/3e423f19-b3d1-4827-9881-b89d3b73b051%40www.fastmail.com.
